Hi, let's make supermin use /etc/os-release as primary source instead of the various release files in /etc; apparently distros (e.g. openSUSE) are starting removing them. Thanks, Pino Toscano (2): Add simple handling of /etc/os-release Use os-release to detect the distro src/Makefile.am | 3 +++ src/dpkg.ml | 3 ++- src/os_release.ml | 78 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ src/os_release.mli | 26 ++++++++++++++++++ src/pacman.ml | 5 ++-- src/rpm.ml | 15 ++++++----- 6 files changed, 121 insertions(+), 9 deletions(-) create mode 100644 src/os_release.ml create mode 100644 src/os_release.mli -- 2.7.4
Pino Toscano
2016-Aug-31 13:05 UTC
[Libguestfs] [PATCH 1/2] Add simple handling of /etc/os-release
Introduce a simple module to read and cache fields of /etc/os-release
that might be needed, and there is only ID for now.
---
src/Makefile.am | 3 +++
src/os_release.ml | 78 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
src/os_release.mli | 26 ++++++++++++++++++
3 files changed, 107 insertions(+)
create mode 100644 src/os_release.ml
create mode 100644 src/os_release.mli
diff --git a/src/Makefile.am b/src/Makefile.am
index 11adf31..767117f 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -47,6 +47,8 @@ SOURCES = \
utils.ml \
utils.mli \
types.ml \
+ os_release.ml \
+ os_release.mli \
package_handler.ml \
package_handler.mli \
rpm.ml \
@@ -71,6 +73,7 @@ SOURCES_ML = \
config.ml \
utils.ml \
types.ml \
+ os_release.ml \
package_handler.ml \
rpm.ml \
dpkg.ml \
diff --git a/src/os_release.ml b/src/os_release.ml
new file mode 100644
index 0000000..b2de259
--- /dev/null
+++ b/src/os_release.ml
@@ -0,0 +1,78 @@
+(* supermin 5
+ * Copyright (C) 2016 Red Hat Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ *)
+
+open Utils
+
+let split sep str + let len = String.length sep in
+ let seplen = String.length str in
+ let i = find str sep in
+ if i = -1 then str, ""
+ else (
+ String.sub str 0 i, String.sub str (i + len) (seplen - i - len)
+ )
+
+type os_release = {
+ id : string;
+}
+
+let data = ref None
+let parsed = ref false
+
+let rec get_data () + if !parsed = false then (
+ data := parse ();
+ parsed := true;
+ );
+
+ !data
+
+and parse () + let file = "/etc/os-release" in
+ if Sys.file_exists file then (
+ let chan = open_in file in
+ let lines = input_all_lines chan in
+ close_in chan;
+ let lines = List.filter ((<>) "") lines in
+ let lines = List.filter (fun s -> s.[0] <> '#') lines in
+
+ let id = ref "" in
+
+ List.iter (
+ fun line ->
+ let field, value = split "=" line in
+ let value + let len = String.length value in
+ if len > 1 &&
+ ((value.[0] = '"' && value.[len-1] =
'"') ||
+ (value.[0] = '\'' && value.[len-1] =
'\'')) then
+ String.sub value 1 (len - 2)
+ else value in
+ match field with
+ | "ID" -> id := value
+ | _ -> ()
+ ) lines;
+
+ Some { id = !id; }
+ ) else
+ None
+
+let get_id () + match get_data () with
+ | None -> ""
+ | Some d -> d.id
diff --git a/src/os_release.mli b/src/os_release.mli
new file mode 100644
index 0000000..2ae349b
--- /dev/null
+++ b/src/os_release.mli
@@ -0,0 +1,26 @@
+(* supermin 5
+ * Copyright (C) 2016 Red Hat Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ *)
+
+(** Handling of /etc/os-release. *)
+
+val get_id : unit -> string
+(** Get the value of the "ID" field from the /etc/os-release file
+ on the current system.
+
+ An empty string is returned if the file does not exist or cannot
+ be read. *)
--
2.7.4
Pino Toscano
2016-Aug-31 13:05 UTC
[Libguestfs] [PATCH 2/2] Use os-release to detect the distro
Check the ID field in /etc/os-release on the current system, before
checking for the other old-style release-/version-like files in /etc.
Some distributions (openSUSE Thumbleweed) are starting to remove them,
breaking the supermin detection.
---
src/dpkg.ml | 3 ++-
src/pacman.ml | 5 +++--
src/rpm.ml | 15 +++++++++------
3 files changed, 14 insertions(+), 9 deletions(-)
diff --git a/src/dpkg.ml b/src/dpkg.ml
index 70acfa2..1e785de 100644
--- a/src/dpkg.ml
+++ b/src/dpkg.ml
@@ -28,7 +28,8 @@ let dpkg_detect () Config.dpkg_query <>
"no" &&
Config.dpkg_divert <> "no" &&
Config.apt_get <> "no" &&
- try (stat "/etc/debian_version").st_kind = S_REG with Unix_error
_ -> false
+ (List.mem (Os_release.get_id ()) [ "debian"; "ubuntu" ]
||
+ try (stat "/etc/debian_version").st_kind = S_REG with Unix_error
_ -> false)
let dpkg_primary_arch = ref ""
let settings = ref no_settings
diff --git a/src/pacman.ml b/src/pacman.ml
index 3340fa6..c35668a 100644
--- a/src/pacman.ml
+++ b/src/pacman.ml
@@ -24,8 +24,9 @@ open Package_handler
let pacman_detect () Config.pacman <> "no" &&
Config.fakeroot <> "no" &&
- (stat "/etc/arch-release").st_kind = S_REG &&
- Config.pacman_g2 = "no" (* not Frugalware with pacman-g2 *)
+ (Os_release.get_id () = "arch" ||
+ ((stat "/etc/arch-release").st_kind = S_REG &&
+ Config.pacman_g2 = "no")) (* not Frugalware with pacman-g2 *)
let settings = ref no_settings
diff --git a/src/rpm.ml b/src/rpm.ml
index a5dc67a..e409e37 100644
--- a/src/rpm.ml
+++ b/src/rpm.ml
@@ -31,21 +31,24 @@ let stringset_of_list pkgs let fedora_detect ()
Config.rpm <> "no" && Config.rpm2cpio <>
"no" && rpm_is_available () &&
(Config.yumdownloader <> "no" || Config.dnf <>
"no") &&
- try
- (stat "/etc/redhat-release").st_kind = S_REG ||
- (stat "/etc/fedora-release").st_kind = S_REG
- with Unix_error _ -> false
+ (List.mem (Os_release.get_id ()) [ "fedora"; "rhel";
"centos" ] ||
+ try
+ (stat "/etc/redhat-release").st_kind = S_REG ||
+ (stat "/etc/fedora-release").st_kind = S_REG
+ with Unix_error _ -> false)
let opensuse_detect () Config.rpm <> "no" &&
Config.rpm2cpio <> "no" && rpm_is_available ()
&&
Config.zypper <> "no" &&
- try (stat "/etc/SuSE-release").st_kind = S_REG with Unix_error _
-> false
+ (List.mem (Os_release.get_id ()) [ "opensuse"; "sled";
"sles" ] ||
+ try (stat "/etc/SuSE-release").st_kind = S_REG with Unix_error _
-> false)
let mageia_detect () Config.rpm <> "no" &&
Config.rpm2cpio <> "no" && rpm_is_available ()
&&
Config.urpmi <> "no" &&
Config.fakeroot <> "no" &&
- try (stat "/etc/mageia-release").st_kind = S_REG with Unix_error
_ -> false
+ (Os_release.get_id () = "mageia" ||
+ try (stat "/etc/mageia-release").st_kind = S_REG with Unix_error
_ -> false)
let ibm_powerkvm_detect () Config.rpm <> "no" &&
Config.rpm2cpio <> "no" && rpm_is_available ()
&&
--
2.7.4
Cedric Bosdonnat
2016-Aug-31 13:21 UTC
Re: [Libguestfs] [PATCH 2/2] Use os-release to detect the distro
On Wed, 2016-08-31 at 15:05 +0200, Pino Toscano wrote:> Check the ID field in /etc/os-release on the current system, before > checking for the other old-style release-/version-like files in /etc. > Some distributions (openSUSE Thumbleweed) are starting to remove them, > breaking the supermin detection. > --- > src/dpkg.ml | 3 ++- > src/pacman.ml | 5 +++-- > src/rpm.ml | 15 +++++++++------ > 3 files changed, 14 insertions(+), 9 deletions(-) > > diff --git a/src/dpkg.ml b/src/dpkg.ml > index 70acfa2..1e785de 100644 > --- a/src/dpkg.ml > +++ b/src/dpkg.ml > @@ -28,7 +28,8 @@ let dpkg_detect () > Config.dpkg_query <> "no" && > Config.dpkg_divert <> "no" && > Config.apt_get <> "no" && > - try (stat "/etc/debian_version").st_kind = S_REG with Unix_error _ -> false > + (List.mem (Os_release.get_id ()) [ "debian"; "ubuntu" ] || > + try (stat "/etc/debian_version").st_kind = S_REG with Unix_error _ -> false) > > let dpkg_primary_arch = ref "" > let settings = ref no_settings > diff --git a/src/pacman.ml b/src/pacman.ml > index 3340fa6..c35668a 100644 > --- a/src/pacman.ml > +++ b/src/pacman.ml > @@ -24,8 +24,9 @@ open Package_handler > > let pacman_detect () > Config.pacman <> "no" && Config.fakeroot <> "no" && > - (stat "/etc/arch-release").st_kind = S_REG && > - Config.pacman_g2 = "no" (* not Frugalware with pacman-g2 *) > + (Os_release.get_id () = "arch" || > + ((stat "/etc/arch-release").st_kind = S_REG && > + Config.pacman_g2 = "no")) (* not Frugalware with pacman-g2 *) > > let settings = ref no_settings > > diff --git a/src/rpm.ml b/src/rpm.ml > index a5dc67a..e409e37 100644 > --- a/src/rpm.ml > +++ b/src/rpm.ml > @@ -31,21 +31,24 @@ let stringset_of_list pkgs > let fedora_detect () > Config.rpm <> "no" && Config.rpm2cpio <> "no" && rpm_is_available () && > (Config.yumdownloader <> "no" || Config.dnf <> "no") && > - try > - (stat "/etc/redhat-release").st_kind = S_REG || > - (stat "/etc/fedora-release").st_kind = S_REG > - with Unix_error _ -> false > + (List.mem (Os_release.get_id ()) [ "fedora"; "rhel"; "centos" ] || > + try > + (stat "/etc/redhat-release").st_kind = S_REG || > + (stat "/etc/fedora-release").st_kind = S_REG > + with Unix_error _ -> false) > > let opensuse_detect () > Config.rpm <> "no" && Config.rpm2cpio <> "no" && rpm_is_available () && > Config.zypper <> "no" && > - try (stat "/etc/SuSE-release").st_kind = S_REG with Unix_error _ -> false > + (List.mem (Os_release.get_id ()) [ "opensuse"; "sled"; "sles" ] || > + try (stat "/etc/SuSE-release").st_kind = S_REG with Unix_error _ -> false) > > let mageia_detect () > Config.rpm <> "no" && Config.rpm2cpio <> "no" && rpm_is_available () && > Config.urpmi <> "no" && > Config.fakeroot <> "no" && > - try (stat "/etc/mageia-release").st_kind = S_REG with Unix_error _ -> false > + (Os_release.get_id () = "mageia" || > + try (stat "/etc/mageia-release").st_kind = S_REG with Unix_error _ -> false) > > let ibm_powerkvm_detect () > Config.rpm <> "no" && Config.rpm2cpio <> "no" && rpm_is_available () &&Looks good to me, at least for the openSUSE / SLE parts. -- Cedric
Pino Toscano
2016-Aug-31 13:53 UTC
[Libguestfs] [PATCH] tests: use /etc/os-release in test-harder
Check the ID in /etc/os-release before checking the other release files,
so it's possible to handle distros without them.
Also, make sure it is skipped if the value read from os-release is not
handled when getting the list of packages.
---
tests/test-harder.sh | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/tests/test-harder.sh b/tests/test-harder.sh
index ea5dfc8..7e1b8df 100755
--- a/tests/test-harder.sh
+++ b/tests/test-harder.sh
@@ -25,7 +25,14 @@ set -e
# NOTE: This test will only work if the $pkgs listed below
# for your distro are installed on the host. SEE LIST BELOW.
-if [ -f /etc/arch-release ]; then
+if [ -f /etc/os-release ]; then
+ distro=$(. /etc/os-release && echo $ID)
+ case "$distro" in
+ fedora|rhel|centos) distro=redhat ;;
+ opensuse|sled|sles) distro=suse ;;
+ ubuntu) distro=debian ;;
+ esac
+elif [ -f /etc/arch-release ]; then
distro=arch
elif [ -f /etc/debian_version ]; then
distro=debian
@@ -63,6 +70,10 @@ case $distro in
ibm-powerkvm)
pkgs="augeas hivex tar"
;;
+ *)
+ echo "Unhandled distro '$distro'"
+ exit 77
+ ;;
esac
test "$USE_NETWORK" = 1 || USE_INSTALLED=--use-installed
--
2.7.4
Greetings, I built a small proof-of-concept and I've been suggested to share it with the community. The tool consists of a vulnerability scanner based on Libguestfs. The tool lists all the installed applications within a disk image and queries a CVE database via REST interface. The data gets aggregated in order to provide a report of the vulnerable applications within the disk image. Here's a concrete example: http://pastebin.com/w6DZkwCg A possible use case could be the vulnerability assessment and management of Cloud instances. The tool is part of a library I've been building to help automating security assessment and forensics analysis of disk images. https://github.com/noxdafox/vminspect I did not test it much yet. Therefore, it might raise several false positives or miss important vulnerabilities but considering it's ~ 100 lines of Python code, I'd say is a good starting point. The tool is relying on cve-search REST APIs to retrieve the vulnerability list. https://github.com/adulau/cve-search
Cedric Bosdonnat
2016-Sep-08 15:25 UTC
Re: [Libguestfs] [PATCH 0/2] supermin: use /etc/os-release
On Wed, 2016-08-31 at 15:05 +0200, Pino Toscano wrote:> Hi, > > let's make supermin use /etc/os-release as primary source instead of > the various release files in /etc; apparently distros (e.g. openSUSE) > are starting removing them. > > Thanks, > > > Pino Toscano (2): > Add simple handling of /etc/os-release > Use os-release to detect the distro > > src/Makefile.am | 3 +++ > src/dpkg.ml | 3 ++- > src/os_release.ml | 78 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ > src/os_release.mli | 26 ++++++++++++++++++ > src/pacman.ml | 5 ++-- > src/rpm.ml | 15 ++++++----- > 6 files changed, 121 insertions(+), 9 deletions(-) > create mode 100644 src/os_release.ml > create mode 100644 src/os_release.mli >ACK to the whole series. Just tested it and backported it to Factory packages. openSUSE updated supermin package will arrive soon. -- Cedric
Pino Toscano
2016-Sep-20 09:11 UTC
Re: [Libguestfs] [PATCH 0/2] supermin: use /etc/os-release
On Wednesday, 31 August 2016 15:05:34 CEST Pino Toscano wrote:> let's make supermin use /etc/os-release as primary source instead of > the various release files in /etc; apparently distros (e.g. openSUSE) > are starting removing them.Ping. Thanks, -- Pino Toscano
Richard W.M. Jones
2016-Oct-10 16:01 UTC
Re: [Libguestfs] [PATCH 0/2] supermin: use /etc/os-release
On Wed, Aug 31, 2016 at 03:05:34PM +0200, Pino Toscano wrote:> Hi, > > let's make supermin use /etc/os-release as primary source instead of > the various release files in /etc; apparently distros (e.g. openSUSE) > are starting removing them. > > Thanks, > > > Pino Toscano (2): > Add simple handling of /etc/os-release > Use os-release to detect the distro > > src/Makefile.am | 3 +++ > src/dpkg.ml | 3 ++- > src/os_release.ml | 78 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ > src/os_release.mli | 26 ++++++++++++++++++ > src/pacman.ml | 5 ++-- > src/rpm.ml | 15 ++++++----- > 6 files changed, 121 insertions(+), 9 deletions(-) > create mode 100644 src/os_release.ml > create mode 100644 src/os_release.mliYes, this looks good. ACK series. Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com libguestfs lets you edit virtual machines. Supports shell scripting, bindings from many languages. http://libguestfs.org
Reasonably Related Threads
- [supermin PATCH] rpm: generalize openSUSE support
- [supermin][PATCH] os-release: use ID_LIKE as a fallback for SUSE detection
- [supermin][PATCH v2] os-release: use ID_LIKE as a fallback for SUSE detection
- [supermin PATCH] rpm: support openSUSE Leap 15
- [PATCH 0/2] supermin: use /etc/os-release