Hello community, here is the log from the commit of package ssl-cert-check for openSUSE:Factory checked in at 2019-08-06 15:11:58 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ssl-cert-check (Old) and /work/SRC/openSUSE:Factory/.ssl-cert-check.new.4126 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ssl-cert-check" Tue Aug 6 15:11:58 2019 rev:3 rq:721125 version:4.11git.1556282902.f3fc941 Changes: -------- --- /work/SRC/openSUSE:Factory/ssl-cert-check/ssl-cert-check.changes 2019-02-13 10:07:04.585535622 +0100 +++ /work/SRC/openSUSE:Factory/.ssl-cert-check.new.4126/ssl-cert-check.changes 2019-08-06 15:11:58.567739763 +0200 @@ -2 +2 @@ -Tue Feb 12 09:48:52 UTC 2019 - Karol Babioch <kbabi...@suse.de> +Mon Aug 5 21:45:10 UTC 2019 - Karol Babioch <kbabi...@suse.com> @@ -3,0 +4,8 @@ +- Version 4.10 + - Replace tabs with spaces + - More shllcheck cleanup work + - Remove unused DEBUG variable + - Fixed an innocuous whitespace bug in TLSFLAG variable creation + - Set the default TLS version to 1.1 (can be overridden with -v) + - Switched openssl CLI options to use an array. The reasons why + are documented here: http://mywiki.wooledge.org/BashFAQ/050 @@ -4,0 +13,5 @@ +- Refreshed changes file +- Applied spec-cleaner + +------------------------------------------------------------------- +Tue Feb 12 09:48:52 UTC 2019 - Karol Babioch <kbabi...@suse.de> @@ -5,0 +19 @@ +- Refreshed fix-shebang.patch Old: ---- ssl-cert-check-4.9git.1549917512.89cd021.tar.xz New: ---- ssl-cert-check-4.11git.1556282902.f3fc941.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ssl-cert-check.spec ++++++ --- /var/tmp/diff_new_pack.A9f2ZF/_old 2019-08-06 15:11:59.031739663 +0200 +++ /var/tmp/diff_new_pack.A9f2ZF/_new 2019-08-06 15:11:59.035739662 +0200 @@ -17,7 +17,7 @@ Name: ssl-cert-check -Version: 4.9git.1549917512.89cd021 +Version: 4.11git.1556282902.f3fc941 Release: 0 Summary: Shell script to send notifications when SSL certificates are about to expire License: GPL-2.0-only @@ -25,6 +25,7 @@ URL: https://prefetch.net/articles/checkcertificate.html Source0: %{name}-%{version}.tar.xz Patch0: fix-shebang.patch +BuildRequires: xz Requires: bash Requires: coreutils Requires: findutils @@ -32,12 +33,10 @@ Requires: grep Requires: openssl Requires: sed -BuildRequires: xz Recommends: mailx Provides: monitoring-plugins-ssl-cert-check = 3.29 Obsoletes: monitoring-plugins-ssl-cert-check <= 3.29 BuildArch: noarch -BuildRoot: %{_tmppath}/%{name}-%{version}-build %description ssl-cert-check is a Bourne shell script that can be used to report on expiring @@ -54,11 +53,10 @@ install -D -m0755 ssl-cert-check %{buildroot}/%{_bindir}/ssl-cert-check %files -%defattr(-,root,root) -%if 0%{suse_version} >= 1500 +%if 0%{?suse_version} >= 1500 %license LICENSE* %else -%doc LICENSE* +%license LICENSE* %endif %doc README* %{_bindir}/ssl-cert-check ++++++ _service ++++++ --- /var/tmp/diff_new_pack.A9f2ZF/_old 2019-08-06 15:11:59.067739655 +0200 +++ /var/tmp/diff_new_pack.A9f2ZF/_new 2019-08-06 15:11:59.067739655 +0200 @@ -2,7 +2,7 @@ <service name="obs_scm" mode="localonly"> <param name="url">https://github.com/Matty9191/ssl-cert-check.git</param> <param name="scm">git</param> - <param name="versionprefix">4.9git</param> + <param name="versionprefix">4.11git</param> </service> <service mode="localonly" name="tar" /> <service mode="localonly" name="recompress"> ++++++ fix-shebang.patch ++++++ --- /var/tmp/diff_new_pack.A9f2ZF/_old 2019-08-06 15:11:59.075739653 +0200 +++ /var/tmp/diff_new_pack.A9f2ZF/_new 2019-08-06 15:11:59.075739653 +0200 @@ -9,6 +9,6 @@ @@ -1,4 +1,4 @@ -#!/usr/bin/env bash +#!/bin/bash - PROGRAMVERSION=4.9 + PROGRAMVERSION=4.11 # # Program: SSL Certificate Check <ssl-cert-check> ++++++ ssl-cert-check-4.9git.1549917512.89cd021.tar.xz -> ssl-cert-check-4.11git.1556282902.f3fc941.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ssl-cert-check-4.9git.1549917512.89cd021/ssl-cert-check new/ssl-cert-check-4.11git.1556282902.f3fc941/ssl-cert-check --- old/ssl-cert-check-4.9git.1549917512.89cd021/ssl-cert-check 2019-02-11 21:38:32.000000000 +0100 +++ new/ssl-cert-check-4.11git.1556282902.f3fc941/ssl-cert-check 2019-04-26 14:48:22.000000000 +0200 @@ -1,5 +1,5 @@ #!/usr/bin/env bash -PROGRAMVERSION=4.9 +PROGRAMVERSION=4.11 # # Program: SSL Certificate Check <ssl-cert-check> # @@ -9,10 +9,19 @@ # # Author: Matty < matty91 at gmail dot com > # -# Last Updated: 02-11-2019 +# Last Updated: 02-12-2019 # # Revision History: # +# Version 4.10 +# - Replace tabs with spaces +# - More shllcheck cleanup work +# - Remove unused DEBUG variable +# - Fixed an innocuous whitespace bug in TLSFLAG variable creation +# - Set the default TLS version to 1.1 (can be overridden with -v) +# - Switched openssl CLI options to use an array. The reasons why +# are documented here: http://mywiki.wooledge.org/BashFAQ/050 +# # Version 4.9 # - Add a signal handler to call the cleanup funtion # if the script doesn't exit() cleanly -- Timothe Litt @@ -294,10 +303,7 @@ CERTTYPE="pem" # Protocol version to use (cmdline: -v) -VERSION="" - -# Enable debugging -DEBUG=0 +VERSION="-tls1_1" # Location of system binaries AWK=$(command -v awk) @@ -359,7 +365,7 @@ fi if [ -f "${ERROR_TMP}" ]; then - rm -f "${ERROR_TMP}" + rm -f "${ERROR_TMP}" fi } @@ -412,16 +418,16 @@ if [ "${1}" != "" ] && [ "${2}" != "" ] && [ "${3}" != "" ]; then ## Since leap years add aday at the end of February, ## calculations are done from 1 March 0000 (a fictional year) - d2j_tmpmonth=$((12 * ${3} + ${1} - 3)) + d2j_tmpmonth=$((12 * $3 + $1 - 3)) ## If it is not yet March, the year is changed to the previous year - d2j_tmpyear=$(( ${d2j_tmpmonth} / 12)) + d2j_tmpyear=$(( d2j_tmpmonth / 12)) ## The number of days from 1 March 0000 is calculated ## and the number of days from 1 Jan. 4713BC is added - echo $(( (734 * ${d2j_tmpmonth} + 15) / 24 - - 2 * ${d2j_tmpyear} + ${d2j_tmpyear}/4 - - ${d2j_tmpyear}/100 + ${d2j_tmpyear}/400 + $2 + 1721119 )) + echo $(( (734 * d2j_tmpmonth + 15) / 24 + - 2 * d2j_tmpyear + d2j_tmpyear/4 + - d2j_tmpyear/100 + d2j_tmpyear/400 + $2 + 1721119 )) else echo 0 fi @@ -493,7 +499,7 @@ ${PRINTF} "%-35s %-35s %-32s %-17s\n" "$1:$2" "$7" "$8" "$6" elif [ "${QUIET}" != "TRUE" ] && [ "${VALIDATION}" != "TRUE" ]; then - MIN_DATE=$(echo $4 | ${AWK} '{ print $1, $2, $4 }') + MIN_DATE=$(echo "$4" | "${AWK}" '{ print $1, $2, $4 }') if [ "${NAGIOS}" == "TRUE" ]; then ${PRINTF} "%-47s %-12s %-12s %-4s %-30s\n" "$1:$2" "$3" "$MIN_DATE" \|days="$5" else @@ -651,15 +657,13 @@ TLSFLAG="" fi - if [ "${VERSION}" != "" ]; then - VER="-${VERSION}" - fi - - if [ "${TLSSERVERNAME}" = "TRUE" ]; then - TLSFLAG="${TLSFLAG} -servername $1" + if [ "${TLSSERVERNAME}" = "FALSE" ]; then + TLSFLAG=(s_client -crlf -connect "${1}":"${2}") + else + TLSFLAG=(s_client -crlf -connect "${1}":"${2}" -servername "${1}") fi - echo "" | "${OPENSSL}" s_client -crlf ${VER} -connect ${1}:${2} ${TLSFLAG} 2> "${ERROR_TMP}" 1> "${CERT_TMP}" + echo "" | "${OPENSSL}" "${TLSFLAG[@]}" 2> "${ERROR_TMP}" 1> "${CERT_TMP}" if "${GREP}" -i "Connection refused" "${ERROR_TMP}" > /dev/null; then prints "${1}" "${2}" "Connection refused" "Unknown" @@ -721,56 +725,56 @@ # Extract the issuer from the certificate CERTISSUER=$("${OPENSSL}" x509 -in "${CERT_TMP}" -issuer -noout | \ - "${AWK}" 'BEGIN {RS="/" } $0 ~ /^O=/ \ + "${AWK}" 'BEGIN {RS="/" } $0 ~ /^O=/ { print substr($0,3,17)}') ### Grab the common name (CN) from the X.509 certificate COMMONNAME=$("${OPENSSL}" x509 -in "${CERT_TMP}" -subject -noout | \ - "${SED}" -e 's/.*CN=//' | \ - "${SED}" -e 's/\/.*//') + "${SED}" -e 's/.*CN=//' | \ + "${SED}" -e 's/\/.*//') ### Grab the serial number from the X.509 certificate SERIAL=$("${OPENSSL}" x509 -in "${CERT_TMP}" -serial -noout | \ "${SED}" -e 's/serial=//') else # Extract the expiration date from the ceriticate - CERTDATE=$(${OPENSSL} x509 -in ${CERTFILE} -enddate -noout -inform ${CERTTYPE} | \ - ${SED} 's/notAfter\=//') + CERTDATE=$("${OPENSSL}" x509 -in "${CERTFILE}" -enddate -noout -inform "${CERTTYPE}" | \ + "${SED}" 's/notAfter\=//') # Extract the issuer from the certificate - CERTISSUER=$(${OPENSSL} x509 -in ${CERTFILE} -issuer -noout -inform ${CERTTYPE} | \ - ${AWK} 'BEGIN {RS="/" } $0 ~ /^O=/ { print substr($0,3,17)}') + CERTISSUER=$("${OPENSSL}" x509 -in "${CERTFILE}" -issuer -noout -inform "${CERTTYPE}" | \ + "${AWK}" 'BEGIN {RS="/" } $0 ~ /^O=/ { print substr($0,3,17)}') ### Grab the common name (CN) from the X.509 certificate - COMMONNAME=$(${OPENSSL} x509 -in ${CERTFILE} -subject -noout -inform ${CERTTYPE} | \ - ${SED} -e 's/.*CN=//' | \ - ${SED} -e 's/\/.*//') + COMMONNAME=$("${OPENSSL}" x509 -in "${CERTFILE}" -subject -noout -inform "${CERTTYPE}" | \ + "${SED}" -e 's/.*CN=//' | \ + "${SED}" -e 's/\/.*//') ### Grab the serial number from the X.509 certificate - SERIAL=$(${OPENSSL} x509 -in ${CERTFILE} -serial -noout -inform ${CERTTYPE} | \ - ${SED} -e 's/serial=//') + SERIAL=$("${OPENSSL}" x509 -in "${CERTFILE}" -serial -noout -inform "${CERTTYPE}" | \ + "${SED}" -e 's/serial=//') fi ### Split the result into parameters, and pass the relevant pieces to date2julian set -- ${CERTDATE} - MONTH=$(getmonth ${1}) + MONTH=$(getmonth "${1}") # Convert the date to seconds, and get the diff between NOW and the expiration date - CERTJULIAN=$(date2julian ${MONTH#0} ${2#0} ${4}) - CERTDIFF=$(date_diff ${NOWJULIAN} ${CERTJULIAN}) + CERTJULIAN=$(date2julian "${MONTH#0}" "${2#0}" "${4}") + CERTDIFF=$(date_diff "${NOWJULIAN}" "${CERTJULIAN}") - if [ ${CERTDIFF} -lt 0 ]; then + if [ "${CERTDIFF}" -lt 0 ]; then if [ "${ALARM}" = "TRUE" ]; then - send_mail ${SENDER} ${ADMIN} "Certificate for ${HOST} \"(CN: ${COMMONNAME})\" has expired!" \ + send_mail "${SENDER}" "${ADMIN}" "Certificate for ${HOST} \"(CN: ${COMMONNAME})\" has expired!" \ "The SSL certificate for ${HOST} \"(CN: ${COMMONNAME})\" has expired!" fi - prints ${HOST} ${PORT} "Expired" "${CERTDATE}" "${CERTDIFF}" "${CERTISSUER}" "${COMMONNAME}" "${SERIAL}" + prints "${HOST}" "${PORT}" "Expired" "${CERTDATE}" "${CERTDIFF}" "${CERTISSUER}" "${COMMONNAME}" "${SERIAL}" RETCODE_LOCAL=2 - elif [ ${CERTDIFF} -lt ${WARNDAYS} ]; then + elif [ "${CERTDIFF}" -lt "${WARNDAYS}" ]; then if [ "${ALARM}" = "TRUE" ]; then - send_mail ${SENDER} ${ADMIN} "Certificate for ${HOST} \"(CN: ${COMMONNAME})\" will expire in ${CERTDIFF}-days or less" \ + send_mail "${SENDER}" "${ADMIN}" "Certificate for ${HOST} \"(CN: ${COMMONNAME})\" will expire in ${CERTDIFF}-days or less" \ "The SSL certificate for ${HOST} \"(CN: ${COMMONNAME})\" will expire on ${CERTDATE}" fi prints "${HOST}" "${PORT}" "Expiring" "${CERTDATE}" "${CERTDIFF}" "${CERTISSUER}" "${COMMONNAME}" "${SERIAL}" @@ -783,7 +787,7 @@ set_returncode "${RETCODE_LOCAL}" MIN_DATE=$(echo "${CERTDATE}" | "${AWK}" '{ print $1, $2, $4 }') - set_summary "${RETCODE_LOCAL}" "${HOST}" "${PORT}" "${MIN_DATE}" ${CERTDIFF} + set_summary "${RETCODE_LOCAL}" "${HOST}" "${PORT}" "${MIN_DATE}" "${CERTDIFF}" } ################################# @@ -797,7 +801,7 @@ c) CERTFILE=${OPTARG};; d) CERTDIRECTORY=${OPTARG};; e) ADMIN=${OPTARG};; - E) SENDER=${OPTARG};; + E) SENDER=${OPTARG};; f) SERVERFILE=$OPTARG;; h) usage exit 1;; @@ -814,7 +818,7 @@ v) VERSION=$OPTARG;; V) echo "${PROGRAMVERSION}" exit 0 - ;; + ;; x) WARNDAYS=$OPTARG;; \?) usage exit 1;; @@ -901,8 +905,9 @@ print_heading IFS=$'\n' - for LINE in $(grep -E -v '(^#|^$)' "${SERVERFILE}") - do + + #for LINE in $(grep -E -v '(^#|^$)' "${SERVERFILE}") + "${GREP}" -E -v '(^#|^$)' "${SERVERFILE}" | while read -r LINE; do HOST=${LINE%% *} PORT=${LINE#* } IFS=" "