[Bug 1031680] Re: check_apt always report 0 critical updates
quantal has seen the end of its life and is no longer receiving any updates. Marking the quantal task for this ticket as Won't Fix. ** Changed in: nagios-plugins (Ubuntu Quantal) Status: Confirmed = Won't Fix -- You received this bug notification because you are a member of Ubuntu Server Team, which is a bug assignee. https://bugs.launchpad.net/bugs/1031680 Title: check_apt always report 0 critical updates To manage notifications about this bug go to: https://bugs.launchpad.net/nagios-plugins/+bug/1031680/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1031680] Re: check_apt always report 0 critical updates
raring has seen the end of its life and is no longer receiving any updates. Marking the raring task for this ticket as Won't Fix. ** Changed in: nagios-plugins (Ubuntu Raring) Status: Triaged = Won't Fix -- You received this bug notification because you are a member of Ubuntu Server Team, which is a bug assignee. https://bugs.launchpad.net/bugs/1031680 Title: check_apt always report 0 critical updates To manage notifications about this bug go to: https://bugs.launchpad.net/nagios-plugins/+bug/1031680/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1031680] Re: check_apt always report 0 critical updates
Anyways ... please fill pull requests over there in https://github.com /monitoring-plugins/monitoring-plugins, the upstream has changed it's name. -- You received this bug notification because you are a member of Ubuntu Server Team, which is a bug assignee. https://bugs.launchpad.net/bugs/1031680 Title: check_apt always report 0 critical updates To manage notifications about this bug go to: https://bugs.launchpad.net/nagios-plugins/+bug/1031680/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1031680] Re: check_apt always report 0 critical updates
Dropping Saucy target, as I don't think it's realistic. ** No longer affects: nagios-plugins (Ubuntu Saucy) -- You received this bug notification because you are a member of Ubuntu Server Team, which is a bug assignee. https://bugs.launchpad.net/bugs/1031680 Title: check_apt always report 0 critical updates To manage notifications about this bug go to: https://bugs.launchpad.net/nagios-plugins/+bug/1031680/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1031680] Re: check_apt always report 0 critical updates
Also an option is to port check_apt to use libapt-pkg[1]. This has the advantage that libapt-pkg is providing a stable api and we don't need to parse output of apt-get/aptitude. The easiest way to get changes into upstream is to send pull requests[2]. [1] http://packages.debian.org/wheezy/libapt-pkg4.12 [2] https://github.com/nagios-plugins/nagios-plugins -- You received this bug notification because you are a member of Ubuntu Server Team, which is a bug assignee. https://bugs.launchpad.net/bugs/1031680 Title: check_apt always report 0 critical updates To manage notifications about this bug go to: https://bugs.launchpad.net/nagios-plugins/+bug/1031680/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1031680] Re: check_apt always report 0 critical updates
I've made some suggestions here: https://lists.ubuntu.com/archives/ubuntu-server/2013-July/006675.html Reading cyco's comment, I suppose another route would be to get Simon's plugin into nagios-plugins-contrib? -- You received this bug notification because you are a member of Ubuntu Server Team, which is a bug assignee. https://bugs.launchpad.net/bugs/1031680 Title: check_apt always report 0 critical updates To manage notifications about this bug go to: https://bugs.launchpad.net/nagios-plugins/+bug/1031680/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1031680] Re: check_apt always report 0 critical updates
It's not a security issue, per se, just closely related. It is indeed bug on ubuntu system and it is ubuntu specific in some ways. We should provide improved checks by default, and if possible, in an unstreamable way. I have targeted this bug for saucy, such that hopefully this can be resolved this cycle. -- You received this bug notification because you are a member of Ubuntu Server Team, which is a bug assignee. https://bugs.launchpad.net/bugs/1031680 Title: check_apt always report 0 critical updates To manage notifications about this bug go to: https://bugs.launchpad.net/nagios-plugins/+bug/1031680/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1031680] Re: check_apt always report 0 critical updates
I've reported this upstream, since I don't see that this bug will get fixed any other way: https://sourceforge.net/tracker/?func=detailaid=3614595group_id=29880atid=397597 I'm dubious about calling this a security vulnerability. I can see your logic, but this bug's root cause is the fundamental design of check_apt (fragile apt-get simulation parsing) causing it to not work for security purposes at all. I'd love to see this fixed, but it might be better to just write an entirely separate plugin based on calling /usr/lib/update- notifier/apt-check instead. In that case, it might be better to just say that check_apt is unsuitable for detecting security updates on Ubuntu, and what you really have is a wishlist bug for a different plugin that *is* capable of it. Since /usr/lib/update-notifier/apt-check is machine readable, such an alternative plugin could be about five lines of shell. I have asked if such a contribution would be welcome in the upstream bug. Anyway, how to classify this bug isn't really going to change anything. I have asked upstream for comments on a suitable fix. A working interface to get the required information is available. We can follow whatever they decide to do. ** Bug watch added: SourceForge.net Tracker #3614595 http://sourceforge.net/support/tracker.php?aid=3614595 ** Also affects: nagios-plugins via http://sourceforge.net/support/tracker.php?aid=3614595 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Server Team, which is a bug assignee. https://bugs.launchpad.net/bugs/1031680 Title: check_apt always report 0 critical updates To manage notifications about this bug go to: https://bugs.launchpad.net/nagios-plugins/+bug/1031680/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1031680] Re: check_apt always report 0 critical updates
I too needed to know when security packages were available so I cooked my own (*) wrapper around /usr/lib/update-notifier/apt-check. It works well and also provides perf_data for those who'd like to visualize the package availability. *: https://github.com/simondeziel/custom-nagios- plugins/blob/master/plugins/check_apt_upgrade -- You received this bug notification because you are a member of Ubuntu Server Team, which is a bug assignee. https://bugs.launchpad.net/bugs/1031680 Title: check_apt always report 0 critical updates To manage notifications about this bug go to: https://bugs.launchpad.net/nagios-plugins/+bug/1031680/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1031680] Re: check_apt always report 0 critical updates
** Information type changed from Public Security to Public -- You received this bug notification because you are a member of Ubuntu Server Team, which is a bug assignee. https://bugs.launchpad.net/bugs/1031680 Title: check_apt always report 0 critical updates To manage notifications about this bug go to: https://bugs.launchpad.net/nagios-plugins/+bug/1031680/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1031680] Re: check_apt always report 0 critical updates
Sorry guys .. this ist _NOT_ a security issue (at least no one of nagios-plugins). Opening a but upstream might a good idea, but upstream doesn't work on debian systems. So it's up to you guys to present (useful and senseful) patches which might be adopted upstream. If anybody want to rely on apt-check, you should spin off a separate plugin and try to incorporate that into the nagios-plugins-contrib package! Anyways ... nagios-plugins-contrib also provides check_packages, maybe you give it a go. Cheers, Jan (with Debian Nagios-Plugins Maintainers hat on). -- You received this bug notification because you are a member of Ubuntu Server Team, which is a bug assignee. https://bugs.launchpad.net/bugs/1031680 Title: check_apt always report 0 critical updates To manage notifications about this bug go to: https://bugs.launchpad.net/nagios-plugins/+bug/1031680/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1031680] Re: check_apt always report 0 critical updates
not knowing about security updates are a security issue; changed the but type ** Information type changed from Public to Public Security -- You received this bug notification because you are a member of Ubuntu Server Team, which is a bug assignee. https://bugs.launchpad.net/bugs/1031680 Title: check_apt always report 0 critical updates To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nagios-plugins/+bug/1031680/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1031680] Re: check_apt always report 0 critical updates
** Changed in: nagios-plugins (Ubuntu) Importance: Medium = High ** Changed in: nagios-plugins (Ubuntu) Assignee: (unassigned) = Ubuntu Server Team (ubuntu-server) ** Tags added: rls-s-incoming ** Also affects: nagios-plugins (Ubuntu Precise) Importance: Undecided Status: New ** Also affects: nagios-plugins (Ubuntu Quantal) Importance: Undecided Status: New ** Also affects: nagios-plugins (Ubuntu Raring) Importance: High Assignee: Ubuntu Server Team (ubuntu-server) Status: Triaged ** Also affects: nagios-plugins (Ubuntu S-series) Importance: Undecided Status: New ** Changed in: nagios-plugins (Ubuntu Precise) Status: New = Confirmed ** Changed in: nagios-plugins (Ubuntu Quantal) Status: New = Confirmed ** Changed in: nagios-plugins (Ubuntu S-series) Status: New = Confirmed ** Changed in: nagios-plugins (Ubuntu S-series) Assignee: (unassigned) = Ubuntu Server Team (ubuntu-server) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nagios-plugins in Ubuntu. https://bugs.launchpad.net/bugs/1031680 Title: check_apt always report 0 critical updates To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nagios-plugins/+bug/1031680/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1031680] Re: check_apt always report 0 critical updates
I also can confirm both this bug and Robie's explanation for it. Additionally, I attached a copy of a potential replacement check plugin to Bug #1167621 along with some changes needed to update-notifier in order for that to work. -- You received this bug notification because you are a member of Ubuntu Server Team, which is a bug assignee. https://bugs.launchpad.net/bugs/1031680 Title: check_apt always report 0 critical updates To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nagios-plugins/+bug/1031680/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1031680] Re: check_apt always report 0 critical updates
Another workaround is to reorder sources.list to have -security before -updates like this: $ cat /etc/apt/sources.list deb http://archive.ubuntu.com/ubuntu/ precise main universe deb http://archive.ubuntu.com/ubuntu/ precise-security main universe deb http://archive.ubuntu.com/ubuntu/ precise-updates main universe $ /usr/lib/nagios/plugins/check_apt -d APT CRITICAL: 5 packages available for dist-upgrade (4 critical updates). -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nagios-plugins in Ubuntu. https://bugs.launchpad.net/bugs/1031680 Title: check_apt always report 0 critical updates To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nagios-plugins/+bug/1031680/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1031680] Re: check_apt always report 0 critical updates
-- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nagios-plugins in Ubuntu. https://bugs.launchpad.net/bugs/1031680 Title: check_apt always report 0 critical updates To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nagios-plugins/+bug/1031680/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1031680] Re: check_apt always report 0 critical updates
Reproduced on precise: ubuntu@precise-test:~$ /usr/lib/update-notifier/apt-check --human-readable 17 packages can be updated. 12 updates are security updates. ubuntu@precise-test:~$ /usr/lib/nagios/plugins/check_apt APT WARNING: 14 packages available for upgrade (0 critical updates). ubuntu@precise-test:~$ Checking Quantal is a bit more involved, since there won't be any critical updates for Quantal until after it is released. ** Changed in: nagios-plugins (Ubuntu) Status: New = Confirmed ** Changed in: nagios-plugins (Ubuntu) Importance: Undecided = High -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nagios-plugins in Ubuntu. https://bugs.launchpad.net/bugs/1031680 Title: check_apt always report 0 critical updates To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nagios-plugins/+bug/1031680/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1031680] Re: check_apt always report 0 critical updates
It looks like this is due to how check_apt is checking for critical updates. Since Ubuntu publishes security updates in both the -updates and -security pockets, it only works if the security pocket is listed first in sources.list. Workaround: move the security lines in /etc/apt/sources.list to the top. Now I get: ubuntu@precise-test:~$ /usr/lib/update-notifier/apt-check --human-readable 17 packages can be updated. 12 updates are security updates. ubuntu@precise-test:~$ /usr/lib/nagios/plugins/check_apt APT CRITICAL: 14 packages available for upgrade (9 critical updates). Not an exact match, but better. This is probably due to how exactly check_apt is checking apt-get's output. It seems suboptimal to me. Now that /usr/lib/update-notifier/apt-check exists, check_apt could use it instead. But this would be a fundamental change in how check_apt works, so this should probably be sent for discussion upstream. Changing to Importance: Medium as a workaround is available. ** Changed in: nagios-plugins (Ubuntu) Status: Confirmed = Triaged ** Changed in: nagios-plugins (Ubuntu) Importance: High = Medium -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nagios-plugins in Ubuntu. https://bugs.launchpad.net/bugs/1031680 Title: check_apt always report 0 critical updates To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nagios-plugins/+bug/1031680/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1031680] Re: check_apt always report 0 critical updates
It turns out that somebody has already arranged a better workaround for Nagios here: http://superuser.com/q/199869/97683 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nagios-plugins in Ubuntu. https://bugs.launchpad.net/bugs/1031680 Title: check_apt always report 0 critical updates To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nagios-plugins/+bug/1031680/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
