aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGuido Günther <agx@sigxcpu.org>2014-04-18 15:05:13 +0200
committerGuido Günther <agx@sigxcpu.org>2014-04-18 15:05:13 +0200
commit9a952f68c6dc5916c2f8d4fb686e7f216fa6736f (patch)
tree7e76b381ec327b97cf9b2ef562eab383da8f1432
parent5946d6d1079969822b750af12bb5c95b188485ae (diff)
parent98bdda0e2e0fe182857ebb7f56b86193c2a9e7d3 (diff)
Merge tag 'v0.0.5' into debian/master
whatmaps 0.0.5
-rw-r--r--.gitignore6
-rw-r--r--README37
-rw-r--r--man/whatmaps.pod43
-rw-r--r--setup.py5
-rw-r--r--tests/__init__.py0
-rw-r--r--tests/context.py53
-rw-r--r--tests/test_process.py124
-rw-r--r--whatmaps/__init__.py0
-rwxr-xr-xwhatmaps/command.py (renamed from whatmaps)55
-rw-r--r--whatmaps/process.py77
10 files changed, 349 insertions, 51 deletions
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..e9b90d1
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,6 @@
+.coverage
+*.pyc
+*~
+build/
+cover/
+whatmaps.egg-info/
diff --git a/README b/README
new file mode 100644
index 0000000..c35fe66
--- /dev/null
+++ b/README
@@ -0,0 +1,37 @@
+After a security update of a library one needs to restart all programs that
+make use of this library in order for the security update to become effective.
+whatmaps takes a package name and looks (on Linux systems) in /proc/pid/maps
+for processes that map shared objects contained in a certain package. It then
+looks for the corresponding processes to find the services that need to be
+restarted.
+
+It currently supports Debian and Fedora but might also work well on other
+Debian or RPM based distributions.
+
+Usage
+=====
+Pass the names of the packages that had shared objects updated:
+
+ whatmaps <pkg1> <pkg2>
+
+The example output looks like:
+
+ # whatmaps libssl0.9.8
+ WARNING: No service script found in 'wpasupplicant' for '['/sbin/wpa_supplicant']' - restart manually
+ Services that possibly need to be restarted:
+ postfix
+ libvirt-bin
+ ntpd
+
+Apt Integration
+===============
+
+To enable automatic restarts during security updates on Debian based systems set:
+
+ Whatmaps::Enable-Restart "1";
+
+in /etc/apt/apt.conf.d/20services.
+
+See
+
+https://honk.sigxcpu.org/piki/projects/whatmaps/
diff --git a/man/whatmaps.pod b/man/whatmaps.pod
new file mode 100644
index 0000000..408e75d
--- /dev/null
+++ b/man/whatmaps.pod
@@ -0,0 +1,43 @@
+=head1 NAME
+
+whatmaps - Find and restart services after library upgrades
+
+=head1 SYNOPSIS
+=encoding utf8
+
+B<whatmaps> [--restart] [--print-cmds=I<FILE>] pkg1 [pkg2 pkg3 ...]
+
+=head1 DESCRIPTION
+
+B<whatmaps> tries to find a list of services that need to be restarted
+after a library upgrade because they map that particular library into
+their address space. It does this by extracting a list of shared
+objects from the packages given on the command line. It then looks at
+the list of running processes to find those that map the shared
+objects and uses the distributions package manager to find out the
+packages that ship them. It then prints a list of services in these
+packages that likely need to be restarted.
+
+By default it assumes all services in the found packages need a restart but it
+also keeps a internal distribution specific list of exceptions.
+
+If the I<--restart> option is given, the services are restarted without any
+prompting and with the I<--prind-cmds> option the restart commands are written to
+a file for later execution.
+
+On Debian systems B<whatmaps> can also be run automatically by apt-get. See
+L</usr/share/doc/whatmaps/README.Debian> for details.
+
+=head1 SEE ALSO
+
+apt(8)
+
+The latest version is available at
+L<https://honk.sigxcpu.org/piki/projects/whatmaps/>.
+
+=head1 AUTHOR
+
+Guido Günther <agx@sigxcpu.org>
+
+=cut
+
diff --git a/setup.py b/setup.py
index 1da9283..46b0d81 100644
--- a/setup.py
+++ b/setup.py
@@ -20,7 +20,10 @@ setup(name = "whatmaps",
author = 'Guido Günther',
author_email = 'agx@sigxcpu.org',
data_files = data_files,
- scripts = [ 'whatmaps' ],
+ packages = ['whatmaps'],
+ entry_points = {
+ 'console_scripts': [ 'whatmaps = whatmaps.command:run' ],
+ },
)
# vim:et:ts=4:sw=4:et:sts=4:ai:set list listchars=tab\:»·,trail\:·:
diff --git a/tests/__init__.py b/tests/__init__.py
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/__init__.py
diff --git a/tests/context.py b/tests/context.py
new file mode 100644
index 0000000..d859c2f
--- /dev/null
+++ b/tests/context.py
@@ -0,0 +1,53 @@
+# this context.py should be included by all tests
+# idea from http://kennethreitz.com/repository-structure-and-python.html
+
+import os
+import shutil
+import sys
+import tempfile
+
+import whatmaps
+
+sys.path.insert(0, os.path.abspath('..'))
+
+# the top or root dir of the git-buildpackage source tree to be used by tests
+projectdir = os.path.dirname(os.path.dirname(os.path.abspath(whatmaps.__file__)))
+
+_chdir_backup = None
+_tmpdirs = []
+
+def chdir(dir):
+ global _chdir_backup
+ if not _chdir_backup:
+ _chdir_backup = os.path.abspath(os.curdir)
+ os.chdir(str(dir))
+
+def new_tmpdir(name):
+ global _tmpdirs
+ prefix='whatmaps_%s_' % name
+ tmpdir = TmpDir(prefix)
+ _tmpdirs.append(tmpdir)
+ return tmpdir
+
+def teardown():
+ if _chdir_backup:
+ os.chdir(_chdir_backup)
+ for tmpdir in _tmpdirs:
+ tmpdir.rmdir()
+ del _tmpdirs[:]
+
+class TmpDir(object):
+
+ def __init__(self, suffix='', prefix='tmp'):
+ self.path = tempfile.mkdtemp(suffix=suffix, prefix=prefix)
+
+ def rmdir(self):
+ if self.path and not os.getenv("WHATMAPS_TESTS_NOCLEAN"):
+ shutil.rmtree(self.path)
+ self.path = None
+
+ def __repr__(self):
+ return self.path
+
+ def join(self, *args):
+ return os.path.join(self.path, *args)
diff --git a/tests/test_process.py b/tests/test_process.py
new file mode 100644
index 0000000..da47ebd
--- /dev/null
+++ b/tests/test_process.py
@@ -0,0 +1,124 @@
+# vim: set fileencoding=utf-8 :
+# (C) 2014 Guido Günther <agx@sigxcpu.org>
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+"""Test L{whatmaps.process} config"""
+
+import os
+import sys
+import unittest
+import random
+
+from whatmaps.process import Process
+
+from . import context
+
+class TestWhatmapsProcess(unittest.TestCase):
+ def setUp(self):
+ self.tmpdir = context.new_tmpdir(__name__)
+ self.procfs = str(self.tmpdir)
+ self.pid = random.randint(1, 65535)
+ self.piddir = os.path.join(self.procfs, str(self.pid))
+ os.mkdir(self.piddir)
+ self.exe = os.path.join(self.piddir, 'exe')
+ self.cmdline = os.path.join(self.piddir, 'cmdline')
+ self.maps = os.path.join(self.piddir, 'maps')
+ self._write_cmdline('doesnotmatter') # Write at least an empty cmdline
+ self._write_exe_symlink('acommand')
+ self._write_maps([['f32b43221000-7f32b4522000',
+ '---p',
+ '00020000',
+ 'fe:02',
+ '1704011',
+ '/lib/x86_64-linux-gnu/libselinux.so.1'],
+ ['7f32b4521000-7f32b4623000',
+ 'r--p',
+ '00020000',
+ 'fe:02',
+ '1704011',
+ '/lib/x86_64-linux-gnu/libselinux.so.1'],
+ ])
+
+ def _write_exe_symlink(self, name):
+ exe = os.path.join(str(self.tmpdir), name)
+ os.symlink(exe, self.exe)
+
+ def _write_cmdline(self, text=''):
+ f = open(self.cmdline, 'w')
+ f.write(text)
+ f.close()
+
+ def _write_maps(self, data):
+ f = open(self.maps, 'w')
+ f.write('\n'.join([' '.join(r) for r in data]))
+ f.close()
+
+ def test_nonexistent(self):
+ """No exe link should create an 'empty' object"""
+ os.unlink(self.exe)
+ p = Process(self.pid, self.procfs)
+ self.assertIsNone(p.exe)
+ self.assertIsNone(p.cmdline)
+
+ def test_deleted(self):
+ """Handle symlink to deleted binaries"""
+ exe = '/does/not/matter'
+ os.unlink(self.exe)
+ os.symlink(os.path.join(self.piddir, '%s (deleted)' % exe),
+ self.exe)
+
+ p = Process(self.pid, procfs=self.procfs)
+ self.assertEqual(p.exe, exe)
+ self.assertTrue(p.deleted, True)
+ self.assertEqual(p.cmdline, 'doesnotmatter')
+
+ def test_existing(self):
+ p = Process(self.pid, procfs=self.procfs)
+ exe = os.path.join(str(self.tmpdir), 'acommand')
+ self.assertEqual(p.exe, exe)
+ self.assertEqual(p.cmdline, 'doesnotmatter')
+ self.assertFalse(p.deleted)
+ self.assertEqual(str(p),
+ "<Process object pid:%d>" % self.pid)
+
+ def test_maps(self):
+ """Check whether the process maps a shared object at path"""
+ p = Process(self.pid, procfs=self.procfs)
+ self.assertFalse(p.maps('/does/not/exist'))
+ self.assertTrue(p.maps('/lib/x86_64-linux-gnu/libselinux.so.1'))
+
+ def test_no_maps(self):
+ """Check if we don't fail if the process went away"""
+ os.unlink(self.maps)
+ p = Process(self.pid, procfs=self.procfs)
+ self.assertFalse(p.maps('/does/not/exist'))
+ self.assertFalse(p.maps('/lib/x86_64-linux-gnu/libselinux.so.1'))
+
+ def test_broken_maps(self):
+ """Continue on unparseable map file"""
+ # Provoke index error by to few items in line
+ self._write_maps([['do', 'few', 'items']])
+ p = Process(self.pid, procfs=self.procfs)
+ self.assertFalse(p.maps('/does/not/exist'))
+ self.assertFalse(p.maps('/lib/x86_64-linux-gnu/libselinux.so.1'))
+
+ @unittest.skipIf(os.getuid() == 0, "Skip if root")
+ def test_broken_unreadable_map(self):
+ """Raise error if map file is unreadable"""
+ os.chmod(self.maps, 0)
+ p = Process(self.pid, procfs=self.procfs)
+ self.assertRaises(IOError, p.maps, '/does/not/exist')
+
+ def tearDown(self):
+ context.teardown()
diff --git a/whatmaps/__init__.py b/whatmaps/__init__.py
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/whatmaps/__init__.py
diff --git a/whatmaps b/whatmaps/command.py
index cca0701..502f7d3 100755
--- a/whatmaps
+++ b/whatmaps/command.py
@@ -34,61 +34,13 @@ try:
except ImportError:
lsb_release = None
+from whatmaps.process import Process
+
class PkgError(Exception):
pass
-class Process(object):
- """A process - Linux only so far, needs /proc mounted"""
- deleted_re = re.compile(r"(?P<exe>.*) \(deleted\)$")
-
- def __init__(self, pid):
- self.pid = pid
- self.mapped = []
- try:
- self.exe = os.readlink('/proc/%d/exe' % self.pid)
- m = self.deleted_re.match(self.exe)
- if m:
- self.exe = m.group('exe')
- logging.debug("Using deleted exe %s", self.exe)
- if not os.path.exists(self.exe):
- logging.debug("%s doesn't exist", self.exe)
- self.cmdline = open('/proc/%d/cmdline' % self.pid).read()
- except OSError:
- self.exe = None
- self.cmdline = None
-
- def _read_maps(self):
- """Read the SOs from /proc/<pid>/maps"""
- try:
- f = file('/proc/%d/maps' % self.pid)
- except IOError as e:
- # ignore killed process
- if e.errno != errno.ENOENT:
- raise
- return
- for line in f:
- try:
- so = line.split()[5].strip()
- self.mapped.append(so)
- except IndexError:
- pass
-
- def maps(self, path):
- """Check if the process maps the object at path"""
- if not self.mapped:
- self._read_maps()
-
- if path in self.mapped:
- return True
- else:
- return False
-
- def __repr__(self):
- return "<Process object pid:%d>" % self.pid
-
-
class Distro(object):
"""
A distribution
@@ -602,6 +554,9 @@ def main(argv):
return 0
+def run():
+ return(main(sys.argv))
+
if __name__ == '__main__':
sys.exit(main(sys.argv))
diff --git a/whatmaps/process.py b/whatmaps/process.py
new file mode 100644
index 0000000..3fe23f3
--- /dev/null
+++ b/whatmaps/process.py
@@ -0,0 +1,77 @@
+#!/usr/bin/python -u
+# vim: set fileencoding=utf-8 :
+#
+# (C) 2010,2014 Guido Günther <agx@sigxcpu.org>
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+import errno
+import logging
+import os
+import re
+
+class Process(object):
+ """A process - Linux only so far, needs /proc mounted"""
+ deleted_re = re.compile(r"(?P<exe>.*) \(deleted\)$")
+
+ def __init__(self, pid, procfs=None):
+ self.procfs = procfs or '/proc'
+ self.pid = pid
+ self.mapped = []
+ self.deleted = False
+ try:
+ self.exe = os.readlink(self._procpath(str(self.pid), 'exe'))
+ m = self.deleted_re.match(self.exe)
+ if m:
+ self.exe = m.group('exe')
+ self.deleted = True
+ logging.error("Using deleted exe %s", self.exe)
+ if not os.path.exists(self.exe):
+ logging.debug("%s doesn't exist", self.exe)
+ self.cmdline = open(self._procpath('%d/cmdline' % self.pid)).read()
+ except OSError:
+ self.exe = None
+ self.cmdline = None
+
+ def _procpath(self, *args):
+ """
+ Return a path relative to the current procfs bsae
+ """
+ return os.path.join(self.procfs, *args)
+
+ def _read_maps(self):
+ """Read the SOs from /proc/<pid>/maps"""
+ try:
+ f = file(self._procpath('%d/maps' % self.pid))
+ except IOError as e:
+ # ignore killed process
+ if e.errno != errno.ENOENT:
+ raise
+ return
+ for line in f:
+ try:
+ so = line.split()[5].strip()
+ self.mapped.append(so)
+ except IndexError:
+ pass
+
+ def maps(self, path):
+ """Check if the process maps the object at path"""
+ if not self.mapped:
+ self._read_maps()
+
+ return True if path in self.mapped else False
+
+ def __repr__(self):
+ return "<Process object pid:%d>" % self.pid