HOWTO monitor changes in installed packages within jails?

Tue Jul 23 19:21:58 UTC 2013

On 20.07.2013, at 18:34, Michael Grimm <trashcan at odo.in-berlin.de> wrote:

> On 20.07.2013, at 14:53, Matthew Seaman <m.seaman at infracaninophile.co.uk> wrote:
>> On 20/07/2013 12:09, Michael Grimm wrote:
> 
>>> I did migrate to pkgng some month ago, and ever since I am curious
>>> how to monitor changes in installed packages within jails. I am
>>> looking for a functionality/port that works like 490.status-
>>> pkg-changes for my host.
>>> 
>>> Question: is there any functionality within the periodic system or a
>>> port that I might have missed to find?
>> 
>> You can't just run 490.status-pkg-changes directly in your jail?
> 
> Yes, I can ;-) 
> 
> But! I do have a lot of service jails running at my host, thus I would like to omit modifying every jail's /etc/periodic.conf adding:
> 
> | daily_status_pkg_changes_enable="YES"    # Show package changes
> | pkg_info="pkg info"                      # Use this program
> 
> 
>> Try this patch:
> 
> Thanks for that approach, namely adding "pkg -j jailname info" for every jail running. Due to my amount of jails I might need to add some looping over "jls -N" output instead of adding a lot of $daily_status_pkg_changes_flags.
> 
> I was hoping that I could omit programming that functionality myself, but I might need to do so.

I ended up in adding:
------------------------------- snip ----------------------------

--- /usr/src/etc/periodic/daily/490.status-pkg-changes	2013-04-03 17:59:35.894705550 +0200
+++ /etc/periodic/daily/490.status-pkg-changes	2013-07-23 20:19:27.833641916 +0200
@@ -32,6 +32,24 @@
 		diff -U 0 $bak/pkg_info.bak2 $bak/pkg_info.bak \
 		| grep '^[-+][^-+]' | sort -k 1.2
 	    fi
+
+# added jail(s) support
+#
+		for jname in `jls -N | grep -v JID | awk '{print $1}'`; do
+	    		if [ -f $bak/pkg_info_${jname}.bak ]; then
+	   		 	mv -f $bak/pkg_info_${jname}.bak $bak/pkg_info_${jname}.bak2
+	   		fi
+	   		jexec ${jname} ${pkg_info:-/usr/sbin/pkg_info} > $bak/pkg_info_${jname}.bak
+
+	   		cmp -sz $bak/pkg_info_${jname}.bak $bak/pkg_info_${jname}.bak2
+	  		if [ $? -eq 1 ]; then
+				echo ""
+				echo "Changes in installed packages (jail ${jname}):"
+				diff -U 0 $bak/pkg_info_${jname}.bak2 $bak/pkg_info_${jname}.bak \
+				| grep '^[-+][^-+]' | sort -k 1.2
+			fi
+		done
+
 	fi
 	;;
------------------------------- snip ----------------------------

Not perfect, really, but working at my side.

Michael
