From 3f371e27c13f0ae8b114aa284399a9394f15075a Mon Sep 17 00:00:00 2001
From: Guillaume Raffy <guillaume.raffy@univ-rennes1.fr>
Date: Wed, 10 Apr 2024 17:04:02 +0200
Subject: [PATCH] fixed bug in the cluster node automatic update system that
 caused the apt security updates to be ignored by the mechanism that checks if
 an update is required.

this misfunction was picked up by xymon/apt, which comainted that the Last apt update was too old

This regression was introduced in commit [https://git.ipr.univ-rennes.fr/cellinfo/ansible.debops/commit/29ce88975f666debb0565d3d9231977bc25e4c4f], which replaced the unattended upgrade mechanism with the cluster cron based autoupdate mechanism (but only for alambix clustern, for some reason)

The bug in the cluster cron based autoupdate system was caused by the fact that the code forgot to update the package list before calling apt list --upgradable. As a result, the package list was never updated on alambix, and therefore scurity updates were never seen. This problem was not present on physix, which does still have the unattended upgrade mechansim along with the cluster cron based autoupdate system.

fixes [https://bugzilla.ipr.univ-rennes.fr/show_bug.cgi?id=3810]
---
 cluster/apt.check.update.sh | 82 ++++++++++++++++++-------------------
 1 file changed, 41 insertions(+), 41 deletions(-)

diff --git a/cluster/apt.check.update.sh b/cluster/apt.check.update.sh
index 5ecb5fb..9596608 100755
--- a/cluster/apt.check.update.sh
+++ b/cluster/apt.check.update.sh
@@ -137,54 +137,51 @@ SGE Master (${sge_master_uri}:${sge_master_port}) is not reachable from this hos
 
 }
 # }}}
-is_apt_upgrade_absent() {                                       # {{{
+
+APT_PACKAGE_LIST_IS_UP_TO_DATE='false'
+ensure_apt_package_list_is_up_to_date()
+{
+	if [ "$APT_PACKAGE_LIST_IS_UP_TO_DATE" = 'false' ]
+	then
+		apt	update &> /dev/null
+		APT_PACKAGE_LIST_IS_UP_TO_DATE='true'
+	fi
+}
+
+
+get_num_outdated_packages()
+{
+	# ensure that the package list is up to date, because "apt list --upgradable" doesn't automatically do it
+	ensure_apt_package_list_is_up_to_date
 
 	## Count the number of upgradable packages and substract 1 for the header
-	local_apt_upgrade_number="$(apt list --upgradable 2>/dev/null \
+	local num_outdated_packages="$(apt list --upgradable 2>/dev/null \
 		| wc -l \
 		| awk '{print $1-1}')"
 
-	case "${local_apt_upgrade_number}" in
-		0 ) ## No available upgrade
-			return_apt_upgrade_absent="0"
-			;;
-		* ) ## Upgrade seems available
-			return_apt_upgrade_absent="1"
-			;;
-esac
-
-	## Simple debug message to valid current variable
-	debug_message "is_apt_upgrade_absent − \
-APT upgrade available for this system: ${RED}${local_apt_upgrade_number:=/dev/null}${COLOR_DEBUG}."
-
-	return "${return_apt_upgrade_absent}"
-
+	echo "${num_outdated_packages}"
 }
-# }}}
-is_apt_upgrade_present() {                                      # {{{
 
-	## Count the number of upgradable packages and substract 1 for the header
-	local_apt_upgrade_number="$(apt list --upgradable 2>/dev/null \
-		| wc -l \
-		| awk '{print $1-1}')"
+some_packages_are_outdated()
+{
+	local num_outdated_packages=''
+	num_outdated_packages=$(get_num_outdated_packages)
+	debug_message "some_packages_are_outdated − \
+number of outdated packages on this system: ${RED}${num_outdated_packages:=/dev/null}${COLOR_DEBUG}."
 
-	case "${local_apt_upgrade_number}" in
-		0 ) ## No available upgrade
-			return_apt_upgrade_present="1"
+	local return_code=''
+	case "${num_outdated_packages}" in
+		0 )
+			return_code='1'   # some_packages_are_outdated = false
 			;;
-		* ) ## Upgrade seems available
-			return_apt_upgrade_present="0"
+		* )
+			return_code='0'   # some_packages_are_outdated = true
 			;;
-esac
-
-	## Simple debug message to valid current variable
-	debug_message "is_apt_upgrade_present − \
-APT upgrade available for this system: ${RED}${local_apt_upgrade_number:=/dev/null}${COLOR_DEBUG}."
-
-	return "${return_apt_upgrade_present}"
+	esac
 
+	return "${return_code}"
 }
-# }}}
+
 is_file_present() {                                             # {{{
 
 	local_file_present="${1}"
@@ -257,12 +254,15 @@ main() {                                                        # {{{
 	## Define all vars
 	define_vars
 
-	## If NO APT package upgrade is available {{{
+	## If NO APT packages are out of date {{{
 	### Ensure to remove any temp file related to APT upgrades
 	### AND Exit
-	is_apt_upgrade_absent \
-		&& rm -f -- "${APT_TMP_FILE}" \
+	if [ ! "$(some_packages_are_outdated)" ]
+	then
+		rm -f -- "${APT_TMP_FILE}" \
 		&& exit 0
+	fi
+
 	## }}}
 
 	## If APT temp file already exists {{{
@@ -276,7 +276,7 @@ main() {                                                        # {{{
 	### Create APT temp file
 	### AND Exit
 	is_file_present "${sge_queue_flag_pattern}" \
-		&& is_apt_upgrade_present \
+		&& some_packages_are_outdated \
 		&& touch "${APT_TMP_FILE}" && echo "APT upgrade is available." >> "${APT_TMP_FILE}" \
 		&& exit 0
 	## }}}
@@ -296,7 +296,7 @@ main() {                                                        # {{{
 	### Create APT temp file
 	### Disable SGE queue
 	### AND Exit
-	is_apt_upgrade_present \
+	some_packages_are_outdated \
 		&& touch "${APT_TMP_FILE}" && echo "APT upgrade is available." >> "${APT_TMP_FILE}" \
 		&& sh "${sge_disable_host_queue_script}" \
 		&& exit 0