#!/usr/bin/perl -w

=head1 NAME

apt_all - Plugin to monitor packages that should be installed on
systems using apt-get (mostly Debian, but also RedHat).

=head1 NOTES

The differences between this plugin and the apt plugins, is that this
plugin separates each distro with its own plot, and actually draws
graphs.

=head1 CONFIGURATION

You can add some extra options to the apt call, in order to override
your /etc/apt.conf defaults.

[apt_all]
env.MUNIN_APT_RELEASES = stable,testing,unstable
env.options -o Debug::pkgDepCache::AutoInstall=false -o APT::Get::Show-Versions=false
env.releases stable experimental

"options" is empty by default.
"releases" is a space separated list of release names.  It defaults to
the empty string.  This default triggers the automatic detection of
available distributions from the URLs of all configured repositories.

If "MUNIN_APT_RELEASES" is non-empty (a comma separated list of releases),
then it overrides "releases".  This setting is deprecated.

Note that apt is called with no extra options by default, so it fully honors
your /etc/apt.conf defaults.

=head1 USAGE

The plugin depends on a periodic update of apt's package cache.

This can be accomplished by using systemd's timer for periodic updates or via
apt's compatibility helper (/etc/cron.daily/apt-compat).

The relevant apt configuration setting for daily updates is:

 APT::Periodic::Update-Package-Lists "1";

(the numeric value defines the number of days between updates)


Alternatively you can also configure a simple cron job for updating the cache
more frequently:

 /etc/cron.d/munin-plugin-apt
 53  * * * *	root	perl -e 'sleep(3600);' && apt-get update >/dev/null 2>&1

Remember to randomize the starting hour for this cron job on your servers.


=head1 MAGIC MARKERS

 #%# family=manual
 #%# capabilities=autoconf

=cut

# Now for the real work...

use strict;
use File::stat;
use Munin::Plugin;

$ENV{'LANG'}="C";
$ENV{'LC_ALL'}="C";

# APT cache directory
my $aptcache = '/var/cache/apt';
my $dpkgstatus = '/var/lib/dpkg/status';

# try to determine the currently available distributions by inspecting the repository URLs
sub guess_releases() {
    open(my $fh, "-|", "apt-get update --print-uris")
        or die("Failed to determine distribution releases via 'apt-get update --print-uris");
    my %release_names;
    my $line;
    while ( ! eof($fh) ) {
        defined( $line = readline $fh ) or die "Failed to read line from output of 'apt-get': $!";
        # example line:
        #     'http://ftp.debian.org/debian/dists/stable/InRelease' ftp.debian.org_debian_dists_stable_InRelease 0
        if ($line =~ m'^.*/dists/([^/]+)/.*$') {
            $release_names{$1} = 1;
        }
    }
    return keys %release_names;
}

# use a given 'releases' environment variable (space separated names) or inspect the repository URLs
my @releases = split(",", ($ENV{MUNIN_APT_RELEASES} || ""));
@releases = split(/\s/, ($ENV{releases} || "")) unless @releases;
@releases = guess_releases() unless @releases;


sub get_clean_release_fieldname {
    my ($fieldname) = @_;
    # apply some minor URI-like substitution (avoiding ambiguity between slash and hyphen)
    $fieldname =~ s#/#_2F#g;
    return clean_fieldname($fieldname);
}


# Print the apt state, regenerating the state cache if necessary
sub print_state() {
    my $statefile = $ENV{MUNIN_PLUGSTATE} . "/plugin-apt.state";
    if (-l $statefile) {
	die("$statefile is a symbolic link, refusing to read it.");
    }

    if (is_out_of_date($statefile)) {
        update_state ($statefile);
    }

    if (! -e "$statefile") {
	die ("$statefile does not exist. Something wicked happened.");
    }

    open(STATE, "$statefile")
	or die("Couldn't open state file $statefile for reading.");
    while (my $line = <STATE>) {
        foreach my $release (@releases) {
            my $release_cleaned = get_clean_release_fieldname($release);
            # print only lines that are expected for the currently requested releases
            if ($line =~ /^(hold|pending)_$release_cleaned\.(value|extinfo)/) {
                print $line ;
                last;
            }
        }
    }
    close STATE;
}

# Checks if the state file is out of date relative to the apt cache
# or if the state file is missing.
# If the apt cache isn't found, dies with a hint
sub is_out_of_date {
    my ($statefile) = @_;

    my $apttime = get_last_apt_update();
    if ($apttime == 0) {
        die("Unable to determine last apt update from '$aptcache'. "
            . "Maybe you want to run 'apt-get update' as root to populate the cache?");
    }

    if (! -e "$statefile") { return 1; }
    my $statetime = stat($statefile)->mtime;

    return $apttime >= $statetime;
}

# Gets the most recent update time of the apt package caches
sub get_last_apt_update {
    my $apttime = 0;
    if (opendir(DIR, $aptcache)) {
        for my $aptfile (grep { !/^\./ && /pkgcache\.bin$/ } readdir(DIR)) {
            my $filetime = stat("${aptcache}/${aptfile}")->mtime;
            if ($filetime > $apttime) { $apttime = $filetime; }
        }
        closedir(DIR);
    }

    if ($apttime > 0 && -f $dpkgstatus) {
        my $filetime = stat($dpkgstatus)->mtime;
        if ($filetime > $apttime) { $apttime = $filetime; }
    }

    return $apttime;
}

# Recreate the state cache
sub update_state() {
	my ($statefile) = @_;
	if (-l $statefile) {
		die("$statefile is a symbolic link, refusing to touch it.");
	}
	open(STATE, ">$statefile")
		or die("Couldn't open state file $statefile for writing.");
	foreach my $release (@releases) {
	    my $options = $ENV{options} || "";
	    my $apt="apt-get $options -u dist-upgrade --print-uris --yes -t $release |";
	    open (APT, "$apt") or exit 22;

	    my @pending = ();
	    my $hold    = 0;
	    my @remove  = ();
	    my @install = ();

	    while (<APT>)
	    {
		    if (/^The following packages will be REMOVED:/)
		    {
			    my $where = 0;
			    while (<APT>)
			    {
				    last if (/^\S/);
				    foreach my $package (split /\s+/)
				    {
					    next unless ($package =~ /\S/);
					    push (@remove, "-$package");
				    }
			    }
		    }
		    if (/^The following NEW packages will be installed:/)
		    {
			    my $where = 0;
			    while (<APT>)
			    {
				    last if (/^\S/);
				    foreach my $package (split /\s+/)
				    {
					    next unless ($package =~ /\S/);
					    push (@install, "+$package");
				    }
			    }
		    }
		    if (/^The following packages will be upgraded/)
		    {
			    my $where = 0;
			    while (<APT>)
			    {
				    last if (/^\S/);
				    foreach my $package (split /\s+/)
				    {
					    next unless ($package =~ /\S/);
					    push (@pending, $package);
				    }
			    }
		    }
		    if (/^\d+\supgraded,\s\d+\snewly installed, \d+ to remove and (\d+) not upgraded/)
		    {
			    $hold = $1;
		    }
	    }

	    push (@pending, @install) if @install;
	    push (@pending, @remove ) if @remove;
	    close APT;

            my $release_cleaned = get_clean_release_fieldname($release);
            print STATE "pending_$release_cleaned.value ", scalar (@pending), "\n";
	    if (@pending)
	    {
                print STATE "pending_$release_cleaned.extinfo ", join (' ', @pending), "\n";
	    }
            print STATE "hold_$release_cleaned.value $hold\n";

	}
	close(STATE);
}

if ($ARGV[0] and $ARGV[0] eq "autoconf")
{
	`apt-get -v >/dev/null 2>/dev/null`;
	if ($? eq "0")
	{
		print "yes\n";
		exit 0;
	}
	else
	{
		print "no (apt-get not found)\n";
		exit 0;
	}
}

if ($ARGV[0] and $ARGV[0] eq "config") {

    print "graph_title Pending packages\n";
    print "graph_vlabel Total packages\n";
    print "graph_category security\n";

    foreach my $release (@releases) {
        my $release_cleaned = get_clean_release_fieldname($release);
        print "pending_$release_cleaned.label pending ($release)\n";
        print "pending_$release_cleaned.warning 0:0\n";
        print "hold_$release_cleaned.label hold ($release)\n";
    }
    exit 0;
}

print_state ();

exit 0;