Skip to content

Instantly share code, notes, and snippets.

@abeluck abeluck/USAGE.md
Last active Feb 15, 2019

Embed
What would you like to do?
Ansible playbook for updating apt securely (CVE-2019-3462)
#!/bin/sh -ex
apt -y -o Acquire::http::AllowRedirect=false update || true
apt -y -o Acquire::http::AllowRedirect=false upgrade --download-only || true
cd /var/cache/apt/archives
test -e apt-dbgsym_1.4.9_amd64.deb && \
echo "1da507155c7b1ad140739c62fdacceaf5b5ee3765b1a00c3a3527d9d82a8d533 apt-dbgsym_1.4.9_amd64.deb" | sha256sum -c
test -e apt-transport-https-dbgsym_1.4.9_amd64.deb && \
echo "59f3e1c91664fe3b47048794560ebe9c41f1eeccbdd95f7715282f8cbe449060 apt-transport-https-dbgsym_1.4.9_amd64.deb" | sha256sum -c
test -e apt-transport-https_1.4.9_amd64.deb && \
echo "c8c4366d1912ff8223615891397a78b44f313b0a2f15a970a82abe48460490cb apt-transport-https_1.4.9_amd64.deb" | sha256sum -c
test -e apt-utils-dbgsym_1.4.9_amd64.deb && \
echo "e3e157c291b05b2899a545331c7597ab36ca04e02cd9010562b9985b76af60db apt-utils-dbgsym_1.4.9_amd64.deb" | sha256sum -c
test -e apt-utils_1.4.9_amd64.deb && \
echo "fb227d1c4615197a6263e7312851ac3601d946221cfd85f20427a15ab9658d15 apt-utils_1.4.9_amd64.deb" | sha256sum -c
test -e apt_1.4.9_amd64.deb && \
echo "dddf4ff686845b82c6c778a70f1f607d0bb9f8aa43f2fb7983db4ff1a55f5fae apt_1.4.9_amd64.deb" | sha256sum -c
test -e libapt-inst2.0-dbgsym_1.4.9_amd64.deb && \
echo "0e66db1f74827f06c55ac36cc961e932cd0a9a6efab91b7d1159658bab5f533e libapt-inst2.0-dbgsym_1.4.9_amd64.deb" | sha256sum -c
test -e libapt-inst2.0_1.4.9_amd64.deb && \
echo "a099c57d20b3e55d224433b7a1ee972f6fdb79911322882d6e6f6a383862a57d libapt-inst2.0_1.4.9_amd64.deb" | sha256sum -c
test -e libapt-pkg-dev_1.4.9_amd64.deb && \
echo "cfb0a03ecd22aba066d97e75d4d00d791c7a3aceb2e5ec4fbee7176389717404 libapt-pkg-dev_1.4.9_amd64.deb" | sha256sum -c
test -e libapt-pkg5.0-dbgsym_1.4.9_amd64.deb && \
echo "cdb03ddd57934e773a579a89f32f11567710a39d6ac289e73efb20e8825874d1 libapt-pkg5.0-dbgsym_1.4.9_amd64.deb" | sha256sum -c
test -e libapt-pkg5.0_1.4.9_amd64.deb && \
echo "03281e3d1382826d5989c12c77a9b27f5f752b0f6aa28b524a2df193f7296e0b libapt-pkg5.0_1.4.9_amd64.deb" | sha256sum -c
apt -y -o Acquire::http::AllowRedirect=false install --only-upgrade apt
-----BEGIN PGP MESSAGE-----
owGVln1olVUcxzffvcyXCha1RsdFgtVzd95fBqMmxQpE0BAajey87l523V33uZuO
FoTSHwWtVRLhSzbxJQhDKl9KSqKJFSaZfwhKQZmYJTGKkoKycymDSnfvnn8eeM5z
zvdzvr+Xc0bnTa/L1J968uj5Iy+s+6h+zxxnbrA5b3sT3V9OBvqdLvtsmuvu7Nx5
26JWk+9rTXMg8esymTgOkiGQFEGHfWwgX/Jtbblyub+traNQKK5d6V38ZMvtQRdS
D/5aCAwPg3JpwE91bk9JOw+SxBXX9hWK2iXFvsLQP4tlrAOtg7rUanUkb41rt+qS
zeUHfZrJlH0apTyo7MaZnnRozWqUpVm1Wq9xnGadN2DxYtCdAfHxNlcELchpBgVi
zAqDtEMUCqIsx8Fpa70OzDDvieAsjkJoiSYMC6ecxFo6RgiYRKsFDIM0pzHj6cAa
kNh/85VLui/tL5bKScWMtEZepgLxyCrEOQ2eGCoglUJRxqE3XlmKAvLeWuOcYkHE
nWGJg7TGU6ogh2AK2lPirwZupaWEc4cUwiFIjAlHTCpElNBCGkoDQcRAjQNiWgmo
o8MRWlIOI7g1VwWfGvFAOV+o1WcfXWbCYoUMZAZLpTSjMd7IChaJDeFWQ+ohtk5B
BBnHRinJjOA6cOj+xp1MsQbWapDB4JiMyNJoJYpUHHPiBUFYMqQt4RA5RTnGyAYn
WcCQYqGjvUZxJh1i4NpSk9JV43LOBRoCl1xSZiS23AohtYABRXOEg8aoILWmJOBg
hJLEmfg/0owFFrQHVxO5NlEhbyr7yPelZZyFNQYY+piMBgVBJRYBcstYxTJrFUde
kRhXqJXmPkS3kIkuI1ZxzWgTGQmJjDXJ1kpdDVdDpSwTDkNDPGMOY0oJMTGc3iuB
Aw8uGqkQIhhLiR33PHBNJJEc6zjvv7hT5uzv7UmcH6xa5iHWMCTeRkJtNIwmK+EF
c9RB6ISK9aOJtt5gz7ylwXgvkOBEqviikIIqerVwspqTwDoDScxWJhShXggSrVJa
xh4b2xBiPPZPqIlyXNvYAmJp+Vhy0EeDmRTUIVCTao3MVTOWYIk8cYjI2NO5Y0oq
i3AsLa1MzOHY7hk2MIZdY2kYphq7gBQJAivuoQGTy/2fckrndiWvdKEQz+3KcZ1c
OcbjGpmn68mMuvpMXXPjohm71KpTo+Ojt6D3pr905R4yc1rlwlGXmbvwypdzD83+
/fp7ext33LHy+eLINyNPIfDHpz90azB2X2lowaUlX7R/7z5sa2rf9+XKQwfvPrt/
5NjlFzeuPz707OH82a7s280PrGhIx26c2KXmbtbHujrHz2xY9t3mhh8LCw68s2xi
qbx/98+vPLenbv34V3PSI4MH333/s/burZ2vvr7p4dMXTxzfcCvs/bxNXjfvrhUb
m9TyMxdPbNs3687tHzdOvLV04bTRk6eOXlqy6tAbyy+rN+eOLJo30HXP6ZaJ/vTX
17KXPvn2wa/nb9l29NztY80zH39i/6Od9WPnz/5U2PLLLF23Z3zvI1t3rt/R8tt2
dYElF7bMbp6/MNOR3tyw5KZn9g3vbpjo2NS0d9XLh7sOzDz5QdOf
=2mc9
-----END PGP MESSAGE-----
---
- hosts: all
become: yes
tasks:
- name: Get apt version
command: apt --version
register: apt_version
- block:
- debug:
msg: "apt is already updated."
- meta: end_play
when: "'apt 1.4.9' in apt_version.stdout"
- name: Update apt
script: check-apt-update.sh
register: output
- debug:
var: output
- name: Get apt version
command: apt --version
register: apt_version
- assert:
that:
- "'apt 1.4.9' in apt_version.stdout"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.