Created
October 2, 2014 19:36
-
-
Save samdoran/dcf3cdf99c19b8168c0e to your computer and use it in GitHub Desktop.
Update Bash on OS X
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # All three packages must be located next to this playbook. Download them first: | |
| # Mountain Lion: http://support.apple.com/kb/DL1768 | |
| # Lion: http://support.apple.com/kb/DL1767 | |
| # Mavericks: http://support.apple.com/kb/DL1769?viewlocale=en_US&locale=en_US | |
| --- | |
| - hosts: osx | |
| sudo: yes | |
| vars: | |
| number: [ '10.9' , '10.8' , '10.7' ] | |
| name: [ 'Mavericks' , 'MountainLion' , 'Lion' ] | |
| tasks: | |
| - name: Set package name based on OS X version | |
| set_fact: osx_version_name="{{ item.0 }}" | |
| when: "'{{item.1}}' in ansible_distribution_version" | |
| with_together: | |
| - name | |
| - number | |
| - name: Copy appropriate package | |
| copy: src=BashUpdate{{ osx_version_name }}.pkg dest=/tmp/ | |
| - name: Update bash | |
| command: installer -pkg /tmp/BashUpdate{{ osx_version_name }}.pkg -target / | |
| - name: Test vulnerability 1 | |
| shell: "env x='() { :;}; echo vulnerable' bash -c \"echo this is a test\"" | |
| register: vulntest1 | |
| failed_when: vulntest1.stdout.find('vulnerable') != -1 | |
| changed_when: false | |
| tags: testvuln1 | |
| - name: Remove package | |
| file: dest=/tmp/BashUpdate{{ osx_version_name }}.pkg state=absent |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment