Download and burn antivirus updates to disc

avupdate-download-burn.sh

#!/bin/sh

set -u

isoname="${ISONAME:-$(date +av-updates-%Y%m%d)}"
isofile="${ISOFILE:-/tmp/$isoname.iso}"
workdir="${WORKDIR:-/tmp/av-updates}"
dev="" && [ -n "${OPTDEV:-}" ] && dev="dev=$OPTDEV"
driveropts="" && [ -z "${NOBURNFREE:-}" ] && driveropts="driveropts=burnfree"

symantec_ref="https://www.symantec.com/security_response/definitions/download/detail.jsp?gid=sep"
symantec_scrape="http://definitions.symantec.com[^\"]*(32|64).exe"
clam_db="http://database.clamav.net"
clam_ref="http://www.clamav.net/downloads"

script="$(basename "$0")"
allcmds="reqs makedir download_symantec download_clam make_iso check_burnable burn"

usage() {
  >&2 cat <<MSG
$script requires at least one command argument.  Use 'all' to run all of:
$allcmds

Available commands:
  reqs                 check if all the required programs are installed
  makedir              create the work directory
  download_symantec    download symantec updates to the work directory
  download_clam        download clamav updates to the work directory
  make_iso             create an iso file from the work directory
  check_burnable       check if there is an SAO burnable disc in the drive
  burn                 burn the iso file to disc as session-at-once
  verify               binary diff the iso file and the burned disc
  cleanup              remove the work directory
  all                  run all commands except verify and cleanup

Optional envvars you can set:
  WORKDIR       the temp directory where files will be downloaded
  ISONAME       the volume label of the iso to be created
  ISOFILE       the full path and name of the iso file to be burned
  OPTDEV        the SCSI CAM or full path of the optical device to be used
  NOBURNFREE    set to a nonempty value to not use buffer-underrun protection
MSG
}

reqs() {
  err=0
  for prg in wget mkisofs cdrecord diff; do
    where="$(command -v "$prg")"
    if [ -n "$where" ]; then
      echo "$prg is at $where"
    else
      echo "$prg is not in \$PATH"
      err=1
    fi
  done
  return "$err"
}

makedir() {
  mkdir -pv "$workdir"
}

download_symantec() {
  wget --output-document=- "$symantec_ref" | grep -Eo "$symantec_scrape" |
  wget --timestamping --continue --directory-prefix="$workdir" \
    --referer="$symantec_ref" --input-file=-
}

download_clam() {
  wget --timestamping --continue --directory-prefix="$workdir" \
    --referer="$clam_ref" "$clam_db/daily.cvd" "$clam_db/main.cvd"
}

make_iso() {
  # set volid, generate Joliet records, use Rock Ridge protocol
  mkisofs -V "$isoname" -J -r -o "$isofile" "$workdir"
}

check_burnable() {
  #shellcheck disable=2086
  diag="$(2>&1 cdrecord $dev -atip)"
  ret=$?
  if echo "$diag" | grep -qie "Cannot load media" -ie "No disk"; then
    >&2 echo "No disc or unreadable disc inserted."
    return 1
  fi
  if echo "$diag" | grep -qi "info from disk"; then
    >&2 echo "Disc inserted is already burned."
    return 2
  fi
  if [ "$ret" -ne 0 ]; then
    >&2 printf "cdrecord had an error:\n%s\n" "$diag"
    return "$ret"
  fi
  echo "Disc should be ready to burn."
}

burn() {
  #shellcheck disable=2086
  cdrecord -v -sao $dev $driveropts "$isofile"
}

verify() {
  cdrom="$(awk "\$2 ~ /$isoname$/ { print \$2 }" /etc/mtab)"
  if [ -z "$cdrom" ]; then
    >&2 echo "Disc is named '$isoname' is not mounted. Cannot verify."
    return 1
  fi
  diff -yr "$workdir" "$cdrom"
}

cleanup() {
  files=""
  for f in "$workdir" "$isofile"; do
    [ -e "$f" ] && files="$files $f"
  done
  #shellcheck disable=2086
  [ -n "$files" ] && rm -rv $files
}

if [ "$#" -eq 0 ]; then
  usage
  exit 1
fi

#shellcheck disable=2086
[ "$1" = "all" ] && set -- $allcmds

for cmd; do
  $cmd
  ret=$?
  echo
  if [ "$ret" -ne 0 ]; then
    >&2 echo "$cmd command failed."
    exit $ret
  fi
done