{"id":15283655,"url":"https://github.com/wikimedia/operations-software-debmonitor","last_synced_at":"2025-10-20T03:30:28.726Z","repository":{"id":58715481,"uuid":"112768599","full_name":"wikimedia/operations-software-debmonitor","owner":"wikimedia","description":"A Debian package tracker — Mirror of https://gerrit.wikimedia.org/g/operations/software/debmonitor. To contribute see https://www.mediawiki.org/wiki/Developer_access","archived":false,"fork":false,"pushed_at":"2024-07-31T06:47:43.000Z","size":1511,"stargazers_count":11,"open_issues_count":0,"forks_count":2,"subscribers_count":14,"default_branch":"master","last_synced_at":"2025-01-30T13:34:46.453Z","etag":null,"topics":["auditing","debian-packages","tracking"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/wikimedia.png","metadata":{"files":{"readme":"README.rst","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-12-01T17:36:51.000Z","updated_at":"2024-07-11T13:08:42.000Z","dependencies_parsed_at":"2024-01-29T15:29:31.995Z","dependency_job_id":"d3941b39-11d2-4dbd-aec7-1a09b2729a36","html_url":"https://github.com/wikimedia/operations-software-debmonitor","commit_stats":null,"previous_names":[],"tags_count":24,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wikimedia%2Foperations-software-debmonitor","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wikimedia%2Foperations-software-debmonitor/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wikimedia%2Foperations-software-debmonitor/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wikimedia%2Foperations-software-debmonitor/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/wikimedia","download_url":"https://codeload.github.com/wikimedia/operations-software-debmonitor/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":237253885,"owners_count":19279942,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["auditing","debian-packages","tracking"],"created_at":"2024-09-30T14:44:49.550Z","updated_at":"2025-10-20T03:30:28.715Z","avatar_url":"https://github.com/wikimedia.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"DebMonitor - Debian packages tracker\n------------------------------------\n\nDebMonitor is a Django-based web application that allows to track Debian packages installed across a fleet of hosts,\nalong with their pending software/security updates.\n\nIt provides also a standalone command line script (CLI) that, when distributed in the target hosts, allows to\nautomatically update DebMonitor's database using APT and DPKG hooks.\n\n\nTarget configuration\n^^^^^^^^^^^^^^^^^^^^\n\nTo automate the tracking of the packages in the target hosts, follow these steps:\n\n* Deploy the Debmonitor client installing the ``debmonitor-client`` Debian package.\n* Optionally add a configuration file in ``/etc/debmonitor.conf`` (or in a different one passing the\n  ``--config /path/to/config`` CLI argument) to avoid to pass the common options to the CLI. See the example file in\n  ``doc/examples/client.conf``.\n* Add a configuration file in ``/etc/apt/apt.conf.d/`` with the following content, assuming that the ``server`` option\n  was set in the configuration file.\n\n  .. code-block:: none\n\n    # Tell dpkg to use version 3 of the protocol for the Pre-Install-Pkgs hook (version 2 is also supported)\n    Dpkg::Tools::options::/usr/local/bin/debmonitor::Version \"3\";\n    # Set the dpkg hook to call DebMonitor for any change with the -g/--dpkg option to read the changes from stdin\n    Dpkg::Pre-Install-Pkgs {\"/usr/local/bin/debmonitor -g || true\";};\n    # Set the APT update hook to call DebMonitor with the -u/upgradable option to send only the pending upgrades\n    APT::Update::Post-Invoke {\"/usr/local/bin/debmonitor -u || true\"};\n\n* Set a daily or weekly crontab that executes DebMonitor to send the list of all installed and upgradable packages\n  (do not set the ``-g`` or ``-u`` options). It is used as a reconciliation method if any of the hook would fail.\n  It is also required to run DebMonitor in full mode at least once to track all the packages.\n\nSee all the available options of the CLI with the ``-h/--help`` option.\n\nDatabase configuration\n^^^^^^^^^^^^^^^^^^^^^^\n\ndebmonitor uses a custom Django database backend (``debmonitor.mysql``), which requires the following settings to be\nadded to the MySQL/Mariadb configuration under the ``[mysqld]`` section along with a restart of the database server:\n\n.. code-block:: ini\n\n  innodb_file_per_table = 1\n  innodb_file_format    = barracuda\n  innodb_large_prefix   = 1\n\n\nThe following steps are needed to create the database and the debmonitor DB user:\n\n.. code-block:: sql\n\n  CREATE DATABASE debmonitor;\n  CREATE USER debmonitor@localhost IDENTIFIED by 'SecretPassword';\n  GRANT ALL PRIVILEGES ON debmonitor.* TO debmonitor@localhost;\n  FLUSH PRIVILEGES;\n\nProxy hosts\n^^^^^^^^^^^\n\nBy default data submissions for host package data is validated against\nthe CN of the submitting host. There might be situations where that\ncannot be applied, e.g. if you have a central orchestration setup\nwhich also updates the Debmonitor data. You can whitelist hosts for\narbitrary host data submissions/deletions using the ``PROXY_HOSTS``\nconfig setting, it accepts a list of FQDNs.\n\nIf container images are also being tracked, support for enabling\nsubmissions from e.g. the container build host can be configured using\nthe similar ``PROXY_IMAGES`` setting.\n\n\nCAS authentication\n^^^^^^^^^^^^^^^^^^\n\ndebmonitor supports optional authentication via Apereo CAS. The IDP\nlogin URL needs to be configured via a configuration option in the\n``CAS`` block of the the config.json config file:\n\n.. code-block:: ini\n\n  \"CAS\": {\n     \"CAS_SERVER_URL\": \"https://idp.wikimedia.org/idp\"\n   }\n\nIf access for debmonitor is to be restricted to a subset of users\nmanaged by Apereo CAS it needs to be restricted within the CAS service\ndefinition by means of an ``accessStrategy`` setting.\n\nCAS support is implemented via django-cas-ng.\n\nBy default CAS protocol version 2 is used (as the default in\ndjango-cas-ng), you can set the protocol version using the CAS_VERSION\noption (possible values ``1``, ``2``, ``3`` or ``CAS_2_SAML_1.0``).\n\nBy default users are created in the database after successful CAS\nauthentication, this can be disabled by setting ``CAS_CREATE_USER`` to\n``FALSE``.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwikimedia%2Foperations-software-debmonitor","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwikimedia%2Foperations-software-debmonitor","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwikimedia%2Foperations-software-debmonitor/lists"}