/
check-openssl-version.sh
executable file
·165 lines (140 loc) · 4.92 KB
/
check-openssl-version.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
#!/bin/bash
SCRIPT_DIR="$(dirname "$0")"
IMAGES_LIST_SOURCE="$SCRIPT_DIR/images-for-testing/default-images-list.txt"
#for the following images bash should be used as entrypoint
bash_images=("docker.io/golang" "docker.io/ubuntu:22.04")
images_with_errors=()
counter=0
if [ $# -gt 0 ]; then
IMAGES_LIST_SOURCE="$1"
fi
FILENAME=$(basename "$IMAGES_LIST_SOURCE")
REPORT="$SCRIPT_DIR/reports/openssl/report-$FILENAME"
#clean up the file with report
true >"$REPORT"
{
if [ -f "$IMAGES_LIST_SOURCE" ]; then
echo "************** Using the following file to read images for testing: $IMAGES_LIST_SOURCE"
echo ""
else
echo -e "!!!!!!! File with images for testing not found: : $IMAGES_LIST_SOURCE.\n!!!!!!! Please provide path to the file with images for testing!"
exit 1
fi
} >>"$REPORT"
check_openssl_version() {
echo ""
################# OpenSSL command #################
if command -v openssl >/dev/null 2>&1; then
echo "+++ OpenSSL command is available: $(openssl version -v)"
else
echo "--- OpenSSL command is not available"
fi
################# RPM command #################
if command -v rpm >/dev/null 2>&1; then
echo "+++ RPM command is available: $(rpm -qa | grep openssl-libs | cut -d'-' -f3)"
else
echo "--- RPM command is not available"
fi
################# Libs #################
libssl=$(find / -type f \( -name "libssl.so*" \) 2>/dev/null)
if [ -z "$libssl" ]; then
for dir in /lib64 /usr/lib64 /lib /usr/lib /usr/local/lib64 /usr/local/lib; do
for file in "$dir"/libssl.so*; do
if [ -e "$file" ]; then
libssl="$file"
echo "+++ libssl is found: $libssl [libs]"
break 2
fi
done
done
fi
if [ -z "$libssl" ]; then
echo "--- libssl is not found"
fi
################# Major version for all ways #################
echo ""
if command -v openssl >/dev/null 2>&1; then
openssl_major_version=$(openssl version -v | cut -d' ' -f2 | cut -d'.' -f1)
echo "=== [openssl] ================== $openssl_major_version"
else
echo "=== [openssl] ================== -"
fi
if command -v rpm >/dev/null 2>&1; then
openssl_major_version=$(rpm -qa | grep openssl-libs | cut -d'-' -f3 | cut -d'.' -f1)
echo "=== [rpm] ================== $openssl_major_version"
else
echo "=== [rpm] ================== -"
fi
case "${libssl}" in
*libssl.so.1*)
echo "=== [libs] ================== 1"
;;
*libssl.so.3*)
echo "=== [libs] ================== 3"
;;
*)
echo "=== [libs] ================== -"
;;
esac
echo ""
openssl_major_version=""
detection_way=""
if command -v openssl >/dev/null 2>&1; then
openssl_major_version=$(openssl version -v | cut -d' ' -f2 | cut -d'.' -f1)
detection_way="opennsl command way"
elif command -v rpm >/dev/null 2>&1; then
openssl_major_version=$(rpm -qa | grep openssl-libs | cut -d'-' -f3 | cut -d'.' -f1)
detection_way="rpm way"
elif [[ "${libssl}" == *"libssl.so.1"* ]]; then
openssl_major_version="1"
detection_way="libs way"
elif [[ "${libssl}" == *"libssl.so.3"* ]]; then
openssl_major_version="3"
detection_way="libs way"
fi
if [ -n "$openssl_major_version" ]; then
echo -e ">>> OpenSSL major version ====== $openssl_major_version [$detection_way]"
else
echo ">>> ERROR: Can not detect OpenSSL version"
fi
}
export -f check_openssl_version
while IFS= read -r image; do
# skip empty lines and comments
if [[ -z "$image" ]] || [[ "$image" == \#* ]]; then
continue
fi
docker pull "$image"
((counter++))
entrypoint="sh"
for bash_image in "${bash_images[@]}"; do
if [[ "$image" == *"$bash_image"* ]]; then
entrypoint="bash"
break
fi
done
{
echo "========================================================================================================= [$counter] "
echo "********************** DOCKER IMAGE: $image"
} >>"$REPORT"
output="$(docker run --rm --entrypoint="$entrypoint" "$image" -c "$(declare -f check_openssl_version); check_openssl_version")"
if [[ -z "$output" ]] || [[ "$output" == *"ERROR"* ]]; then
images_with_errors+=("$image")
fi
{
echo "$output"
echo ""
} >>"$REPORT"
done <"$IMAGES_LIST_SOURCE"
{
if [ ${#images_with_errors[@]} -eq 0 ]; then
echo "------------------------------- No problems were found for the tested list of images -------------------------------------- "
echo "--------------------------------------------------------------------------------------------------------------------------- "
else
echo "------------------------------- The following images contain problems ------------------------------- "
for img in "${images_with_errors[@]}"; do
echo "$img"
done
echo "----------------------------------------------------------------------------------------------------- "
fi
} >>"$REPORT"