pakiti-client - Man Page

pakiti-client [Options]

pakiti-client finds the list of installed packages (i.e. rpm -qa on an RPM-based system) and formats it in a report that it sends (using a POST request) to a collecting server (see the --url option) and/or writes to a file (see the --output option).

In addition to the list of installed packages, the report also contains information about the submitting machine:

• arch: the current architecture
• host: the host name (see the --host option)
• kernel: the current kernel
• packager: the packager (rpm or dpkg)
• site: the site name (see the --site option)
• system: the operating system full name
• tag: a tag used by the collecting server (see the --tag option)
• version: the report format version (1)

If a certificate (see the --encrypt option) is given then the report will be S/MIME encrypted before transmission. For reference, the exact command used to encrypt the report is:

  $ openssl smime -encrypt -binary -aes-256-cbc -outform DER

The recommended way to use this program is daily via cron, for instance with (using bash):

  # echo "MAILTO=somebody@some.where" > /etc/cron.d/pakiti-client
  # echo "$((RANDOM % 60)) $((RANDOM % 24)) * * * nobody pakiti-client \
    --config /etc/pakiti-client.cfg" >> /etc/cron.d/pakiti-client

--config,  --conf PATH

use this configuration file before processing the command line parameters

--curl PATH

set the path of the curl command to use

--debug,  -d

enable debug mode

--dpkg-query PATH

set the path of the dpkg-query command to use

--encrypt PATH|STRING

use this certificate to encrypt the report; the value can either be the path of the file containing the certificate or the certificate itself as multi-line ASCII armored contents

--expect STRING

set the response string to expect from the server in case of success (default: OK)

--help,  -h,  -?

show some help

--host STRING

set the host name to use in the report

--hostname PATH

set the path of the hostname command to use

--input,  -i PATH

do not prepare a new report but, instead, read the report from the given file

--lsb_release PATH

set the path of the lsb_release command to use

--manual,  -m

show this manual

--mode STRING

the mode that determines how the report should be processed by the server. The following modes are supported: 'store-only', 'report-only', 'store-and-report'.

--no-protocol-version

do not include the protocol version in the message sent to the server.

--openssl PATH

set the path of the openssl command to use

--output,  -o PATH

write the prepared report to the given file

--pkg PATH

set the path of the pkg command to use

--rndsleep,  -r NUMBER

sleep for a random amount of seconds, up to the given number (useful when pakiti-client is invoked by cron)

--rpm PATH

set the path of the rpm command to use

--site NAME

set the site name to use in the report

--tag STRING

set the tag used by the collecting server to group reports

--uname PATH

set the path of the uname command to use

--url URL

send the prepared report to the collecting server at the given URL

--wget PATH

set the path of the wget command to use

pakiti-client can read its options from a configuration file (see the --config option).

The file can contain empty lines, comments (lines starting with #) or option settings either on one line or using the “heredoc” syntax. For instance:

  #
  # this is my pakiti-client configuration
  #
  url = http://some.where.org:8080/some/path
  encrypt = <<EOT
  -----BEGIN CERTIFICATE-----
  VR0gBF0wWzBZBgorBgEEAWAKBAsBMEswSQYIKwYBBQUHAgEWPWh0dHA6Ly9jYWZp
  U2VydmljZXMsQ049U22ydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1jZXJuLERD
  ...
  CREUmgapD+aWdxEfeb6qA0OqAFCeHYOWMeeqqtMUE1JPGPoWNkyzqaObr05jm0zd
  YwYIKwYBBQUHMAKGV2h0dHA6Ly6jYWZpbGVzLmNlcm4uY2gvY2FmaWxlcy9jZXJ=
  -----END CERTIFICATE-----
  EOT

The options specified on the command line have precedence over the ones found in the configuration file.

The generated report is made of a header (containing information about the submitting machine) and a body (containing the list of installed packages).

The report is in text format and is made of lines, all ending with the newline character (0x0A). The report contains in order:

• a first separator line indicating the beginning of the header
• one or more header lines
• a second separator line indicating the end of the header
• one or more package lines
• a third separator line indicating the end of the report

A separator line only contains the hash character (0x23), followed by the newline character (just like any other line).

A header line contains the header name (such as host), a colon character (0x3A), a space character (0x20) and the header value. See the “Description” section for the list of all possible header names.

A package line contains the package name, a tab character (0x09), the package full version, another tab and the package architecture. For rpm based systems, the full version is in fact EPOCH:VERSION:RELEASE.

Lionel Cons <http://cern.ch/lionel.cons>

Copyright (C) CERN 2014-2016

Licensed under the Apache License, Version 2.0 (the “License”); you may not use this file except in compliance with the License. You may obtain a copy of the License at: <http://www.apache.org/licenses/LICENSE-2.0>.

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an “AS IS” BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  See the License for the specific language governing permissions and limitations under the License.