security_tools/tools/ubuntu_package_puller/README.md

PoC Ubuntu: Package Version History

Example 1: Using the PackageVersionHistory python class

# The below example code showcases how to use this class to check version history for specific source_package_names and distribution_versions
# returns: ( package_name, [list_of_versions] )

In [1]: import package_version_history as p

In [2]: kernel_checker = p.PackageVersionHistory('linux', '20.04')

In [3]: python_checker = p.PackageVersionHistory('python3.8', '20.04')

In [4]: kernel_results = kernel_checker.package_name_and_version_history()

In [5]: python_results = python_checker.package_name_and_version_history()

Seed Data: How to pull all source package names in a target distribution (Need local shell access)

We need local shell access to a system to run some commands to create a text file that contains every remote package source name in the repos on a target distro. The below sequence of commands should create a text file with source_package_names uniqu'd and sorted.

# this will create a text file with the values
# this originally worked on a VM.
grep ^Source /var/lib/apt/lists/*_Packages | awk ' {print $2}' | sort -u > source_packages_remote_ubuntu_2004.default

# this works for me pulling the following:
# ubuntu:latest, ubuntu:22.10, ubuntu:22.04, ubuntu:20.04
docker run ubuntu:latest /bin/bash -c "apt-get update && apt-get install lz4 && lz4cat /var/lib/apt/lists/*_Packages.lz4 | grep ^Source | cut -f 2 -d : | cut -f 2 -d ' ' | sort -u "

it is grepping through information that is stored as follows. Below is an example from the package lvm2

Package: liblvm2cmd2.03 Architecture: amd64 Version: 2.03.11-2ubuntu4ubuntu20.04.1 Multi-Arch: same Priority: optional Section: libs Source: lvm2 Origin: Ubuntu Maintainer: Ubuntu Developers ubuntu-devel-discuss@lists.ubuntu.com Original-Maintainer: Debian LVM Team team+lvm@tracker.debian.org Bugs: https://bugs.launchpad.net/ubuntu/+filebug Installed-Size: 2902 Depends: libaio1 (>= 0.3.93), libblkid1 (>= 2.24.2), libc6 (>= 2.28), libselinux1 (>= 1.32), libsystemd0 (>= 222), libudev1 (>= 183), dmeventd Filename: pool/main/l/lvm2/liblvm2cmd2.03_2.03.11-2ubuntu4ubuntu20.04.1_amd64.deb Size: 699512 MD5sum: 99319083dcac52e719f6066930781f9e SHA1: 19c40a6e3e26f7cdfb9a0931b480d3bdd2ecdcf5 SHA256: a2fc4a87717aa81e152f0890c395c1b42b4eb07ffda4e3fbd3f83f9a70cbd95f SHA512: 364acc8ce9932794f7d1d59360845b6ad915d261ea206fd94088c5ebf0e0ac2d11ab8832ebfde467cfa1ae82b6f7c7d179af61de8eb0898d2c3794161d2ea39d Homepage: https://sourceware.org/lvm2/ Description: LVM2 command library Task: server, cloud-image, ubuntu-live, kubuntu-live, xubuntu-live, lubuntu-live, ubuntustudio-dvd-live, ubuntukylin-live, ubuntu-mate-live, ubuntu-budgie-live Description-md5: 8f4d76592086bd210b07fd8b6370be43

below command can be used to check the output number of results

wc -l source_packages_remote_ubuntu_2004.default 13991 source_packages_remote_ubuntu_2004.default