#! /bin/bash
# @(#)(CAcert) $Id$
# pkg-conform - bring set of installed Debian packages in conformance with
#		the desired state for the CAcert webdb server

TMPDIR=/tmp/pkg-conform.$$
mkdir ${TMPDIR}
trap "rm -rf ${TMPDIR}" 0 1 2 3 15

sort >${TMPDIR}/1 <<\!
acpi
acpid
acpi-support-base
adduser
apache2
apache2-bin
apache2-data
apache2-mpm-prefork
apache2-utils
apt
aptitude
aptitude-common
apt-listchanges
apt-show-versions
apt-utils
atop
base-files
base-passwd
bash
bind9-host
binutils
boxbackup-client
bsd-mailx
bsdmainutils
bsdutils
busybox
bzip2
ca-certificates
console-setup
console-setup-linux
coreutils
cpio
cpp
cpp-4.9
cron
cron-apt
cryptsetup
cryptsetup-bin
cvs
dash
debconf
debconf-i18n
debian-archive-keyring
debianutils
debsums
diffutils
discover
discover-data
dmidecode
dmsetup
dnsutils
dpkg
e2fslibs
e2fsprogs
eject
file
findutils
finger
firmware-linux-free
fontconfig-config
fonts-dejavu-core
gawk
gcc
gcc-4.9
gcc-4.9-base
gddrescue
geoip-database
gettext
gettext-base
gnupg
gpgv
grep
groff-base
grub2-common
grub-common
grub-pc
grub-pc-bin
gzip
hddtemp
hdparm
hostname
ifupdown
init
initramfs-tools
initscripts
init-system-helpers
insserv
installation-report
ipmitool
iproute
iproute2
iptables
iputils-ping
irqbalance
isc-dhcp-client
isc-dhcp-common
kbd
keyboard-configuration
klibc-utils
kmod
laptop-detect
less
libacl1
libaio1
libalgorithm-c3-perl
libapache2-mod-php5
libapr1
libaprutil1
libaprutil1-dbd-sqlite3
libaprutil1-ldap
libapt-inst1.5
libapt-pkg4.12
libapt-pkg-perl
libarchive-extract-perl
libasan1
libasprintf0c2
libasprintf-dev
libatm1
libatomic1
libattr1
libaudit1
libaudit-common
libbind9-90
libblkid1
libboost-iostreams1.55.0
libbsd0
libbz2-1.0
libc6
libc6-dev
libcap2
libcap2-bin
libcap-ng0
libc-bin
libc-dev-bin
libcgi-fast-perl
libcgi-pm-perl
libcilkrts5
libclass-c3-perl
libclass-c3-xs-perl
libcloog-isl4
libcomerr2
libconfig-inifiles-perl
libcpan-meta-perl
libcroco3
libcryptsetup4
libcurses-perl
libcurses-ui-perl
libcwidget3
libdata-optlist-perl
libdata-section-perl
libdb5.3
libdbd-mysql-perl
libdbi-perl
libdebconfclient0
libdevice-serialport-perl
libdevmapper1.02.1
libdiscover2
libdns100
libdns-export100
libdpkg-perl
libedit2
libelfg0
liberror-perl
libestr0
libexpat1
libfcgi-perl
libffi6
libfile-counterfile-perl
libfile-fcntllock-perl
libfile-fnmatch-perl
libfontconfig1
libfreetype6
libfuse2
libgcc1
libgcc-4.9-dev
libgcrypt20
libgd3
libgdbm3
libgeoip1
libgettextpo0
libgettextpo-dev
libglib2.0-0
libglib2.0-data
libgmp10
libgnutls-deb0-28
libgnutls-openssl27
libgomp1
libgpg-error0
libgssapi-krb5-2
libhogweed2
libhtml-template-perl
libicu52
libidn11
libirs-export91
libisc95
libisccc90
libisccfg90
libisccfg-export90
libisc-export95
libisl10
libitm1
libjbig0
libjpeg62-turbo
libjson-c2
libk5crypto3
libkeyutils1
libklibc
libkmod2
libkrb5-3
libkrb5support0
libldap-2.4-2
liblist-moreutils-perl
liblocale-gettext-perl
liblockfile1
liblockfile-bin
liblogging-stdlog0
liblog-message-perl
liblog-message-simple-perl
liblognorm1
liblsan0
liblua5.1-0
liblwres90
liblzma5
libmagic1
libmodule-build-perl
libmodule-pluggable-perl
libmodule-signature-perl
libmount1
libmpc3
libmpfr4
libmro-compat-perl
libmysqlclient18
libncurses5
libncursesw5
libnet-daemon-perl
libnettle4
libnewt0.52
libnfnetlink0
libnuma1
libonig2
libopenipmi0
libopts25
libp11-kit0
libpackage-constants-perl
libpam0g
libpam-cap
libpam-modules
libpam-modules-bin
libpam-runtime
libparams-util-perl
libpcap0.8
libpci3
libpcre3
libperl4-corelibs-perl
libperl5.20
libpipeline1
libpng12-0
libpod-latex-perl
libpod-readme-perl
libpopt0
libprocps3
libpsl0
libpython2.7-minimal
libpython2.7-stdlib
libpython-stdlib
libqdbm14
libquadmath0
libreadline6
librecode0
libregexp-common-perl
libsasl2-2
libsasl2-modules
libsasl2-modules-db
libselinux1
libsemanage1
libsemanage-common
libsensors4
libsepol1
libserf-1-1
libsigc++-2.0-0c2a
libsigsegv2
libslang2
libsmartcols1
libsnmp30
libsnmp-base
libsoftware-license-perl
libsqlite3-0
libss2
libssl1.0.0
libstdc++6
libsub-exporter-perl
libsub-install-perl
libsystemd0
libtasn1-3
libtasn1-6
libterm-readkey-perl
libterm-ui-perl
libtext-charwidth-perl
libtext-iconv-perl
libtext-soundex-perl
libtext-template-perl
libtext-wrapi18n-perl
libtiff5
libtimedate-perl
libtinfo5
libtsan0
libubsan0
libudev1
libunistring0
libusb-0.1-4
libusb-1.0-0
libustr-1.0-1
libuuid1
libvpx1
libwrap0
libx11-6
libx11-data
libxapian22
libxau6
libxcb1
libxdelta2
libxdmcp6
libxext6
libxml2
libxmuu1
libxpm4
libxtables10
linux-base
linux-image-2.6-486
linux-libc-dev
locales
locales-all
locate
login
logrotate
lsb-base
lsb-release
lsof
ltrace
lzma
make
man-db
manpages
manpages-dev
mawk
mdadm
mime-support
module-init-tools
mount
mpack
multiarch-support
mysql-client-5.5
mysql-common
mysql-server
mysql-server-5.5
mysql-server-core-5.5
mysqltuner
mytop
nano
ncurses-base
ncurses-bin
ncurses-term
netbase
netcat-traditional
net-tools
ntp
openipmi
openssh-client
openssh-server
openssh-sftp-server
openssl
openssl-blacklist
openssl-blacklist-extra
os-prober
passwd
patch
pciutils
perl
perl-base
perl-modules
php5
php5-cli
php5-common
php5-gd
php5-gmp
php5-json
php5-mysql
php5-readline
php5-recode
postfix
procps
psmisc
python
python2.7
python2.7-minimal
python-apt
python-apt-common
python-minimal
python-support
rcs
readline-common
recode
recode-doc
rename
rsync
rsyslog
screen
sed
sensible-utils
smartmontools
ssl-cert
startpar
strace
sudo
sysstat
sysvinit
sysvinit-core
sysvinit-utils
sysv-rc
sysv-rc-conf
tar
tasksel
tasksel-data
tcpd
tcpdump
traceroute
tzdata
ucf
udev
unzip
usbutils
util-linux
vim-common
vim-tiny
wamerican
webalizer
wget
whiptail
whois
xauth
xdelta
xdg-user-dirs
xkb-data
xz-utils
zlib1g
!

case `hostname` in
    webdb)		# production server has no extra packages
	;;
    *)			# test servers need some extra packages
	sort >>${TMPDIR}/1 <<\!
aide
aide-common
bash-completion
curl
dovecot-core
dovecot-imapd
git
git-core
git-doc
git-man
htop
libcurl3
libcurl3-gnutls
libgpm2
libneon27-gnutls
librtmp1
libssh2-1
libsvn1
lrzsz
mc
mc-data
minicom
monitoring-plugins-basic
monitoring-plugins-common
nagios-nrpe-server
nagios-plugins-basic
pbzip2
pigz
python-subversion
socat
subversion
svnmailer
time
tree
vim
vim-runtime
!
			# test servers need to remove some packages due to LXC or 32-bit
	sort >>${TMPDIR}/3 <<\!
^firmware-linux-free$
^grub2-common$
^grub-common$
^grub-pc$
^grub-pc-bin$
^irqbalance$
^liblsan0$
^libnuma1$
^libtsan0$
^mdadm$
^os-prober$
!
	sort ${TMPDIR}/1 >${TMPDIR}/2
	grep -v -f ${TMPDIR}/3 ${TMPDIR}/2 >${TMPDIR}/1
	;;
esac

dpkg-query --show --showformat '${Package}\n' |\
sort >${TMPDIR}/2

REMOVE=`comm -13 ${TMPDIR}/1 ${TMPDIR}/2 | grep -v '^linux-image-'`
if [ -n "${REMOVE}" ]
then
	echo "The following packages will be removed from the system:"
	for pkg in ${REMOVE}
	do
		echo "	${pkg}"
	done
	apt-get remove --purge ${REMOVE}
else
	echo "No packages need to be removed from the system"
fi

ADD=`comm -23 ${TMPDIR}/1 ${TMPDIR}/2 | grep -v '^linux-image-'`
if [ -n "${ADD}" ]
then
	echo "The following packages will be installed on the system:"
	for pkg in ${ADD}
	do
		echo "	${pkg}"
	done
	apt-get install ${ADD}
else
	echo "No packages need to be installed on the system"
fi