Below is the file 'client/plugins/debiansecurity.py' from this revision. You can also download the file. 


#
# this plugin will check whether the machine requires any urgent security
# updates
#

import StringIO
import apt_listchanges
import apt_pkg
import urllib
import pipes
import rfc822
import glob
import sys
import os
import re

from phonehome import urgency

apt_get = '/usr/bin/apt-get '
apt_cache = '/usr/bin/apt-cache '
cache = '/var/cache/apt/archives/'

urgency_str = { 1 : 'low', 2 : 'medium', 3 : 'high', 4 : 'critical' }

def run():
    results = []

    config = apt_listchanges.Config()
    config.read('/etc/apt/listchanges.conf')
    apt_pkg.InitSystem()

    def run_silently(command):
	fd = os.popen(command)
	fd.read()
	fd.close()

    # update apt packages lists
    run_silently(apt_get + 'update')
    # download the packages
    run_silently(apt_get + 'dist-upgrade -d -y')

    packages = []
    r = re.compile(r'^Inst ([a-z0-9\+\-\.]+) \[([A-Za-z0-9\.\+\-\:]+)\] \(([A-Za-z0-9\.\+\-\:]+) (.*)\)')
    for line in os.popen(apt_get + 'dist-upgrade -s -y'):
	m = r.match(line)
	if m: packages.append(m.groups())

    for package_name, installed_version, new_version, source in packages:
	filename = package_name + '_' + new_version
	# unfortunately we can't use urllib.quote() as its behaviour differs
	# from whatever apt does.
	filename = filename.replace(':', '%3a')
	g = os.path.join(cache, filename + "*.deb")
	matches = glob.glob(g)
	if len(matches) == 0:
	    results.append((urgency['warning'], 'No matches for glob %s' % (g)))
	    continue
	elif len(matches) > 1:
	    results.append((urgency['warning'], 'More than one match for glob %s' % (g)))
	    continue
	filename = matches[0]

	pkg = apt_listchanges.Package(filename)
	(news, changelog) = pkg.extract_changes(config.which, installed_version)
	if changelog == None:
	    # probably not a problem; some packages just don't have Changelogs, but
	    # if it's a security upload they will do..
	    # results.append(('low', 'unable to get changelog from package: ' + filename))
	    continue
	if changelog.changes.lower().find('security') != -1:
	    security = ' (security)'
	else:
	    security = ''
	if not urgency_str.has_key(changelog.urgency):
	    changelog_urgency = 4
	else:
	    changelog_urgency = changelog.urgency
	results.append ((changelog_urgency, "upgrade needed,  " + package_name + " (%s%s)" % (urgency_str.get(changelog.urgency, str(changelog.urgency)), security)))

    return results