Re: Creating a randomized cron entry
For future reference, here's what I've implemented in debsecan:
There is a script, /usr/sbin/debsecan-create-cron, which creates a
file /etc/cron.d/debsecan (if it does not exist yet). The file
contains a line "# AUTOMATICALLY GENERATED", and if this line is found
in the file, it will be removed when the package is purged.
The cron entry contains a randomized minute, and requests execution
every hour. debsecan itself checks if it hasn't run during the same
day (local time), and if it's past 2am. Only then the vulnerability
data is downloaded, and processing continues.
This doesn't deal with systems which aren't online for at least 60
minutes in a row, but on such systems, it's probably not a good idea
to download 70K of data automatically anyway.
(I will add a debconf question (medium priority, default yes) and
create the cron entry automatically if the user doesn't object -- but
first, I have to get rid of that dreaded --suite parameter. I've
discovered how to approach is problem, but I haven't written any code