#!/usr/bin/env python


#nice apt-get -s -o Debug::NoLocking=true upgrade | grep ^Inst 

import apt_pkg
import os
import sys
from optparse import OptionParser
SYNAPTIC_PINFILE = "/var/lib/synaptic/preferences"

# be nice
os.nice(19)

# check arguments
parser = OptionParser()
parser.add_option("-s",
                  "--security-only",
                  action="store_true",
                  dest="security_only",
                  help="show only security updates")
(options, args) = parser.parse_args()
print options.security_only

# init
apt_pkg.init()

# get caches
cache = apt_pkg.GetCache()
depcache = apt_pkg.GetDepCache(cache)

# read the pin files
depcache.ReadPinFile()
# read the synaptic pins too
if os.path.exists(SYNAPTIC_PINFILE):
    depcache.ReadPinFile(SYNAPTIC_PINFILE)

# init the depcache
depcache.Init()

if depcache.BrokenCount > 0:
    sys.stderr.write("E: BrokenCount > 0")
    sys.exit(-1)

# do the upgrade (not dist-upgrade!)
depcache.Upgrade()

# check for upgrade packages, we need to do it this way
# because of ubuntu #7907
upgrades = 0
security_updates = 0
for pkg in cache.Packages:
    if depcache.MarkedInstall(pkg) or depcache.MarkedUpgrade(pkg):
        # check if this is really a upgrade or a false positive
        # (workaround for ubuntu #7907)
	if depcache.GetCandidateVer(pkg) != pkg.CurrentVer:
		upgrades = upgrades + 1	
                ver = depcache.GetCandidateVer(pkg)
                for (file, index) in ver.FileList:
                    if file.Archive == "hoary-security":
                        security_updates += 1

# print the number of upgrades
if options.security_only:
    sys.stderr.write("%s" % security_updates)
else:
    sys.stderr.write("%s" % upgrades)

sys.exit(0)
