Icinga plugin to check if Debian stable system is up to date

I have long wanted to have a plugin for Icinga that checks if the current version of Debian stable installed (most of my systems are running Debian stable) is the most recent version. In my busy life, I often miss new releases and although my systems automatically install updates they do not automatically get version updates. I finally got around to scratching that itch, and writing a plugin to do it.

In the end, this proved to be quite straight-forward. I reused some code (such as choosing wget or curl) from previous plugins I have written:

#!/bin/bash

if which curl &>/dev/null
then
  CURL_CMD="curl -Ls"
elif which wget &>/dev/null
then
  CURL_CMD="wget -q -O-"
else
  echo "ERROR: Unable to locate a webscraper (curl or wget) - cannot continue"
  exit 3  # Usage/internal error
fi

usage() {
    cat - <<EOF
$0 [--help]
Nagios plugin to check Debian stable version status.

--help: display this message and quit
-m mirror: Specify the mirror url (defaults to https://deb.debian.org/debian)

Exits with warning if local Debian version is a minor version different to
the remote repository's stable release, exits with cricital if the major
ersion is different or exits with ok if both versions exactly match.
EOF
}

if [[ $# == 1 ]] && [[ $1 == "--help" ]]
then
  usage
  exit 0
fi

# Default values
URL_BASE=https://deb.debian.org/debian

while getopts hm: option
do
    case $option in
        h) usage; exit 0 ;;
        m) URL_BASE="${OPTARG}" ;;
        ?) usage; exit 3 ;;
    esac
done
shift $(($OPTIND - 1))

# Only stable has a version number in it's Release file, so it does not make
# sense to specify any other path, as this is currently written. In the future
# it might be nice to add support for testing by checking if the version
# codenames match as well.
repository_version="$( ${CURL_CMD} "${URL_BASE}/dists/stable/Release" | grep '^Version: ' | awk '{print $2}' )"

if [[ $? -ne 0 ]] || [[ -z ${repository_version} ]]
then
  echo "ERROR: Unable to fetch Release from repository"
  exit  3 # Internal error
fi

if [ -f /etc/os-release ]
then
  local_version="$( . /etc/os-release && echo ${DEBIAN_VERSION_FULL} )"
fi

# DEBIAN_VERSION_FULL was not present in os-release in Bookworm, it was in
# Trixie
if [[ -z ${local_version} ]]
then
  local_version="$( cat /etc/debian_version )"
fi

if [[ -z ${local_version} ]]
then
  echo "ERROR: Unable to get local version from /etc"
  exit 3  # Internal error
fi

if [[ ${repository_version%.*} == ${local_version%.*} ]]
then
  # Major versions match - check for full version match
  if [[ ${repository_version} == ${local_version} ]]
  then
   echo "OK: Local version (${local_version}) matches current stable version (${repository_version})"
   exit 0  # Ok
  else
    # Minor version mis-match
    echo "WARNING: Local minor version (${local_version}) does not match current stable version (${repository_version})"
    exit 1  # Warning
  fi
else
  echo "CRITICAL: Local major version (${local_version}) does not match current stable version (${repository_version})"
  exit 2  # Critical
fi