ubuntu-security-tools

Merge ~alexmurray/ubuntu-security-tools:umt-grep-source-map into ubuntu-security-tools:master

  1. Git
  2. lp:~alexmurray/ubuntu-security-tools
  3. umt-grep-source-map
  4. Merge into master
Proposed by Alex Murray
Status: Needs review
Proposed branch: ~alexmurray/ubuntu-security-tools:umt-grep-source-map
Merge into: ubuntu-security-tools:master
Diff against target: 36 lines (+15/-3)
1 file modified
build-tools/umt (+15/-3)
Reviewer Review Type Date Requested Status
Ubuntu Security Team Pending
Review via email: mp+414783@code.launchpad.net

Description of the change

This allows to find packages listed in the various subprojects even if they don't exist in the Ubuntu archive.

Should be useful for https://docs.google.com/document/d/13wpBtK2uySdBeZXbpLIp-oO3C5kYkXw-8bL8KEjOd1c/edit#

To post a comment you must log in.
Revision history for this message
Alex Murray (alexmurray) wrote :

Any chance someone can review this?

Reply
Revision history for this message
Eduardo Barretto (ebarretto) wrote :

Overall it looks good to me, but I'm just wondering if we need to do source_map.load() without skipping eol releases. Here's an example

In current UST master:
$ umt grep ffmpeg
ffmpeg
ffmpeg-php
ffmpeg2theora
ffmpegfs
ffmpegthumbnailer
ffmpegthumbs
gstreamer0.10-ffmpeg
kffmpegthumbnailer
kodi-inputstream-ffmpegdirect
ocaml-ffmpeg

with your changes applied:
$ umt grep ffmpeg
ffmpeg
ffmpeg2theora
ffmpegfs
ffmpegthumbnailer
ffmpegthumbs
kffmpegthumbnailer
kodi-inputstream-ffmpegdirect
ocaml-ffmpeg

You can see that ffmpeg-php and gstreamer0.10-ffmpeg.
I did a grep on ffmpeg-php, this is a precise source, so not sure it matters at all.
I did the same for gstreamer0.10-ffmpeg, this is a precise and trusty source, since trusty is still in ESM, should we list trusty source on umt grep?

If yes, then doing a source_map.load(skip_eol_releases=False) might be enough.

Reply
~alexmurray/ubuntu-security-tools:umt-grep-source-map updated
571be21... by Alex Murray

umt grep: Avoid temporary file and pipe stdin to grep

Signed-off-by: Alex Murray <email address hidden>

Unmerged commits

571be21... by Alex Murray

umt grep: Avoid temporary file and pipe stdin to grep

Signed-off-by: Alex Murray <email address hidden>

851ed12... by Alex Murray

umt grep: Search package names from source_map by default

This then allows umt grep to find packages in any other configured
subprojects rather than just the Ubuntu archive (eg. this finds kafka in
esm-apps whereas the current umt grep does not).

Signed-off-by: Alex Murray <email address hidden>

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/build-tools/umt b/build-tools/umt
index ee74cbe..44baa1f 100755
--- a/build-tools/umt
+++ b/build-tools/umt
@@ -2023,7 +2023,7 @@ def cmd_grep():
20232023
2024 config = source_map.cve_lib.read_config()2024 config = source_map.cve_lib.read_config()
20252025
2026 mirror_path = config["packages_mirror"]2026 mirror_path = None
2027 if opt.repo == "debian":2027 if opt.repo == "debian":
2028 mirror_path = config["debian_mirror"]2028 mirror_path = config["debian_mirror"]
2029 elif opt.repo == "partner":2029 elif opt.repo == "partner":
@@ -2033,8 +2033,20 @@ def cmd_grep():
2033 parser.print_help()2033 parser.print_help()
2034 sys.exit(1)2034 sys.exit(1)
20352035
2036 (rc, report) = runcmd(["grep", args[0], os.path.join(mirror_path, "sources")])2036 if mirror_path is not None:
2037 print(report.rstrip())2037 _, report = runcmd(["grep", args[0], os.path.join(mirror_path, "sources")])
2038 print(report.rstrip())
2039 else:
2040 # search the configured releases via source_map
2041 src_map = source_map.load()
2042 srcs = set()
2043 for rel in src_map:
2044 srcs = srcs | set(src_map[rel].keys())
2045 # use grep to do the actual search so we keep the same semantics
2046 # when interpreting the input regex etc
2047 input = "\n".join(sorted(list(srcs))).encode()
2048 _, report = runcmd(["grep", args[0], '-'], input=input, stdin=subprocess.PIPE)
2049 print(report.rstrip())
20382050
2039def cmd_search():2051def cmd_search():
2040 '''Search for best source packages for each release'''2052 '''Search for best source packages for each release'''

Subscribers

People subscribed via source and target branches