ubuntu-security-tools

Merge ~alexmurray/ubuntu-security-tools:umt-testflinger-private-ppas-support into ubuntu-security-tools:master

  1. Git
  2. lp:~alexmurray/ubuntu-security-tools
  3. umt-testflinger-private-ppas-support
  4. Merge into master
Proposed by Alex Murray
Status: Merged
Merged at revision: b1c52c0c83258bcab2fa5a75d80db61ad578ea26
Proposed branch: ~alexmurray/ubuntu-security-tools:umt-testflinger-private-ppas-support
Merge into: ubuntu-security-tools:master
Diff against target: 55 lines (+20/-1)
1 file modified
build-tools/umt (+20/-1)
Reviewer Review Type Date Requested Status
Ubuntu Security Team Pending
Review via email: mp+427028@code.launchpad.net

Description of the change

Add easier support for using private PPAs via --repo so can just use say --repo ppa:ubuntu-esm/esm-infra-security-staging and umt will do the right thing to lookup and import the associated PPA signing key onto the target device as well as lookup the archive subscription URL and use this with appropriate credentials for the current user.

To post a comment you must log in.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/build-tools/umt b/build-tools/umt
index 1d96399..6acf21f 100755
--- a/build-tools/umt
+++ b/build-tools/umt
@@ -3029,7 +3029,7 @@ def cmd_testflinger():
3029 parser.add_argument("-T", "--template", dest="template", default=None,3029 parser.add_argument("-T", "--template", dest="template", default=None,
3030 help="A testflinger job template to use - this allows to specify extra commands etc")3030 help="A testflinger job template to use - this allows to specify extra commands etc")
3031 parser.add_argument("--repo", dest="repo", default=None,3031 parser.add_argument("--repo", dest="repo", default=None,
3032 metavar="Anything suitable for `add-apt-repository REPO` (ie. 'ppa:ubuntu-security-proposed/ppa' or 'https://USER:PASS@private-ppa.launchpad.net/ubuntu-security/ppa/ubuntu' etc)",3032 metavar="Anything suitable for `add-apt-repository REPO` (ie. 'ppa:ubuntu-security-proposed/ppa' - will automatically try and fetch credentials for private PPAs)",
3033 help="Add REPO to test machine to test new binaries from it rather than using yantok")3033 help="Add REPO to test machine to test new binaries from it rather than using yantok")
3034 parser.add_argument("-j", "--jump-host-path", dest="jump_host_path", default=default_jump_host_path,3034 parser.add_argument("-j", "--jump-host-path", dest="jump_host_path", default=default_jump_host_path,
3035 help="A jump host scp path to temporarily store debs to be loaded on test machine (default " + default_jump_host_path + ")")3035 help="A jump host scp path to temporarily store debs to be loaded on test machine (default " + default_jump_host_path + ")")
@@ -3076,6 +3076,7 @@ def run_testflinger_tests(opt, args, details, queues, image):
3076 print("Running testflinger test for %s with image %s on queues %s" % (details["package"],3076 print("Running testflinger test for %s with image %s on queues %s" % (details["package"],
3077 image,3077 image,
3078 ', '.join(queues)))3078 ', '.join(queues)))
3079 signing_key = None
3079 tempdir = None3080 tempdir = None
3080 # get the list of binary packages3081 # get the list of binary packages
3081 local_binaries = glob.glob('./../binary/*.deb')3082 local_binaries = glob.glob('./../binary/*.deb')
@@ -3105,6 +3106,19 @@ def run_testflinger_tests(opt, args, details, queues, image):
3105 runcmd(["scp"] + local_binaries + [server + ":" + tempdir],3106 runcmd(["scp"] + local_binaries + [server + ":" + tempdir],
3106 debug=opt.debug, dry_run=opt.dry_run, okrc=[0])3107 debug=opt.debug, dry_run=opt.dry_run, okrc=[0])
3107 tempurl = opt.jump_host_url + tempdir.replace(path, "/")3108 tempurl = opt.jump_host_url + tempdir.replace(path, "/")
3109 else:
3110 # lookup signing key for repo if is a ppa
3111 if opt.repo.startswith("ppa:"):
3112 repo = opt.repo.split(":")[1]
3113 team_name, ppa_name = repo.split("/")
3114 lp = lpl_common.connect()
3115 lp_team = lp.people[team_name]
3116 lp_ppa = lp_team.getPPAByName(name=ppa_name)
3117 signing_key = lp_ppa.signing_key_fingerprint
3118 if lp_ppa.private:
3119 # use full authenticated URL with credentials
3120 archive_url = lp.people[lp.me.name].getArchiveSubscriptionURL(archive=lp_ppa)
3121 opt.repo = archive_url
31083122
3109 if opt.template is not None:3123 if opt.template is not None:
3110 with open(opt.template, 'r') as f:3124 with open(opt.template, 'r') as f:
@@ -3137,8 +3151,13 @@ def run_testflinger_tests(opt, args, details, queues, image):
3137 cmds.append("rm %s" % " ".join(binaries))3151 cmds.append("rm %s" % " ".join(binaries))
3138 cmds.append("ssh $DEVICE_IP sudo dpkg -i %s" % " ".join(binaries))3152 cmds.append("ssh $DEVICE_IP sudo dpkg -i %s" % " ".join(binaries))
3139 else:3153 else:
3154 if signing_key is not None:
3155 cmds.append("echo_time Importing PPA sigining key...")
3156 # TODO: apt-key is deprecated so this should be replaced with something better
3157 cmds.append("ssh $DEVICE_IP sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys %s" % signing_key)
3140 cmds.append("echo_time Adding apt repository %s..." % opt.repo)3158 cmds.append("echo_time Adding apt repository %s..." % opt.repo)
3141 cmds.append("ssh $DEVICE_IP sudo add-apt-repository --yes %s" % opt.repo)3159 cmds.append("ssh $DEVICE_IP sudo add-apt-repository --yes %s" % opt.repo)
3160 cmds.append("ssh $DEVICE_IP sudo apt-get update")
3142 cmds.append("echo_time Installing %s..." % details["package"])3161 cmds.append("echo_time Installing %s..." % details["package"])
3143 cmds.append("ssh $DEVICE_IP sudo apt-get install %s" % " ".join(apt_binaries))3162 cmds.append("ssh $DEVICE_IP sudo apt-get install %s" % " ".join(apt_binaries))
3144 # we can't just reboot since this will close the ssh connection3163 # we can't just reboot since this will close the ssh connection

Subscribers

People subscribed via source and target branches