ubuntu-security-tools

Merge ~sespiros/ubuntu-security-tools/+git/ubuntu-security-tools:fix-release-info into ubuntu-security-tools:master

  1. Git
  2. lp:~sespiros/ubuntu-security-tools/+git/ubuntu-security-tools
  3. fix-release-info
  4. Merge into master
Proposed by Spyros Seimenis
Status: Merged
Merged at revision: 2a581f319adaf3be8d31f495332bd9e208c3803a
Proposed branch: ~sespiros/ubuntu-security-tools/+git/ubuntu-security-tools:fix-release-info
Merge into: ubuntu-security-tools:master
Diff against target: 286 lines (+45/-45)
1 file modified
build-tools/umt (+45/-45)
Reviewer Review Type Date Requested Status
Alex Murray Approve
Leonidas S. Barbosa Pending
Review via email: mp+427489@code.launchpad.net

Description of the change

Changed most of the umt references to details['release'] to use details['base_release']. The rest of the cases which use details['release'] do so because they need the full release name and not just the base/parent release.

Now that umt depends on source_map and cve_lib anyway, maybe those parts could be refactored further in the future to entirely remove the release_list field from .ubuntu-security-tools.conf and use cve_lib instead.

To post a comment you must log in.
Revision history for this message
Spyros Seimenis (sespiros) wrote :

For the reviewer: link to the MP that started it all https://code.launchpad.net/~sespiros/ubuntu-security-tools/+git/ubuntu-security-tools/+merge/424782

Revision history for this message
Alex Murray (alexmurray) wrote :

I am not in love with changing so much code to use a new name... although I can understand the motivation. What about a different word than base_release - since this is what we would use in the changelog entry, looking at it for inspiration https://www.debian.org/doc/debian-policy/ch-source.html#s-dpkgchangelog I see they use the term distribution(s) - what if we used that instead?

Revision history for this message
Spyros Seimenis (sespiros) wrote :

I agree that it seems like a big change but there were 2 ways to fix the changelog/repo commands bug:
1) revert my previous fix; that means that the release field will keep not detecting ESM releases properly, the ESM chroot naming standardization was just a case that worked as a motivation to make all these changes.
2) keep the new field (base_release) and differentiate code that needs a full release name from code that needs just the base release (this patch)

Regarding the name, "distribution" could be an alternative one but I haven't seen that used in any of our tools. cve_lib for example uses the term "parent" https://git.launchpad.net/ubuntu-cve-tracker/tree/scripts/cve_lib.py#n113 to indicate the same thing, so that could be a candidate.

If we wanted to be pedantic, according to
- https://docs.ubuntu.com/landscape/en/repositories and
- https://wiki.ubuntu.com/DevelopmentCodeNames

technically a release is "Ubuntu" plus the version "X.YY" (and I guess the minor versions as well). "series" could also be the term we could use instead of "base_release" ("parent" in cve_lib) and maybe "subproject" instead of "release" (subproject is the term cve_lib uses).

Revision history for this message
Alex Murray (alexmurray) wrote :

series sounds like a good option - but it would be good to canvas the team to see if anyone else has better ideas.

Revision history for this message
Emilia Torino (emitorino) wrote :

+1 to refactor and use cve_lib as single source of this type of information

Revision history for this message
Alex Murray (alexmurray) :
review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/build-tools/umt b/build-tools/umt
index 27ca44c..603c412 100755
--- a/build-tools/umt
+++ b/build-tools/umt
@@ -379,10 +379,10 @@ def cmd_changelog():
379 validate_toplevel()379 validate_toplevel()
380380
381 is_devel_release = False381 is_devel_release = False
382 if details['release'] != ust['release_devel']:382 if details['series'] != ust['release_devel']:
383 release = details['release'] + '-security'383 release = details['series'] + '-security'
384 else:384 else:
385 release = details['release']385 release = details['series']
386 is_devel_release = True386 is_devel_release = True
387387
388 if opt.increment:388 if opt.increment:
@@ -564,7 +564,7 @@ def perform_source_build(details, opt):
564 build_params.append('-sa')564 build_params.append('-sa')
565565
566 if not opt.skip_maintainer:566 if not opt.skip_maintainer:
567 update_maintainer(details['release'], details['version'], opt.simple_maintainer_update)567 update_maintainer(details['series'], details['version'], opt.simple_maintainer_update)
568 build_source(build_params, build_script, details,568 build_source(build_params, build_script, details,
569 force_dpkg_source=force_dpkg_source)569 force_dpkg_source=force_dpkg_source)
570 process_source_files(details, source_dest, merge=opt.merge)570 process_source_files(details, source_dest, merge=opt.merge)
@@ -652,8 +652,8 @@ def perform_binary_build(details, opt):
652 # If opt.sbuild_dep_resolver is not specified, look for per package overrides652 # If opt.sbuild_dep_resolver is not specified, look for per package overrides
653 if details["build_dep_resolver"] == None:653 if details["build_dep_resolver"] == None:
654 if details['package'] in sbuild_dep_resolver_overrides and \654 if details['package'] in sbuild_dep_resolver_overrides and \
655 details['release'] in sbuild_dep_resolver_overrides[details['package']]:655 details['series'] in sbuild_dep_resolver_overrides[details['package']]:
656 details["build_dep_resolver"] = sbuild_dep_resolver_overrides[details['package']][details['release']]656 details["build_dep_resolver"] = sbuild_dep_resolver_overrides[details['package']][details['series']]
657657
658 if details["build_dep_resolver"] in ['apt', 'aptitude', 'internal']:658 if details["build_dep_resolver"] in ['apt', 'aptitude', 'internal']:
659 buildopts.append('--build-dep-resolver=%s' % details["build_dep_resolver"])659 buildopts.append('--build-dep-resolver=%s' % details["build_dep_resolver"])
@@ -761,7 +761,7 @@ def cmd_build_orig():
761 opt.skip = True761 opt.skip = True
762 # Force the release as we can't auto-discover based on directory name762 # Force the release as we can't auto-discover based on directory name
763 if opt.release == False:763 if opt.release == False:
764 opt.release = details['release']764 opt.release = details['series']
765 details = prepare_build(opt)765 details = prepare_build(opt)
766 perform_source_build(details, opt)766 perform_source_build(details, opt)
767 perform_binary_build(details, opt)767 perform_binary_build(details, opt)
@@ -919,7 +919,7 @@ def cmd_check():
919 (rc, report) = runcmd(command, stdout=None)919 (rc, report) = runcmd(command, stdout=None)
920920
921 # Check if we should warn about a Vcs-Bzr tag921 # Check if we should warn about a Vcs-Bzr tag
922 if details['release'] == ust['release_devel']:922 if details['series'] == ust['release_devel']:
923 try:923 try:
924 for line in open('debian/control').readlines():924 for line in open('debian/control').readlines():
925 if line.lower().startswith("vcs-bzr:"):925 if line.lower().startswith("vcs-bzr:"):
@@ -928,7 +928,7 @@ def cmd_check():
928 pass928 pass
929929
930 # Print out some special-case warnings before exiting930 # Print out some special-case warnings before exiting
931 emit_special_warnings(details['package'], details['release'])931 emit_special_warnings(details['package'], details['series'])
932932
933 # finally check changes file as well for missing LP: # references933 # finally check changes file as well for missing LP: # references
934 changes_file = dscfile.replace(".dsc", "_source.changes")934 changes_file = dscfile.replace(".dsc", "_source.changes")
@@ -1156,7 +1156,7 @@ def download_binaries_from_ppa(details, binary_dest, version, ppa, arch, display
1156 err("could not find '%s'" % sis_changes)1156 err("could not find '%s'" % sis_changes)
1157 sys.exit(1)1157 sys.exit(1)
11581158
1159 repo_dest = os.path.join(ust['package_tools_repo_base'], details['release'])1159 repo_dest = os.path.join(ust['package_tools_repo_base'], details['series'])
1160 binaries = glob.glob(repo_dest + '/%s_%s_*' % (details['package'], version))1160 binaries = glob.glob(repo_dest + '/%s_%s_*' % (details['package'], version))
1161 copy_binaries = False1161 copy_binaries = False
1162 if len(binaries) > 0:1162 if len(binaries) > 0:
@@ -1170,7 +1170,7 @@ def download_binaries_from_ppa(details, binary_dest, version, ppa, arch, display
11701170
1171 if not copy_binaries:1171 if not copy_binaries:
1172 copy_sppa_to_repos = os.path.join(os.environ['UST'], "repo-tools", 'copy_sppa_to_repos')1172 copy_sppa_to_repos = os.path.join(os.environ['UST'], "repo-tools", 'copy_sppa_to_repos')
1173 args = [copy_sppa_to_repos, '--ppa', ppa, '--force-binaries', '--release', details['release']]1173 args = [copy_sppa_to_repos, '--ppa', ppa, '--force-binaries', '--release', details['series']]
1174 if arch:1174 if arch:
1175 args += ['--arch', arch]1175 args += ['--arch', arch]
1176 args.append(details['package'])1176 args.append(details['package'])
@@ -1207,24 +1207,24 @@ def cmd_compare_bin():
12071207
1208 # always use debian-installer in release pocket for non-devel releases1208 # always use debian-installer in release pocket for non-devel releases
1209 installer_components = 'main/debian-installer'1209 installer_components = 'main/debian-installer'
1210 if details['release'] == ust['release_devel'] or not use_installer:1210 if details['series'] == ust['release_devel'] or not use_installer:
1211 installer_components = ''1211 installer_components = ''
1212 s='''1212 s='''
1213deb [arch=%s] %s/ %s %s %s1213deb [arch=%s] %s/ %s %s %s
1214deb-src %s/ %s %s1214deb-src %s/ %s %s
1215''' % (details['arch'], ust.get_sbuild_mirror(details['arch']), details['release'], components, installer_components,1215''' % (details['arch'], ust.get_sbuild_mirror(details['arch']), details['series'], components, installer_components,
1216 ust.get_sbuild_srcmirror(details['arch']), details['release'], components)1216 ust.get_sbuild_srcmirror(details['arch']), details['series'], components)
12171217
1218 if details['release'] != ust['release_devel']:1218 if details['series'] != ust['release_devel']:
1219 s += '''1219 s += '''
1220deb [arch=%s] %s/ %s-updates %s %s1220deb [arch=%s] %s/ %s-updates %s %s
1221deb-src %s/ %s-updates %s1221deb-src %s/ %s-updates %s
1222deb [arch=%s] %s/ %s-security %s %s1222deb [arch=%s] %s/ %s-security %s %s
1223deb-src %s/ %s-security %s1223deb-src %s/ %s-security %s
1224''' % (details['arch'], ust.get_sbuild_mirror(details['arch']), details['release'], components, installer_components,1224''' % (details['arch'], ust.get_sbuild_mirror(details['arch']), details['series'], components, installer_components,
1225 ust.get_sbuild_srcmirror(details['arch']), details['release'], components,1225 ust.get_sbuild_srcmirror(details['arch']), details['series'], components,
1226 details['arch'], ust.get_sbuild_mirror(details['arch']), details['release'], components, installer_components,1226 details['arch'], ust.get_sbuild_mirror(details['arch']), details['series'], components, installer_components,
1227 ust.get_sbuild_srcmirror(details['arch']), details['release'], components)1227 ust.get_sbuild_srcmirror(details['arch']), details['series'], components)
12281228
1229 # as of quantal, devel packages can be waiting in -proposed, so1229 # as of quantal, devel packages can be waiting in -proposed, so
1230 # don't do this just for non-devel releases1230 # don't do this just for non-devel releases
@@ -1232,15 +1232,15 @@ deb-src %s/ %s-security %s
1232 s += '''1232 s += '''
1233deb [arch=%s] %s/ %s-proposed %s %s1233deb [arch=%s] %s/ %s-proposed %s %s
1234deb-src %s/ %s-proposed %s1234deb-src %s/ %s-proposed %s
1235''' % (details['arch'], ust.get_sbuild_mirror(details['arch']), details['release'], components, installer_components,1235''' % (details['arch'], ust.get_sbuild_mirror(details['arch']), details['series'], components, installer_components,
1236 ust.get_sbuild_srcmirror(details['arch']), details['release'], components)1236 ust.get_sbuild_srcmirror(details['arch']), details['series'], components)
12371237
1238 if 'test_repo' in details and details['test_repo']:1238 if 'test_repo' in details and details['test_repo']:
1239 s += '''1239 s += '''
1240deb [arch=%s] %s/ %s/1240deb [arch=%s] %s/ %s/
1241deb-src %s/ %s/1241deb-src %s/ %s/
1242''' % (details['arch'], ust['package_tools_repo_url'], details['release'],1242''' % (details['arch'], ust['package_tools_repo_url'], details['series'],
1243 ust['package_tools_repo_url'], details['release'])1243 ust['package_tools_repo_url'], details['series'])
12441244
1245 return s1245 return s
12461246
@@ -1489,7 +1489,7 @@ Acquire::Languages "none";
1489 details['arch'] = arch1489 details['arch'] = arch
14901490
1491 if opt.release:1491 if opt.release:
1492 details['release'] = opt.release1492 details['series'] = opt.release
14931493
1494 if opt.proposed:1494 if opt.proposed:
1495 details['proposed'] = True1495 details['proposed'] = True
@@ -1572,7 +1572,7 @@ def copy_to_repo(opt, details, quiet=False, source_dest=source_dest, binary_dest
1572 if not quiet:1572 if not quiet:
1573 print_details(details)1573 print_details(details)
15741574
1575 repo_dest = os.path.join(repo_base, details['release'])1575 repo_dest = os.path.join(repo_base, details['series'])
15761576
1577 if opt.purge and os.path.isdir(repo_dest):1577 if opt.purge and os.path.isdir(repo_dest):
1578 print("Cleaning out '%s'" % (repo_dest))1578 print("Cleaning out '%s'" % (repo_dest))
@@ -1620,7 +1620,7 @@ def copy_to_repo(opt, details, quiet=False, source_dest=source_dest, binary_dest
1620 print("Copying '%s'..." % (os.path.join(binary_dest, f)))1620 print("Copying '%s'..." % (os.path.join(binary_dest, f)))
1621 shutil.copy(os.path.join(binary_dest, f), repo_dest)1621 shutil.copy(os.path.join(binary_dest, f), repo_dest)
16221622
1623 (rc, report) = runcmd([update_repo, details['release']], stdin=sys.stdin, stdout=None)1623 (rc, report) = runcmd([update_repo, details['series']], stdin=sys.stdin, stdout=None)
1624 if rc != 0:1624 if rc != 0:
1625 err("failure running '%s':\n%s" % (update_repo, report))1625 err("failure running '%s':\n%s" % (update_repo, report))
1626 sys.exit(1)1626 sys.exit(1)
@@ -1672,7 +1672,7 @@ def cmd_upload():
16721672
1673 # adjust destination if debian1673 # adjust destination if debian
1674 init_dest = opt.destination1674 init_dest = opt.destination
1675 if details['release'] == "unstable": # XXX: add other releases1675 if details['series'] == "unstable": # XXX: add other releases
1676 init_dest = "debian"1676 init_dest = "debian"
16771677
1678 details = parse_changes_file(changes_file)1678 details = parse_changes_file(changes_file)
@@ -1971,7 +1971,7 @@ def cmd_adt():
1971 }1971 }
19721972
1973 details = parse_package_details(skip_sanity = True)1973 details = parse_package_details(skip_sanity = True)
1974 release = details['release']1974 release = details['series']
19751975
1976 valid_releases = []1976 valid_releases = []
1977 for rel in source_map.cve_lib.releases:1977 for rel in source_map.cve_lib.releases:
@@ -2647,7 +2647,7 @@ def run_qrt_tests(opt, args, details):
2647 # installed (--only-upgrade) and mark them as auto installed2647 # installed (--only-upgrade) and mark them as auto installed
2648 # (--mark-auto)2648 # (--mark-auto)
2649 apt_args += "--only-upgrade "2649 apt_args += "--only-upgrade "
2650 release_num = BetterUbuntuDistroInfo().get_release(details['release'])2650 release_num = BetterUbuntuDistroInfo().get_release(details['series'])
2651 if release_num:2651 if release_num:
2652 if release_num > "20.04":2652 if release_num > "20.04":
2653 apt_args += "--mark-auto "2653 apt_args += "--mark-auto "
@@ -3418,7 +3418,7 @@ def prepare_tool_env(opt, details):
3418 os.environ['DEB_BUILD_HARDENING'] = '1'3418 os.environ['DEB_BUILD_HARDENING'] = '1'
34193419
3420 # Parallel builds only started with karmic and later3420 # Parallel builds only started with karmic and later
3421 if opt.parallel and details['release'] not in ['dapper','jaunty']:3421 if opt.parallel and details['series'] not in ['dapper','jaunty']:
3422 _append_deb_build_options('parallel=%s' % (opt.parallel), "parallel=")3422 _append_deb_build_options('parallel=%s' % (opt.parallel), "parallel=")
3423 except:3423 except:
3424 pass3424 pass
@@ -3698,7 +3698,7 @@ do
3698 rm -f "$SRCS"3698 rm -f "$SRCS"
3699 fi3699 fi
3700done3700done
3701''' % (dropped_pockets, details['release'])3701''' % (dropped_pockets, details['series'])
37023702
3703 # add the updates pocket if building a proposed package if it isn't already3703 # add the updates pocket if building a proposed package if it isn't already
3704 # in the sources.list3704 # in the sources.list
@@ -3712,7 +3712,7 @@ if ! grep -q '^[^#].*\-updates' /etc/apt/sources.list ; then
3712 mv -f "$SRCS" /etc/apt/sources.list3712 mv -f "$SRCS" /etc/apt/sources.list
3713 need_update=13713 need_update=1
3714fi3714fi
3715''' % (details['release'], details['release'], details['release'])3715''' % (details['series'], details['series'], details['series'])
37163716
3717 # add the proposed pocket if told to do so3717 # add the proposed pocket if told to do so
3718 if force_proposed == True:3718 if force_proposed == True:
@@ -3725,7 +3725,7 @@ if ! grep -q '^[^#].*\-proposed' /etc/apt/sources.list ; then
3725 mv -f "$SRCS" /etc/apt/sources.list3725 mv -f "$SRCS" /etc/apt/sources.list
3726 need_update=13726 need_update=1
3727fi3727fi
3728''' % (details['release'], details['release'], details['release'])3728''' % (details['series'], details['series'], details['series'])
37293729
3730 # Add local repo if needed3730 # Add local repo if needed
3731 if details['additional-repo']:3731 if details['additional-repo']:
@@ -3737,12 +3737,12 @@ echo "deb %s %s/" >> "$SRCS"
3737mv -f "$SRCS" /etc/apt/sources.list3737mv -f "$SRCS" /etc/apt/sources.list
3738need_update=13738need_update=1
3739''' % (details['additional-repo'],3739''' % (details['additional-repo'],
3740 details['additional-repo'], details['release'])3740 details['additional-repo'], details['series'])
37413741
3742 # Update components. Xenial and higher now requires universe to build3742 # Update components. Xenial and higher now requires universe to build
3743 # main packages. release_num can be None if release is unknown, like3743 # main packages. release_num can be None if release is unknown, like
3744 # when distro_info hasn't been updated yet for a new dev release3744 # when distro_info hasn't been updated yet for a new dev release
3745 release_num = BetterUbuntuDistroInfo().get_release(details['release'])3745 release_num = BetterUbuntuDistroInfo().get_release(details['series'])
3746 if release_num and release_num < "16.04":3746 if release_num and release_num < "16.04":
3747 allowed_comps = { 'main' : ':main:',3747 allowed_comps = { 'main' : ':main:',
3748 'restricted' : ':main:restricted:',3748 'restricted' : ':main:restricted:',
@@ -3790,7 +3790,7 @@ fi
3790''' % (allowed_comps[details['component']], details['component'])3790''' % (allowed_comps[details['component']], details['component'])
37913791
3792 # Hack to work around lucid dbus trying to start in the chroot3792 # Hack to work around lucid dbus trying to start in the chroot
3793 if details['release'] == "lucid":3793 if details['series'] == "lucid":
3794 build_script = build_script + '''3794 build_script = build_script + '''
3795dpkg-divert --divert /etc/init/dbus.conf.disabled --rename /etc/init/dbus.conf3795dpkg-divert --divert /etc/init/dbus.conf.disabled --rename /etc/init/dbus.conf
3796'''3796'''
@@ -4054,14 +4054,14 @@ def parse_package_details(release = None, skip_sanity = False, force_component =
4054 details.setdefault('release', details['changelog_release'])4054 details.setdefault('release', details['changelog_release'])
40554055
4056 # Find base release4056 # Find base release
4057 base_release = details["release"]4057 series = details["release"]
4058 if 'esm' in base_release:4058 if 'esm' in series:
4059 if 'trusty' in base_release:4059 if 'trusty' in series:
4060 base_release = 'trusty'4060 series = 'trusty'
4061 else:4061 else:
4062 base_release = base_release.split('/')[1]4062 series = series.split('/')[1]
40634063
4064 details['base_release'] = base_release4064 details['series'] = series
40654065
4066 # Find previous version4066 # Find previous version
4067 previous_version = ''4067 previous_version = ''
@@ -4091,11 +4091,11 @@ def parse_package_details(release = None, skip_sanity = False, force_component =
4091 # Perform sanity checking4091 # Perform sanity checking
4092 if not skip_sanity:4092 if not skip_sanity:
4093 # Sanity check release4093 # Sanity check release
4094 if details['changelog_release'] != details['base_release']:4094 if details['changelog_release'] != details['series']:
4095 err("oops! changelog release (%s) != '%s'" % (details['changelog_release'], details['base_release']))4095 err("oops! changelog release (%s) != '%s'" % (details['changelog_release'], details['series']))
4096 sys.exit(1)4096 sys.exit(1)
4097 # Sanity check pocket4097 # Sanity check pocket
4098 if (details['release'] != ust['release_devel']) and (details['release'] != 'unstable') and \4098 if (details['series'] != ust['release_devel']) and (details['series'] != 'unstable') and \
4099 (details['pocket'] != 'security') and \4099 (details['pocket'] != 'security') and \
4100 (details['pocket'] != 'backports') and \4100 (details['pocket'] != 'backports') and \
4101 (details['pocket'] != 'proposed'):4101 (details['pocket'] != 'proposed'):

Subscribers

People subscribed via source and target branches