ubuntu-security-tools

Merge ~alexmurray/ubuntu-security-tools:umt-grep-source-map into ubuntu-security-tools:master

  1. Git
  2. lp:~alexmurray/ubuntu-security-tools
  3. umt-grep-source-map
  4. Merge into master
Proposed by Alex Murray
Status: Needs review
Proposed branch: ~alexmurray/ubuntu-security-tools:umt-grep-source-map
Merge into: ubuntu-security-tools:master
Diff against target: 36 lines (+15/-3)
1 file modified
build-tools/umt (+15/-3)
Reviewer Review Type Date Requested Status
Ubuntu Security Team Pending
Review via email: mp+414783@code.launchpad.net

Description of the change

This allows to find packages listed in the various subprojects even if they don't exist in the Ubuntu archive.

Should be useful for https://docs.google.com/document/d/13wpBtK2uySdBeZXbpLIp-oO3C5kYkXw-8bL8KEjOd1c/edit#

To post a comment you must log in.
Revision history for this message
Alex Murray (alexmurray) wrote :

Any chance someone can review this?

Reply
Revision history for this message
Eduardo Barretto (ebarretto) wrote :

Overall it looks good to me, but I'm just wondering if we need to do source_map.load() without skipping eol releases. Here's an example

In current UST master:
$ umt grep ffmpeg
ffmpeg
ffmpeg-php
ffmpeg2theora
ffmpegfs
ffmpegthumbnailer
ffmpegthumbs
gstreamer0.10-ffmpeg
kffmpegthumbnailer
kodi-inputstream-ffmpegdirect
ocaml-ffmpeg

with your changes applied:
$ umt grep ffmpeg
ffmpeg
ffmpeg2theora
ffmpegfs
ffmpegthumbnailer
ffmpegthumbs
kffmpegthumbnailer
kodi-inputstream-ffmpegdirect
ocaml-ffmpeg

You can see that ffmpeg-php and gstreamer0.10-ffmpeg.
I did a grep on ffmpeg-php, this is a precise source, so not sure it matters at all.
I did the same for gstreamer0.10-ffmpeg, this is a precise and trusty source, since trusty is still in ESM, should we list trusty source on umt grep?

If yes, then doing a source_map.load(skip_eol_releases=False) might be enough.

Reply
~alexmurray/ubuntu-security-tools:umt-grep-source-map updated
571be21... by Alex Murray

umt grep: Avoid temporary file and pipe stdin to grep

Signed-off-by: Alex Murray <email address hidden>

Unmerged commits

571be21... by Alex Murray

umt grep: Avoid temporary file and pipe stdin to grep

Signed-off-by: Alex Murray <email address hidden>

851ed12... by Alex Murray

umt grep: Search package names from source_map by default

This then allows umt grep to find packages in any other configured
subprojects rather than just the Ubuntu archive (eg. this finds kafka in
esm-apps whereas the current umt grep does not).

Signed-off-by: Alex Murray <email address hidden>

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/build-tools/umt b/build-tools/umt
2index ee74cbe..44baa1f 100755
3--- a/build-tools/umt
4+++ b/build-tools/umt
5@@ -2023,7 +2023,7 @@ def cmd_grep():
6
7 config = source_map.cve_lib.read_config()
8
9- mirror_path = config["packages_mirror"]
10+ mirror_path = None
11 if opt.repo == "debian":
12 mirror_path = config["debian_mirror"]
13 elif opt.repo == "partner":
14@@ -2033,8 +2033,20 @@ def cmd_grep():
15 parser.print_help()
16 sys.exit(1)
17
18- (rc, report) = runcmd(["grep", args[0], os.path.join(mirror_path, "sources")])
19- print(report.rstrip())
20+ if mirror_path is not None:
21+ _, report = runcmd(["grep", args[0], os.path.join(mirror_path, "sources")])
22+ print(report.rstrip())
23+ else:
24+ # search the configured releases via source_map
25+ src_map = source_map.load()
26+ srcs = set()
27+ for rel in src_map:
28+ srcs = srcs | set(src_map[rel].keys())
29+ # use grep to do the actual search so we keep the same semantics
30+ # when interpreting the input regex etc
31+ input = "\n".join(sorted(list(srcs))).encode()
32+ _, report = runcmd(["grep", args[0], '-'], input=input, stdin=subprocess.PIPE)
33+ print(report.rstrip())
34
35 def cmd_search():
36 '''Search for best source packages for each release'''

Subscribers

People subscribed via source and target branches