ubuntu-security-tools

Merge ~alexmurray/ubuntu-security-tools:umt-testflinger-private-ppas-support into ubuntu-security-tools:master

  1. Git
  2. lp:~alexmurray/ubuntu-security-tools
  3. umt-testflinger-private-ppas-support
  4. Merge into master
Proposed by Alex Murray
Status: Merged
Merged at revision: b1c52c0c83258bcab2fa5a75d80db61ad578ea26
Proposed branch: ~alexmurray/ubuntu-security-tools:umt-testflinger-private-ppas-support
Merge into: ubuntu-security-tools:master
Diff against target: 55 lines (+20/-1)
1 file modified
build-tools/umt (+20/-1)
Reviewer Review Type Date Requested Status
Ubuntu Security Team Pending
Review via email: mp+427028@code.launchpad.net

Description of the change

Add easier support for using private PPAs via --repo so can just use say --repo ppa:ubuntu-esm/esm-infra-security-staging and umt will do the right thing to lookup and import the associated PPA signing key onto the target device as well as lookup the archive subscription URL and use this with appropriate credentials for the current user.

To post a comment you must log in.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/build-tools/umt b/build-tools/umt
2index 1d96399..6acf21f 100755
3--- a/build-tools/umt
4+++ b/build-tools/umt
5@@ -3029,7 +3029,7 @@ def cmd_testflinger():
6 parser.add_argument("-T", "--template", dest="template", default=None,
7 help="A testflinger job template to use - this allows to specify extra commands etc")
8 parser.add_argument("--repo", dest="repo", default=None,
9- metavar="Anything suitable for `add-apt-repository REPO` (ie. 'ppa:ubuntu-security-proposed/ppa' or 'https://USER:PASS@private-ppa.launchpad.net/ubuntu-security/ppa/ubuntu' etc)",
10+ metavar="Anything suitable for `add-apt-repository REPO` (ie. 'ppa:ubuntu-security-proposed/ppa' - will automatically try and fetch credentials for private PPAs)",
11 help="Add REPO to test machine to test new binaries from it rather than using yantok")
12 parser.add_argument("-j", "--jump-host-path", dest="jump_host_path", default=default_jump_host_path,
13 help="A jump host scp path to temporarily store debs to be loaded on test machine (default " + default_jump_host_path + ")")
14@@ -3076,6 +3076,7 @@ def run_testflinger_tests(opt, args, details, queues, image):
15 print("Running testflinger test for %s with image %s on queues %s" % (details["package"],
16 image,
17 ', '.join(queues)))
18+ signing_key = None
19 tempdir = None
20 # get the list of binary packages
21 local_binaries = glob.glob('./../binary/*.deb')
22@@ -3105,6 +3106,19 @@ def run_testflinger_tests(opt, args, details, queues, image):
23 runcmd(["scp"] + local_binaries + [server + ":" + tempdir],
24 debug=opt.debug, dry_run=opt.dry_run, okrc=[0])
25 tempurl = opt.jump_host_url + tempdir.replace(path, "/")
26+ else:
27+ # lookup signing key for repo if is a ppa
28+ if opt.repo.startswith("ppa:"):
29+ repo = opt.repo.split(":")[1]
30+ team_name, ppa_name = repo.split("/")
31+ lp = lpl_common.connect()
32+ lp_team = lp.people[team_name]
33+ lp_ppa = lp_team.getPPAByName(name=ppa_name)
34+ signing_key = lp_ppa.signing_key_fingerprint
35+ if lp_ppa.private:
36+ # use full authenticated URL with credentials
37+ archive_url = lp.people[lp.me.name].getArchiveSubscriptionURL(archive=lp_ppa)
38+ opt.repo = archive_url
39
40 if opt.template is not None:
41 with open(opt.template, 'r') as f:
42@@ -3137,8 +3151,13 @@ def run_testflinger_tests(opt, args, details, queues, image):
43 cmds.append("rm %s" % " ".join(binaries))
44 cmds.append("ssh $DEVICE_IP sudo dpkg -i %s" % " ".join(binaries))
45 else:
46+ if signing_key is not None:
47+ cmds.append("echo_time Importing PPA sigining key...")
48+ # TODO: apt-key is deprecated so this should be replaced with something better
49+ cmds.append("ssh $DEVICE_IP sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys %s" % signing_key)
50 cmds.append("echo_time Adding apt repository %s..." % opt.repo)
51 cmds.append("ssh $DEVICE_IP sudo add-apt-repository --yes %s" % opt.repo)
52+ cmds.append("ssh $DEVICE_IP sudo apt-get update")
53 cmds.append("echo_time Installing %s..." % details["package"])
54 cmds.append("ssh $DEVICE_IP sudo apt-get install %s" % " ".join(apt_binaries))
55 # we can't just reboot since this will close the ssh connection

Subscribers

People subscribed via source and target branches