Ubuntu CVE Tracker

Merge ~ebarretto/ubuntu-cve-tracker:new-pkg-cache into ubuntu-cve-tracker:master

  1. Git
  2. lp:~ebarretto/ubuntu-cve-tracker
  3. new-pkg-cache
  4. Merge into master
Proposed by Eduardo Barretto
Status: Merged
Merged at revision: 63db2ef1e8781e5772ed0a22c05db0536a2746ac
Proposed branch: ~ebarretto/ubuntu-cve-tracker:new-pkg-cache
Merge into: ubuntu-cve-tracker:master
Diff against target: 32 lines (+10/-2)
1 file modified
scripts/fetch-db (+10/-2)
Reviewer Review Type Date Requested Status
David Fernandez Gonzalez Approve
Ubuntu Security Team Pending
Review via email: mp+444614@code.launchpad.net

Description of the change

This PR alters `scripts/fetch-db` to add a new argument "dbtype" to allow us to fetch package cache from another server.
The way I added the new argument shouldn't affect current services using `fetch-db`.

To post a comment you must log in.
Revision history for this message
David Fernandez Gonzalez (litios) wrote :

I would prefer the second approach so we only have one script.

We could make an optional flag for this so if this flag appears (something like ---pkg-cache), use https://security-metadata.canonical.com/pkg-cache/"$i".

This way, if we need a new endpoint in the future we can simply add more supported flags. As we are listing this in services/crons/etc, I feel like having to provide the whole URL is messier.

Revision history for this message
Eduardo Barretto (ebarretto) wrote :

> I would prefer the second approach so we only have one script.
>
> We could make an optional flag for this so if this flag appears (something
> like ---pkg-cache), use https://security-metadata.canonical.com/pkg-
> cache/"$i".
>
> This way, if we need a new endpoint in the future we can simply add more
> supported flags. As we are listing this in services/crons/etc, I feel like
> having to provide the whole URL is messier.

Ack, I've updated the description and rebased the changes to address it.

Revision history for this message
David Fernandez Gonzalez (litios) wrote :

LGTM, thanks!

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/scripts/fetch-db b/scripts/fetch-db
2index 1577e75..5e02d1a 100755
3--- a/scripts/fetch-db
4+++ b/scripts/fetch-db
5@@ -9,9 +9,10 @@
6 set -e
7
8 db="$1"
9+dbtype="$2"
10
11 if [ -z "$db" ]; then
12- echo "Must specify a db. Eg 'database.pickle.bz2'" >&2
13+ echo "Must specify a db. Eg 'database.pickle.bz2' or 'jammy-pkg-cache.bz2'" >&2
14 exit 1
15 fi
16
17@@ -20,7 +21,14 @@ for i in "$db" "$db".sha256 ; do
18 # Fetch from people, instead of usn.ubuntu.com, because the version of the
19 # USN database on usn.ubuntu.com isn't updated until the Jenkins deployment
20 # job is executed to redeploy the site
21- wget -N https://people.canonical.com/~ubuntu-security/usn/"$i"
22+ if [ -z "$dbtype" ] || [ "$dbtype" = "usn" ]; then
23+ wget -N https://people.canonical.com/~ubuntu-security/usn/"$i"
24+ elif [ "$dbtype" = "pkg-cache" ]; then
25+ wget -N https://security-metadata.canonical.com/pkg-cache/"$i"
26+ else
27+ echo "The types of db accepted are either 'usn' or 'pkg-cache'"
28+ exit 1
29+ fi
30 done
31
32 echo "= Verifiying $i ="

Subscribers

People subscribed via source and target branches