Merge ~emitorino/review-tools:fix_usn_notfication_service_using_dpkg_list into review-tools:master
- Git
- lp:~emitorino/review-tools
- fix_usn_notfication_service_using_dpkg_list
- Merge into master
Proposed by
Emilia Torino
Status: | Merged |
---|---|
Approved by: | Alex Murray |
Approved revision: | 9d3b4107458ffdaac944558a73f00d15dcfde288 |
Merged at revision: | d4d7e8a69fdf1a912f47f923baa879e09d7b6ccc |
Proposed branch: | ~emitorino/review-tools:fix_usn_notfication_service_using_dpkg_list |
Merge into: | review-tools:master |
Diff against target: |
631 lines (+414/-22) 6 files modified
reviewtools/available.py (+13/-5) reviewtools/store.py (+19/-14) reviewtools/tests/test_available.py (+7/-3) tests/test-updates-available.sh (+9/-0) tests/test-updates-available.sh.expected (+103/-0) tests/test.sh.expected (+263/-0) |
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Alex Murray | Approve | ||
Review via email: mp+403485@code.launchpad.net |
Commit message
This is a MP to fix https:/
Description of the change
- store.py: consider faked-by-
- available.py: considering binary names could contain arch specifier when parsing dpkg.list
To post a comment you must log in.
Revision history for this message
Emilia Torino (emitorino) : | # |
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1 | diff --git a/reviewtools/available.py b/reviewtools/available.py | |||
2 | index fa52cae..e43960b 100644 | |||
3 | --- a/reviewtools/available.py | |||
4 | +++ b/reviewtools/available.py | |||
5 | @@ -416,9 +416,9 @@ def _update_seen(seen_fn, seen_db, pkg_db): | |||
6 | 416 | # rocks | 416 | # rocks |
7 | 417 | def scan_store(secnot_db_fn, store_db_fn, seen_db_fn, pkgname, store_db_type="snap"): | 417 | def scan_store(secnot_db_fn, store_db_fn, seen_db_fn, pkgname, store_db_type="snap"): |
8 | 418 | """For each entry in store db (either snap or rock), see if there are any | 418 | """For each entry in store db (either snap or rock), see if there are any |
12 | 419 | binary packages with security notices, if see report them if not in the | 419 | binary packages with security notices, if see report them if not in the |
13 | 420 | seen db. We perform these actions on each snap and rock and do not form | 420 | seen db. We perform these actions on each snap and rock and do not form |
14 | 421 | a queue to keep the implementation simple. | 421 | a queue to keep the implementation simple. |
15 | 422 | """ | 422 | """ |
16 | 423 | secnot_db = read_usn_db(secnot_db_fn) | 423 | secnot_db = read_usn_db(secnot_db_fn) |
17 | 424 | store_db = read_file_as_json_dict(store_db_fn) | 424 | store_db = read_file_as_json_dict(store_db_fn) |
18 | @@ -483,8 +483,16 @@ def scan_snap(secnot_db_fn, snap_fn, with_cves=False): | |||
19 | 483 | if not line.startswith("ii "): | 483 | if not line.startswith("ii "): |
20 | 484 | continue | 484 | continue |
21 | 485 | tmp = line.split() | 485 | tmp = line.split() |
22 | 486 | pkg_name = tmp[1] | ||
23 | 487 | # Since dpkg 1.16.2, the binary name could include and arch qualifier: e.g liblz4-1:amd64 | ||
24 | 488 | # For now we assume that if the colon is present, we are in a situation where the binary name is | ||
25 | 489 | # including the arch. We could assert valid architectures as well but that means this code should be | ||
26 | 490 | # updated as new arch are supported or even existing ones are removed. | ||
27 | 491 | arch_qualifier_parts = pkg_name.split(":") | ||
28 | 492 | if len(arch_qualifier_parts) == 2: | ||
29 | 493 | pkg_name = arch_qualifier_parts[0] | ||
30 | 486 | man["parts"][fake_key]["stage-packages"].append( | 494 | man["parts"][fake_key]["stage-packages"].append( |
32 | 487 | "%s=%s" % (tmp[1], tmp[2]) | 495 | "%s=%s" % (pkg_name, tmp[2]) |
33 | 488 | ) | 496 | ) |
34 | 489 | 497 | ||
35 | 490 | secnot_db = read_usn_db(secnot_db_fn) | 498 | secnot_db = read_usn_db(secnot_db_fn) |
36 | @@ -526,7 +534,7 @@ def scan_rock(secnot_db_fn, rock_fn, with_cves=False): | |||
37 | 526 | 534 | ||
38 | 527 | def scan_shared_publishers(store_fn): | 535 | def scan_shared_publishers(store_fn): |
39 | 528 | """Check store db for any snaps with a shared email that don't also have a | 536 | """Check store db for any snaps with a shared email that don't also have a |
41 | 529 | mapping. | 537 | mapping. |
42 | 530 | """ | 538 | """ |
43 | 531 | store_db = read_file_as_json_dict(store_fn) | 539 | store_db = read_file_as_json_dict(store_fn) |
44 | 532 | report = get_shared_snap_without_override(store_db) | 540 | report = get_shared_snap_without_override(store_db) |
45 | diff --git a/reviewtools/store.py b/reviewtools/store.py | |||
46 | index 7cda73a..3e27b4e 100644 | |||
47 | --- a/reviewtools/store.py | |||
48 | +++ b/reviewtools/store.py | |||
49 | @@ -325,7 +325,7 @@ def get_pkg_revisions(item, secnot_db, errors, pkg_type="snap"): | |||
50 | 325 | 325 | ||
51 | 326 | def get_shared_snap_without_override(store_db): | 326 | def get_shared_snap_without_override(store_db): |
52 | 327 | """Report snaps that use a shared email but don't have an entry for | 327 | """Report snaps that use a shared email but don't have an entry for |
54 | 328 | additional addresses. | 328 | additional addresses. |
55 | 329 | """ | 329 | """ |
56 | 330 | missing = {} | 330 | missing = {} |
57 | 331 | for item in store_db: | 331 | for item in store_db: |
58 | @@ -351,7 +351,7 @@ def get_shared_snap_without_override(store_db): | |||
59 | 351 | # TODO: support for build-packages is not fully implemented yet. | 351 | # TODO: support for build-packages is not fully implemented yet. |
60 | 352 | def get_staged_and_build_packages_from_manifest(m): | 352 | def get_staged_and_build_packages_from_manifest(m): |
61 | 353 | """Obtain list of packages in primed-stage-packages if section is present. | 353 | """Obtain list of packages in primed-stage-packages if section is present. |
63 | 354 | If not, obtain it from stage-packages for various parts instead | 354 | If not, obtain it from stage-packages for various parts instead |
64 | 355 | """ | 355 | """ |
65 | 356 | if "parts" not in m: | 356 | if "parts" not in m: |
66 | 357 | debug("Could not find 'parts' in manifest") | 357 | debug("Could not find 'parts' in manifest") |
67 | @@ -366,14 +366,20 @@ def get_staged_and_build_packages_from_manifest(m): | |||
68 | 366 | manifest_has_primed_staged_section = False | 366 | manifest_has_primed_staged_section = False |
69 | 367 | 367 | ||
70 | 368 | if "primed-stage-packages" in m and m["primed-stage-packages"] is not None: | 368 | if "primed-stage-packages" in m and m["primed-stage-packages"] is not None: |
71 | 369 | # An empty primed-stage-packages section (i.e. primed-stage-packages: []) | ||
72 | 370 | # is consider valid as well. | ||
73 | 369 | manifest_has_primed_staged_section = True | 371 | manifest_has_primed_staged_section = True |
74 | 370 | # Note, prime-stage-packages is grouped with stage-packages | 372 | # Note, prime-stage-packages is grouped with stage-packages |
75 | 371 | get_packages_from_manifest_section(d, m["primed-stage-packages"], "staged") | 373 | get_packages_from_manifest_section(d, m["primed-stage-packages"], "staged") |
76 | 372 | 374 | ||
77 | 373 | for part in m["parts"]: | 375 | for part in m["parts"]: |
81 | 374 | # stage-packages part is only analyzed if primed-stage-packages is not | 376 | # stage-packages in each part is only analyzed if primed-stage-packages |
82 | 375 | # present. | 377 | # is not present. The only exception is if the snap includes the |
83 | 376 | if not manifest_has_primed_staged_section: | 378 | # dpkg.list file (e.g. core snaps) since primed-stage-packages is always empty |
84 | 379 | if ( | ||
85 | 380 | not manifest_has_primed_staged_section | ||
86 | 381 | or part == "faked-by-review-tools-dpkg" | ||
87 | 382 | ): | ||
88 | 377 | if ( | 383 | if ( |
89 | 378 | "stage-packages" in m["parts"][part] | 384 | "stage-packages" in m["parts"][part] |
90 | 379 | and m["parts"][part]["stage-packages"] is not None | 385 | and m["parts"][part]["stage-packages"] is not None |
91 | @@ -401,8 +407,7 @@ def get_staged_and_build_packages_from_manifest(m): | |||
92 | 401 | 407 | ||
93 | 402 | 408 | ||
94 | 403 | def get_staged_packages_from_rock_manifest(m): | 409 | def get_staged_packages_from_rock_manifest(m): |
97 | 404 | """Obtain list of packages in stage-packages if section is present. | 410 | """Obtain list of packages in stage-packages if section is present.""" |
96 | 405 | """ | ||
98 | 406 | if "stage-packages" not in m: | 411 | if "stage-packages" not in m: |
99 | 407 | debug("Could not find 'stage-packages' in manifest") | 412 | debug("Could not find 'stage-packages' in manifest") |
100 | 408 | return None | 413 | return None |
101 | @@ -426,7 +431,7 @@ def get_staged_packages_from_rock_manifest(m): | |||
102 | 426 | # key. | 431 | # key. |
103 | 427 | def get_packages_from_manifest_section(d, manifest_section, package_type): | 432 | def get_packages_from_manifest_section(d, manifest_section, package_type): |
104 | 428 | """Obtain packages from a given manifest section (primed-stage-packages | 433 | """Obtain packages from a given manifest section (primed-stage-packages |
106 | 429 | or stage-packages along with any build-packages for a given part) | 434 | or stage-packages along with any build-packages for a given part) |
107 | 430 | """ | 435 | """ |
108 | 431 | for entry in manifest_section: | 436 | for entry in manifest_section: |
109 | 432 | if "=" not in entry: | 437 | if "=" not in entry: |
110 | @@ -451,7 +456,7 @@ def get_packages_from_manifest_section(d, manifest_section, package_type): | |||
111 | 451 | # snaps, git trees) | 456 | # snaps, git trees) |
112 | 452 | def get_packages_from_rock_manifest_section(d, manifest_section, package_type): | 457 | def get_packages_from_rock_manifest_section(d, manifest_section, package_type): |
113 | 453 | """Obtain packages from a given manifest section (rock manifest v1 only | 458 | """Obtain packages from a given manifest section (rock manifest v1 only |
115 | 454 | has staged-packages) | 459 | has staged-packages) |
116 | 455 | """ | 460 | """ |
117 | 456 | for entry in manifest_section: | 461 | for entry in manifest_section: |
118 | 457 | # rock manifest v1 stage-packages section is a list of | 462 | # rock manifest v1 stage-packages section is a list of |
119 | @@ -486,8 +491,8 @@ def get_packages_from_rock_manifest_section(d, manifest_section, package_type): | |||
120 | 486 | 491 | ||
121 | 487 | def normalize_and_verify_snap_manifest(m): | 492 | def normalize_and_verify_snap_manifest(m): |
122 | 488 | """Normalize manifest (ie, assign empty types if None for SafeLoader | 493 | """Normalize manifest (ie, assign empty types if None for SafeLoader |
125 | 489 | defaults) and verify snap manifest is well-formed and has everything we | 494 | defaults) and verify snap manifest is well-formed and has everything we |
126 | 490 | expect""" | 495 | expect""" |
127 | 491 | # normalize toplevel keys | 496 | # normalize toplevel keys |
128 | 492 | assign_type_to_dict_values(m, SnapReview.snap_manifest_required) | 497 | assign_type_to_dict_values(m, SnapReview.snap_manifest_required) |
129 | 493 | assign_type_to_dict_values(m, SnapReview.snap_manifest_optional) | 498 | assign_type_to_dict_values(m, SnapReview.snap_manifest_optional) |
130 | @@ -507,9 +512,9 @@ def normalize_and_verify_snap_manifest(m): | |||
131 | 507 | 512 | ||
132 | 508 | def normalize_and_verify_rock_manifest(m): | 513 | def normalize_and_verify_rock_manifest(m): |
133 | 509 | """Normalize manifest (ie, assign empty types if None for SafeLoader | 514 | """Normalize manifest (ie, assign empty types if None for SafeLoader |
137 | 510 | defaults) and verify rock manifest is well-formed and has everything we | 515 | defaults) and verify rock manifest is well-formed and has everything we |
138 | 511 | expect in this initial implementation. | 516 | expect in this initial implementation. |
139 | 512 | TODO: Update once rock manifest is properly implemented""" | 517 | TODO: Update once rock manifest is properly implemented""" |
140 | 513 | # normalize toplevel keys | 518 | # normalize toplevel keys |
141 | 514 | assign_type_to_dict_values(m, RockReview.rock_manifest_required) | 519 | assign_type_to_dict_values(m, RockReview.rock_manifest_required) |
142 | 515 | assign_type_to_dict_values(m, RockReview.rock_manifest_optional) | 520 | assign_type_to_dict_values(m, RockReview.rock_manifest_optional) |
143 | diff --git a/reviewtools/tests/test_available.py b/reviewtools/tests/test_available.py | |||
144 | index 08e73de..a9ce71e 100644 | |||
145 | --- a/reviewtools/tests/test_available.py | |||
146 | +++ b/reviewtools/tests/test_available.py | |||
147 | @@ -568,7 +568,7 @@ each snap revision | |||
148 | 568 | 568 | ||
149 | 569 | def test_check__secnot_report_for_kernel_stage_and_build_pkg_new_secnot(self): | 569 | def test_check__secnot_report_for_kernel_stage_and_build_pkg_new_secnot(self): |
150 | 570 | """Test _secnot_report_for_pkg() - new secnot for build and | 570 | """Test _secnot_report_for_pkg() - new secnot for build and |
152 | 571 | staged pkg""" | 571 | staged pkg""" |
153 | 572 | errors = {} | 572 | errors = {} |
154 | 573 | self.pkg_db = store.get_pkg_revisions( | 573 | self.pkg_db = store.get_pkg_revisions( |
155 | 574 | self.kernel_store_db[0], self.secnot_kernel_and_build_pkgs_db, errors | 574 | self.kernel_store_db[0], self.secnot_kernel_and_build_pkgs_db, errors |
156 | @@ -912,6 +912,10 @@ Revision r12 (i386; channels: candidate, beta) | |||
157 | 912 | snap_fn = "./tests/test-core_16-2.37.2_amd64.snap" | 912 | snap_fn = "./tests/test-core_16-2.37.2_amd64.snap" |
158 | 913 | res = available.scan_snap(self.secnot_core_with_dpkg_list_fn, snap_fn) | 913 | res = available.scan_snap(self.secnot_core_with_dpkg_list_fn, snap_fn) |
159 | 914 | self.assertTrue(len(res) > 0) | 914 | self.assertTrue(len(res) > 0) |
160 | 915 | # This asserts a binary was obtained from the URLs since its not listed in the USN binaries keys | ||
161 | 916 | self.assertIn("libc-bin", res) | ||
162 | 917 | # This asserts the dpkg-query file was properly parsed and arch qualifiers were ignored LP: #1930105 | ||
163 | 918 | self.assertIn("libc6", res) | ||
164 | 915 | self.assertIn("3323-1", res) | 919 | self.assertIn("3323-1", res) |
165 | 916 | 920 | ||
166 | 917 | def test_check_scan_snap_dpkg_list_app(self): | 921 | def test_check_scan_snap_dpkg_list_app(self): |
167 | @@ -1063,7 +1067,7 @@ Revision r12 (i386; channels: candidate, beta) | |||
168 | 1063 | 1067 | ||
169 | 1064 | def test_check_scan_store_with_pkgname_bad_publisher(self): | 1068 | def test_check_scan_store_with_pkgname_bad_publisher(self): |
170 | 1065 | """Test scan_store() - with pkgname and bad publisher - snaps and | 1069 | """Test scan_store() - with pkgname and bad publisher - snaps and |
172 | 1066 | rocks | 1070 | rocks |
173 | 1067 | """ | 1071 | """ |
174 | 1068 | store_dbs = { | 1072 | store_dbs = { |
175 | 1069 | "snap": ["./tests/test-store-unittest-bad-1.db", "1ad"], | 1073 | "snap": ["./tests/test-store-unittest-bad-1.db", "1ad"], |
176 | @@ -1128,7 +1132,7 @@ Revision r12 (i386; channels: candidate, beta) | |||
177 | 1128 | self, | 1132 | self, |
178 | 1129 | ): | 1133 | ): |
179 | 1130 | """Test scan_store() - kernel snap and build pkg update but invalid | 1134 | """Test scan_store() - kernel snap and build pkg update but invalid |
181 | 1131 | snapcraft version""" | 1135 | snapcraft version""" |
182 | 1132 | store_fn = "./tests/test-store-kernel-invalid-snapcraft-version.db" | 1136 | store_fn = "./tests/test-store-kernel-invalid-snapcraft-version.db" |
183 | 1133 | (sent, errors) = available.scan_store( | 1137 | (sent, errors) = available.scan_store( |
184 | 1134 | self.secnot_build_pkgs_only_fn, store_fn, None, None | 1138 | self.secnot_build_pkgs_only_fn, store_fn, None, None |
185 | diff --git a/tests/test-core-with-primed-staged_16-2.37.2_amd64.snap b/tests/test-core-with-primed-staged_16-2.37.2_amd64.snap | |||
186 | 1135 | new file mode 100644 | 1139 | new file mode 100644 |
187 | index 0000000..dc17a96 | |||
188 | 1136 | Binary files /dev/null and b/tests/test-core-with-primed-staged_16-2.37.2_amd64.snap differ | 1140 | Binary files /dev/null and b/tests/test-core-with-primed-staged_16-2.37.2_amd64.snap differ |
189 | diff --git a/tests/test-updates-available.sh b/tests/test-updates-available.sh | |||
190 | index fc90e53..05fea65 100755 | |||
191 | --- a/tests/test-updates-available.sh | |||
192 | +++ b/tests/test-updates-available.sh | |||
193 | @@ -242,6 +242,15 @@ echo "Running: snap-updates-available --with-cves --usn-db='./tests/test-usn-cor | |||
194 | 242 | PYTHONPATH=./ ./bin/snap-updates-available --with-cves --usn-db='./tests/test-usn-core-with-dpkg-list.db' --snap='./tests/test-core_16-2.37.2_amd64.snap' 2>&1 | tee -a "$tmp" | 242 | PYTHONPATH=./ ./bin/snap-updates-available --with-cves --usn-db='./tests/test-usn-core-with-dpkg-list.db' --snap='./tests/test-core_16-2.37.2_amd64.snap' 2>&1 | tee -a "$tmp" |
195 | 243 | echo "" | tee -a "$tmp" | 243 | echo "" | tee -a "$tmp" |
196 | 244 | 244 | ||
197 | 245 | # testing core snap with manifest including primed-stage-packages: [] LP: #1930106 | ||
198 | 246 | echo "Running: snap-updates-available --usn-db='./tests/test-usn-core-with-dpkg-list.db' --snap='./tests/test-core-with-primed-staged_16-2.37.2_amd64.snap'" | tee -a "$tmp" | ||
199 | 247 | PYTHONPATH=./ ./bin/snap-updates-available --usn-db='./tests/test-usn-core-with-dpkg-list.db' --snap='./test-core-with-primed-staged_16-2.37.2_amd64.snap' 2>&1 | tee -a "$tmp" | ||
200 | 248 | echo "" | tee -a "$tmp" | ||
201 | 249 | |||
202 | 250 | echo "Running: snap-updates-available --with-cves --usn-db='./tests/test-usn-core-with-dpkg-list.db' --snap='./tests/test-core-with-primed-staged_16-2.37.2_amd64.snap'" | tee -a "$tmp" | ||
203 | 251 | PYTHONPATH=./ ./bin/snap-updates-available --with-cves --usn-db='./tests/test-usn-core-with-dpkg-list.db' --snap='./tests/test-core-with-primed-staged_16-2.37.2_amd64.snap' 2>&1 | tee -a "$tmp" | ||
204 | 252 | echo "" | tee -a "$tmp" | ||
205 | 253 | |||
206 | 245 | echo "Running: snap-updates-available --usn-db='./tests/test-usn-core-with-dpkg-list.db' --snap='./tests/test-dpkg-list-app_1.0_amd64.snap'" | tee -a "$tmp" | 254 | echo "Running: snap-updates-available --usn-db='./tests/test-usn-core-with-dpkg-list.db' --snap='./tests/test-dpkg-list-app_1.0_amd64.snap'" | tee -a "$tmp" |
207 | 246 | PYTHONPATH=./ ./bin/snap-updates-available --usn-db='./tests/test-usn-core-with-dpkg-list.db' --snap='./tests/test-dpkg-list-app_1.0_amd64.snap' 2>&1 | tee -a "$tmp" | 255 | PYTHONPATH=./ ./bin/snap-updates-available --usn-db='./tests/test-usn-core-with-dpkg-list.db' --snap='./tests/test-dpkg-list-app_1.0_amd64.snap' 2>&1 | tee -a "$tmp" |
208 | 247 | echo "" | tee -a "$tmp" | 256 | echo "" | tee -a "$tmp" |
209 | diff --git a/tests/test-updates-available.sh.expected b/tests/test-updates-available.sh.expected | |||
210 | index 9558d25..20216b9 100644 | |||
211 | --- a/tests/test-updates-available.sh.expected | |||
212 | +++ b/tests/test-updates-available.sh.expected | |||
213 | @@ -1051,6 +1051,10 @@ Running: snap-updates-available --usn-db='./tests/test-usn-core-with-dpkg-list.d | |||
214 | 1051 | "3323-1", | 1051 | "3323-1", |
215 | 1052 | "3534-1" | 1052 | "3534-1" |
216 | 1053 | ], | 1053 | ], |
217 | 1054 | "libc6": [ | ||
218 | 1055 | "3323-1", | ||
219 | 1056 | "3534-1" | ||
220 | 1057 | ], | ||
221 | 1054 | "multiarch-support": [ | 1058 | "multiarch-support": [ |
222 | 1055 | "3323-1", | 1059 | "3323-1", |
223 | 1056 | "3534-1" | 1060 | "3534-1" |
224 | @@ -1073,6 +1077,69 @@ Running: snap-updates-available --with-cves --usn-db='./tests/test-usn-core-with | |||
225 | 1073 | "CVE-2018-1000001" | 1077 | "CVE-2018-1000001" |
226 | 1074 | ] | 1078 | ] |
227 | 1075 | }, | 1079 | }, |
228 | 1080 | "libc6": { | ||
229 | 1081 | "3323-1": [ | ||
230 | 1082 | "CVE-2017-1000366" | ||
231 | 1083 | ], | ||
232 | 1084 | "3534-1": [ | ||
233 | 1085 | "CVE-2017-1000408", | ||
234 | 1086 | "CVE-2017-1000409", | ||
235 | 1087 | "CVE-2017-15670", | ||
236 | 1088 | "CVE-2017-15804", | ||
237 | 1089 | "CVE-2017-16997", | ||
238 | 1090 | "CVE-2017-17426", | ||
239 | 1091 | "CVE-2018-1000001" | ||
240 | 1092 | ] | ||
241 | 1093 | }, | ||
242 | 1094 | "multiarch-support": { | ||
243 | 1095 | "3323-1": [ | ||
244 | 1096 | "CVE-2017-1000366" | ||
245 | 1097 | ], | ||
246 | 1098 | "3534-1": [ | ||
247 | 1099 | "CVE-2017-1000408", | ||
248 | 1100 | "CVE-2017-1000409", | ||
249 | 1101 | "CVE-2017-15670", | ||
250 | 1102 | "CVE-2017-15804", | ||
251 | 1103 | "CVE-2017-16997", | ||
252 | 1104 | "CVE-2017-17426", | ||
253 | 1105 | "CVE-2018-1000001" | ||
254 | 1106 | ] | ||
255 | 1107 | } | ||
256 | 1108 | } | ||
257 | 1109 | |||
258 | 1110 | Running: snap-updates-available --usn-db='./tests/test-usn-core-with-dpkg-list.db' --snap='./tests/test-core-with-primed-staged_16-2.37.2_amd64.snap' | ||
259 | 1111 | ERROR: Could not find './test-core-with-primed-staged_16-2.37.2_amd64.snap' | ||
260 | 1112 | |||
261 | 1113 | Running: snap-updates-available --with-cves --usn-db='./tests/test-usn-core-with-dpkg-list.db' --snap='./tests/test-core-with-primed-staged_16-2.37.2_amd64.snap' | ||
262 | 1114 | { | ||
263 | 1115 | "libc-bin": { | ||
264 | 1116 | "3323-1": [ | ||
265 | 1117 | "CVE-2017-1000366" | ||
266 | 1118 | ], | ||
267 | 1119 | "3534-1": [ | ||
268 | 1120 | "CVE-2017-1000408", | ||
269 | 1121 | "CVE-2017-1000409", | ||
270 | 1122 | "CVE-2017-15670", | ||
271 | 1123 | "CVE-2017-15804", | ||
272 | 1124 | "CVE-2017-16997", | ||
273 | 1125 | "CVE-2017-17426", | ||
274 | 1126 | "CVE-2018-1000001" | ||
275 | 1127 | ] | ||
276 | 1128 | }, | ||
277 | 1129 | "libc6": { | ||
278 | 1130 | "3323-1": [ | ||
279 | 1131 | "CVE-2017-1000366" | ||
280 | 1132 | ], | ||
281 | 1133 | "3534-1": [ | ||
282 | 1134 | "CVE-2017-1000408", | ||
283 | 1135 | "CVE-2017-1000409", | ||
284 | 1136 | "CVE-2017-15670", | ||
285 | 1137 | "CVE-2017-15804", | ||
286 | 1138 | "CVE-2017-16997", | ||
287 | 1139 | "CVE-2017-17426", | ||
288 | 1140 | "CVE-2018-1000001" | ||
289 | 1141 | ] | ||
290 | 1142 | }, | ||
291 | 1076 | "multiarch-support": { | 1143 | "multiarch-support": { |
292 | 1077 | "3323-1": [ | 1144 | "3323-1": [ |
293 | 1078 | "CVE-2017-1000366" | 1145 | "CVE-2017-1000366" |
294 | @@ -1095,6 +1162,10 @@ Running: snap-updates-available --usn-db='./tests/test-usn-core-with-dpkg-list.d | |||
295 | 1095 | "3323-1", | 1162 | "3323-1", |
296 | 1096 | "3534-1" | 1163 | "3534-1" |
297 | 1097 | ], | 1164 | ], |
298 | 1165 | "libc6": [ | ||
299 | 1166 | "3323-1", | ||
300 | 1167 | "3534-1" | ||
301 | 1168 | ], | ||
302 | 1098 | "multiarch-support": [ | 1169 | "multiarch-support": [ |
303 | 1099 | "3323-1", | 1170 | "3323-1", |
304 | 1100 | "3534-1" | 1171 | "3534-1" |
305 | @@ -1117,6 +1188,20 @@ Running: snap-updates-available --with-cves --usn-db='./tests/test-usn-core-with | |||
306 | 1117 | "CVE-2018-1000001" | 1188 | "CVE-2018-1000001" |
307 | 1118 | ] | 1189 | ] |
308 | 1119 | }, | 1190 | }, |
309 | 1191 | "libc6": { | ||
310 | 1192 | "3323-1": [ | ||
311 | 1193 | "CVE-2017-1000366" | ||
312 | 1194 | ], | ||
313 | 1195 | "3534-1": [ | ||
314 | 1196 | "CVE-2017-1000408", | ||
315 | 1197 | "CVE-2017-1000409", | ||
316 | 1198 | "CVE-2017-15670", | ||
317 | 1199 | "CVE-2017-15804", | ||
318 | 1200 | "CVE-2017-16997", | ||
319 | 1201 | "CVE-2017-17426", | ||
320 | 1202 | "CVE-2018-1000001" | ||
321 | 1203 | ] | ||
322 | 1204 | }, | ||
323 | 1120 | "multiarch-support": { | 1205 | "multiarch-support": { |
324 | 1121 | "3323-1": [ | 1206 | "3323-1": [ |
325 | 1122 | "CVE-2017-1000366" | 1207 | "CVE-2017-1000366" |
326 | @@ -1813,6 +1898,10 @@ Running: snap-check-notices --no-fetch ./tests/test-core_16-2.37.2_amd64.snap | |||
327 | 1813 | "3323-1", | 1898 | "3323-1", |
328 | 1814 | "3534-1" | 1899 | "3534-1" |
329 | 1815 | ], | 1900 | ], |
330 | 1901 | "libc6": [ | ||
331 | 1902 | "3323-1", | ||
332 | 1903 | "3534-1" | ||
333 | 1904 | ], | ||
334 | 1816 | "multiarch-support": [ | 1905 | "multiarch-support": [ |
335 | 1817 | "3323-1", | 1906 | "3323-1", |
336 | 1818 | "3534-1" | 1907 | "3534-1" |
337 | @@ -1839,6 +1928,20 @@ Running: snap-check-notices --no-fetch --with-cves ./tests/test-core_16-2.37.2_a | |||
338 | 1839 | "CVE-2018-1000001" | 1928 | "CVE-2018-1000001" |
339 | 1840 | ] | 1929 | ] |
340 | 1841 | }, | 1930 | }, |
341 | 1931 | "libc6": { | ||
342 | 1932 | "3323-1": [ | ||
343 | 1933 | "CVE-2017-1000366" | ||
344 | 1934 | ], | ||
345 | 1935 | "3534-1": [ | ||
346 | 1936 | "CVE-2017-1000408", | ||
347 | 1937 | "CVE-2017-1000409", | ||
348 | 1938 | "CVE-2017-15670", | ||
349 | 1939 | "CVE-2017-15804", | ||
350 | 1940 | "CVE-2017-16997", | ||
351 | 1941 | "CVE-2017-17426", | ||
352 | 1942 | "CVE-2018-1000001" | ||
353 | 1943 | ] | ||
354 | 1944 | }, | ||
355 | 1842 | "multiarch-support": { | 1945 | "multiarch-support": { |
356 | 1843 | "3323-1": [ | 1946 | "3323-1": [ |
357 | 1844 | "CVE-2017-1000366" | 1947 | "CVE-2017-1000366" |
358 | diff --git a/tests/test.sh.expected b/tests/test.sh.expected | |||
359 | index 499cd67..e79db3e 100644 | |||
360 | --- a/tests/test.sh.expected | |||
361 | +++ b/tests/test.sh.expected | |||
362 | @@ -26011,6 +26011,269 @@ test-content_0.1_all.snap: pass | |||
363 | 26011 | } | 26011 | } |
364 | 26012 | } | 26012 | } |
365 | 26013 | 26013 | ||
366 | 26014 | = test-core-with-primed-staged_16-2.37.2_amd64.snap = | ||
367 | 26015 | Errors | ||
368 | 26016 | ------ | ||
369 | 26017 | - lint-snap-v2:snap_type_redflag | ||
370 | 26018 | (NEEDS REVIEW) type 'os' not allowed | ||
371 | 26019 | test-core-with-primed-staged_16-2.37.2_amd64.snap: FAIL | ||
372 | 26020 | |||
373 | 26021 | = --sdk test-core-with-primed-staged_16-2.37.2_amd64.snap = | ||
374 | 26022 | = snap.v2_declaration = | ||
375 | 26023 | { | ||
376 | 26024 | "error": {}, | ||
377 | 26025 | "info": {}, | ||
378 | 26026 | "warn": {} | ||
379 | 26027 | } | ||
380 | 26028 | = snap.v2_functional = | ||
381 | 26029 | { | ||
382 | 26030 | "error": {}, | ||
383 | 26031 | "info": {}, | ||
384 | 26032 | "warn": {} | ||
385 | 26033 | } | ||
386 | 26034 | = snap.v2_lint = | ||
387 | 26035 | { | ||
388 | 26036 | "error": { | ||
389 | 26037 | "lint-snap-v2:snap_type_redflag": { | ||
390 | 26038 | "manual_review": true, | ||
391 | 26039 | "text": "(NEEDS REVIEW) type 'os' not allowed" | ||
392 | 26040 | } | ||
393 | 26041 | }, | ||
394 | 26042 | "info": { | ||
395 | 26043 | "lint-snap-v2:apps_present": { | ||
396 | 26044 | "manual_review": false, | ||
397 | 26045 | "text": "OK (optional apps field not specified)" | ||
398 | 26046 | }, | ||
399 | 26047 | "lint-snap-v2:architecture_specified_needed:amd64": { | ||
400 | 26048 | "manual_review": false, | ||
401 | 26049 | "text": "Could not find compiled binaries for architecture 'amd64'" | ||
402 | 26050 | }, | ||
403 | 26051 | "lint-snap-v2:architecture_valid": { | ||
404 | 26052 | "manual_review": false, | ||
405 | 26053 | "text": "OK" | ||
406 | 26054 | }, | ||
407 | 26055 | "lint-snap-v2:assumes_valid": { | ||
408 | 26056 | "manual_review": false, | ||
409 | 26057 | "text": "OK (assumes not specified)" | ||
410 | 26058 | }, | ||
411 | 26059 | "lint-snap-v2:confinement_valid": { | ||
412 | 26060 | "manual_review": false, | ||
413 | 26061 | "text": "'confinement' should not be used with 'type: os'" | ||
414 | 26062 | }, | ||
415 | 26063 | "lint-snap-v2:description": { | ||
416 | 26064 | "manual_review": false, | ||
417 | 26065 | "text": "OK" | ||
418 | 26066 | }, | ||
419 | 26067 | "lint-snap-v2:description_present": { | ||
420 | 26068 | "manual_review": false, | ||
421 | 26069 | "text": "OK" | ||
422 | 26070 | }, | ||
423 | 26071 | "lint-snap-v2:grade_valid": { | ||
424 | 26072 | "manual_review": false, | ||
425 | 26073 | "text": "OK" | ||
426 | 26074 | }, | ||
427 | 26075 | "lint-snap-v2:hook_executable:configure": { | ||
428 | 26076 | "manual_review": false, | ||
429 | 26077 | "text": "OK" | ||
430 | 26078 | }, | ||
431 | 26079 | "lint-snap-v2:hooks_present": { | ||
432 | 26080 | "manual_review": false, | ||
433 | 26081 | "text": "OK (optional hooks field not specified)" | ||
434 | 26082 | }, | ||
435 | 26083 | "lint-snap-v2:iffy_files": { | ||
436 | 26084 | "manual_review": false, | ||
437 | 26085 | "text": "OK" | ||
438 | 26086 | }, | ||
439 | 26087 | "lint-snap-v2:name_valid": { | ||
440 | 26088 | "manual_review": false, | ||
441 | 26089 | "text": "OK" | ||
442 | 26090 | }, | ||
443 | 26091 | "lint-snap-v2:snap_manifest": { | ||
444 | 26092 | "manual_review": false, | ||
445 | 26093 | "text": "OK" | ||
446 | 26094 | }, | ||
447 | 26095 | "lint-snap-v2:snap_type_valid": { | ||
448 | 26096 | "manual_review": false, | ||
449 | 26097 | "text": "OK" | ||
450 | 26098 | }, | ||
451 | 26099 | "lint-snap-v2:summary": { | ||
452 | 26100 | "manual_review": false, | ||
453 | 26101 | "text": "OK" | ||
454 | 26102 | }, | ||
455 | 26103 | "lint-snap-v2:summary_present": { | ||
456 | 26104 | "manual_review": false, | ||
457 | 26105 | "text": "OK" | ||
458 | 26106 | }, | ||
459 | 26107 | "lint-snap-v2:title_present": { | ||
460 | 26108 | "manual_review": false, | ||
461 | 26109 | "text": "OK (optional title field not specified)" | ||
462 | 26110 | }, | ||
463 | 26111 | "lint-snap-v2:unknown_field": { | ||
464 | 26112 | "manual_review": false, | ||
465 | 26113 | "text": "OK" | ||
466 | 26114 | }, | ||
467 | 26115 | "lint-snap-v2:unknown_hook": { | ||
468 | 26116 | "manual_review": false, | ||
469 | 26117 | "text": "OK" | ||
470 | 26118 | }, | ||
471 | 26119 | "lint-snap-v2:valid_unicode": { | ||
472 | 26120 | "manual_review": false, | ||
473 | 26121 | "text": "ok" | ||
474 | 26122 | }, | ||
475 | 26123 | "lint-snap-v2:vcs_files": { | ||
476 | 26124 | "manual_review": false, | ||
477 | 26125 | "text": "OK" | ||
478 | 26126 | }, | ||
479 | 26127 | "lint-snap-v2:version_valid": { | ||
480 | 26128 | "manual_review": false, | ||
481 | 26129 | "text": "OK" | ||
482 | 26130 | } | ||
483 | 26131 | }, | ||
484 | 26132 | "warn": {} | ||
485 | 26133 | } | ||
486 | 26134 | = snap.v2_security = | ||
487 | 26135 | { | ||
488 | 26136 | "error": {}, | ||
489 | 26137 | "info": { | ||
490 | 26138 | "security-snap-v2:squashfs_files": { | ||
491 | 26139 | "manual_review": false, | ||
492 | 26140 | "text": "OK" | ||
493 | 26141 | }, | ||
494 | 26142 | "security-snap-v2:squashfs_repack_checksum": { | ||
495 | 26143 | "manual_review": false, | ||
496 | 26144 | "text": "OK" | ||
497 | 26145 | } | ||
498 | 26146 | }, | ||
499 | 26147 | "warn": {} | ||
500 | 26148 | } | ||
501 | 26149 | |||
502 | 26150 | = --json test-core-with-primed-staged_16-2.37.2_amd64.snap = | ||
503 | 26151 | { | ||
504 | 26152 | "snap.v2_declaration": { | ||
505 | 26153 | "error": {}, | ||
506 | 26154 | "info": {}, | ||
507 | 26155 | "warn": {} | ||
508 | 26156 | }, | ||
509 | 26157 | "snap.v2_functional": { | ||
510 | 26158 | "error": {}, | ||
511 | 26159 | "info": {}, | ||
512 | 26160 | "warn": {} | ||
513 | 26161 | }, | ||
514 | 26162 | "snap.v2_lint": { | ||
515 | 26163 | "error": { | ||
516 | 26164 | "lint-snap-v2:snap_type_redflag": { | ||
517 | 26165 | "manual_review": true, | ||
518 | 26166 | "text": "(NEEDS REVIEW) type 'os' not allowed" | ||
519 | 26167 | } | ||
520 | 26168 | }, | ||
521 | 26169 | "info": { | ||
522 | 26170 | "lint-snap-v2:apps_present": { | ||
523 | 26171 | "manual_review": false, | ||
524 | 26172 | "text": "OK (optional apps field not specified)" | ||
525 | 26173 | }, | ||
526 | 26174 | "lint-snap-v2:architecture_specified_needed:amd64": { | ||
527 | 26175 | "manual_review": false, | ||
528 | 26176 | "text": "Could not find compiled binaries for architecture 'amd64'" | ||
529 | 26177 | }, | ||
530 | 26178 | "lint-snap-v2:architecture_valid": { | ||
531 | 26179 | "manual_review": false, | ||
532 | 26180 | "text": "OK" | ||
533 | 26181 | }, | ||
534 | 26182 | "lint-snap-v2:assumes_valid": { | ||
535 | 26183 | "manual_review": false, | ||
536 | 26184 | "text": "OK (assumes not specified)" | ||
537 | 26185 | }, | ||
538 | 26186 | "lint-snap-v2:confinement_valid": { | ||
539 | 26187 | "manual_review": false, | ||
540 | 26188 | "text": "'confinement' should not be used with 'type: os'" | ||
541 | 26189 | }, | ||
542 | 26190 | "lint-snap-v2:description": { | ||
543 | 26191 | "manual_review": false, | ||
544 | 26192 | "text": "OK" | ||
545 | 26193 | }, | ||
546 | 26194 | "lint-snap-v2:description_present": { | ||
547 | 26195 | "manual_review": false, | ||
548 | 26196 | "text": "OK" | ||
549 | 26197 | }, | ||
550 | 26198 | "lint-snap-v2:grade_valid": { | ||
551 | 26199 | "manual_review": false, | ||
552 | 26200 | "text": "OK" | ||
553 | 26201 | }, | ||
554 | 26202 | "lint-snap-v2:hook_executable:configure": { | ||
555 | 26203 | "manual_review": false, | ||
556 | 26204 | "text": "OK" | ||
557 | 26205 | }, | ||
558 | 26206 | "lint-snap-v2:hooks_present": { | ||
559 | 26207 | "manual_review": false, | ||
560 | 26208 | "text": "OK (optional hooks field not specified)" | ||
561 | 26209 | }, | ||
562 | 26210 | "lint-snap-v2:iffy_files": { | ||
563 | 26211 | "manual_review": false, | ||
564 | 26212 | "text": "OK" | ||
565 | 26213 | }, | ||
566 | 26214 | "lint-snap-v2:name_valid": { | ||
567 | 26215 | "manual_review": false, | ||
568 | 26216 | "text": "OK" | ||
569 | 26217 | }, | ||
570 | 26218 | "lint-snap-v2:snap_manifest": { | ||
571 | 26219 | "manual_review": false, | ||
572 | 26220 | "text": "OK" | ||
573 | 26221 | }, | ||
574 | 26222 | "lint-snap-v2:snap_type_valid": { | ||
575 | 26223 | "manual_review": false, | ||
576 | 26224 | "text": "OK" | ||
577 | 26225 | }, | ||
578 | 26226 | "lint-snap-v2:summary": { | ||
579 | 26227 | "manual_review": false, | ||
580 | 26228 | "text": "OK" | ||
581 | 26229 | }, | ||
582 | 26230 | "lint-snap-v2:summary_present": { | ||
583 | 26231 | "manual_review": false, | ||
584 | 26232 | "text": "OK" | ||
585 | 26233 | }, | ||
586 | 26234 | "lint-snap-v2:title_present": { | ||
587 | 26235 | "manual_review": false, | ||
588 | 26236 | "text": "OK (optional title field not specified)" | ||
589 | 26237 | }, | ||
590 | 26238 | "lint-snap-v2:unknown_field": { | ||
591 | 26239 | "manual_review": false, | ||
592 | 26240 | "text": "OK" | ||
593 | 26241 | }, | ||
594 | 26242 | "lint-snap-v2:unknown_hook": { | ||
595 | 26243 | "manual_review": false, | ||
596 | 26244 | "text": "OK" | ||
597 | 26245 | }, | ||
598 | 26246 | "lint-snap-v2:valid_unicode": { | ||
599 | 26247 | "manual_review": false, | ||
600 | 26248 | "text": "ok" | ||
601 | 26249 | }, | ||
602 | 26250 | "lint-snap-v2:vcs_files": { | ||
603 | 26251 | "manual_review": false, | ||
604 | 26252 | "text": "OK" | ||
605 | 26253 | }, | ||
606 | 26254 | "lint-snap-v2:version_valid": { | ||
607 | 26255 | "manual_review": false, | ||
608 | 26256 | "text": "OK" | ||
609 | 26257 | } | ||
610 | 26258 | }, | ||
611 | 26259 | "warn": {} | ||
612 | 26260 | }, | ||
613 | 26261 | "snap.v2_security": { | ||
614 | 26262 | "error": {}, | ||
615 | 26263 | "info": { | ||
616 | 26264 | "security-snap-v2:squashfs_files": { | ||
617 | 26265 | "manual_review": false, | ||
618 | 26266 | "text": "OK" | ||
619 | 26267 | }, | ||
620 | 26268 | "security-snap-v2:squashfs_repack_checksum": { | ||
621 | 26269 | "manual_review": false, | ||
622 | 26270 | "text": "OK" | ||
623 | 26271 | } | ||
624 | 26272 | }, | ||
625 | 26273 | "warn": {} | ||
626 | 26274 | } | ||
627 | 26275 | } | ||
628 | 26276 | |||
629 | 26014 | = test-core_16-2.37.2_amd64.snap = | 26277 | = test-core_16-2.37.2_amd64.snap = |
630 | 26015 | Errors | 26278 | Errors |
631 | 26016 | ------ | 26279 | ------ |
LGTM! Thanks Emi