ubuntu-security-tools

Merge ~iconstantin/ubuntu-security-tools:master into ubuntu-security-tools:master

  1. Git
  2. lp:~iconstantin/ubuntu-security-tools
  3. master
  4. Merge into master
Proposed by Ian Constantin
Status: Merged
Merged at revision: b8411101b4792b6df16dd74f7b827c0034811d72
Proposed branch: ~iconstantin/ubuntu-security-tools:master
Merge into: ubuntu-security-tools:master
Diff against target: 28 lines (+4/-4)
1 file modified
package-tools/check-source-package (+4/-4)
Reviewer Review Type Date Requested Status
Alex Murray Approve
Review via email: mp+413822@code.launchpad.net

Commit message

Added surrounding quotes when echoing $rmadout (in package-tools/check-source-package) to preserve new lines for following grep operations.

Description of the change

~rodrigo-zaiden found `umt check` incorrectly failing for an update, with the root cause traced to UST/package-tools/check-source-package which is called by umt.

At one point in the script, variable rmadout may be set via:

     rmadout=$(/usr/bin/apt-cache madison $package)

In several potential operations later, rmadout is parsed via grep to produce a value for rmadoutrel (and at times intermediately for tmp). The issue is that when echoing $rmadout and piping to grep, if $rmadout is not surrounded by quotes, new lines are not preserved resulting in incorrect output.

e.g.

     $ package=cpanminus
     $ /usr/bin/apt-cache madison $package

Results to the following:

     cpanminus | 1.7044-2 | http://us.archive.ubuntu.com/ubuntu hirsute/universe amd64 Packages
     cpanminus | 1.7044-2 | http://us.archive.ubuntu.com/ubuntu hirsute/universe i386 Packages
     cpanminus | 1.7044-2 | http://archive.ubuntu.com/ubuntu impish/universe Sources
     cpanminus | 1.7001-1 | http://archive.ubuntu.com/ubuntu trusty/universe Sources
     cpanminus | 1.7040-1 | http://archive.ubuntu.com/ubuntu xenial/universe Sources
     cpanminus | 1.7043-1 | http://archive.ubuntu.com/ubuntu bionic/universe Sources
     cpanminus | 1.7044-1 | http://archive.ubuntu.com/ubuntu focal/universe Sources
     cpanminus | 1.7044-2 | http://archive.ubuntu.com/ubuntu groovy/universe Sources
     cpanminus | 1.7044-2 | http://archive.ubuntu.com/ubuntu hirsute/universe Sources
     cpanminus | 1.7044-2 | http://deb.debian.org/debian unstable/main Sources
     cpanminus | 1.7044-2 | http://deb.debian.org/debian testing/main Sources
     cpanminus | 1.7044-1 | http://deb.debian.org/debian buster/main Sources
     cpanminus | 1.7042-2 | http://deb.debian.org/debian stretch/main Sources
     cpanminus | 1.7014-1 | http://archive.debian.org/debian jessie/main Sources

If we instead assign the output to rmadout:

     rmadout=$(/usr/bin/apt-cache madison $package)

And echo $rmadout without quotes:

     $ echo $rmadout

We get:

cpanminus | 1.7044-2 | http://us.archive.ubuntu.com/ubuntu hirsute/universe amd64 Packages cpanminus | 1.7044-2 | http://us.archive.ubuntu.com/ubuntu hirsute/universe i386 Packages cpanminus | 1.7044-2 | http://archive.ubuntu.com/ubuntu impish/universe Sources cpanminus | 1.7001-1 | http://archive.ubuntu.com/ubuntu trusty/universe Sources cpanminus | 1.7040-1 | http://archive.ubuntu.com/ubuntu xenial/universe Sources cpanminus | 1.7043-1 | http://archive.ubuntu.com/ubuntu bionic/universe Sources cpanminus | 1.7044-1 | http://archive.ubuntu.com/ubuntu focal/universe Sources cpanminus | 1.7044-2 | http://archive.ubuntu.com/ubuntu groovy/universe Sources cpanminus | 1.7044-2 | http://archive.ubuntu.com/ubuntu hirsute/universe Sources cpanminus | 1.7044-2 | http://deb.debian.org/debian unstable/main Sources cpanminus | 1.7044-2 | http://deb.debian.org/debian testing/main Sources cpanminus | 1.7044-1 | http://deb.debian.org/debian buster/main Sources cpanminus | 1.7042-2 | http://deb.debian.org/debian stretch/main Sources cpanminus | 1.7014-1 | http://archive.debian.org/debian jessie/main Sources

Versus, if we use quotes:

     $ echo "$rmadout"

We get the desired output in which new lines are preserved:

 cpanminus | 1.7044-2 | http://us.archive.ubuntu.com/ubuntu hirsute/universe amd64 Packages
 cpanminus | 1.7044-2 | http://us.archive.ubuntu.com/ubuntu hirsute/universe i386 Packages
 cpanminus | 1.7044-2 | http://archive.ubuntu.com/ubuntu impish/universe Sources
 cpanminus | 1.7001-1 | http://archive.ubuntu.com/ubuntu trusty/universe Sources
 cpanminus | 1.7040-1 | http://archive.ubuntu.com/ubuntu xenial/universe Sources
 cpanminus | 1.7043-1 | http://archive.ubuntu.com/ubuntu bionic/universe Sources
 cpanminus | 1.7044-1 | http://archive.ubuntu.com/ubuntu focal/universe Sources
 cpanminus | 1.7044-2 | http://archive.ubuntu.com/ubuntu groovy/universe Sources
 cpanminus | 1.7044-2 | http://archive.ubuntu.com/ubuntu hirsute/universe Sources
 cpanminus | 1.7044-2 | http://deb.debian.org/debian unstable/main Sources
 cpanminus | 1.7044-2 | http://deb.debian.org/debian testing/main Sources
 cpanminus | 1.7044-1 | http://deb.debian.org/debian buster/main Sources
 cpanminus | 1.7042-2 | http://deb.debian.org/debian stretch/main Sources
 cpanminus | 1.7014-1 | http://archive.debian.org/debian jessie/main Sources

Which is important for the following grep operations to work correctly.

To post a comment you must log in.
Revision history for this message
Alex Murray (alexmurray) wrote :

LGTM! Thanks.

review: Approve
Revision history for this message
Alex Murray (alexmurray) wrote :

I have merged this and pushed it to master.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/package-tools/check-source-package b/package-tools/check-source-package
2index 3892a96..82d5f1b 100755
3--- a/package-tools/check-source-package
4+++ b/package-tools/check-source-package
5@@ -1520,19 +1520,19 @@ else
6 if [ "$pkg_dist" == "precise" ] || [ "$pkg_dist" == "trusty" ] || [ "$pkg_dist" == "xenial" ]; then
7 # TODO: fix this through lp api, but for now this workaround fix the precise issue
8 rmadout=$(/usr/bin/apt-cache madison $package)
9- tmp=$(echo $rmadout | grep "ubuntu-esm" | grep "$pkg_dist" || true)
10+ tmp=$(echo "$rmadout" | grep "ubuntu-esm" | grep "$pkg_dist" || true)
11 # if the pkg is not in -esm yet, try to get the prev-ppa
12 if [ -z "$tmp" ]; then
13- tmp=$(echo $rmadout | grep "$pkg_dist" || true)
14+ tmp=$(echo "$rmadout" | grep "$pkg_dist" || true)
15 fi
16 rmadoutrel=$tmp
17 elif [ "$force_rmadison" != "yes" ] && [ -x "$UQT/security-tools/lpmad" ]; then
18 rmadout=$($UQT/security-tools/lpmad "$package" || true)
19- rmadoutrel=$(echo $rmadout | grep "$pkg_dist" | grep "^$package" | grep -v " | ${pkg_dist}-backports" || true)
20+ rmadoutrel=$(echo "$rmadout" | grep "$pkg_dist" | grep "^$package" | grep -v " | ${pkg_dist}-backports" || true)
21 else
22 rmadout=$(rmadison "$package")
23 # it's ok if the package doesn't exist yet
24- rmadoutrel=$(echo $rmadout | grep -E " ${pkg_dist}(-[a-z]+)?(/[a-z]+)? ") || true
25+ rmadoutrel=$(echo "$rmadout" | grep -E " ${pkg_dist}(-[a-z]+)?(/[a-z]+)? ") || true
26 fi
27 fi
28 if [ -z "$rmadoutrel" ]; then

Subscribers

People subscribed via source and target branches