ubuntu-security-tools

Merge ~jslarraz/ubuntu-security-tools:changelog_fix into ubuntu-security-tools:master

  1. Git
  2. lp:~jslarraz/ubuntu-security-tools
  3. changelog_fix
  4. Merge into master
Proposed by Jorge Sancho Larraz
Status: Merged
Merged at revision: f731cc56c08b6ec0ec5917102d149106a7504278
Proposed branch: ~jslarraz/ubuntu-security-tools:changelog_fix
Merge into: ubuntu-security-tools:master
Diff against target: 127 lines (+19/-14)
3 files modified
build-tools/umt (+1/-1)
package-tools/increment_version.py (+7/-6)
package-tools/tests/test_increment_version.py (+11/-7)
Reviewer Review Type Date Requested Status
Alex Murray Approve
Review via email: mp+454733@code.launchpad.net

Commit message

Fix umt changelog when same package version is used on one release and devel

Description of the change

Fix umt changelog when same package version is used on one release and devel. It is intended to prevent issues during the sync period.

To post a comment you must log in.
Revision history for this message
Alex Murray (alexmurray) wrote :

LGTM - one suggestion to make it more future-proof which would be worthwhile I think.

review: Approve
Revision history for this message
Steve Beattie (sbeattie) wrote :

On Sun, Oct 29, 2023 at 11:40:30PM -0000, Alex Murray wrote:
> Review: Approve
>
> LGTM - one suggestion to make it more future-proof which would be worthwhile I think.
>
> Diff comments:
>
> > diff --git a/package-tools/tests/test_increment_version.py b/package-tools/tests/test_increment_version.py
> > index 49dfa86..4d75802 100755
> > --- a/package-tools/tests/test_increment_version.py
> > +++ b/package-tools/tests/test_increment_version.py
> > @@ -3,15 +3,20 @@ from increment_version import increment_version_security
> >
> >
> > class TestIncrementVersion(unittest.TestCase):
> > +
> > + def setUp(self):
> > + self.devel_release = "noble"
>
> Can we instead do something like the following to make this more future-proof:
>
> self.devel_release = subprocess.check_output(["ubuntu-distro-info", "--devel"]) or "noble"

There are two issues with this approach, one fixable, one not:

1) using a subprocess unnecessarily, when the distro_info python module
   is already present:

   $ python3 -q
   >>> import distro_info
   >>> ubuntu_info = distro_info.UbuntuDistroInfo()
   >>> ubuntu_info.devel()
   'noble'

2) there is a small window of time between the last devel releasse
   (e.g. mantic) gets released and when the new release has not
   been announced where the distro-info-data package does not have
   information about the current development release, like on one of
   my systems that has not pulled in the updated package:

   $ distro-info --devel
   ubuntu-distro-info: Distribution data outdated.
   Please check for an update for distro-info-data. See /usr/share/doc/distro-info-data/README.Debian for details.
   $ python3 -q
   >>> import distro_info
   >>> ubuntu_info = distro_info.UbuntuDistroInfo()
   >>> ubuntu_info.devel()
   Traceback (most recent call last):
     File "<stdin>", line 1, in <module>
     File "/usr/lib/python3/dist-packages/distro_info.py", line 163, in devel
       raise DistroDataOutdated()
   distro_info.DistroDataOutdated: Distribution data outdated. Please check for an update for distro-info-data. See /usr/share/doc/distro-info-data/README.Debian for details.

I also dislike having another place to edit in the ReleaseCycle tasks,
but distro-info-data's unreliability kind of makes that difficult to
deal with, so we may just need to put up with it.

Most tools in the security-tools repo deal with releases via
~/.ubuntu-security-tools.conf to be independent of UCT's knowledge
of releases I guess, which we would definitely want for something we
might run in a CI pipeline, but that also means we wouldn't have a
configured security-tools.conf file to read, either.

Thanks.

--
Steve Beattie
<email address hidden>

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/build-tools/umt b/build-tools/umt
2index e7034a9..3e3bc05 100755
3--- a/build-tools/umt
4+++ b/build-tools/umt
5@@ -417,7 +417,7 @@ def cmd_changelog():
6 note = "No-change re-build upload."
7 else:
8 pkg_list = search_packages(details['package'], use_rmadison=True) # Avoid dependencies on local installation
9- new_ver = increment_version_security(details['version'], opt.esm, details=details, pkg_list=pkg_list)
10+ new_ver = increment_version_security(details['version'], opt.esm, details=details, pkg_list=pkg_list, devel_release=ust['release_devel'])
11
12 if opt.repeat:
13 repeat_release = opt.release
14diff --git a/package-tools/increment_version.py b/package-tools/increment_version.py
15index 7c48ca3..89b5e42 100644
16--- a/package-tools/increment_version.py
17+++ b/package-tools/increment_version.py
18@@ -18,18 +18,18 @@ def _validate_version(old_version):
19
20 return old_version
21
22-def get_suffix(devel, details, pkg_list):
23+def get_suffix(devel, details, pkg_list, devel_release=""):
24 if devel:
25 suffix = "ubuntu1"
26 else:
27 suffix = "ubuntu0.1"
28 if (details is not None) and (pkg_list is not None):
29- release_id = get_release_id(details, pkg_list)
30+ release_id = get_release_id(details, pkg_list, devel_release)
31 if release_id is not None:
32 suffix = "ubuntu0." + release_id + ".1"
33 return suffix
34
35-def get_release_id(details, pkg_list):
36+def get_release_id(details, pkg_list, devel_release=""):
37 release_id = None
38 if (details is None) or (pkg_list is None) or \
39 (False in [x in details for x in ['package', 'release']]):
40@@ -45,6 +45,7 @@ def get_release_id(details, pkg_list):
41 if (
42 (cve_lib.get_orig_rel_name(release) in cve_lib.releases)
43 and (cve_lib.get_orig_rel_name(release) != target_release)
44+ and (cve_lib.get_orig_rel_name(release) != devel_release)
45 and (base_version == get_base_version(pkg_list[release][0]))
46 and (
47 cve_lib.is_active_release(release)
48@@ -101,13 +102,13 @@ def increment_version_build(old_version):
49 new_version = old_version + "build1"
50 return new_version
51
52-def increment_version_security(old_version, esm=False, devel=False, details=None, pkg_list=None):
53+def increment_version_security(old_version, esm=False, devel=False, details=None, pkg_list=None, devel_release=""):
54 """Returns an incremented version number per security update rules"""
55 old_version = _validate_version(old_version)
56
57 if "build" in old_version:
58 # eg 2.0-2build1
59- suffix = get_suffix(devel, details, pkg_list)
60+ suffix = get_suffix(devel, details, pkg_list, devel_release)
61 new_version = re.sub("build.*", "", old_version) + suffix
62 if esm:
63 new_version = new_version + "~esm1"
64@@ -140,7 +141,7 @@ def increment_version_security(old_version, esm=False, devel=False, details=None
65 )
66 elif not "-" in old_version or re.search("-[+a-z.0-9]+$", old_version):
67 # eg 2.0-2 or 2.0cvs.20060707-2 or 1.5.0-3+cvs20071006
68- suffix = get_suffix(devel, details, pkg_list)
69+ suffix = get_suffix(devel, details, pkg_list, devel_release)
70 new_version = old_version + suffix
71 if esm:
72 new_version = new_version + "~esm1"
73diff --git a/package-tools/tests/test_increment_version.py b/package-tools/tests/test_increment_version.py
74index 49dfa86..62a036d 100755
75--- a/package-tools/tests/test_increment_version.py
76+++ b/package-tools/tests/test_increment_version.py
77@@ -1,17 +1,21 @@
78 import unittest
79 from increment_version import increment_version_security
80
81-
82 class TestIncrementVersion(unittest.TestCase):
83+
84+ def setUp(self):
85+ self.devel_release = 'devel_release'
86+
87 def test_increment_version_security(self):
88 class TC:
89- def __init__(self, version, expected, esm=False, devel=False, details=None, pkg_list=None):
90+ def __init__(self, version, expected, esm=False, devel=False, details=None, pkg_list=None, devel_release=""):
91 self.version = version
92 self.expected = expected
93 self.esm = esm
94 self.devel = devel
95 self.details = details
96 self.pkg_list = pkg_list
97+ self.devel_release = devel_release
98
99 test_cases = [
100 TC("2.0-2", "2.0-2ubuntu0.1"),
101@@ -60,8 +64,8 @@ class TestIncrementVersion(unittest.TestCase):
102 TC("4.3-1", "4.3-1ubuntu0.1", details={'package': 'plib', 'release': 'focal'},
103 pkg_list={'focal': ['4.3-1', '', ''], 'kinetic': ['4.3-1', '', '']}),
104 # The exact same version is used also in the development release
105- TC("4.3-1", "4.3-1ubuntu0.20.04.1", details={'package': 'plib', 'release': 'focal'},
106- pkg_list={'focal': ['4.3-1', '', ''], 'mantic': ['4.3-1', '', '']}),
107+ TC("4.3-1", "4.3-1ubuntu0.1", details={'package': 'plib', 'release': 'focal'},
108+ pkg_list={'focal': ['4.3-1', '', ''], self.devel_release: ['4.3-1', '', '']}),
109 # The exact same version is used in a LTS release which is out of standard support but the package is
110 # supported by esm
111 TC("4.3-1", "4.3-1ubuntu0.20.04.1", details={'package': 'busybox', 'release': 'focal'},
112@@ -93,12 +97,12 @@ class TestIncrementVersion(unittest.TestCase):
113 TC("4.3-1", "4.3-1ubuntu0.23.04.1", details={'package': 'plib', 'release': 'lunar'},
114 pkg_list={'focal': ['4.3-1', '', ''], 'lunar': ['4.3-1', '', '']}),
115 # Target release is the development one, the exact same version is used in other active release
116- TC("4.3-1", "4.3-1ubuntu1", devel=True, details={'package': 'plib', 'release': 'mantic'},
117- pkg_list={'focal': ['4.3-1', '', ''], 'mantic': ['4.3-1', '', '']}),
118+ TC("4.3-1", "4.3-1ubuntu1", devel=True, details={'package': 'plib', 'release': self.devel_release},
119+ pkg_list={'focal': ['4.3-1', '', ''], self.devel_release: ['4.3-1', '', '']}),
120 ]
121 for tc in test_cases:
122 with self.subTest(version=tc.version, esm=tc.esm, devel=tc.devel, details=tc.details, pkg_list=tc.pkg_list):
123 self.assertEqual(
124- increment_version_security(tc.version, esm=tc.esm, devel=tc.devel, details=tc.details, pkg_list=tc.pkg_list),
125+ increment_version_security(tc.version, esm=tc.esm, devel=tc.devel, details=tc.details, pkg_list=tc.pkg_list, devel_release=self.devel_release),
126 tc.expected,
127 )

Subscribers

People subscribed via source and target branches