Add uefi-release tool to release binaries from the UEFI PPAs
Currently there are three actions:
- unembargo takes a signed package set from the `proposed` PPA
and copies it to the `proposed-public` PPA.
- promote-to-primary copies from `proposed-public` to the primary
archive's proposed pockets of the same suite.
- promote-to-devel copies from `proposed-public` to the primary
archive's proposed pocket in devel. You will use that when you
have submitted something for signing in a release that has been
released in the meantime.
e.g. after lunar release, a grub update scheduled for lunar
before the release needs releasing to both lunar and mantic,
so you `promote-to-primary` and `promote-to-devel` it.
copy-report: use incremental file object copy on requests.raw response
Do this to reduce memory usage and allow downloading > 2GB files with
focal's python3.8.
A recent chromium-browser security update[1] included a 2.4GB tarball
which causes copy-report to fail when using requests.raw to write out
the file via file.write(), like so (python3.8):
Traceback (most recent call last):
File "/home/ubuntu-archive/ubuntu-archive-tools/copy-report", line 317, in <module>
main()
File "/home/ubuntu-archive/ubuntu-archive-tools/copy-report", line 269, in main
descended_from(options, package, section1, section2))):
File "/home/ubuntu-archive/ubuntu-archive-tools/copy-report", line 159, in descended_from
for dsc in find_dsc(options, pkg, section1):
File "/home/ubuntu-archive/ubuntu-archive-tools/copy-report", line 113, in find_dsc
f.write(response.raw.read())
File "/usr/lib/python3/dist-packages/urllib3/response.py", line 503, in read
data = self._fp.read() if not fp_closed else b""
File "/usr/lib/python3.8/http/client.py", line 472, in read
s = self._safe_read(self.length)
File "/usr/lib/python3.8/http/client.py", line 613, in _safe_read
data = self.fp.read(amt)
File "/usr/lib/python3.8/socket.py", line 669, in readinto
return self._sock.recv_into(b)
File "/usr/lib/python3/dist-packages/urllib3/contrib/pyopenssl.py", line 313, in recv_into
return self.connection.recv_into(*args, **kwargs)
File "/usr/lib/python3/dist-packages/OpenSSL/SSL.py", line 1821, in recv_into
result = _lib.SSL_read(self._ssl, buf, nbytes)
OverflowError: integer 2596102144 does not fit '32-bit int'
To fix this, use shutil.copyfileobj() in place of write(read()) since
it does sensible chunked reads. As a side affect, this should also
cause the script to use less peak memory, as the entire file won't
be read into memory at once.
[1] https://launchpad.net/ubuntu/+source/chromium-browser/112.0.5615.49-0ubuntu0.18.04.1
Signed-off-by: Steve Beattie <email address hidden>