Ubuntu CVE Tracker

Merge ~litios/ubuntu-cve-tracker:unify-subprojects-info into ubuntu-cve-tracker:master

  1. Git
  2. lp:~litios/ubuntu-cve-tracker
  3. unify-subprojects-info
  4. Merge into master
Proposed by David Fernandez Gonzalez
Status: Merged
Merge reported by: David Fernandez Gonzalez
Merged at revision: 8ccfc81dfe44290e052303b7a615c35d0c3f4bb2
Proposed branch: ~litios/ubuntu-cve-tracker:unify-subprojects-info
Merge into: ubuntu-cve-tracker:master
Diff against target: 129 lines (+44/-33)
1 file modified
scripts/cve_lib.py (+44/-33)
Reviewer Review Type Date Requested Status
Emilia Torino Approve
Eduardo Barretto Pending
Ubuntu Security Team Pending
Review via email: mp+449839@code.launchpad.net

Description of the change

Changes to support the new structure of subprojects. Please check https://code.launchpad.net/~ubuntu-security/ubuntu-security-customer-ppa-tracking/+git/ubuntu-security-customer-ppa-tracking/+merge/449838

To post a comment you must log in.
Revision history for this message
Emilia Torino (emitorino) wrote :

Minor comment, otherwise LGTM!

review: Approve
~litios/ubuntu-cve-tracker:unify-subprojects-info updated
f0e3987... by David Fernandez Gonzalez

cve_lib: updating subproject file names to new ones

Signed-off-by: David Fernandez Gonzalez <email address hidden>

8ccfc81... by David Fernandez Gonzalez

cve_lib: update documentation in load_external_subprojects

Revision history for this message
David Fernandez Gonzalez (litios) wrote :

A new commit was added to fix the issues described!

Another one was added to also update the documentation inside of the loading function,
as we no longer have the 2 directory structure.

Revision history for this message
Emilia Torino (emitorino) wrote :

Thanks!!

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/scripts/cve_lib.py b/scripts/cve_lib.py
index f37ef73..a8f0516 100755
--- a/scripts/cve_lib.py
+++ b/scripts/cve_lib.py
@@ -876,7 +876,7 @@ def get_external_subproject_dir(subproject):
876876
877def read_external_subproject_config(subproject_dir):877def read_external_subproject_config(subproject_dir):
878 """Read and return the configuration for the given subproject directory."""878 """Read and return the configuration for the given subproject directory."""
879 config_yaml = os.path.join(subproject_dir, "config.yaml")879 config_yaml = os.path.join(subproject_dir, "config.yml")
880 with open(config_yaml) as cfg:880 with open(config_yaml) as cfg:
881 return yaml.safe_load(cfg)881 return yaml.safe_load(cfg)
882882
@@ -914,11 +914,12 @@ def find_external_subproject_cves(cve):
914 cves.append(path)914 cves.append(path)
915 return cves915 return cves
916916
917# Keys in config.yaml for a external subproject917# Keys in config.yml for a external subproject
918# should follow the same as any other subproject918# should follow the same as any other subproject
919# except for the extra 'product' and 'release' keys.919# except for the extra 'product' and 'release' keys.
920MANDATORY_EXTERNAL_SUBPROJECT_KEYS = ['ppa', 'oval', 'product', 'release']920MANDATORY_EXTERNAL_SUBPROJECT_KEYS = ['cve_triage', 'cve_patching', 'cve_notification', 'security_updates_notification', 'binary_copies_only', 'seg_support', 'owners']
921OPTIONAL_EXTERNAL_SUBPROJECT_KEYS = ['parent', 'name', 'codename', 'description']921MANDATORY_EXTERNAL_SUBPROJECT_PPA_KEYS = ['ppa', 'oval', 'product', 'release', 'supported_packages']
922OPTIONAL_EXTERNAL_SUBPROJECT_PPA_KEYS = ['parent', 'name', 'codename', 'description', 'aliases', 'archs']
922923
923def load_external_subprojects():924def load_external_subprojects():
924 """Search for and load subprojects into the global subprojects dict.925 """Search for and load subprojects into the global subprojects dict.
@@ -926,29 +927,39 @@ def load_external_subprojects():
926 Search for and load subprojects into the global subprojects dict.927 Search for and load subprojects into the global subprojects dict.
927928
928 A subproject is defined as a directory which resides within929 A subproject is defined as a directory which resides within
929 subprojects_dir and contains a supported.txt file. It can also contain930 subprojects_dir and references a supported.txt file and a PPA.
930 a project.yml file which specifies configuration directives for the931 This information is stored in config.yml, which contains all the
931 project as well as snippet CVE files. By convention, a subproject is932 information in regards the subproject. It can also contain
932 usually defined as the combination of a product and series, ie:933 a project.yml file which specifies metadata for the project as well
934 as snippet CVE files. By convention, a subproject is usually defined
935 as the combination of a product and series, ie:
933936
934 esm-apps/focal937 esm-apps/focal
935938
936 as such in this case there would expect to be within subprojects_dir a939 as such in this case there would expect to be within subprojects_dir a
937 directory called esm-apps/ and within that a subdirectory called940 directory called esm-apps/ and within that, in the config.yml, an entry
938 focal/. Inside this focal/ subdirectory a supported.txt file would list941 of type 'esm-apps/focal'. Inside this entry, a reference to the designated
939 the packages which are supported by the esm-apps/focal subproject. By942 supported.txt file, which would list the packages which are supported by
940 convention, snippet CVE files should reside within the esm-apps/943 the esm-apps/focal subproject. By convention, snippet CVE files should
941 project directory rather than the esm-apps/focal/ subdirectory to avoid944 reside within the esm-apps/ project directory.
942 unnecessary fragmentation across different subproject series.
943
944 """945 """
945 for supported_txt in find_files_recursive(subprojects_dir, "supported.txt"):946 for config_yaml in find_files_recursive(subprojects_dir, "config.yml"):
946 try:947 subproject_path = config_yaml[:-len("config.yml")-1]
947 # use config to populate other parts of the948 # use config to populate other parts of the
948 # subproject settings949 # subproject settings
949 subproject_path = supported_txt[:-len("supported.txt")-1]950 main_config = read_external_subproject_config(subproject_path)
950 config = read_external_subproject_config(subproject_path)951 support_metadata = {}
951952
953 # Disable this check until we have the information available
954 # for key in MANDATORY_EXTERNAL_SUBPROJECT_KEYS:
955 # if key not in main_config:
956 # print('%s missing "%s" field.' % (subproject_path, key))
957 # raise ValueError
958 # else:
959 # support_metadata[key] = main_config[key]
960
961 for ppa in main_config['ppas']:
962 config = main_config['ppas'][ppa]
952 if 'product' not in config or 'release' not in config:963 if 'product' not in config or 'release' not in config:
953 print('%s: missing "product" or "release".' % (subproject_path))964 print('%s: missing "product" or "release".' % (subproject_path))
954 raise ValueError965 raise ValueError
@@ -956,19 +967,20 @@ def load_external_subprojects():
956 subproject_name = '%s/%s' % (config["product"], config["release"])967 subproject_name = '%s/%s' % (config["product"], config["release"])
957 external_releases.append(subproject_name)968 external_releases.append(subproject_name)
958 subprojects.setdefault(subproject_name, {"packages": [],969 subprojects.setdefault(subproject_name, {"packages": [],
959 "eol": False})970 "eol": False})
960 # an external subproject can append to an internal one971 # an external subproject can append to an internal one
961 subprojects[subproject_name]["packages"].append(supported_txt)972 subprojects[subproject_name]["packages"].append(\
973 os.path.join(subproject_path, config['supported_packages']))
962974
963 # check if aliases for packages exist975 # check if aliases for packages exist
964 if os.path.isfile(supported_txt[:-len("supported.txt")] + 'aliases.yaml'):976 if 'aliases' in config:
965 subprojects[subproject_name].setdefault("aliases",977 subprojects[subproject_name].setdefault("aliases", \
966 supported_txt[:-len("supported.txt")] + 'aliases.yaml')978 os.path.join(subproject_path, config['aliases']))
967979
968 for key in MANDATORY_EXTERNAL_SUBPROJECT_KEYS + OPTIONAL_EXTERNAL_SUBPROJECT_KEYS:980 for key in MANDATORY_EXTERNAL_SUBPROJECT_PPA_KEYS + OPTIONAL_EXTERNAL_SUBPROJECT_PPA_KEYS:
969 if key in config:981 if key in config:
970 subprojects[subproject_name].setdefault(key, config[key])982 subprojects[subproject_name].setdefault(key, config[key])
971 elif key in OPTIONAL_EXTERNAL_SUBPROJECT_KEYS:983 elif key in OPTIONAL_EXTERNAL_SUBPROJECT_PPA_KEYS:
972 _, _, _, original_release_details = get_subproject_details(subprojects[subproject_name]['release'])984 _, _, _, original_release_details = get_subproject_details(subprojects[subproject_name]['release'])
973 if original_release_details and key in original_release_details:985 if original_release_details and key in original_release_details:
974 subprojects[subproject_name].setdefault(key, original_release_details[key])986 subprojects[subproject_name].setdefault(key, original_release_details[key])
@@ -978,11 +990,10 @@ def load_external_subprojects():
978 external_releases.remove(subproject_name)990 external_releases.remove(subproject_name)
979 raise ValueError991 raise ValueError
980992
993 subprojects[subproject_name].setdefault("support_metadata", support_metadata)
981 project = read_external_subproject_details(subproject_name)994 project = read_external_subproject_details(subproject_name)
982 if project and "customer" in project:995 if project:
983 subprojects[subproject_name].setdefault("customer", project["customer"])996 subprojects[subproject_name].setdefault("customer", project)
984 except:
985 pass
986997
987load_external_subprojects()998load_external_subprojects()
988999

Subscribers

People subscribed via source and target branches