Ubuntu CVE Tracker

Merge ~pfsmorigo/ubuntu-cve-tracker:is_hidden into ubuntu-cve-tracker:master

  1. Git
  2. lp:~pfsmorigo/ubuntu-cve-tracker
  3. is_hidden
  4. Merge into master
Proposed by Paulo Flabiano Smorigo
Status: Merged
Approved by: Paulo Flabiano Smorigo
Approved revision: 84df274199278cc8ffe33cc81ec25bfafdea0597
Merge reported by: Paulo Flabiano Smorigo
Merged at revision: 84df274199278cc8ffe33cc81ec25bfafdea0597
Proposed branch: ~pfsmorigo/ubuntu-cve-tracker:is_hidden
Merge into: ubuntu-cve-tracker:master
Diff against target: 60 lines (+23/-1)
2 files modified
scripts/publish-usn-to-website-api.py (+3/-1)
scripts/sis-generate-usn (+20/-0)
Reviewer Review Type Date Requested Status
Ubuntu Security Team Pending
Review via email: mp+398537@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Steve Beattie (sbeattie) wrote :

A couple of comments, but looks okay to me. Have you tested this as a process?

Revision history for this message
Emilia Torino (emitorino) wrote :

Also added a couple of comments. And a final one here: I noticed there is a test folder, in the main UCT dir. Could you please add there some tests and assert generated data (the shell script, the json file). Thanks!

Revision history for this message
Paulo Flabiano Smorigo (pfsmorigo) :
Revision history for this message
Emilia Torino (emitorino) wrote :

I will leave the wording for Steve to review :), otherwise LGTM. Thanks!

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/scripts/publish-usn-to-website-api.py b/scripts/publish-usn-to-website-api.py
2index 430867f..d867302 100755
3--- a/scripts/publish-usn-to-website-api.py
4+++ b/scripts/publish-usn-to-website-api.py
5@@ -216,7 +216,9 @@ for notice_id, notice in payload:
6 "summary": notice.get("isummary", notice["title"]),
7 "instructions": notice.get("action", "In general, a standard system update will make all the necessary changes."),
8 }
9-
10+ if "is_hidden" in notice:
11+ json_data["is_hidden"] = notice["is_hidden"]
12+
13 # Build endpoint
14 if args.action == 'add':
15 upsert = not args.no_upsert
16diff --git a/scripts/sis-generate-usn b/scripts/sis-generate-usn
17index 8c87a56..5ddc86c 100755
18--- a/scripts/sis-generate-usn
19+++ b/scripts/sis-generate-usn
20@@ -542,6 +542,7 @@ print('set -e')
21 print('export PATH=$PATH:%s' % (config['usn_tool']))
22 print('export USN=%s'%(usn))
23 print('export DB="%s"'%(local_pickle))
24+print('#export HIDDEN=True')
25 print('umask 0002')
26 print()
27 print('# check for known command-line arguments')
28@@ -572,6 +573,7 @@ else:
29 print('# XXX FIX ME XXX No CVEs found! Please include URL-based reference')
30 print('usn.py --db "$DB" $USN --cve "https://launchpad.net/bugs/XXXXXX"')
31 print()
32+print('test "${HIDDEN,,}" = "true" && usn.py --db "$DB" --hidden $HIDDEN $USN')
33
34 # Is this an updated CVE?
35 addition = False
36@@ -859,6 +861,24 @@ for release in releases:
37 print(' usn.py --db "$DB" $USN --release %s --package %s --all-binary-version %s' % (release,deb,version))
38 print()
39
40+print('if [ "${HIDDEN,,}" = "true" ]; then')
41+print(' $UCT/scripts/convert-pickle.py --input-file $DB --output-file $USN.json --prefix USN-')
42+print(' mkdir -p "$UCT/experimental/usns"')
43+print(' mv $USN.json $UCT/experimental/usns/')
44+print(' echo ""')
45+print(' echo This USN is set as HIDDEN so no information about it will be stored')
46+print(' echo in our database yet. Use the command below to update the website api:')
47+print(' echo ""')
48+print(' echo " \$UCT/scripts/publish-usn-to-website-api.py --action add --json \$UCT/experimental/usns/$USN.json"')
49+print(' echo ""')
50+print(' echo IMPORTANT: Keep $USN.json until it becomes public.')
51+print(' echo ""')
52+print(' exit')
53+print('else')
54+print(' read -p "Refresh local USN database and upload it to remote master? [yN] " -n 1 -r')
55+print(' [[ ! $REPLY =~ ^[Yy]$ ]] && exit')
56+print('fi')
57+print('')
58 # refresh the local db so when we do an import we can catch cases where a
59 # duplicate USN is used before we go to push it to the remote master DB
60 print('# Refresh the local DB')

Subscribers

People subscribed via source and target branches