Ubuntu CVE Tracker

Merge ~pfsmorigo/ubuntu-cve-tracker:usn_pocket into ubuntu-cve-tracker:master

  1. Git
  2. lp:~pfsmorigo/ubuntu-cve-tracker
  3. usn_pocket
  4. Merge into master
Proposed by Paulo Flabiano Smorigo
Status: Merged
Merge reported by: Steve Beattie
Merged at revision: 7af90533a481fa848123c65ffc971a691abfb138
Proposed branch: ~pfsmorigo/ubuntu-cve-tracker:usn_pocket
Merge into: ubuntu-cve-tracker:master
Diff against target: 127 lines (+33/-10)
3 files modified
scripts/publish-usn-to-website-api.py (+2/-0)
scripts/sis-changes (+14/-3)
scripts/sis-generate-usn (+17/-7)
Reviewer Review Type Date Requested Status
Steve Beattie Approve
Review via email: mp+399387@code.launchpad.net
To post a comment you must log in.
~pfsmorigo/ubuntu-cve-tracker:usn_pocket updated
af16ec9... by Paulo Flabiano Smorigo

scripts/sis-generate-usn: check srcver instead of opt.esm

Signed-off-by: Paulo Flabiano Smorigo <email address hidden>

Revision history for this message
Steve Beattie (sbeattie) wrote :

I suspect we also want to tag the pocket for the allbinaries records, which contains the binaries that we pruned out from the 'binaries' set of packages. It is likely the web-team will need to accept those eventually as well.

~pfsmorigo/ubuntu-cve-tracker:usn_pocket updated
5d45b05... by Paulo Flabiano Smorigo

scripts/sis-changes: Use esm-{apps,infra} for pocket

Signed-off-by: Paulo Flabiano Smorigo <email address hidden>

abd82b9... by Paulo Flabiano Smorigo

scripts/sis-generate-usn: Check the URL fields before use

Signed-off-by: Paulo Flabiano Smorigo <email address hidden>

29393eb... by Paulo Flabiano Smorigo

scripts/sis-generate-usn: Add --pocket-all option to the all binaries

Signed-off-by: Paulo Flabiano Smorigo <email address hidden>

7af9053... by Paulo Flabiano Smorigo

scripts/sis-generate-usn: change read command to press enter

Signed-off-by: Paulo Flabiano Smorigo <email address hidden>

Revision history for this message
Steve Beattie (sbeattie) :
Revision history for this message
Steve Beattie (sbeattie) :
Revision history for this message
Steve Beattie (sbeattie) :
Revision history for this message
Steve Beattie (sbeattie) :
Revision history for this message
Steve Beattie (sbeattie) wrote :

I have gone ahead and merge this proposal after:

  - rebasing against origin/master,
  - dropping the commit that made the no longer needed change for the HIDDEN prompt
  - added a couple of commits that expanded the json slightly, so that at the lowest level it's a dict rather than a list (so we don't have to rmember that version is position 0, etc) as well as including an 'origin' field which records which ppa(s) sis-changes collectied information against. This can be used as part of the heuristic for determining what the pocket should be.
  - fixed a couple of bugs for things like source packages that only produce a binary for one architecture (and not the 'all' architecture), as well as changes files that contain descriptions for phantom binary packages.

The necessary changes to lp:usn-tool/usn.py have already landed.

This should not break USN publication, but if it does, a revert can be done via:

  git revert -s -m 1 9879c82bc7902e287d17cb3840b370497a887cba

If done correctly, it should auto-generate a commit message like:

  This reverts commit 9879c82bc7902e287d17cb3840b370497a887cba, reversing
  changes made to 36ea6d05426692b92ed4dacd346a45cc0de01e6a.

Thanks!

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/scripts/publish-usn-to-website-api.py b/scripts/publish-usn-to-website-api.py
2index d867302..617bcf8 100755
3--- a/scripts/publish-usn-to-website-api.py
4+++ b/scripts/publish-usn-to-website-api.py
5@@ -183,10 +183,12 @@ for notice_id, notice in payload:
6 else:
7 source_link = ""
8 version_link = ""
9+ pocket = info["pocket"] if "pocket" in info else ""
10 release_packages[codename].append(
11 {
12 "name": name,
13 "version": info["version"],
14+ "pocket": pocket,
15 "is_source": "false",
16 "source_link": source_link,
17 "version_link": version_link,
18diff --git a/scripts/sis-changes b/scripts/sis-changes
19index aaebaea..6137d44 100755
20--- a/scripts/sis-changes
21+++ b/scripts/sis-changes
22@@ -346,15 +346,26 @@ def load_pkg_details_from_lp(pkgs, binaries, pkg, item):
23
24 binaries.setdefault(pkg, dict())
25 binaries[pkg].setdefault(rel, dict())
26- # map binaries as pkg -> rel -> binary -> version - this is used by
27+ # map binaries as pkg -> rel -> binary -> [version, pocket] - this is used by
28 # sis-generate-usn to know what the actual binary package version is
29 # since this may be different than the version of the source
30 # package. Also check that all built binaries have actually published
31 # into the PPA
32 for binary in item.getPublishedBinaries():
33 # collect binary versions
34- binaries[pkg][rel].setdefault(binary.binary_package_name,
35- binary.binary_package_version)
36+
37+ url = ""
38+ all_arch = cve_lib.get_all_arch(rel)
39+ # First check the current arch, if there is no result, check the "all" arch
40+ if binary.binary_package_name in pkgs[pkg][rel][arch]['binaries']:
41+ url = pkgs[pkg][rel][arch]['binaries'][binary.binary_package_name]
42+ elif binary.binary_package_name in pkgs[pkg][rel][all_arch]['binaries']:
43+ url = pkgs[pkg][rel][all_arch]['binaries'][binary.binary_package_name]
44+ pocket = ""
45+ for esm_pocket in ["esm-infra", "esm-apps"]:
46+ if esm_pocket in url:
47+ pocket = esm_pocket
48+ binaries[pkg][rel].setdefault(binary.binary_package_name, [binary.binary_package_version, pocket])
49 if opt.skip_build_check is True:
50 print("WARNING: skipping binary publication check. Please check manually.", file=sys.stderr)
51 else:
52diff --git a/scripts/sis-generate-usn b/scripts/sis-generate-usn
53index 5ddc86c..b002fb6 100755
54--- a/scripts/sis-generate-usn
55+++ b/scripts/sis-generate-usn
56@@ -26,7 +26,7 @@ import cve_lib
57
58 opter = optparse.OptionParser()
59 opter.add_option("--debug", help="Verbose processing output", action='store_true')
60-opter.add_option("--esm", help="Generate template with comments for esm updates", default=None)
61+opter.add_option("--esm", help="Set to be an ESM release", default=None)
62 opter.add_option("--kernel-mode", help="Use special kernel mode", action='store_true')
63 opter.add_option("--no-new-warn", help="Do not warn about or error out on NEW binaries", action='store_true')
64 opter.add_option("--filter-bins", metavar="REGEX", help="Only include binary packages matching the REGEX in report", default=None)
65@@ -341,6 +341,11 @@ def lp_find_url(source, srcver, filename, release, arch):
66
67 def find_url(source, srcver, filename, release, arch):
68 '''Try to find the archive URL for a given .deb filename'''
69+
70+ # For ESM there is no files in archive
71+ if re.match("^.*[+~]esm[0-9]*$", srcver):
72+ return ""
73+
74 filepath, base = find_archive_path(source, release, arch, filename)
75
76 return base_to_url(base,release,arch)
77@@ -817,11 +822,12 @@ for release in releases:
78 # package, so override the source package version with the
79 # binary package version if we have this available
80 try:
81- version = binaries[source][release][deb]
82+ version = binaries[source][release][deb][0]
83 except KeyError as e:
84 pass
85+ pocket = "--pocket %s" % binaries[source][release][deb][1] if binaries[source][release][deb][1] else ""
86 if not filter_dbg.search(deb) and (not opt.filter_bins or opt.filter_bins.search(deb)):
87- print(' usn.py --db "$DB" $USN --release %s --package %s --binary-version %s' % (release,deb,version))
88+ print(' usn.py --db "$DB" $USN --release %s --package %s --binary-version %s %s' % (release, deb, version, pocket))
89 print()
90
91 # URLs
92@@ -838,7 +844,10 @@ for release in releases:
93 continue
94 for name in info[release][source]['arch'][arch]:
95 size, md5, url = info[release][source]['arch'][arch][name]
96- print('usn.py --db "$DB" $USN --release %s --arch %s --url %s --url-size %s --url-md5 %s' % (release, arch, url, size, md5))
97+ if size and md5 and url:
98+ print('usn.py --db "$DB" $USN --release %s --arch %s --url %s --url-size %s --url-md5 %s' % (release, arch, url, size, md5))
99+ else:
100+ print('# No valid URL found for %s %s' % (release, arch))
101 print()
102 print()
103 print()
104@@ -854,11 +863,12 @@ for release in releases:
105 # package, so override the source package version with the
106 # binary package version if we have this available
107 try:
108- version = binaries[source][release][deb]
109+ version = binaries[source][release][deb][0]
110 except KeyError as e:
111 pass
112 if not filter_dbg.search(deb) and (not opt.filter_bins or opt.filter_bins.search(deb)):
113- print(' usn.py --db "$DB" $USN --release %s --package %s --all-binary-version %s' % (release,deb,version))
114+ pocket = "--pocket-all %s" % binaries[source][release][deb][1] if binaries[source][release][deb][1] else ""
115+ print(' usn.py --db "$DB" $USN --release %s --package %s --all-binary-version %s %s' % (release,deb,version, pocket))
116 print()
117
118 print('if [ "${HIDDEN,,}" = "true" ]; then')
119@@ -875,7 +885,7 @@ print(' echo IMPORTANT: Keep $USN.json until it becomes public.')
120 print(' echo ""')
121 print(' exit')
122 print('else')
123-print(' read -p "Refresh local USN database and upload it to remote master? [yN] " -n 1 -r')
124+print(' read -p "Refresh local USN database and upload it to remote master? [yN] " -r')
125 print(' [[ ! $REPLY =~ ^[Yy]$ ]] && exit')
126 print('fi')
127 print('')

Subscribers

People subscribed via source and target branches