Ubuntu CVE Tracker

Merge ~sbeattie/ubuntu-cve-tracker/+git/ubuntu-cve-tracker:add-lpci-validation-ubuntu.com into ubuntu-cve-tracker:master

  1. Git
  2. lp:~sbeattie/ubuntu-cve-tracker/+git/ubuntu-cve-tracker
  3. add-lpci-validation-ubuntu.com
  4. Merge into master
Proposed by Steve Beattie
Status: Merged
Merged at revision: 905f7e26a5998dad18740c364d9b436580feda59
Proposed branch: ~sbeattie/ubuntu-cve-tracker/+git/ubuntu-cve-tracker:add-lpci-validation-ubuntu.com
Merge into: ubuntu-cve-tracker:master
Diff against target: 28 lines (+13/-0)
1 file modified
.launchpad.yaml (+13/-0)
Reviewer Review Type Date Requested Status
Alex Murray Approve
Review via email: mp+465324@code.launchpad.net

Commit message

Merge lpci: validate the release configuration of the cve tracker website

The post-release-to-web-cve-tracker.py script is used to both set and
validate the configuration of releases in the CVE website; add a
separate lpci job to validate the configuration so we know when it
changes unexpectedly.

Description of the change

Because we want to know if the release configuration of the ubuntu.com cCVE website changes unexpectedly, it would useful to perform the validation step in the post-release-to-web-cve-tracker.py script as part of our CI process, so this merge proposal adds that. No authentication credentials are needed to query the configuration, so this is fine to run the CI environment.

Right now the test fails, correctly because Diogo's change in https://code.launchpad.net/~ubuntu-security/ubuntu-cve-tracker/+git/ubuntu-cve-tracker/+merge/465291 has not been merged, but he (with my guidance) has already updated the CVE website to note that 14.04 LTS / trusty's end of extended support has been uh extended to 2026. You can see the failure log at https://code.launchpad.net/~sbeattie/ubuntu-cve-tracker/+git/ubuntu-cve-tracker/+build/87531/+files/buildlog_ci_ubuntu-cve-tracker_e97db19f8fd76f1253c9ed1bdaa9649babe32ec2_BUILDING.txt.gz ; the relevant details are as follows:

Running ['bash', '--noprofile', '--norc', '-ec', './scripts/post-release-to-web-cve-tracker.py --action validate all\n']
:: noble (24.04) okay:
:: mantic (23.10) okay:
:: lunar (23.04) okay:
:: kinetic (22.10) okay:
:: jammy (22.04) okay:
:: impish (21.10) okay:
:: hirsute (21.04) okay:
:: groovy (20.10) okay:
:: focal (20.04) okay:
:: bionic (18.04) okay:
:: xenial (16.04) okay:
:: --- stored trusty info
:: +++ https://ubuntu.com/security/releases/trusty.json
:: @@ -1,11 +1,11 @@
:: {
:: "codename": "trusty",
:: "development": false,
:: - "esm_expires": "2024-04-30T00:00:00",
:: + "esm_expires": "2026-04-30T00:00:00",
:: "lts": true,
:: "name": "Trusty Tahr",
:: "release_date": "2014-04-17T00:00:00",
:: "support_expires": "2019-04-30T00:00:00",
:: "support_tag": "ESM",
:: "version": "14.04"
:: }
Job 'check-cve-website-state' for jammy/amd64 failed with exit status 1.

To post a comment you must log in.
Revision history for this message
Alex Murray (alexmurray) wrote :

LGTM - thanks sbeattie.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/.launchpad.yaml b/.launchpad.yaml
2index e672a85..c3f14db 100644
3--- a/.launchpad.yaml
4+++ b/.launchpad.yaml
5@@ -7,6 +7,7 @@ pipeline:
6 -
7 - unit-tests
8 - check-cves
9+ - check-cve-website-state
10 jobs:
11 unit-tests:
12 series: jammy
13@@ -82,3 +83,15 @@ jobs:
14
15 echo "Checking syntax..."
16 ./scripts/check-syntax
17+ check-cve-website-state:
18+ series: jammy
19+ architectures: amd64
20+ packages:
21+ - distro-info
22+ - lsb-release
23+ - python3
24+ - python3-macaroonbakery
25+ - python3-requests
26+ run: |
27+ ./scripts/post-release-to-web-cve-tracker.py --action validate all
28+

Subscribers

People subscribed via source and target branches