lp:~sespiros/ubuntu-security-tools/+git/ubuntu-security-tools

Author: Spyros Seimenis
Author Date: 2023-12-13 10:04:12 UTC

a/uaudit.py: add comment for default summary 0 for tool runs with errors

Author: Spyros Seimenis
Author Date: 2023-10-23 12:45:53 UTC

address comments

Author: Spyros Seimenis
Author Date: 2023-10-23 11:46:24 UTC

uaudit.py, lib/logger.py: use f-strings

Author: Spyros Seimenis
Author Date: 2023-10-23 14:19:14 UTC

snaps/coverity: add update functionality

This adds the update command, useful for when the coverity binaries
get updated.

Since this is an utility package and doesn't actually include coverity,
it doesn't make sense for its version to follow coverity versions as in
new coverity versions don't necessarily need an updated coverity snap.

Author: Spyros Seimenis
Author Date: 2023-10-23 10:09:32 UTC

Merge branch 'add-missing-keys'

* add-missing-keys:
  build-tools/build-sources-list: add required keys in debian archived releases

Author: Spyros Seimenis
Author Date: 2023-09-27 16:39:03 UTC

audits/README.md: mention pipx install option

Author: Spyros Seimenis
Author Date: 2023-09-07 17:43:55 UTC

audits/uaudit: fix template path

we need to return to prev_dir before calculating the
base path for the templates otherwise we are looking for the
templates in the wrong directory (and fail).

This allows uaudit to be called with a relative path from any path.

Author: Spyros Seimenis
Author Date: 2023-06-12 12:25:18 UTC

build-tools/build-sources-list: add required keys in debian archived releases

Author: Spyros Seimenis
Author Date: 2023-05-02 08:47:20 UTC

uaudit: skip report generation when output is not txt

Some tools don't support JSON output and are causing jira/review/bug
report generation from the templates to fail since some keys are missing.
Skipping the report generation when certain required tools for the report
haven't been run makes sense in those cases.

Also generalize the above so that when JSON-only output is requested,
uaudit steps that output txt will be skipped. These are:
- static analyzers that don't have JSON support yet
- all of our custom audit-* tools

the idea is that when JSON-only output is requested, the output of these
other tools, which is not used, is not slowing down the report generation.

Author: Spyros Seimenis
Author Date: 2023-07-25 18:23:28 UTC

b/build-sources-list: add non-free-firmware component for recent Debian

Since Debian 12 (bookworm) a new component called non-free-firmware was
introduced - ensure we add deb-src entries for this component as well.

Author: Spyros Seimenis
Author Date: 2023-06-02 09:20:58 UTC

build-tools/build-sources-list: remove jessie elif, included above

Author: Spyros Seimenis
Author Date: 2023-06-01 23:53:19 UTC

fixup! Add lp-uaudit tool

Author: Spyros Seimenis
Author Date: 2023-05-31 19:41:18 UTC

audits/uaudit: add coverity json output

Author: Spyros Seimenis
Author Date: 2023-05-31 13:47:29 UTC

snaps/coverity: update to the latest coverity version

Author: Spyros Seimenis
Author Date: 2023-05-16 14:58:39 UTC

uaudit: create audits symlink pointing to latest audit folder

Author: Spyros Seimenis
Author Date: 2023-05-14 22:42:04 UTC

uaudit: fix failing tool installation when install_options were empty

Author: Spyros Seimenis
Author Date: 2023-03-08 10:09:34 UTC

uaudit: Use govulncheck snap instead of deb

Author: Spyros Seimenis
Author Date: 2023-02-13 15:48:12 UTC

uaudit: skip report creation from template if file exists

Author: Spyros Seimenis
Author Date: 2022-08-04 08:29:24 UTC

umt: Rename base_release to series

Author: Spyros Seimenis
Author Date: 2022-07-14 09:54:25 UTC

Put the chroot compatible release name in a separate variable

Author: Spyros Seimenis
Author Date: 2022-06-14 19:31:31 UTC

Add feature to autogenerate chroot name for ESM builds

This adds the recent change to perform_source_build() to
perform_binary_build() as well.

Author: Spyros Seimenis
Author Date: 2022-06-09 12:25:48 UTC

Add feature to autogenerate chroot name for ESM builds

Following the naming convention $release-esm-$arch

Author: Spyros Seimenis
Author Date: 2022-06-09 09:53:52 UTC

Use /bin/bash as the default shell in chroots

When building with debuild inside a chroot, the user's
shell is used by default when running the command with su.
If the user's shell doesn't exist in a default installation the
script fails. Instead of installing a custom user's shell in the
chroot, this commit forces the shell to be bash.

Author: Spyros Seimenis
Author Date: 2022-05-13 13:31:10 UTC

build-sources-list: Fix trusty infra case

Author: Spyros Seimenis
Author Date: 2022-05-13 11:15:58 UTC

Change build-sources-list to handle esm-X/* naming convention

Author: Spyros Seimenis
Author Date: 2022-04-07 14:19:31 UTC

Remove "quilt patches applied" check from umt

It seems that this check is no longer needed
since dpkg-buildpackage handles the case where
patches are already applied even for quilt 1.0
by performing a pop -a.

Tested with a package which uses quilt 1.0.

Author: Spyros Seimenis
Author Date: 2022-02-07 12:21:26 UTC

Fix command execution for bash and zsh