Merge ~sespiros/ubuntu-security-tools/+git/ubuntu-security-tools:master into ubuntu-security-tools:master

On Thu, Nov 11, 2021 at 02:02:31PM -0000, Spyros Seimenis wrote:
> diff --git a/package-tools/check-source-package b/package-tools/check-source-package
> index 63afba1..9b2a9d6 100755
> --- a/package-tools/check-source-package
> +++ b/package-tools/check-source-package
> @@ -1514,7 +1514,7 @@ pkg_dist=$(grep -E "^Distribution: " "$schanges" | awk '{print $2}' | cut -d '-'
> if [ "$pkg_dist" = "unstable" ]; then
> rmadout=$(rmadison -u debian "$package" | grep -E " (unstable|sid) +\| ") || true
> else
> - if [ "$pkg_dist" == "precise" ] || [ "$pkg_dist" == "trusty" ]; then
> + if [ "$pkg_dist" == "precise" ] || [ "$pkg_dist" == "trusty" ] || [ "$pkg_dist" == "xenial" ]; then
> # TODO: fix this through lp api, but for now this workaround fix the precise issue
> tmp=$(/usr/bin/apt-cache madison $package | grep "ubuntu-esm" | grep "$pkg_dist" || true)
> # if the pkg is not in -esm yet, try to get the prev-ppa

Thanks! This looks good, but (not a blocker to land) we should come
up with a way for scripts like this to query our tools to find out
which Ubuntu releases are in ESM infra status.

--
Steve Beattie
<email address hidden>

It's a bit naff but we you can kind-of get this from cve_lib by querying for projects named `esm-infra/FOO` or `esm/FOO` and checking the `eol` status:

export PYTHONPATH=./scripts; python3 -c "import cve_lib; print((cve_lib.get_subproject_details('esm-infra/xenial'))[3]['eol'])"

On Sun, Nov 14, 2021 at 11:50:51PM -0000, Alex Murray wrote:
> It's a bit naff but we you can kind-of get this from cve_lib by querying for projects named `esm-infra/FOO` or `esm/FOO` and checking the `eol` status:
>
> export PYTHONPATH=./scripts; python3 -c "import cve_lib; print((cve_lib.get_subproject_details('esm-infra/xenial'))[3]['eol'])"

I'm not sure how that answers the question for "is bionic in esm-infra
status"?

  $ export PYTHONPATH=$UCT/scripts; python3 -c "import cve_lib; print((cve_lib.get_subproject_details('esm-infra/bionic'))[3]['eol'])"
  Traceback (most recent call last):
    File "<string>", line 1, in <module>
  TypeError: 'NoneType' object is not subscriptable

and it's also not great to be requiring shell scripts to have knowledge
of the internal data structures of our python libraries; one of the
bits of technical debt we have with our existing tools is that we don't
encapsulate the details of the data structures used which results in
changes to the data structures requiring large amounts of changes all
over the place.

For trying to figure out which Ubuntu releases are supported, I've used
something like the following:

  PYTHONPATH=scripts python3 -c 'import cve_lib ; print(" ".join([ x for x in cve_lib.releases if cve_lib.is_active_esm_release(x) ]))'

but what I'd really like is something like a scripts/cve_lib.sh that
further encapsulates things into shell functions for querying the list
of current ubuntu releases, esm releases, etc in a way that is
sourceable into the shell scripts we use.

(Though really, some of the shell scripts we have would be better served
as python scripts.)

None of the above should block the merge proposal from landing.

--
Steve Beattie
<email address hidden>