ubuntu-security-tools:checks_for_mismatch_destination_release

Branch merges

Propose for merging

Merged into ubuntu-security-tools:master at revision e77fabc8b44008ec6dbb7a1688c00375dcba9636

Paulo Flabiano Smorigo: Approve on 2022-04-19

Diff: 21 lines (+10/-0)

1 file modified

build-tools/umt (+10/-0)

api

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related charm recipes

e77fabc... by "Leonidas S. Barbosa" <leo.barbosa@canonical> on 2022-04-19

Improving a bit the comment txt

e168e7f... by "Leonidas S. Barbosa" <leo.barbosa@canonical> on 2022-04-19

Adding a check for mismatch in destination release versus changelog

There are cases where one pass the destination:<release> while doing a umt upload.
For cases where one miss type the release, by e.g: esm-infra:focal, where the package to be updated

was in fact a xenial one it can cause a bit of disaster.

This patch fix it adding a check for theses cases.

cdf3e15... by Alex Murray on 2022-04-14

umt qrt: Ensure apt supports the arguments we pass to it

apt only supports some arguments on newer Ubuntu releases so conditionally
add arguments when we know they are supported.

Signed-off-by: Alex Murray <email address hidden>

85d3c58... by Alex Murray on 2022-03-31

umt qrt: Be smarter about how we tell apt to install binary packages

Use --only-upgrade so that apt won't install every single binary package
which we specify, only those which are already installed (and since we run
./install-packages ./test-xxxx.py beforehand the QRT test script should
have ensured we already have the required packages installed for the
test). Hence remove the --exclude-binaries option from umt qrt as this
shouldn't be needed anymore as --only-upgrade should DTRT to avoid
installing say incompatible binary packages from the same source package
etc.

Signed-off-by: Alex Murray <email address hidden>

277603d... by Spyros Seimenis on 2022-04-07

Remove "quilt patches applied" check from umt

It seems that this check is no longer needed
since dpkg-buildpackage handles the case where
patches are already applied even for quilt 1.0
by performing a pop -a.

Tested with a package which uses quilt 1.0.

b354e55... by Steve Beattie on 2022-04-05

audit-code.sh: add posix_spawn() as something to search for

Signed-off-by: Steve Beattie <email address hidden>

7afacca... by Steve Beattie on 2022-03-28

umt: add note for working with ghostscript

Signed-off-by: Steve Beattie <email address hidden>
MR: https://code.launchpad.net/~iconstantin/ubuntu-security-tools/+git/ubuntu-security-tools/+merge/417637

669c677... by Ian Constantin on 2022-03-24

Added a special warning for ghostscript on trusty/xenial/bionic that vendors openjpeg, to check that openjpeg patches are for files that compile when ghostscript builds.

05054be... by Alex Murray on 2022-02-28

umt check: Use a regex to parse LP bug URLs (thanks sarnold)

Signed-off-by: Alex Murray <email address hidden>

a6a0de6... by Alex Murray on 2022-02-25

umt check: Warn on missing LP bugs from referenced CVE file

Warn if the changelog references a CVE that contains a LP bug number which
is also not mentioned in the changelog.

Signed-off-by: Alex Murray <email address hidden>