3 # Wrapper for Debian Security team
4 # Copyright (C) 2002, 2003, 2004 James Troup <james@nocrew.org>
5 # $Id: amber,v 1.10 2004-11-27 19:23:40 troup Exp $
7 # This program is free software; you can redistribute it and/or modify
8 # it under the terms of the GNU General Public License as published by
9 # the Free Software Foundation; either version 2 of the License, or
10 # (at your option) any later version.
12 # This program is distributed in the hope that it will be useful, but
13 # WITHOUT ANY WARRANTY; without even the implied warranty of
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 # General Public License for more details.
17 # You should have received a copy of the GNU General Public License
18 # along with this program; if not, write to the Free Software
19 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
22 ################################################################################
24 # <aj> neuro: <usual question>?
25 # <neuro> aj: PPG: the movie! july 3!
27 # <aj> (you think you can distract me, and you're right)
32 ################################################################################
34 import commands, os, pwd, re, sys, time;
38 ################################################################################
44 re_taint_free = re.compile(r"^['/;\-\+\.\s\w]+$");
46 ################################################################################
48 def usage (exit_code=0):
49 print """Usage: amber ADV_NUMBER CHANGES_FILE[...]
50 Install CHANGES_FILE(s) as security advisory ADV_NUMBER
52 -h, --help show this help and exit
53 -n, --no-action don't do anything
58 ################################################################################
60 def do_upload(changes_files):
63 component_mapping = {};
64 for component in Cnf.SubTree("Amber::ComponentMappings").List():
65 component_mapping[component] = Cnf["Amber::ComponentMappings::%s" % (component)];
66 uploads = {}; # uploads[uri] = file_list;
67 package_list = {} # package_list[source_name][version];
68 changes_files.sort(utils.changes_compare);
69 for changes_file in changes_files:
70 changes_file = utils.validate_changes_file_arg(changes_file);
76 # Parse the .katie file for the .changes file
77 Katie.pkg.changes_file = changes_file;
79 files = Katie.pkg.files;
80 changes = Katie.pkg.changes;
82 # Build the file list for this .changes file
83 for file in files.keys():
84 poolname = os.path.join(Cnf["Dir::Root"], Cnf["Dir::PoolRoot"],
85 utils.poolify(changes["source"], files[file]["component"]),
87 file_list.append(poolname);
88 orig_component = files[file].get("original component", files[file]["component"]);
89 components[orig_component] = "";
90 file_list.append(changes_file);
91 # Determine the upload uri for this .changes file
92 for component in components.keys():
93 upload_uri = component_mapping.get(component);
95 upload_uris[upload_uri] = "";
96 num_upload_uris = len(upload_uris.keys());
97 if num_upload_uris == 0:
98 utils.fubar("%s: No valid upload URI found from components (%s)."
99 % (changes_file, ", ".join(components.keys())));
100 elif num_upload_uris > 1:
101 utils.fubar("%s: more than one upload URI (%s) from components (%s)."
102 % (changes_file, ", ".join(upload_uris.keys()),
103 ", ".join(components.keys())));
104 upload_uri = upload_uris.keys()[0];
105 # Update the file list for the upload uri
106 if not uploads.has_key(upload_uri):
107 uploads[upload_uri] = [];
108 uploads[upload_uri].extend(file_list);
109 # Remember the suites and source name/version
110 for suite in changes["distribution"].keys():
112 # Remember the source name and version
113 if changes["architecture"].has_key("source") and \
114 changes["distribution"].has_key("testing"):
115 if not package_list.has_key(dsc["source"]):
116 package_list[dsc["source"]] = {};
117 package_list[dsc["source"]][dsc["version"]] = "";
119 if len(suites.keys()) == 1 and suites.has_key("oldstable"):
120 print "Advisory only for 'oldstable'; not uploading elsewhere.";
123 if not Options["No-Action"]:
124 answer = yes_no("Upload to files to main archive (Y/n)?");
128 for uri in uploads.keys():
129 (host, path) = uri.split(":");
130 file_list = " ".join(uploads[uri]);
131 print "Uploading files to %s..." % (host);
132 spawn("lftp -c 'open %s; cd %s; put %s'" % (host, path, file_list));
134 if not Options["No-Action"]:
135 filename = "%s/testing-processed" % (Cnf["Dir::Log"]);
136 file = utils.open_file(filename, 'a');
137 for source in package_list.keys():
138 for version in package_list[source].keys():
139 file.write(" ".join([source, version])+'\n');
142 ######################################################################
143 # This function was originally written by aj and NIHishly merged into
146 def make_advisory(advisory_nr, changes_files):
148 updated_pkgs = {}; # updated_pkgs[distro][arch][file] = {path,md5,size}
150 for arg in changes_files:
151 arg = utils.validate_changes_file_arg(arg);
152 Katie.pkg.changes_file = arg;
156 src = Katie.pkg.changes["source"];
157 if src not in adv_packages:
158 adv_packages += [src];
160 suites = Katie.pkg.changes["distribution"].keys();
162 if not updated_pkgs.has_key(suite):
163 updated_pkgs[suite] = {};
165 files = Katie.pkg.files;
166 for file in files.keys():
167 arch = files[file]["architecture"];
168 md5 = files[file]["md5sum"];
169 size = files[file]["size"];
170 poolname = Cnf["Dir::PoolRoot"] + \
171 utils.poolify(src, files[file]["component"]);
172 if arch == "source" and file.endswith(".dsc"):
173 dscpoolname = poolname;
175 if not updated_pkgs[suite].has_key(arch):
176 updated_pkgs[suite][arch] = {}
177 updated_pkgs[suite][arch][file] = {
178 "md5": md5, "size": size,
179 "poolname": poolname };
181 dsc_files = Katie.pkg.dsc_files;
182 for file in dsc_files.keys():
184 if not dsc_files[file].has_key("files id"):
187 # otherwise, it's already in the pool and needs to be
189 md5 = dsc_files[file]["md5sum"];
190 size = dsc_files[file]["size"];
192 if not updated_pkgs[suite].has_key(arch):
193 updated_pkgs[suite][arch] = {};
194 updated_pkgs[suite][arch][file] = {
195 "md5": md5, "size": size,
196 "poolname": dscpoolname };
198 if os.environ.has_key("SUDO_UID"):
199 whoami = long(os.environ["SUDO_UID"]);
201 whoami = os.getuid();
202 whoamifull = pwd.getpwuid(whoami);
203 username = whoamifull[4].split(",")[0];
206 "__ADVISORY__": advisory_nr,
207 "__WHOAMI__": username,
208 "__DATE__": time.strftime("%B %d, %Y", time.gmtime(time.time())),
209 "__PACKAGE__": ", ".join(adv_packages),
210 "__KATIE_ADDRESS__": Cnf["Dinstall::MyEmailAddress"]
213 if Cnf.has_key("Dinstall::Bcc"):
214 Subst["__BCC__"] = "Bcc: %s" % (Cnf["Dinstall::Bcc"]);
217 archive = Cnf["Archive::%s::PrimaryMirror" % (utils.where_am_i())];
218 for suite in updated_pkgs.keys():
219 suite_header = "%s %s (%s)" % (Cnf["Dinstall::MyDistribution"],
220 Cnf["Suite::%s::Version" % suite], suite);
221 adv += "%s\n%s\n\n" % (suite_header, "-"*len(suite_header));
223 arches = Cnf.ValueList("Suite::%s::Architectures" % suite);
224 if "source" in arches:
225 arches.remove("source");
227 arches.remove("all");
230 adv += " %s was released for %s.\n\n" % (
231 suite.capitalize(), utils.join_with_commas_and(arches));
233 for a in ["source", "all"] + arches:
234 if not updated_pkgs[suite].has_key(a):
238 adv += " Source archives:\n\n";
240 adv += " Architecture independent packages:\n\n";
242 adv += " %s architecture (%s)\n\n" % (a,
243 Cnf["Architectures::%s" % a]);
245 for file in updated_pkgs[suite][a].keys():
246 adv += " http://%s/%s%s\n" % (
247 archive, updated_pkgs[suite][a][file]["poolname"], file);
248 adv += " Size/MD5 checksum: %8s %s\n" % (
249 updated_pkgs[suite][a][file]["size"],
250 updated_pkgs[suite][a][file]["md5"]);
254 Subst["__ADVISORY_TEXT__"] = adv;
256 adv = utils.TemplateSubst(Subst, Cnf["Dir::Templates"]+"/amber.advisory");
257 if not Options["No-Action"]:
258 utils.send_mail (adv);
260 print "[<Would send template advisory mail>]";
262 ######################################################################
265 global Cnf, Katie, Options;
268 Cnf = utils.get_conf();
270 Arguments = [('h', "help", "Amber::Options::Help"),
271 ('n', "no-action", "Amber::Options::No-Action")];
273 for i in [ "help", "no-action" ]:
274 Cnf["Amber::Options::%s" % (i)] = "";
276 arguments = apt_pkg.ParseCommandLine(Cnf,Arguments,sys.argv);
277 Options = Cnf.SubTree("Amber::Options")
278 Katie = katie.Katie(Cnf);
286 advisory_number = arguments[0];
287 changes_files = arguments[1:];
288 if advisory_number.endswith(".changes"):
289 utils.warn("first argument must be the advisory number.");
291 for file in changes_files:
292 file = utils.validate_changes_file_arg(file);
293 return (advisory_number, changes_files);
295 ######################################################################
299 answer = utils.our_raw_input(prompt+" ").lower();
300 if answer == "y" or answer == "n":
303 print "Invalid answer; please try again.";
306 ######################################################################
309 if not re_taint_free.match(command):
310 utils.fubar("Invalid character in \"%s\"." % (command));
312 if Options["No-Action"]:
313 print "[%s]" % (command);
315 (result, output) = commands.getstatusoutput(command);
317 utils.fubar("Invocation of '%s' failed:\n%s\n" % (command, output), result);
319 ######################################################################
323 (advisory_number, changes_files) = init();
325 if not Options["No-Action"]:
326 print "About to install the following files: "
327 for file in changes_files:
328 print " %s" % (file);
329 answer = yes_no("Continue (Y/n)?");
333 os.chdir(Cnf["Dir::Queue::Accepted"]);
334 print "Installing packages into the archive...";
335 spawn("%s/kelly -pa %s" % (Cnf["Dir::Katie"], " ".join(changes_files)));
336 os.chdir(Cnf["Dir::Katie"]);
337 print "Updating file lists for apt-ftparchive...";
339 print "Updating Packages and Sources files...";
340 spawn("apt-ftparchive generate %s" % (utils.which_apt_conf_file()));
341 print "Updating Release files...";
344 if not Options["No-Action"]:
345 os.chdir(Cnf["Dir::Queue::Done"]);
347 os.chdir(Cnf["Dir::Queue::Accepted"]);
348 print "Generating template advisory...";
349 make_advisory(advisory_number, changes_files);
351 do_upload(changes_files);
353 ################################################################################
355 if __name__ == '__main__':
358 ################################################################################