3 # Wrapper for Debian Security team
4 # Copyright (C) 2002, 2003, 2004, 2006 James Troup <james@nocrew.org>
6 # This program is free software; you can redistribute it and/or modify
7 # it under the terms of the GNU General Public License as published by
8 # the Free Software Foundation; either version 2 of the License, or
9 # (at your option) any later version.
11 # This program is distributed in the hope that it will be useful, but
12 # WITHOUT ANY WARRANTY; without even the implied warranty of
13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 # General Public License for more details.
16 # You should have received a copy of the GNU General Public License
17 # along with this program; if not, write to the Free Software
18 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
21 ################################################################################
23 # <aj> neuro: <usual question>?
24 # <neuro> aj: PPG: the movie! july 3!
26 # <aj> (you think you can distract me, and you're right)
31 ################################################################################
33 import commands, os, pwd, re, sys, time
35 import dak.lib.queue, dak.lib.utils
37 ################################################################################
43 re_taint_free = re.compile(r"^['/;\-\+\.\s\w]+$")
45 ################################################################################
47 def usage (exit_code=0):
48 print """Usage: dak security-install ADV_NUMBER CHANGES_FILE[...]
49 Install CHANGES_FILE(s) as security advisory ADV_NUMBER
51 -h, --help show this help and exit
52 -n, --no-action don't do anything
57 ################################################################################
59 def do_upload(changes_files):
62 component_mapping = {}
63 for component in Cnf.SubTree("Security-Install::ComponentMappings").List():
64 component_mapping[component] = Cnf["Security-Install::ComponentMappings::%s" % (component)]
65 uploads = {}; # uploads[uri] = file_list
66 changesfiles = {}; # changesfiles[uri] = file_list
67 package_list = {} # package_list[source_name][version]
68 changes_files.sort(dak.lib.utils.changes_compare)
69 for changes_file in changes_files:
70 changes_file = dak.lib.utils.validate_changes_file_arg(changes_file)
76 # Parse the .dak file for the .changes file
77 Upload.pkg.changes_file = changes_file
79 files = Upload.pkg.files
80 changes = Upload.pkg.changes
82 # We have the changes, now return if its amd64, to not upload them to ftp-master
83 if changes["architecture"].has_key("amd64"):
84 print "Not uploading amd64 part to ftp-master\n"
86 if changes["distribution"].has_key("oldstable-security"):
87 print "Not uploading oldstable-security changes to ftp-master\n"
89 # Build the file list for this .changes file
90 for file in files.keys():
91 poolname = os.path.join(Cnf["Dir::Root"], Cnf["Dir::PoolRoot"],
92 dak.lib.utils.poolify(changes["source"], files[file]["component"]),
94 file_list.append(poolname)
95 orig_component = files[file].get("original component", files[file]["component"])
96 components[orig_component] = ""
97 # Determine the upload uri for this .changes file
98 for component in components.keys():
99 upload_uri = component_mapping.get(component)
101 upload_uris[upload_uri] = ""
102 num_upload_uris = len(upload_uris.keys())
103 if num_upload_uris == 0:
104 dak.lib.utils.fubar("%s: No valid upload URI found from components (%s)."
105 % (changes_file, ", ".join(components.keys())))
106 elif num_upload_uris > 1:
107 dak.lib.utils.fubar("%s: more than one upload URI (%s) from components (%s)."
108 % (changes_file, ", ".join(upload_uris.keys()),
109 ", ".join(components.keys())))
110 upload_uri = upload_uris.keys()[0]
111 # Update the file list for the upload uri
112 if not uploads.has_key(upload_uri):
113 uploads[upload_uri] = []
114 uploads[upload_uri].extend(file_list)
115 # Update the changes list for the upload uri
116 if not changes.has_key(upload_uri):
117 changesfiles[upload_uri] = []
118 changesfiles[upload_uri].append(changes_file)
119 # Remember the suites and source name/version
120 for suite in changes["distribution"].keys():
122 # Remember the source name and version
123 if changes["architecture"].has_key("source") and \
124 changes["distribution"].has_key("testing"):
125 if not package_list.has_key(dsc["source"]):
126 package_list[dsc["source"]] = {}
127 package_list[dsc["source"]][dsc["version"]] = ""
129 if not Options["No-Action"]:
130 answer = yes_no("Upload to files to main archive (Y/n)?")
134 for uri in uploads.keys():
135 uploads[uri].extend(changesfiles[uri])
136 (host, path) = uri.split(":")
137 file_list = " ".join(uploads[uri])
138 print "Uploading files to %s..." % (host)
139 spawn("lftp -c 'open %s; cd %s; put %s'" % (host, path, file_list))
141 if not Options["No-Action"]:
142 filename = "%s/testing-processed" % (Cnf["Dir::Log"])
143 file = dak.lib.utils.open_file(filename, 'a')
144 for source in package_list.keys():
145 for version in package_list[source].keys():
146 file.write(" ".join([source, version])+'\n')
149 ######################################################################
150 # This function was originally written by aj and NIHishly merged into
151 # 'dak security-install' by me.
153 def make_advisory(advisory_nr, changes_files):
155 updated_pkgs = {}; # updated_pkgs[distro][arch][file] = {path,md5,size}
157 for arg in changes_files:
158 arg = dak.lib.utils.validate_changes_file_arg(arg)
159 Upload.pkg.changes_file = arg
163 src = Upload.pkg.changes["source"]
164 if src not in adv_packages:
165 adv_packages += [src]
167 suites = Upload.pkg.changes["distribution"].keys()
169 if not updated_pkgs.has_key(suite):
170 updated_pkgs[suite] = {}
172 files = Upload.pkg.files
173 for file in files.keys():
174 arch = files[file]["architecture"]
175 md5 = files[file]["md5sum"]
176 size = files[file]["size"]
177 poolname = Cnf["Dir::PoolRoot"] + \
178 dak.lib.utils.poolify(src, files[file]["component"])
179 if arch == "source" and file.endswith(".dsc"):
180 dscpoolname = poolname
182 if not updated_pkgs[suite].has_key(arch):
183 updated_pkgs[suite][arch] = {}
184 updated_pkgs[suite][arch][file] = {
185 "md5": md5, "size": size,
186 "poolname": poolname }
188 dsc_files = Upload.pkg.dsc_files
189 for file in dsc_files.keys():
191 if not dsc_files[file].has_key("files id"):
194 # otherwise, it's already in the pool and needs to be
196 md5 = dsc_files[file]["md5sum"]
197 size = dsc_files[file]["size"]
199 if not updated_pkgs[suite].has_key(arch):
200 updated_pkgs[suite][arch] = {}
201 updated_pkgs[suite][arch][file] = {
202 "md5": md5, "size": size,
203 "poolname": dscpoolname }
205 if os.environ.has_key("SUDO_UID"):
206 whoami = long(os.environ["SUDO_UID"])
209 whoamifull = pwd.getpwuid(whoami)
210 username = whoamifull[4].split(",")[0]
213 "__ADVISORY__": advisory_nr,
214 "__WHOAMI__": username,
215 "__DATE__": time.strftime("%B %d, %Y", time.gmtime(time.time())),
216 "__PACKAGE__": ", ".join(adv_packages),
217 "__DAK_ADDRESS__": Cnf["Dinstall::MyEmailAddress"]
220 if Cnf.has_key("Dinstall::Bcc"):
221 Subst["__BCC__"] = "Bcc: %s" % (Cnf["Dinstall::Bcc"])
224 archive = Cnf["Archive::%s::PrimaryMirror" % (dak.lib.utils.where_am_i())]
225 for suite in updated_pkgs.keys():
226 suite_header = "%s %s (%s)" % (Cnf["Dinstall::MyDistribution"],
227 Cnf["Suite::%s::Version" % suite], suite)
228 adv += "%s\n%s\n\n" % (suite_header, "-"*len(suite_header))
230 arches = Cnf.ValueList("Suite::%s::Architectures" % suite)
231 if "source" in arches:
232 arches.remove("source")
237 adv += " %s was released for %s.\n\n" % (
238 suite.capitalize(), dak.lib.utils.join_with_commas_and(arches))
240 for a in ["source", "all"] + arches:
241 if not updated_pkgs[suite].has_key(a):
245 adv += " Source archives:\n\n"
247 adv += " Architecture independent packages:\n\n"
249 adv += " %s architecture (%s)\n\n" % (a,
250 Cnf["Architectures::%s" % a])
252 for file in updated_pkgs[suite][a].keys():
253 adv += " http://%s/%s%s\n" % (
254 archive, updated_pkgs[suite][a][file]["poolname"], file)
255 adv += " Size/MD5 checksum: %8s %s\n" % (
256 updated_pkgs[suite][a][file]["size"],
257 updated_pkgs[suite][a][file]["md5"])
261 Subst["__ADVISORY_TEXT__"] = adv
263 adv = dak.lib.utils.TemplateSubst(Subst, Cnf["Dir::Templates"]+"/security-install.advisory")
264 if not Options["No-Action"]:
265 dak.lib.utils.send_mail (adv)
267 print "[<Would send template advisory mail>]"
269 ######################################################################
272 global Cnf, Upload, Options
275 Cnf = dak.lib.utils.get_conf()
277 Arguments = [('h', "help", "Security-Install::Options::Help"),
278 ('n', "no-action", "Security-Install::Options::No-Action")]
280 for i in [ "help", "no-action" ]:
281 Cnf["Security-Install::Options::%s" % (i)] = ""
283 arguments = apt_pkg.ParseCommandLine(Cnf,Arguments,sys.argv)
284 Options = Cnf.SubTree("Security-Install::Options")
285 Upload = dak.lib.queue.Upload(Cnf)
293 advisory_number = arguments[0]
294 changes_files = arguments[1:]
295 if advisory_number.endswith(".changes"):
296 dak.lib.utils.warn("first argument must be the advisory number.")
298 for file in changes_files:
299 file = dak.lib.utils.validate_changes_file_arg(file)
300 return (advisory_number, changes_files)
302 ######################################################################
306 answer = dak.lib.utils.our_raw_input(prompt+" ").lower()
307 if answer == "y" or answer == "n":
310 print "Invalid answer; please try again."
313 ######################################################################
316 if not re_taint_free.match(command):
317 dak.lib.utils.fubar("Invalid character in \"%s\"." % (command))
319 if Options["No-Action"]:
320 print "[%s]" % (command)
322 (result, output) = commands.getstatusoutput(command)
324 dak.lib.utils.fubar("Invocation of '%s' failed:\n%s\n" % (command, output), result)
326 ######################################################################
330 (advisory_number, changes_files) = init()
332 if not Options["No-Action"]:
333 print "About to install the following files: "
334 for file in changes_files:
336 answer = yes_no("Continue (Y/n)?")
340 os.chdir(Cnf["Dir::Queue::Accepted"])
341 print "Installing packages into the archive..."
342 spawn("dak process-accepted -pa %s" % (Cnf["Dir::Dak"], " ".join(changes_files)))
343 os.chdir(Cnf["Dir::Dak"])
344 print "Updating file lists for apt-ftparchive..."
345 spawn("dak make-suite-file-list")
346 print "Updating Packages and Sources files..."
347 spawn("apt-ftparchive generate %s" % (dak.lib.utils.which_apt_conf_file()))
348 print "Updating Release files..."
349 spawn("dak generate-releases")
351 if not Options["No-Action"]:
352 os.chdir(Cnf["Dir::Queue::Done"])
354 os.chdir(Cnf["Dir::Queue::Accepted"])
355 print "Generating template advisory..."
356 make_advisory(advisory_number, changes_files)
358 # Trigger security mirrors
359 spawn("sudo -u archvsync /home/archvsync/signal_security")
361 do_upload(changes_files)
363 ################################################################################
365 if __name__ == '__main__':
368 ################################################################################