X-Git-Url: https://git.decadent.org.uk/gitweb/?a=blobdiff_plain;f=amber;h=4f1832adee18e517459ecc154182c4a19e0a8828;hb=924f122e42b40b043c7393ad4c9d523c5baacbb1;hp=f92868de657714d7bdf49b64fceb62b0342eb1d5;hpb=de1bcb40b1a60e87cac2562b80d7848ab361ea40;p=dak.git diff --git a/amber b/amber index f92868de..4f1832ad 100755 --- a/amber +++ b/amber @@ -1,8 +1,8 @@ #!/usr/bin/env python # Wrapper for Debian Security team -# Copyright (C) 2002 James Troup -# $Id: amber,v 1.2 2002-05-23 12:36:03 troup Exp $ +# Copyright (C) 2002, 2003, 2004 James Troup +# $Id: amber,v 1.11 2005-11-26 07:52:06 ajt Exp $ # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -31,15 +31,18 @@ ################################################################################ -import commands, pwd, os, string, sys, time; +import commands, os, pwd, re, sys, time; import apt_pkg; import katie, utils; ################################################################################ Cnf = None; +Options = None; Katie = None; +re_taint_free = re.compile(r"^['/;\-\+\.\s\w]+$"); + ################################################################################ def usage (exit_code=0): @@ -47,39 +50,106 @@ def usage (exit_code=0): Install CHANGES_FILE(s) as security advisory ADV_NUMBER -h, --help show this help and exit + -n, --no-action don't do anything """ sys.exit(exit_code) ################################################################################ -def get_file_list(arguments): +def do_upload(changes_files): file_list = ""; - for arg in arguments: - arg = utils.validate_changes_file_arg(arg); - Katie.pkg.changes_file = arg; + suites = {}; + component_mapping = {}; + for component in Cnf.SubTree("Amber::ComponentMappings").List(): + component_mapping[component] = Cnf["Amber::ComponentMappings::%s" % (component)]; + uploads = {}; # uploads[uri] = file_list; + changesfiles = {}; # changesfiles[uri] = file_list; + package_list = {} # package_list[source_name][version]; + changes_files.sort(utils.changes_compare); + for changes_file in changes_files: + changes_file = utils.validate_changes_file_arg(changes_file); + # Reset variables + components = {}; + upload_uris = {}; + file_list = []; Katie.init_vars(); + # Parse the .katie file for the .changes file + Katie.pkg.changes_file = changes_file; Katie.update_vars(); files = Katie.pkg.files; changes = Katie.pkg.changes; + dsc = Katie.pkg.dsc; + # We have the changes, now return if its amd64, to not upload them to ftp-master + if changes["architecture"].has_key("amd64"): + print "Not uploading amd64 part to ftp-master\n"; + continue + if changes["distribution"].has_key("oldstable-security"): + print "Not uploading oldstable-security changes to ftp-master\n"; + continue + # Build the file list for this .changes file for file in files.keys(): poolname = os.path.join(Cnf["Dir::Root"], Cnf["Dir::PoolRoot"], utils.poolify(changes["source"], files[file]["component"]), file); - file_list = "%s %s" % (file_list, poolname); - file_list = "%s %s" % (file_list, string.join(map(os.path.abspath, arguments))); - return file_list; - -################################################################################ - -def join_with_commas_and(list): - if len(list) == 0: return "nothing"; - if len(list) == 1: return list[0]; - return string.join(list[:-1], ", ") + " and " + list[-1]; + file_list.append(poolname); + orig_component = files[file].get("original component", files[file]["component"]); + components[orig_component] = ""; + # Determine the upload uri for this .changes file + for component in components.keys(): + upload_uri = component_mapping.get(component); + if upload_uri: + upload_uris[upload_uri] = ""; + num_upload_uris = len(upload_uris.keys()); + if num_upload_uris == 0: + utils.fubar("%s: No valid upload URI found from components (%s)." + % (changes_file, ", ".join(components.keys()))); + elif num_upload_uris > 1: + utils.fubar("%s: more than one upload URI (%s) from components (%s)." + % (changes_file, ", ".join(upload_uris.keys()), + ", ".join(components.keys()))); + upload_uri = upload_uris.keys()[0]; + # Update the file list for the upload uri + if not uploads.has_key(upload_uri): + uploads[upload_uri] = []; + uploads[upload_uri].extend(file_list); + # Update the changes list for the upload uri + if not changes.has_key(upload_uri): + changesfiles[upload_uri] = []; + changesfiles[upload_uri].append(changes_file); + # Remember the suites and source name/version + for suite in changes["distribution"].keys(): + suites[suite] = ""; + # Remember the source name and version + if changes["architecture"].has_key("source") and \ + changes["distribution"].has_key("testing"): + if not package_list.has_key(dsc["source"]): + package_list[dsc["source"]] = {}; + package_list[dsc["source"]][dsc["version"]] = ""; + + if not Options["No-Action"]: + answer = yes_no("Upload to files to main archive (Y/n)?"); + if answer != "y": + return; + + for uri in uploads.keys(): + uploads[uri].extend(changesfiles[uri]); + (host, path) = uri.split(":"); + file_list = " ".join(uploads[uri]); + print "Uploading files to %s..." % (host); + spawn("lftp -c 'open %s; cd %s; put %s'" % (host, path, file_list)); + + if not Options["No-Action"]: + filename = "%s/testing-processed" % (Cnf["Dir::Log"]); + file = utils.open_file(filename, 'a'); + for source in package_list.keys(): + for version in package_list[source].keys(): + file.write(" ".join([source, version])+'\n'); + file.close(); ###################################################################### - -# Originally written by aj, nih-ishly merged into amber by me. +# This function was originally written by aj and NIHishly merged into +# amber by me. def make_advisory(advisory_nr, changes_files): adv_packages = []; @@ -93,7 +163,7 @@ def make_advisory(advisory_nr, changes_files): src = Katie.pkg.changes["source"]; if src not in adv_packages: - adv_packages = adv_packages + [src]; + adv_packages += [src]; suites = Katie.pkg.changes["distribution"].keys(); for suite in suites: @@ -107,7 +177,7 @@ def make_advisory(advisory_nr, changes_files): size = files[file]["size"]; poolname = Cnf["Dir::PoolRoot"] + \ utils.poolify(src, files[file]["component"]); - if arch == "source" and file[-4:] == ".dsc": + if arch == "source" and file.endswith(".dsc"): dscpoolname = poolname; for suite in suites: if not updated_pkgs[suite].has_key(arch): @@ -134,25 +204,29 @@ def make_advisory(advisory_nr, changes_files): "poolname": dscpoolname }; if os.environ.has_key("SUDO_UID"): - whoami = string.atol(os.environ["SUDO_UID"]); + whoami = long(os.environ["SUDO_UID"]); else: whoami = os.getuid(); whoamifull = pwd.getpwuid(whoami); - username = string.split(whoamifull[4], ",")[0]; + username = whoamifull[4].split(",")[0]; Subst = { "__ADVISORY__": advisory_nr, "__WHOAMI__": username, "__DATE__": time.strftime("%B %d, %Y", time.gmtime(time.time())), - "__PACKAGE__": string.join(adv_packages,", ") - }; + "__PACKAGE__": ", ".join(adv_packages), + "__KATIE_ADDRESS__": Cnf["Dinstall::MyEmailAddress"] + }; + + if Cnf.has_key("Dinstall::Bcc"): + Subst["__BCC__"] = "Bcc: %s" % (Cnf["Dinstall::Bcc"]); adv = ""; archive = Cnf["Archive::%s::PrimaryMirror" % (utils.where_am_i())]; for suite in updated_pkgs.keys(): suite_header = "%s %s (%s)" % (Cnf["Dinstall::MyDistribution"], Cnf["Suite::%s::Version" % suite], suite); - adv = adv + "%s\n%s\n\n" % (suite_header, "-"*len(suite_header)); + adv += "%s\n%s\n\n" % (suite_header, "-"*len(suite_header)); arches = Cnf.ValueList("Suite::%s::Architectures" % suite); if "source" in arches: @@ -161,60 +235,65 @@ def make_advisory(advisory_nr, changes_files): arches.remove("all"); arches.sort(); - adv = adv + " %s was released for %s.\n\n" % ( - string.capitalize(suite), join_with_commas_and(arches)); + adv += " %s was released for %s.\n\n" % ( + suite.capitalize(), utils.join_with_commas_and(arches)); for a in ["source", "all"] + arches: if not updated_pkgs[suite].has_key(a): continue; if a == "source": - adv = adv + " Source archives:\n\n"; + adv += " Source archives:\n\n"; elif a == "all": - adv = adv + " Architecture independent packages:\n\n"; + adv += " Architecture independent packages:\n\n"; else: - adv = adv + " %s architecture (%s)\n\n" % (a, + adv += " %s architecture (%s)\n\n" % (a, Cnf["Architectures::%s" % a]); for file in updated_pkgs[suite][a].keys(): - adv = adv + " http://%s/%s%s\n" % ( + adv += " http://%s/%s%s\n" % ( archive, updated_pkgs[suite][a][file]["poolname"], file); - adv = adv + " Size/MD5 checksum: %8s %s\n" % ( + adv += " Size/MD5 checksum: %8s %s\n" % ( updated_pkgs[suite][a][file]["size"], updated_pkgs[suite][a][file]["md5"]); - adv = adv + "\n"; - adv = string.rstrip(adv); + adv += "\n"; + adv = adv.rstrip(); Subst["__ADVISORY_TEXT__"] = adv; adv = utils.TemplateSubst(Subst, Cnf["Dir::Templates"]+"/amber.advisory"); - utils.send_mail (adv, ""); + if not Options["No-Action"]: + utils.send_mail (adv); + else: + print "[]"; ###################################################################### def init(): - global Cnf, Katie; + global Cnf, Katie, Options; apt_pkg.init(); Cnf = utils.get_conf(); - Arguments = [('h',"help","Amber::Options::Help")]; + Arguments = [('h', "help", "Amber::Options::Help"), + ('n', "no-action", "Amber::Options::No-Action")]; - for i in [ "help" ]: + for i in [ "help", "no-action" ]: Cnf["Amber::Options::%s" % (i)] = ""; arguments = apt_pkg.ParseCommandLine(Cnf,Arguments,sys.argv); + Options = Cnf.SubTree("Amber::Options") Katie = katie.Katie(Cnf); - if Cnf["Amber::Options::Help"]: + if Options["Help"]: usage(0); if not arguments: usage(1); advisory_number = arguments[0]; - changes_files = sys.argv[2:]; - if advisory_number[-8:] == ".changes": + changes_files = arguments[1:]; + if advisory_number.endswith(".changes"): utils.warn("first argument must be the advisory number."); usage(1); for file in changes_files: @@ -225,7 +304,7 @@ def init(): def yes_no(prompt): while 1: - answer = string.lower(utils.our_raw_input(prompt+" ")); + answer = utils.our_raw_input(prompt+" ").lower(); if answer == "y" or answer == "n": break; else: @@ -235,9 +314,15 @@ def yes_no(prompt): ###################################################################### def spawn(command): - (result, output) = commands.getstatusoutput(command); - if (result != 0): - utils.fubar("Invocation of '%s' failed:\n%s\n" % (command, output), result); + if not re_taint_free.match(command): + utils.fubar("Invalid character in \"%s\"." % (command)); + + if Options["No-Action"]: + print "[%s]" % (command); + else: + (result, output) = commands.getstatusoutput(command); + if (result != 0): + utils.fubar("Invocation of '%s' failed:\n%s\n" % (command, output), result); ###################################################################### @@ -245,16 +330,17 @@ def spawn(command): def main(): (advisory_number, changes_files) = init(); - print "About to install the following files: " - for file in changes_files: - print " %s" % (file); - answer = yes_no("Continue (Y/n)?"); - if answer == "n": - sys.exit(0); + if not Options["No-Action"]: + print "About to install the following files: " + for file in changes_files: + print " %s" % (file); + answer = yes_no("Continue (Y/n)?"); + if answer == "n": + sys.exit(0); os.chdir(Cnf["Dir::Queue::Accepted"]); print "Installing packages into the archive..."; - spawn("%s/katie -pa %s" % (Cnf["Dir::Katie"], string.join(changes_files))); + spawn("%s/kelly -pa %s" % (Cnf["Dir::Katie"], " ".join(changes_files))); os.chdir(Cnf["Dir::Katie"]); print "Updating file lists for apt-ftparchive..."; spawn("./jenna"); @@ -263,17 +349,17 @@ def main(): print "Updating Release files..."; spawn("./ziyi"); - os.chdir(Cnf["Dir::Queue::Done"]); + if not Options["No-Action"]: + os.chdir(Cnf["Dir::Queue::Done"]); + else: + os.chdir(Cnf["Dir::Queue::Accepted"]); print "Generating template advisory..."; make_advisory(advisory_number, changes_files); - answer = yes_no("Upload to ftp-master (Y/n)?"); - if answer == "y": - upload_files = get_file_list(changes_files); - print "Uploading files..."; - spawn("lftp -c 'open %s; cd %s; put %s'" % (Cnf["Amber::UploadHost"], - Cnf["Amber::UploadDir"], - upload_files)); + # Trigger security mirrors + spawn("sudo -u archvsync /home/archvsync/signal_security"); + + do_upload(changes_files); ################################################################################