dak/new_security_install.py

   1 #!/usr/bin/env python
   2
   3 """ Wrapper for Debian Security team """
   4 # Copyright (C) 2006  Anthony Towns <ajt@debian.org>
   5
   6 # This program is free software; you can redistribute it and/or modify
   7 # it under the terms of the GNU General Public License as published by
   8 # the Free Software Foundation; either version 2 of the License, or
   9 # (at your option) any later version.
  10
  11 # This program is distributed in the hope that it will be useful, but
  12 # WITHOUT ANY WARRANTY; without even the implied warranty of
  13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  14 # General Public License for more details.
  15
  16 # You should have received a copy of the GNU General Public License
  17 # along with this program; if not, write to the Free Software
  18 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
  19 # USA
  20
  21 ################################################################################
  22
  23 import apt_pkg, os, sys, pwd, time, commands
  24
  25 from daklib import queue
  26 from daklib import daklog
  27 from daklib import utils
  28 from daklib import database
  29 from daklib.regexes import re_taint_free
  30
  31 Cnf = None
  32 Options = None
  33 Upload = None
  34 Logger = None
  35
  36 advisory = None
  37 changes = []
  38 srcverarches = {}
  39
  40 def init():
  41     global Cnf, Upload, Options, Logger
  42
  43     Cnf = utils.get_conf()
  44     Cnf["Dinstall::Options::No-Mail"] = "y"
  45     Arguments = [('h', "help", "Security-Install::Options::Help"),
  46                  ('a', "automatic", "Security-Install::Options::Automatic"),
  47                  ('n', "no-action", "Security-Install::Options::No-Action"),
  48                  ('s', "sudo", "Security-Install::Options::Sudo"),
  49                  (' ', "no-upload", "Security-Install::Options::No-Upload"),
  50                  ('u', "fg-upload", "Security-Install::Options::Foreground-Upload"),
  51                  (' ', "drop-advisory", "Security-Install::Options::Drop-Advisory"),
  52                  ('A', "approve", "Security-Install::Options::Approve"),
  53                  ('R', "reject", "Security-Install::Options::Reject"),
  54                  ('D', "disembargo", "Security-Install::Options::Disembargo") ]
  55
  56     for i in Arguments:
  57         Cnf[i[2]] = ""
  58
  59     arguments = apt_pkg.ParseCommandLine(Cnf, Arguments, sys.argv)
  60
  61     Options = Cnf.SubTree("Security-Install::Options")
  62
  63     username = utils.getusername()
  64     if username != "dak":
  65         print "Non-dak user: %s" % username
  66         Options["Sudo"] = "y"
  67
  68     if Options["Help"]:
  69         print "help yourself"
  70         sys.exit(0)
  71
  72     if len(arguments) == 0:
  73         utils.fubar("Process what?")
  74
  75     Upload = queue.Upload(Cnf)
  76     if Options["No-Action"]:
  77         Options["Sudo"] = ""
  78     if not Options["Sudo"] and not Options["No-Action"]:
  79         Logger = Upload.Logger = daklog.Logger(Cnf, "new-security-install")
  80
  81     return arguments
  82
  83 def quit():
  84     if Logger:
  85         Logger.close()
  86     sys.exit(0)
  87
  88 def load_args(arguments):
  89     global advisory, changes
  90
  91     adv_ids = {}
  92     if not arguments[0].endswith(".changes"):
  93         adv_ids [arguments[0]] = 1
  94         arguments = arguments[1:]
  95
  96     null_adv_changes = []
  97
  98     changesfiles = {}
  99     for a in arguments:
 100         if "/" in a:
 101             utils.fubar("can only deal with files in the current directory")
 102         if not a.endswith(".changes"):
 103             utils.fubar("not a .changes file: %s" % (a))
 104         Upload.init_vars()
 105         Upload.pkg.changes_file = a
 106         Upload.update_vars()
 107         if "adv id" in Upload.pkg.changes:
 108             changesfiles[a] = 1
 109             adv_ids[Upload.pkg.changes["adv id"]] = 1
 110         else:
 111             null_adv_changes.append(a)
 112
 113     adv_ids = adv_ids.keys()
 114     if len(adv_ids) > 1:
 115         utils.fubar("multiple advisories selected: %s" % (", ".join(adv_ids)))
 116     if adv_ids == []:
 117         advisory = None
 118     else:
 119         advisory = adv_ids[0]
 120
 121     changes = changesfiles.keys()
 122     return null_adv_changes
 123
 124 def load_adv_changes():
 125     global srcverarches, changes
 126
 127     for c in os.listdir("."):
 128         if not c.endswith(".changes"): continue
 129         Upload.init_vars()
 130         Upload.pkg.changes_file = c
 131         Upload.update_vars()
 132         if "adv id" not in Upload.pkg.changes:
 133             continue
 134         if Upload.pkg.changes["adv id"] != advisory:
 135             continue
 136
 137         if c not in changes: changes.append(c)
 138         srcver = "%s %s" % (Upload.pkg.changes["source"],
 139                             Upload.pkg.changes["version"])
 140         srcverarches.setdefault(srcver, {})
 141         for arch in Upload.pkg.changes["architecture"].keys():
 142             srcverarches[srcver][arch] = 1
 143
 144 def advisory_info():
 145     if advisory != None:
 146         print "Advisory: %s" % (advisory)
 147     print "Changes:"
 148     for c in changes:
 149         print " %s" % (c)
 150
 151     print "Packages:"
 152     svs = srcverarches.keys()
 153     svs.sort()
 154     for sv in svs:
 155         as = srcverarches[sv].keys()
 156         as.sort()
 157         print " %s (%s)" % (sv, ", ".join(as))
 158
 159 def prompt(opts, default):
 160     p = ""
 161     v = {}
 162     for o in opts:
 163         v[o[0].upper()] = o
 164         if o[0] == default:
 165             p += ", [%s]%s" % (o[0], o[1:])
 166         else:
 167             p += ", " + o
 168     p = p[2:] + "? "
 169     a = None
 170
 171     if Options["Automatic"]:
 172         a = default
 173
 174     while a not in v:
 175         a = utils.our_raw_input(p) + default
 176         a = a[:1].upper()
 177
 178     return v[a]
 179
 180 def add_changes(extras):
 181     for c in extras:
 182         changes.append(c)
 183         Upload.init_vars()
 184         Upload.pkg.changes_file = c
 185         Upload.update_vars()
 186         srcver = "%s %s" % (Upload.pkg.changes["source"], Upload.pkg.changes["version"])
 187         srcverarches.setdefault(srcver, {})
 188         for arch in Upload.pkg.changes["architecture"].keys():
 189             srcverarches[srcver][arch] = 1
 190         Upload.pkg.changes["adv id"] = advisory
 191         Upload.dump_vars(os.getcwd())
 192
 193 def yes_no(prompt):
 194     if Options["Automatic"]: return True
 195     while 1:
 196         answer = utils.our_raw_input(prompt + " ").lower()
 197         if answer in "yn":
 198             return answer == "y"
 199         print "Invalid answer; please try again."
 200
 201 def do_upload():
 202     if Options["No-Upload"]:
 203         print "Not uploading as requested"
 204     elif Options["Foreground-Upload"]:
 205         actually_upload(changes)
 206     else:
 207         child = os.fork()
 208         if child == 0:
 209             actually_upload(changes)
 210             os._exit(0)
 211         print "Uploading in the background"
 212
 213 def actually_upload(changes_files):
 214     file_list = ""
 215     suites = {}
 216     component_mapping = {}
 217     for component in Cnf.SubTree("Security-Install::ComponentMappings").List():
 218         component_mapping[component] = Cnf["Security-Install::ComponentMappings::%s" % (component)]
 219     uploads = {}; # uploads[uri] = file_list
 220     changesfiles = {}; # changesfiles[uri] = file_list
 221     package_list = {} # package_list[source_name][version]
 222     changes_files.sort(utils.changes_compare)
 223     for changes_file in changes_files:
 224         changes_file = utils.validate_changes_file_arg(changes_file)
 225         # Reset variables
 226         components = {}
 227         upload_uris = {}
 228         file_list = []
 229         Upload.init_vars()
 230         # Parse the .dak file for the .changes file
 231         Upload.pkg.changes_file = changes_file
 232         Upload.update_vars()
 233         files = Upload.pkg.files
 234         changes = Upload.pkg.changes
 235         dsc = Upload.pkg.dsc
 236         # Build the file list for this .changes file
 237         for file in files.keys():
 238             poolname = os.path.join(Cnf["Dir::Root"], Cnf["Dir::PoolRoot"],
 239                                     utils.poolify(changes["source"], files[file]["component"]),
 240                                     file)
 241             file_list.append(poolname)
 242             orig_component = files[file].get("original component", files[file]["component"])
 243             components[orig_component] = ""
 244         # Determine the upload uri for this .changes file
 245         for component in components.keys():
 246             upload_uri = component_mapping.get(component)
 247             if upload_uri:
 248                 upload_uris[upload_uri] = ""
 249         num_upload_uris = len(upload_uris.keys())
 250         if num_upload_uris == 0:
 251             utils.fubar("%s: No valid upload URI found from components (%s)."
 252                         % (changes_file, ", ".join(components.keys())))
 253         elif num_upload_uris > 1:
 254             utils.fubar("%s: more than one upload URI (%s) from components (%s)."
 255                         % (changes_file, ", ".join(upload_uris.keys()),
 256                            ", ".join(components.keys())))
 257         upload_uri = upload_uris.keys()[0]
 258         # Update the file list for the upload uri
 259         if not uploads.has_key(upload_uri):
 260             uploads[upload_uri] = []
 261         uploads[upload_uri].extend(file_list)
 262         # Update the changes list for the upload uri
 263         if not changesfiles.has_key(upload_uri):
 264             changesfiles[upload_uri] = []
 265         changesfiles[upload_uri].append(changes_file)
 266         # Remember the suites and source name/version
 267         for suite in changes["distribution"].keys():
 268             suites[suite] = ""
 269         # Remember the source name and version
 270         if changes["architecture"].has_key("source") and \
 271            changes["distribution"].has_key("testing"):
 272             if not package_list.has_key(dsc["source"]):
 273                 package_list[dsc["source"]] = {}
 274             package_list[dsc["source"]][dsc["version"]] = ""
 275
 276     for uri in uploads.keys():
 277         uploads[uri].extend(changesfiles[uri])
 278         (host, path) = uri.split(":")
 279         #        file_list = " ".join(uploads[uri])
 280         print "Moving files to UploadQueue"
 281         for filename in uploads[uri]:
 282             utils.copy(filename, Cnf["Dir::Upload"])
 283             # .changes files have already been moved to queue/done by p-a
 284             if not filename.endswith('.changes'):
 285                 remove_from_buildd(suites, filename)
 286         #spawn("lftp -c 'open %s; cd %s; put %s'" % (host, path, file_list))
 287
 288     if not Options["No-Action"]:
 289         filename = "%s/testing-processed" % (Cnf["Dir::Log"])
 290         file = utils.open_file(filename, 'a')
 291         for source in package_list.keys():
 292             for version in package_list[source].keys():
 293                 file.write(" ".join([source, version])+'\n')
 294         file.close()
 295
 296 def remove_from_buildd(suites, filename):
 297     """Check the buildd dir for each suite and remove the file if needed"""
 298     builddbase = Cnf["Dir::QueueBuild"]
 299     filebase = os.path.basename(filename)
 300     for s in suites:
 301         try:
 302             os.unlink(os.path.join(builddbase, s, filebase))
 303         except OSError, e:
 304             pass
 305             # About no value printing this warning - it only confuses the security team,
 306             # yet makes no difference otherwise.
 307             #utils.warn("Problem removing %s from buildd queue %s [%s]" % (filebase, s, str(e)))
 308
 309
 310 def generate_advisory(template):
 311     global changes, advisory
 312
 313     adv_packages = []
 314     updated_pkgs = {};  # updated_pkgs[distro][arch][file] = {path,md5,size}
 315
 316     for arg in changes:
 317         arg = utils.validate_changes_file_arg(arg)
 318         Upload.pkg.changes_file = arg
 319         Upload.init_vars()
 320         Upload.update_vars()
 321
 322         src = Upload.pkg.changes["source"]
 323         src_ver = "%s (%s)" % (src, Upload.pkg.changes["version"])
 324         if src_ver not in adv_packages:
 325             adv_packages.append(src_ver)
 326
 327         suites = Upload.pkg.changes["distribution"].keys()
 328         for suite in suites:
 329             if not updated_pkgs.has_key(suite):
 330                 updated_pkgs[suite] = {}
 331
 332         files = Upload.pkg.files
 333         for file in files.keys():
 334             arch = files[file]["architecture"]
 335             md5 = files[file]["md5sum"]
 336             size = files[file]["size"]
 337             poolname = Cnf["Dir::PoolRoot"] + \
 338                 utils.poolify(src, files[file]["component"])
 339             if arch == "source" and file.endswith(".dsc"):
 340                 dscpoolname = poolname
 341             for suite in suites:
 342                 if not updated_pkgs[suite].has_key(arch):
 343                     updated_pkgs[suite][arch] = {}
 344                 updated_pkgs[suite][arch][file] = {
 345                     "md5": md5, "size": size, "poolname": poolname }
 346
 347         dsc_files = Upload.pkg.dsc_files
 348         for file in dsc_files.keys():
 349             arch = "source"
 350             if not dsc_files[file].has_key("files id"):
 351                 continue
 352
 353             # otherwise, it's already in the pool and needs to be
 354             # listed specially
 355             md5 = dsc_files[file]["md5sum"]
 356             size = dsc_files[file]["size"]
 357             for suite in suites:
 358                 if not updated_pkgs[suite].has_key(arch):
 359                     updated_pkgs[suite][arch] = {}
 360                 updated_pkgs[suite][arch][file] = {
 361                     "md5": md5, "size": size, "poolname": dscpoolname }
 362
 363     if os.environ.has_key("SUDO_UID"):
 364         whoami = long(os.environ["SUDO_UID"])
 365     else:
 366         whoami = os.getuid()
 367     whoamifull = pwd.getpwuid(whoami)
 368     username = whoamifull[4].split(",")[0]
 369
 370     Subst = {
 371         "__ADVISORY__": advisory,
 372         "__WHOAMI__": username,
 373         "__DATE__": time.strftime("%B %d, %Y", time.gmtime(time.time())),
 374         "__PACKAGE__": ", ".join(adv_packages),
 375         "__DAK_ADDRESS__": Cnf["Dinstall::MyEmailAddress"]
 376         }
 377
 378     if Cnf.has_key("Dinstall::Bcc"):
 379         Subst["__BCC__"] = "Bcc: %s" % (Cnf["Dinstall::Bcc"])
 380
 381     adv = ""
 382     archive = Cnf["Archive::%s::PrimaryMirror" % (utils.where_am_i())]
 383     for suite in updated_pkgs.keys():
 384         ver = Cnf["Suite::%s::Version" % suite]
 385         if ver != "": ver += " "
 386         suite_header = "%s %s(%s)" % (Cnf["Dinstall::MyDistribution"],
 387                                        ver, suite)
 388         adv += "%s\n%s\n\n" % (suite_header, "-"*len(suite_header))
 389
 390         arches = database.get_suite_architectures(suite)
 391         if "source" in arches:
 392             arches.remove("source")
 393         if "all" in arches:
 394             arches.remove("all")
 395         arches.sort()
 396
 397         adv += "%s updates are available for %s.\n\n" % (
 398                 suite.capitalize(), utils.join_with_commas_and(arches))
 399
 400         for a in ["source", "all"] + arches:
 401             if not updated_pkgs[suite].has_key(a):
 402                 continue
 403
 404             if a == "source":
 405                 adv += "Source archives:\n\n"
 406             elif a == "all":
 407                 adv += "Architecture independent packages:\n\n"
 408             else:
 409                 adv += "%s architecture (%s)\n\n" % (a,
 410                         Cnf["Architectures::%s" % a])
 411
 412             for file in updated_pkgs[suite][a].keys():
 413                 adv += "  http://%s/%s%s\n" % (
 414                                 archive, updated_pkgs[suite][a][file]["poolname"], file)
 415                 adv += "    Size/MD5 checksum: %8s %s\n" % (
 416                         updated_pkgs[suite][a][file]["size"],
 417                         updated_pkgs[suite][a][file]["md5"])
 418             adv += "\n"
 419     adv = adv.rstrip()
 420
 421     Subst["__ADVISORY_TEXT__"] = adv
 422
 423     adv = utils.TemplateSubst(Subst, template)
 424     return adv
 425
 426 def spawn(command):
 427     if not re_taint_free.match(command):
 428         utils.fubar("Invalid character in \"%s\"." % (command))
 429
 430     if Options["No-Action"]:
 431         print "[%s]" % (command)
 432     else:
 433         (result, output) = commands.getstatusoutput(command)
 434         if (result != 0):
 435             utils.fubar("Invocation of '%s' failed:\n%s\n" % (command, output), result)
 436
 437
 438 ##################### ! ! ! N O T E ! ! !  #####################
 439 #
 440 # These functions will be reinvoked by semi-priveleged users, be careful not
 441 # to invoke external programs that will escalate privileges, etc.
 442 #
 443 ##################### ! ! ! N O T E ! ! !  #####################
 444
 445 def sudo(arg, fn, exit):
 446     if Options["Sudo"]:
 447         if advisory == None:
 448             utils.fubar("Must set advisory name")
 449         os.spawnl(os.P_WAIT, "/usr/bin/sudo", "/usr/bin/sudo", "-u", "dak", "-H",
 450                   "/usr/local/bin/dak", "new-security-install", "-"+arg, "--", advisory)
 451     else:
 452         fn()
 453     if exit:
 454         quit()
 455
 456 def do_Approve(): sudo("A", _do_Approve, True)
 457 def _do_Approve():
 458     # 1. dump advisory in drafts
 459     draft = "/org/security.debian.org/advisories/drafts/%s" % (advisory)
 460     print "Advisory in %s" % (draft)
 461     if not Options["No-Action"]:
 462         adv_file = "./advisory.%s" % (advisory)
 463         if not os.path.exists(adv_file):
 464             adv_file = Cnf["Dir::Templates"]+"/security-install.advisory"
 465         adv_fd = os.open(draft, os.O_RDWR|os.O_CREAT|os.O_EXCL, 0664)
 466         os.write(adv_fd, generate_advisory(adv_file))
 467         os.close(adv_fd)
 468         adv_fd = None
 469
 470     # 2. run dak process-accepted on changes
 471     print "Accepting packages..."
 472     spawn("dak process-accepted -pa %s" % (" ".join(changes)))
 473
 474     # 3. run dak make-suite-file-list / apt-ftparchve / dak generate-releases
 475     print "Updating file lists for apt-ftparchive..."
 476     spawn("dak make-suite-file-list")
 477     print "Updating Packages and Sources files..."
 478     spawn("/org/security.debian.org/dak/config/debian-security/map.sh")
 479     spawn("apt-ftparchive generate %s" % (utils.which_apt_conf_file()))
 480     print "Updating Release files..."
 481     spawn("dak generate-releases")
 482     print "Triggering security mirrors..."
 483     spawn("sudo -u archvsync -H /home/archvsync/signal_security")
 484
 485     # 4. chdir to done - do upload
 486     if not Options["No-Action"]:
 487         os.chdir(Cnf["Dir::Queue::Done"])
 488     do_upload()
 489
 490 def do_Disembargo(): sudo("D", _do_Disembargo, True)
 491 def _do_Disembargo():
 492     if os.getcwd() != Cnf["Dir::Queue::Embargoed"].rstrip("/"):
 493         utils.fubar("Can only disembargo from %s" % Cnf["Dir::Queue::Embargoed"])
 494
 495     dest = Cnf["Dir::Queue::Unembargoed"]
 496     emb_q = database.get_or_set_queue_id("embargoed")
 497     une_q = database.get_or_set_queue_id("unembargoed")
 498
 499     for c in changes:
 500         print "Disembargoing %s" % (c)
 501
 502         Upload.init_vars()
 503         Upload.pkg.changes_file = c
 504         Upload.update_vars()
 505
 506         if "source" in Upload.pkg.changes["architecture"].keys():
 507             print "Adding %s %s to disembargo table" % (Upload.pkg.changes["source"], Upload.pkg.changes["version"])
 508             Upload.projectB.query("INSERT INTO disembargo (package, version) VALUES ('%s', '%s')" % (Upload.pkg.changes["source"], Upload.pkg.changes["version"]))
 509
 510         files = {}
 511         for suite in Upload.pkg.changes["distribution"].keys():
 512             if suite not in Cnf.ValueList("Dinstall::QueueBuildSuites"):
 513                 continue
 514             dest_dir = Cnf["Dir::QueueBuild"]
 515             if Cnf.FindB("Dinstall::SecurityQueueBuild"):
 516                 dest_dir = os.path.join(dest_dir, suite)
 517             for file in Upload.pkg.files.keys():
 518                 files[os.path.join(dest_dir, file)] = 1
 519
 520         files = files.keys()
 521         Upload.projectB.query("BEGIN WORK")
 522         for f in files:
 523             Upload.projectB.query("UPDATE queue_build SET queue = %s WHERE filename = '%s' AND queue = %s" % (une_q, f, emb_q))
 524         Upload.projectB.query("COMMIT WORK")
 525
 526         for file in Upload.pkg.files.keys():
 527             utils.copy(file, os.path.join(dest, file))
 528             os.unlink(file)
 529
 530     for c in changes:
 531         utils.copy(c, os.path.join(dest, c))
 532         os.unlink(c)
 533         k = c[:-8] + ".dak"
 534         utils.copy(k, os.path.join(dest, k))
 535         os.unlink(k)
 536
 537 def do_Reject(): sudo("R", _do_Reject, True)
 538 def _do_Reject():
 539     global changes
 540     for c in changes:
 541         print "Rejecting %s..." % (c)
 542         Upload.init_vars()
 543         Upload.pkg.changes_file = c
 544         Upload.update_vars()
 545         files = {}
 546         for suite in Upload.pkg.changes["distribution"].keys():
 547             if suite not in Cnf.ValueList("Dinstall::QueueBuildSuites"):
 548                 continue
 549             dest_dir = Cnf["Dir::QueueBuild"]
 550             if Cnf.FindB("Dinstall::SecurityQueueBuild"):
 551                 dest_dir = os.path.join(dest_dir, suite)
 552             for file in Upload.pkg.files.keys():
 553                 files[os.path.join(dest_dir, file)] = 1
 554
 555         files = files.keys()
 556
 557         aborted = Upload.do_reject()
 558         if not aborted:
 559             os.unlink(c[:-8]+".dak")
 560             for f in files:
 561                 Upload.projectB.query(
 562                     "DELETE FROM queue_build WHERE filename = '%s'" % (f))
 563                 os.unlink(f)
 564
 565     print "Updating buildd information..."
 566     spawn("/org/security.debian.org/dak/config/debian-security/cron.buildd")
 567
 568     adv_file = "./advisory.%s" % (advisory)
 569     if os.path.exists(adv_file):
 570         os.unlink(adv_file)
 571
 572 def do_DropAdvisory():
 573     for c in changes:
 574         Upload.init_vars()
 575         Upload.pkg.changes_file = c
 576         Upload.update_vars()
 577         del Upload.pkg.changes["adv id"]
 578         Upload.dump_vars(os.getcwd())
 579     quit()
 580
 581 def do_Edit():
 582     adv_file = "./advisory.%s" % (advisory)
 583     if not os.path.exists(adv_file):
 584         utils.copy(Cnf["Dir::Templates"]+"/security-install.advisory", adv_file)
 585     editor = os.environ.get("EDITOR", "vi")
 586     result = os.system("%s %s" % (editor, adv_file))
 587     if result != 0:
 588         utils.fubar("%s invocation failed for %s." % (editor, adv_file))
 589
 590 def do_Show():
 591     adv_file = "./advisory.%s" % (advisory)
 592     if not os.path.exists(adv_file):
 593         adv_file = Cnf["Dir::Templates"]+"/security-install.advisory"
 594     print "====\n%s\n====" % (generate_advisory(adv_file))
 595
 596 def do_Quit():
 597     quit()
 598
 599 def main():
 600     global changes
 601
 602     args = init()
 603     extras = load_args(args)
 604     if advisory:
 605         load_adv_changes()
 606     if extras:
 607         if not advisory:
 608             changes = extras
 609         else:
 610             if srcverarches == {}:
 611                 if not yes_no("Create new advisory %s?" % (advisory)):
 612                     print "Not doing anything, then"
 613                     quit()
 614             else:
 615                 advisory_info()
 616                 doextras = []
 617                 for c in extras:
 618                     if yes_no("Add %s to %s?" % (c, advisory)):
 619                         doextras.append(c)
 620                 extras = doextras
 621             add_changes(extras)
 622
 623     if not advisory:
 624         utils.fubar("Must specify an advisory id")
 625
 626     if not changes:
 627         utils.fubar("No changes specified")
 628
 629     if Options["Approve"]:
 630         advisory_info()
 631         do_Approve()
 632     elif Options["Reject"]:
 633         advisory_info()
 634         do_Reject()
 635     elif Options["Disembargo"]:
 636         advisory_info()
 637         do_Disembargo()
 638     elif Options["Drop-Advisory"]:
 639         advisory_info()
 640         do_DropAdvisory()
 641     else:
 642         while 1:
 643             default = "Q"
 644             opts = ["Approve", "Edit advisory"]
 645             if os.path.exists("./advisory.%s" % advisory):
 646                 default = "A"
 647             else:
 648                 default = "E"
 649             if os.getcwd() == Cnf["Dir::Queue::Embargoed"].rstrip("/"):
 650                 opts.append("Disembargo")
 651             opts += ["Show advisory", "Reject", "Quit"]
 652
 653             advisory_info()
 654             what = prompt(opts, default)
 655
 656             if what == "Quit":
 657                 do_Quit()
 658             elif what == "Approve":
 659                 do_Approve()
 660             elif what == "Edit advisory":
 661                 do_Edit()
 662             elif what == "Show advisory":
 663                 do_Show()
 664             elif what == "Disembargo":
 665                 do_Disembargo()
 666             elif what == "Reject":
 667                 do_Reject()
 668             else:
 669                 utils.fubar("Impossible answer '%s', wtf?" % (what))
 670
 671 ################################################################################
 672
 673 if __name__ == '__main__':
 674     main()
 675
 676 ################################################################################