3 import katie, logging, utils, db_access
4 import apt_pkg, os, sys, pwd, time, re, commands
6 re_taint_free = re.compile(r"^['/;\-\+\.\s\w]+$");
18 global Cnf, Katie, Options, Logger
20 Cnf = utils.get_conf()
21 Cnf["Dinstall::Options::No-Mail"] = "y"
22 Arguments = [('h', "help", "Amber::Options::Help"),
23 ('a', "automatic", "Amber::Options::Automatic"),
24 ('n', "no-action", "Amber::Options::No-Action"),
25 ('s', "sudo", "Amber::Options::Sudo"),
26 (' ', "no-upload", "Amber::Options::No-Upload"),
27 (' ', "drop-advisory", "Amber::Options::Drop-Advisory"),
28 ('A', "approve", "Amber::Options::Approve"),
29 ('R', "reject", "Amber::Options::Reject"),
30 ('D', "disembargo", "Amber::Options::Disembargo") ]
35 arguments = apt_pkg.ParseCommandLine(Cnf, Arguments, sys.argv)
37 Options = Cnf.SubTree("Amber::Options")
40 whoamifull = pwd.getpwuid(whoami)
41 username = whoamifull[0]
42 if username != "katie":
43 print "Non-katie user: %s" % username
50 if len(arguments) == 0:
51 utils.fubar("Process what?")
53 Katie = katie.Katie(Cnf)
54 if not Options["Sudo"] and not Options["No-Action"]:
55 Logger = Katie.Logger = logging.Logger(Cnf, "newamber")
64 def load_args(arguments):
65 global advisory, changes
68 if not arguments[0].endswith(".changes"):
69 adv_ids [arguments[0]] = 1
70 arguments = arguments[1:]
77 utils.fubar("can only deal with files in the current directory")
78 if not a.endswith(".changes"):
79 utils.fubar("not a .changes file: %s" % (a))
81 Katie.pkg.changes_file = a
83 if "adv id" in Katie.pkg.changes:
85 adv_ids[Katie.pkg.changes["adv id"]] = 1
87 null_adv_changes.append(a)
89 adv_ids = adv_ids.keys()
91 utils.fubar("multiple advisories selected: %s" % (", ".join(adv_ids)))
97 changes = changesfiles.keys()
98 return null_adv_changes
100 def load_adv_changes():
101 global srcverarches, changes
103 for c in os.listdir("."):
104 if not c.endswith(".changes"): continue
106 Katie.pkg.changes_file = c
108 if "adv id" not in Katie.pkg.changes:
110 if Katie.pkg.changes["adv id"] != advisory:
113 if c not in changes: changes.append(c)
114 srcver = "%s %s" % (Katie.pkg.changes["source"],
115 Katie.pkg.changes["version"])
116 srcverarches.setdefault(srcver, {})
117 for arch in Katie.pkg.changes["architecture"].keys():
118 srcverarches[srcver][arch] = 1
122 print "Advisory: %s" % (advisory)
128 svs = srcverarches.keys()
131 as = srcverarches[sv].keys()
133 print " %s (%s)" % (sv, ", ".join(as))
135 def prompt(opts, default):
141 p += ", [%s]%s" % (o[0], o[1:])
147 if Options["Automatic"]:
151 a = utils.our_raw_input(p) + default
156 def add_changes(extras):
160 Katie.pkg.changes_file = c
162 srcver = "%s %s" % (Katie.pkg.changes["source"], Katie.pkg.changes["version"])
163 srcverarches.setdefault(srcver, {})
164 for arch in Katie.pkg.changes["architecture"].keys():
165 srcverarches[srcver][arch] = 1
166 Katie.pkg.changes["adv id"] = advisory
167 Katie.dump_vars(os.getcwd())
170 if Options["Automatic"]: return True
172 answer = utils.our_raw_input(prompt + " ").lower()
175 print "Invalid answer; please try again."
178 if Options["No-Upload"]:
179 print "Not uploading as requested"
182 print "Would upload to ftp-master" # XXX
184 def generate_advisory(template):
185 global changes, advisory
188 updated_pkgs = {}; # updated_pkgs[distro][arch][file] = {path,md5,size}
191 arg = utils.validate_changes_file_arg(arg)
192 Katie.pkg.changes_file = arg
196 src = Katie.pkg.changes["source"]
197 src_ver = "%s (%s)" % (src, Katie.pkg.changes["version"])
198 if src_ver not in adv_packages:
199 adv_packages.append(src_ver)
201 suites = Katie.pkg.changes["distribution"].keys()
203 if not updated_pkgs.has_key(suite):
204 updated_pkgs[suite] = {}
206 files = Katie.pkg.files
207 for file in files.keys():
208 arch = files[file]["architecture"]
209 md5 = files[file]["md5sum"]
210 size = files[file]["size"]
211 poolname = Cnf["Dir::PoolRoot"] + \
212 utils.poolify(src, files[file]["component"])
213 if arch == "source" and file.endswith(".dsc"):
214 dscpoolname = poolname
216 if not updated_pkgs[suite].has_key(arch):
217 updated_pkgs[suite][arch] = {}
218 updated_pkgs[suite][arch][file] = {
219 "md5": md5, "size": size, "poolname": poolname }
221 dsc_files = Katie.pkg.dsc_files
222 for file in dsc_files.keys():
224 if not dsc_files[file].has_key("files id"):
227 # otherwise, it's already in the pool and needs to be
229 md5 = dsc_files[file]["md5sum"]
230 size = dsc_files[file]["size"]
232 if not updated_pkgs[suite].has_key(arch):
233 updated_pkgs[suite][arch] = {}
234 updated_pkgs[suite][arch][file] = {
235 "md5": md5, "size": size, "poolname": dscpoolname }
237 if os.environ.has_key("SUDO_UID"):
238 whoami = long(os.environ["SUDO_UID"])
241 whoamifull = pwd.getpwuid(whoami)
242 username = whoamifull[4].split(",")[0]
245 "__ADVISORY__": advisory,
246 "__WHOAMI__": username,
247 "__DATE__": time.strftime("%B %d, %Y", time.gmtime(time.time())),
248 "__PACKAGE__": ", ".join(adv_packages),
249 "__KATIE_ADDRESS__": Cnf["Dinstall::MyEmailAddress"]
252 if Cnf.has_key("Dinstall::Bcc"):
253 Subst["__BCC__"] = "Bcc: %s" % (Cnf["Dinstall::Bcc"])
256 archive = Cnf["Archive::%s::PrimaryMirror" % (utils.where_am_i())]
257 for suite in updated_pkgs.keys():
258 ver = Cnf["Suite::%s::Version" % suite]
259 if ver != "": ver += " "
260 suite_header = "%s %s(%s)" % (Cnf["Dinstall::MyDistribution"],
262 adv += "%s\n%s\n\n" % (suite_header, "-"*len(suite_header))
264 arches = Cnf.ValueList("Suite::%s::Architectures" % suite)
265 if "source" in arches:
266 arches.remove("source")
271 adv += "%s updates are available for %s.\n\n" % (
272 suite.capitalize(), utils.join_with_commas_and(arches))
274 for a in ["source", "all"] + arches:
275 if not updated_pkgs[suite].has_key(a):
279 adv += "Source archives:\n\n"
281 adv += "Architecture independent packages:\n\n"
283 adv += "%s architecture (%s)\n\n" % (a,
284 Cnf["Architectures::%s" % a])
286 for file in updated_pkgs[suite][a].keys():
287 adv += " http://%s/%s%s\n" % (
288 archive, updated_pkgs[suite][a][file]["poolname"], file)
289 adv += " Size/MD5 checksum: %8s %s\n" % (
290 updated_pkgs[suite][a][file]["size"],
291 updated_pkgs[suite][a][file]["md5"])
295 Subst["__ADVISORY_TEXT__"] = adv
297 adv = utils.TemplateSubst(Subst, template)
302 if not re_taint_free.match(command):
303 utils.fubar("Invalid character in \"%s\"." % (command))
305 if Options["No-Action"]:
306 print "[%s]" % (command)
308 (result, output) = commands.getstatusoutput(command)
310 utils.fubar("Invocation of '%s' failed:\n%s\n" % (command, output), result)
313 ##################### ! ! ! N O T E ! ! ! #####################
315 # These functions will be reinvoked by semi-priveleged users, be careful not
316 # to invoke external programs that will escalate privileges, etc.
318 ##################### ! ! ! N O T E ! ! ! #####################
320 def sudo(arg, fn, exit):
323 utils.fubar("Must set advisory name")
324 os.spawnl(os.P_WAIT, "/usr/bin/sudo","/usr/bin/sudo", "-u", "katie", "-H",
325 "/org/security.debian.org/katie/newamber", "-"+arg, "--", advisory)
331 def do_Approve(): sudo("A", _do_Approve, True)
333 # 1. dump advisory in drafts
334 draft = "/org/security.debian.org/advisories/drafts/%s" % (advisory)
335 print "Advisory in %s" % (draft)
336 if not Options["No-Action"]:
337 adv_file = "./advisory.%s" % (advisory)
338 if not os.path.exists(adv_file):
339 adv_file = Cnf["Dir::Templates"]+"/amber.advisory"
340 adv_fd = os.open(draft, os.O_RDWR|os.O_CREAT|os.O_EXCL, 0664)
341 os.write(adv_fd, generate_advisory(adv_file))
345 # 2. run kelly on changes
346 print "Accepting packages..."
347 spawn("%s/kelly -pa %s" % (Cnf["Dir::Katie"], " ".join(changes)))
349 # 3. run jenna / apt-ftparchve / ziyi / tiffani
350 if not Options["No-Action"]:
351 os.chdir(Cnf["Dir::Katie"])
353 print "Updating file lists for apt-ftparchive..."
355 print "Updating Packages and Sources files..."
356 spawn("apt-ftparchive generate %s" % (utils.which_apt_conf_file()))
357 print "Updating Release files..."
359 print "Triggering security mirrors..."
360 spawn("sudo -u archvsync /home/archvsync/signal_security")
362 # 4. chdir to done - do upload
363 if not Options["No-Action"]:
364 os.chdir(Cnf["Dir::Queue::Done"])
367 def do_Disembargo(): sudo("D", _do_Disembargo, True)
368 def _do_Disembargo():
369 if os.getcwd() != Cnf["Dir::Queue::Embargoed"].rstrip("/"):
370 utils.fubar("Can only disembargo from %s" % Cnf["Dir::Queue::Embargoed"])
372 dest = Cnf["Dir::Queue::Unembargoed"]
373 emb_q = db_access.get_or_set_queue_id("embargoed")
374 une_q = db_access.get_or_set_queue_id("unembargoed")
378 print "Disembargoing %s" % (c)
381 Katie.pkg.changes_file = c
384 if "source" in Katie.pkg.changes["architecture"].keys():
385 print "Adding %s %s to disembargo table" % (Katie.pkg.changes["source"], Katie.pkg.changes["version"])
386 Katie.projectB.query("INSERT INTO disembargo (package, version) VALUES ('%s', '%s')" % (Katie.pkg.changes["source"], Katie.pkg.changes["version"]))
389 for suite in Katie.pkg.changes["distribution"].keys():
390 if suite not in Cnf.ValueList("Dinstall::QueueBuildSuites"):
392 dest_dir = Cnf["Dir::QueueBuild"]
393 if Cnf.FindB("Dinstall::SecurityQueueBuild"):
394 dest_dir = os.path.join(dest_dir, suite)
395 for file in Katie.pkg.files.keys():
396 files[os.path.join(dest_dir, file)] = 1
399 Katie.projectB.query("BEGIN WORK")
401 Katie.projectB.query("UPDATE queue_build SET queue = %s WHERE filename = '%s' AND queue = %s" % (une_q, f, emb_q))
402 Katie.projectB.query("COMMIT WORK")
404 for file in Katie.pkg.files.keys():
405 utils.copy(file, os.path.join(dest, file))
409 utils.copy(c, os.path.join(dest, c))
412 utils.copy(k, os.path.join(dest, k))
415 def do_Reject(): sudo("R", _do_Reject, True)
419 print "Rejecting %s..." % (c)
421 Katie.pkg.changes_file = c
424 for suite in Katie.pkg.changes["distribution"].keys():
425 if suite not in Cnf.ValueList("Dinstall::QueueBuildSuites"):
427 dest_dir = Cnf["Dir::QueueBuild"]
428 if Cnf.FindB("Dinstall::SecurityQueueBuild"):
429 dest_dir = os.path.join(dest_dir, suite)
430 for file in Katie.pkg.files.keys():
431 files[os.path.join(dest_dir, file)] = 1
435 aborted = Katie.do_reject()
437 os.unlink(c[:-8]+".katie")
439 Katie.projectB.query(
440 "DELETE FROM queue_build WHERE filename = '%s'" % (f))
443 print "Updating buildd information..."
444 spawn("/org/security.debian.org/katie/cron.buildd-security")
446 adv_file = "./advisory.%s" % (advisory)
447 if os.path.exists(adv_file):
450 def do_DropAdvisory():
453 Katie.pkg.changes_file = c
455 del Katie.pkg.changes["adv id"]
456 Katie.dump_vars(os.getcwd())
460 adv_file = "./advisory.%s" % (advisory)
461 if not os.path.exists(adv_file):
462 utils.copy(Cnf["Dir::Templates"]+"/amber.advisory", adv_file)
463 editor = os.environ.get("EDITOR","vi")
464 result = os.system("%s %s" % (editor, adv_file))
466 utils.fubar("%s invocation failed for %s." % (editor, adv_file))
469 adv_file = "./advisory.%s" % (advisory)
470 if not os.path.exists(adv_file):
471 adv_file = Cnf["Dir::Templates"]+"/amber.advisory"
472 print "====\n%s\n====" % (generate_advisory(adv_file))
481 extras = load_args(args)
488 if srcverarches == {}:
489 if not yes_no("Create new advisory %s?" % (advisory)):
490 print "Not doing anything, then"
496 if yes_no("Add %s to %s?" % (c, advisory)):
502 utils.fubar("Must specify an advisory id")
505 utils.fubar("No changes specified")
507 if Options["Approve"]:
510 elif Options["Reject"]:
513 elif Options["Disembargo"]:
516 elif Options["Drop-Advisory"]:
522 opts = ["Approve", "Edit advisory"]
523 if os.path.exists("./advisory.%s" % advisory):
527 if os.getcwd() == Cnf["Dir::Queue::Embargoed"].rstrip("/"):
528 opts.append("Disembargo")
529 opts += ["Show advisory", "Reject", "Quit"]
532 what = prompt(opts, default)
536 elif what == "Approve":
538 elif what == "Edit advisory":
540 elif what == "Show advisory":
542 elif what == "Disembargo":
544 elif what == "Reject":
547 utils.fubar("Impossible answer '%s', wtf?" % (what))