dak/security_install.py

   1 #!/usr/bin/env python
   2
   3 # Wrapper for Debian Security team
   4 # Copyright (C) 2002, 2003, 2004, 2006  James Troup <james@nocrew.org>
   5
   6 # This program is free software; you can redistribute it and/or modify
   7 # it under the terms of the GNU General Public License as published by
   8 # the Free Software Foundation; either version 2 of the License, or
   9 # (at your option) any later version.
  10
  11 # This program is distributed in the hope that it will be useful, but
  12 # WITHOUT ANY WARRANTY; without even the implied warranty of
  13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  14 # General Public License for more details.
  15
  16 # You should have received a copy of the GNU General Public License
  17 # along with this program; if not, write to the Free Software
  18 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
  19 # USA
  20
  21 ################################################################################
  22
  23 # <aj> neuro: <usual question>?
  24 # <neuro> aj: PPG: the movie!  july 3!
  25 # <aj> _PHWOAR_!!!!!
  26 # <aj> (you think you can distract me, and you're right)
  27 # <aj> urls?!
  28 # <aj> promo videos?!
  29 # <aj> where, where!?
  30
  31 ################################################################################
  32
  33 import commands, os, pwd, re, sys, time
  34 import apt_pkg
  35 import daklib.queue as queue
  36 import daklib.utils
  37
  38 ################################################################################
  39
  40 Cnf = None
  41 Options = None
  42 Upload = None
  43
  44 re_taint_free = re.compile(r"^['/;\-\+\.\s\w]+$")
  45
  46 ################################################################################
  47
  48 def usage (exit_code=0):
  49     print """Usage: dak security-install ADV_NUMBER CHANGES_FILE[...]
  50 Install CHANGES_FILE(s) as security advisory ADV_NUMBER
  51
  52   -h, --help                 show this help and exit
  53   -n, --no-action            don't do anything
  54
  55 """
  56     sys.exit(exit_code)
  57
  58 ################################################################################
  59
  60 def do_upload(changes_files):
  61     file_list = ""
  62     suites = {}
  63     component_mapping = {}
  64     for component in Cnf.SubTree("Security-Install::ComponentMappings").List():
  65         component_mapping[component] = Cnf["Security-Install::ComponentMappings::%s" % (component)]
  66     uploads = {}; # uploads[uri] = file_list
  67     changesfiles = {}; # changesfiles[uri] = file_list
  68     package_list = {} # package_list[source_name][version]
  69     changes_files.sort(daklib.utils.changes_compare)
  70     for changes_file in changes_files:
  71         changes_file = daklib.utils.validate_changes_file_arg(changes_file)
  72         # Reset variables
  73         components = {}
  74         upload_uris = {}
  75         file_list = []
  76         Upload.init_vars()
  77         # Parse the .dak file for the .changes file
  78         Upload.pkg.changes_file = changes_file
  79         Upload.update_vars()
  80         files = Upload.pkg.files
  81         changes = Upload.pkg.changes
  82         dsc = Upload.pkg.dsc
  83         # We have the changes, now return if its amd64, to not upload them to ftp-master
  84         if changes["architecture"].has_key("amd64"):
  85             print "Not uploading amd64 part to ftp-master\n"
  86             continue
  87         # Build the file list for this .changes file
  88         for f in files.keys():
  89             poolname = os.path.join(Cnf["Dir::Root"], Cnf["Dir::PoolRoot"],
  90                                     daklib.utils.poolify(changes["source"], files[f]["component"]),
  91                                     f)
  92             file_list.append(poolname)
  93             orig_component = files[f].get("original component", files[f]["component"])
  94             components[orig_component] = ""
  95         # Determine the upload uri for this .changes file
  96         for component in components.keys():
  97             upload_uri = component_mapping.get(component)
  98             if upload_uri:
  99                 upload_uris[upload_uri] = ""
 100         num_upload_uris = len(upload_uris.keys())
 101         if num_upload_uris == 0:
 102             daklib.utils.fubar("%s: No valid upload URI found from components (%s)."
 103                         % (changes_file, ", ".join(components.keys())))
 104         elif num_upload_uris > 1:
 105             daklib.utils.fubar("%s: more than one upload URI (%s) from components (%s)."
 106                         % (changes_file, ", ".join(upload_uris.keys()),
 107                            ", ".join(components.keys())))
 108         upload_uri = upload_uris.keys()[0]
 109         # Update the file list for the upload uri
 110         if not uploads.has_key(upload_uri):
 111             uploads[upload_uri] = []
 112         uploads[upload_uri].extend(file_list)
 113         # Update the changes list for the upload uri
 114         if not changesfiles.has_key(upload_uri):
 115             changesfiles[upload_uri] = []
 116         changesfiles[upload_uri].append(changes_file)
 117         # Remember the suites and source name/version
 118         for suite in changes["distribution"].keys():
 119             suites[suite] = ""
 120         # Remember the source name and version
 121         if changes["architecture"].has_key("source") and \
 122            changes["distribution"].has_key("testing"):
 123             if not package_list.has_key(dsc["source"]):
 124                 package_list[dsc["source"]] = {}
 125             package_list[dsc["source"]][dsc["version"]] = ""
 126
 127     if not Options["No-Action"]:
 128         answer = yes_no("Upload to files to main archive (Y/n)?")
 129         if answer != "y":
 130             return
 131
 132     for uri in uploads.keys():
 133         uploads[uri].extend(changesfiles[uri])
 134         (host, path) = uri.split(":")
 135         file_list = " ".join(uploads[uri])
 136         print "Uploading files to %s..." % (host)
 137         spawn("lftp -c 'open %s; cd %s; put %s'" % (host, path, file_list))
 138
 139     if not Options["No-Action"]:
 140         filename = "%s/testing-processed" % (Cnf["Dir::Log"])
 141         f = daklib.utils.open_file(filename, 'a')
 142         for source in package_list.keys():
 143             for version in package_list[source].keys():
 144                 f.write(" ".join([source, version])+'\n')
 145         f.close()
 146
 147 ######################################################################
 148 # This function was originally written by aj and NIHishly merged into
 149 # 'dak security-install' by me.
 150
 151 def make_advisory(advisory_nr, changes_files):
 152     adv_packages = []
 153     updated_pkgs = {};  # updated_pkgs[distro][arch][file] = {path,md5,size}
 154
 155     for arg in changes_files:
 156         arg = daklib.utils.validate_changes_file_arg(arg)
 157         Upload.pkg.changes_file = arg
 158         Upload.init_vars()
 159         Upload.update_vars()
 160
 161         src = Upload.pkg.changes["source"]
 162         if src not in adv_packages:
 163             adv_packages += [src]
 164
 165         suites = Upload.pkg.changes["distribution"].keys()
 166         for suite in suites:
 167             if not updated_pkgs.has_key(suite):
 168                 updated_pkgs[suite] = {}
 169
 170         files = Upload.pkg.files
 171         for f in files.keys():
 172             arch = files[f]["architecture"]
 173             md5 = files[f]["md5sum"]
 174             size = files[f]["size"]
 175             poolname = Cnf["Dir::PoolRoot"] + \
 176                 daklib.utils.poolify(src, files[f]["component"])
 177             if arch == "source" and f.endswith(".dsc"):
 178                 dscpoolname = poolname
 179             for suite in suites:
 180                 if not updated_pkgs[suite].has_key(arch):
 181                     updated_pkgs[suite][arch] = {}
 182                 updated_pkgs[suite][arch][f] = {
 183                     "md5": md5, "size": size,
 184                     "poolname": poolname }
 185
 186         dsc_files = Upload.pkg.dsc_files
 187         for f in dsc_files.keys():
 188             arch = "source"
 189             if not dsc_files[f].has_key("files id"):
 190                 continue
 191
 192             # otherwise, it's already in the pool and needs to be
 193             # listed specially
 194             md5 = dsc_files[f]["md5sum"]
 195             size = dsc_files[f]["size"]
 196             for suite in suites:
 197                 if not updated_pkgs[suite].has_key(arch):
 198                     updated_pkgs[suite][arch] = {}
 199                 updated_pkgs[suite][arch][f] = {
 200                     "md5": md5, "size": size,
 201                     "poolname": dscpoolname }
 202
 203     if os.environ.has_key("SUDO_UID"):
 204         whoami = long(os.environ["SUDO_UID"])
 205     else:
 206         whoami = os.getuid()
 207     whoamifull = pwd.getpwuid(whoami)
 208     username = whoamifull[4].split(",")[0]
 209
 210     Subst = {
 211         "__ADVISORY__": advisory_nr,
 212         "__WHOAMI__": username,
 213         "__DATE__": time.strftime("%B %d, %Y", time.gmtime(time.time())),
 214         "__PACKAGE__": ", ".join(adv_packages),
 215         "__DAK_ADDRESS__": Cnf["Dinstall::MyEmailAddress"]
 216         }
 217
 218     if Cnf.has_key("Dinstall::Bcc"):
 219         Subst["__BCC__"] = "Bcc: %s" % (Cnf["Dinstall::Bcc"])
 220
 221     adv = ""
 222     archive = Cnf["Archive::%s::PrimaryMirror" % (daklib.utils.where_am_i())]
 223     for suite in updated_pkgs.keys():
 224         suite_header = "%s %s (%s)" % (Cnf["Dinstall::MyDistribution"],
 225                                        Cnf["Suite::%s::Version" % suite], suite)
 226         adv += "%s\n%s\n\n" % (suite_header, "-"*len(suite_header))
 227
 228         arches = Cnf.ValueList("Suite::%s::Architectures" % suite)
 229         if "source" in arches:
 230             arches.remove("source")
 231         if "all" in arches:
 232             arches.remove("all")
 233         arches.sort()
 234
 235         adv += "  %s was released for %s.\n\n" % (
 236                 suite.capitalize(), daklib.utils.join_with_commas_and(arches))
 237
 238         for a in ["source", "all"] + arches:
 239             if not updated_pkgs[suite].has_key(a):
 240                 continue
 241
 242             if a == "source":
 243                 adv += "  Source archives:\n\n"
 244             elif a == "all":
 245                 adv += "  Architecture independent packages:\n\n"
 246             else:
 247                 adv += "  %s architecture (%s)\n\n" % (a,
 248                         Cnf["Architectures::%s" % a])
 249
 250             for f in updated_pkgs[suite][a].keys():
 251                 adv += "    http://%s/%s%s\n" % (
 252                                 archive, updated_pkgs[suite][a][f]["poolname"], f)
 253                 adv += "      Size/MD5 checksum: %8s %s\n" % (
 254                         updated_pkgs[suite][a][f]["size"],
 255                         updated_pkgs[suite][a][f]["md5"])
 256             adv += "\n"
 257     adv = adv.rstrip()
 258
 259     Subst["__ADVISORY_TEXT__"] = adv
 260
 261     adv = daklib.utils.TemplateSubst(Subst, Cnf["Dir::Templates"]+"/security-install.advisory")
 262     if not Options["No-Action"]:
 263         daklib.utils.send_mail (adv)
 264     else:
 265         print "[<Would send template advisory mail>]"
 266
 267 ######################################################################
 268
 269 def init():
 270     global Cnf, Upload, Options
 271
 272     apt_pkg.init()
 273     Cnf = daklib.utils.get_conf()
 274
 275     Arguments = [('h', "help", "Security-Install::Options::Help"),
 276                  ('n', "no-action", "Security-Install::Options::No-Action")]
 277
 278     for i in [ "help", "no-action" ]:
 279         Cnf["Security-Install::Options::%s" % (i)] = ""
 280
 281     arguments = apt_pkg.ParseCommandLine(Cnf,Arguments,sys.argv)
 282     Options = Cnf.SubTree("Security-Install::Options")
 283     Upload = queue.Upload(Cnf)
 284
 285     if Options["Help"]:
 286         usage(0)
 287
 288     if not arguments:
 289         usage(1)
 290
 291     advisory_number = arguments[0]
 292     changes_files = arguments[1:]
 293     if advisory_number.endswith(".changes"):
 294         daklib.utils.warn("first argument must be the advisory number.")
 295         usage(1)
 296     for f in changes_files:
 297         f = daklib.utils.validate_changes_file_arg(f)
 298     return (advisory_number, changes_files)
 299
 300 ######################################################################
 301
 302 def yes_no(prompt):
 303     while 1:
 304         answer = daklib.utils.our_raw_input(prompt+" ").lower()
 305         if answer == "y" or answer == "n":
 306             break
 307         else:
 308             print "Invalid answer; please try again."
 309     return answer
 310
 311 ######################################################################
 312
 313 def spawn(command):
 314     if not re_taint_free.match(command):
 315         daklib.utils.fubar("Invalid character in \"%s\"." % (command))
 316
 317     if Options["No-Action"]:
 318         print "[%s]" % (command)
 319     else:
 320         (result, output) = commands.getstatusoutput(command)
 321         if (result != 0):
 322             daklib.utils.fubar("Invocation of '%s' failed:\n%s\n" % (command, output), result)
 323
 324 ######################################################################
 325
 326
 327 def main():
 328     print "Disabled. See your team@security email, and/or contact aj on OFTC."
 329     sys.exit(1)
 330
 331     (advisory_number, changes_files) = init()
 332
 333     if not Options["No-Action"]:
 334         print "About to install the following files: "
 335         for f in changes_files:
 336             print "  %s" % (f)
 337         answer = yes_no("Continue (Y/n)?")
 338         if answer == "n":
 339             sys.exit(0)
 340
 341     os.chdir(Cnf["Dir::Queue::Accepted"])
 342     print "Installing packages into the archive..."
 343     spawn("dak process-accepted -pa %s" % (" ".join(changes_files)))
 344     os.chdir(Cnf["Dir::Dak"])
 345     print "Updating file lists for apt-ftparchive..."
 346     spawn("dak make-suite-file-list")
 347     print "Updating Packages and Sources files..."
 348     spawn("apt-ftparchive generate %s" % (daklib.utils.which_apt_conf_file()))
 349     print "Updating Release files..."
 350     spawn("dak generate-releases")
 351
 352     if not Options["No-Action"]:
 353         os.chdir(Cnf["Dir::Queue::Done"])
 354     else:
 355         os.chdir(Cnf["Dir::Queue::Accepted"])
 356     print "Generating template advisory..."
 357     make_advisory(advisory_number, changes_files)
 358
 359     # Trigger security mirrors
 360     spawn("sudo -u archvsync /home/archvsync/signal_security")
 361
 362     do_upload(changes_files)
 363
 364 ################################################################################
 365
 366 if __name__ == '__main__':
 367     main()
 368
 369 ################################################################################