#!/usr/bin/env python # Wrapper for Debian Security team # Copyright (C) 2002, 2003, 2004 James Troup # $Id: amber,v 1.10 2004-11-27 19:23:40 troup Exp $ # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 # USA ################################################################################ # neuro: ? # aj: PPG: the movie! july 3! # _PHWOAR_!!!!! # (you think you can distract me, and you're right) # urls?! # promo videos?! # where, where!? ################################################################################ import commands, os, pwd, re, sys, time; import apt_pkg; import katie, utils; ################################################################################ Cnf = None; Options = None; Katie = None; re_taint_free = re.compile(r"^['/;\-\+\.\s\w]+$"); ################################################################################ def usage (exit_code=0): print """Usage: amber ADV_NUMBER CHANGES_FILE[...] Install CHANGES_FILE(s) as security advisory ADV_NUMBER -h, --help show this help and exit -n, --no-action don't do anything """ sys.exit(exit_code) ################################################################################ def do_upload(changes_files): file_list = ""; suites = {}; component_mapping = {}; for component in Cnf.SubTree("Amber::ComponentMappings").List(): component_mapping[component] = Cnf["Amber::ComponentMappings::%s" % (component)]; uploads = {}; # uploads[uri] = file_list; package_list = {} # package_list[source_name][version]; changes_files.sort(utils.changes_compare); for changes_file in changes_files: changes_file = utils.validate_changes_file_arg(changes_file); # Reset variables components = {}; upload_uris = {}; file_list = []; Katie.init_vars(); # Parse the .katie file for the .changes file Katie.pkg.changes_file = changes_file; Katie.update_vars(); files = Katie.pkg.files; changes = Katie.pkg.changes; dsc = Katie.pkg.dsc; # Build the file list for this .changes file for file in files.keys(): poolname = os.path.join(Cnf["Dir::Root"], Cnf["Dir::PoolRoot"], utils.poolify(changes["source"], files[file]["component"]), file); file_list.append(poolname); orig_component = files[file].get("original component", files[file]["component"]); components[orig_component] = ""; file_list.append(changes_file); # Determine the upload uri for this .changes file for component in components.keys(): upload_uri = component_mapping.get(component); if upload_uri: upload_uris[upload_uri] = ""; num_upload_uris = len(upload_uris.keys()); if num_upload_uris == 0: utils.fubar("%s: No valid upload URI found from components (%s)." % (changes_file, ", ".join(components.keys()))); elif num_upload_uris > 1: utils.fubar("%s: more than one upload URI (%s) from components (%s)." % (changes_file, ", ".join(upload_uris.keys()), ", ".join(components.keys()))); upload_uri = upload_uris.keys()[0]; # Update the file list for the upload uri if not uploads.has_key(upload_uri): uploads[upload_uri] = []; uploads[upload_uri].extend(file_list); # Remember the suites and source name/version for suite in changes["distribution"].keys(): suites[suite] = ""; # Remember the source name and version if changes["architecture"].has_key("source") and \ changes["distribution"].has_key("testing"): if not package_list.has_key(dsc["source"]): package_list[dsc["source"]] = {}; package_list[dsc["source"]][dsc["version"]] = ""; if len(suites.keys()) == 1 and suites.has_key("oldstable"): print "Advisory only for 'oldstable'; not uploading elsewhere."; return; if not Options["No-Action"]: answer = yes_no("Upload to files to main archive (Y/n)?"); if answer != "y": return; for uri in uploads.keys(): (host, path) = uri.split(":"); file_list = " ".join(uploads[uri]); print "Uploading files to %s..." % (host); spawn("lftp -c 'open %s; cd %s; put %s'" % (host, path, file_list)); if not Options["No-Action"]: filename = "%s/testing-processed" % (Cnf["Dir::Log"]); file = utils.open_file(filename, 'a'); for source in package_list.keys(): for version in package_list[source].keys(): file.write(" ".join([source, version])+'\n'); file.close(); ###################################################################### # This function was originally written by aj and NIHishly merged into # amber by me. def make_advisory(advisory_nr, changes_files): adv_packages = []; updated_pkgs = {}; # updated_pkgs[distro][arch][file] = {path,md5,size} for arg in changes_files: arg = utils.validate_changes_file_arg(arg); Katie.pkg.changes_file = arg; Katie.init_vars(); Katie.update_vars(); src = Katie.pkg.changes["source"]; if src not in adv_packages: adv_packages += [src]; suites = Katie.pkg.changes["distribution"].keys(); for suite in suites: if not updated_pkgs.has_key(suite): updated_pkgs[suite] = {}; files = Katie.pkg.files; for file in files.keys(): arch = files[file]["architecture"]; md5 = files[file]["md5sum"]; size = files[file]["size"]; poolname = Cnf["Dir::PoolRoot"] + \ utils.poolify(src, files[file]["component"]); if arch == "source" and file.endswith(".dsc"): dscpoolname = poolname; for suite in suites: if not updated_pkgs[suite].has_key(arch): updated_pkgs[suite][arch] = {} updated_pkgs[suite][arch][file] = { "md5": md5, "size": size, "poolname": poolname }; dsc_files = Katie.pkg.dsc_files; for file in dsc_files.keys(): arch = "source" if not dsc_files[file].has_key("files id"): continue; # otherwise, it's already in the pool and needs to be # listed specially md5 = dsc_files[file]["md5sum"]; size = dsc_files[file]["size"]; for suite in suites: if not updated_pkgs[suite].has_key(arch): updated_pkgs[suite][arch] = {}; updated_pkgs[suite][arch][file] = { "md5": md5, "size": size, "poolname": dscpoolname }; if os.environ.has_key("SUDO_UID"): whoami = long(os.environ["SUDO_UID"]); else: whoami = os.getuid(); whoamifull = pwd.getpwuid(whoami); username = whoamifull[4].split(",")[0]; Subst = { "__ADVISORY__": advisory_nr, "__WHOAMI__": username, "__DATE__": time.strftime("%B %d, %Y", time.gmtime(time.time())), "__PACKAGE__": ", ".join(adv_packages), "__KATIE_ADDRESS__": Cnf["Dinstall::MyEmailAddress"] }; if Cnf.has_key("Dinstall::Bcc"): Subst["__BCC__"] = "Bcc: %s" % (Cnf["Dinstall::Bcc"]); adv = ""; archive = Cnf["Archive::%s::PrimaryMirror" % (utils.where_am_i())]; for suite in updated_pkgs.keys(): suite_header = "%s %s (%s)" % (Cnf["Dinstall::MyDistribution"], Cnf["Suite::%s::Version" % suite], suite); adv += "%s\n%s\n\n" % (suite_header, "-"*len(suite_header)); arches = Cnf.ValueList("Suite::%s::Architectures" % suite); if "source" in arches: arches.remove("source"); if "all" in arches: arches.remove("all"); arches.sort(); adv += " %s was released for %s.\n\n" % ( suite.capitalize(), utils.join_with_commas_and(arches)); for a in ["source", "all"] + arches: if not updated_pkgs[suite].has_key(a): continue; if a == "source": adv += " Source archives:\n\n"; elif a == "all": adv += " Architecture independent packages:\n\n"; else: adv += " %s architecture (%s)\n\n" % (a, Cnf["Architectures::%s" % a]); for file in updated_pkgs[suite][a].keys(): adv += " http://%s/%s%s\n" % ( archive, updated_pkgs[suite][a][file]["poolname"], file); adv += " Size/MD5 checksum: %8s %s\n" % ( updated_pkgs[suite][a][file]["size"], updated_pkgs[suite][a][file]["md5"]); adv += "\n"; adv = adv.rstrip(); Subst["__ADVISORY_TEXT__"] = adv; adv = utils.TemplateSubst(Subst, Cnf["Dir::Templates"]+"/amber.advisory"); if not Options["No-Action"]: utils.send_mail (adv); else: print "[]"; ###################################################################### def init(): global Cnf, Katie, Options; apt_pkg.init(); Cnf = utils.get_conf(); Arguments = [('h', "help", "Amber::Options::Help"), ('n', "no-action", "Amber::Options::No-Action")]; for i in [ "help", "no-action" ]: Cnf["Amber::Options::%s" % (i)] = ""; arguments = apt_pkg.ParseCommandLine(Cnf,Arguments,sys.argv); Options = Cnf.SubTree("Amber::Options") Katie = katie.Katie(Cnf); if Options["Help"]: usage(0); if not arguments: usage(1); advisory_number = arguments[0]; changes_files = arguments[1:]; if advisory_number.endswith(".changes"): utils.warn("first argument must be the advisory number."); usage(1); for file in changes_files: file = utils.validate_changes_file_arg(file); return (advisory_number, changes_files); ###################################################################### def yes_no(prompt): while 1: answer = utils.our_raw_input(prompt+" ").lower(); if answer == "y" or answer == "n": break; else: print "Invalid answer; please try again."; return answer; ###################################################################### def spawn(command): if not re_taint_free.match(command): utils.fubar("Invalid character in \"%s\"." % (command)); if Options["No-Action"]: print "[%s]" % (command); else: (result, output) = commands.getstatusoutput(command); if (result != 0): utils.fubar("Invocation of '%s' failed:\n%s\n" % (command, output), result); ###################################################################### def main(): (advisory_number, changes_files) = init(); if not Options["No-Action"]: print "About to install the following files: " for file in changes_files: print " %s" % (file); answer = yes_no("Continue (Y/n)?"); if answer == "n": sys.exit(0); os.chdir(Cnf["Dir::Queue::Accepted"]); print "Installing packages into the archive..."; spawn("%s/kelly -pa %s" % (Cnf["Dir::Katie"], " ".join(changes_files))); os.chdir(Cnf["Dir::Katie"]); print "Updating file lists for apt-ftparchive..."; spawn("./jenna"); print "Updating Packages and Sources files..."; spawn("apt-ftparchive generate %s" % (utils.which_apt_conf_file())); print "Updating Release files..."; spawn("./ziyi"); if not Options["No-Action"]: os.chdir(Cnf["Dir::Queue::Done"]); else: os.chdir(Cnf["Dir::Queue::Accepted"]); print "Generating template advisory..."; make_advisory(advisory_number, changes_files); do_upload(changes_files); ################################################################################ if __name__ == '__main__': main(); ################################################################################