gen-DLA: similar to gen-DSA, awaiting merge

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@27894 e39458fd-73e7-0310-bf30-c45bca0a0e42

1 files changed, 328 insertions, 0 deletions

diff --git a/bin/gen-DLA b/bin/gen-DLA
new file mode 100755
index 0000000000..1fa6a96306
--- /dev/null
+++ b/bin/gen-DLA
@@ -0,0 +1,328 @@
+#!/bin/sh
+
+####################
+#    Copyright (C) 2011, 2012, 2013, 2014 by Raphael Geissert <geissert@debian.org>
+#
+#
+#    This file is free software: you can redistribute it and/or modify
+#    it under the terms of the GNU General Public License as published by
+#    the Free Software Foundation, either version 3 of the License, or
+#    (at your option) any later version.
+#
+#    This file is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    GNU General Public License for more details.
+#
+#    You should have received a copy of the GNU General Public License
+#    along with this file.  If not, see <http://www.gnu.org/licenses/>.
+####################
+
+set -e
+
+OLDSTABLE=squeeze
+
+export LANG=C
+
+[ -f doc/DLA.template ] || {
+    echo "error: call this script from the root of the repository" >&2
+    exit 1
+}
+
+[ $# -ge 1 ] || {
+    echo "usage: $0 [--save] [--embargoed|--unembargo] [DLA] package [regression] [cve(s) [bugnumber(s)]]"
+    echo "       'DLA' is the DLA number, required when issuing a revision"
+    echo "       'cve(s)' and 'bugnumber(s)' can be passed in any order but"
+    echo "         always AFTER the description"
+    echo "       If it doesn't like your bug number, prefix it with # and report"
+    exit 1
+} >&2
+
+save=false
+if [ "$1" = "--save" ]; then
+    save=true
+    shift
+fi
+
+embargoed=false
+if [ "$1" = "--embargoed" ]; then
+    embargoed=true
+    shift
+fi
+
+unembargo=false
+if [ "$1" = "--unembargo" ]; then
+    unembargo=true
+    shift
+    set -- "$1"
+fi
+
+toupper() {
+    printf '%s' "$1" | tr '[:lower:]' '[:upper:]'
+}
+
+tolower() {
+    printf '%s' "$1" | tr '[:upper:]' '[:lower:]'
+}
+
+split_n_sort() {
+    printf '%s' "$1" | sed -r 's/[ ,;]+/ /g;s/^ //' | tr ' ' "\n" | sort -u |
+    sort -n | tr "\n" ' ' | sed -r 's/\s+/ /g;s/\s$//'
+}
+
+_d_space() {
+    local direction="$1" text="$2" to_length="$3"
+    local right='' left='' output='' spacing=0
+
+    if [ "$direction" = 'right' ]; then
+	right=' '
+    elif [ "$direction" = 'left' ]; then
+	left=' '
+    else
+	echo FIXME >&2
+	exit 1
+    fi
+
+    spacing=$(($to_length-${#text}))
+    output="$text"
+    while [ $spacing -gt 0 ]; do
+	output="${left}${output}${right}"
+	spacing=$((spacing-1))
+    done
+    printf '%s' "$output"
+}
+
+left_space() {
+    _d_space left "$@"
+}
+
+right_space() {
+    _d_space right "$@"
+}
+
+warn() {
+    printf "${YELLOW}warning:${NORMAL} %s\n" "$1"
+}
+
+notice() {
+    printf "${MAGENTA}notice:${NORMAL} %s\n" "$1"
+}
+
+error() {
+    printf "${RED}error:${NORMAL} %s\n" "$1"
+}
+
+setvar() {
+    local var="$1" value="$2"
+
+    if [ -z "$value" ]; then
+	value="$(eval 'printf "%s" "$'"$var"'"')"
+    fi
+
+    sed -i "s=\$$var=$value=g" "$tmpf"
+}
+
+if which tput >/dev/null; then
+    RED=$(tput setaf 1)
+    YELLOW=$(tput setaf 3)
+    MAGENTA=$(tput setaf 5)
+    NORMAL=$(tput op)
+else
+    RED=''
+    YELLOW=''
+    MAGENTA=''
+    NORMAL=''
+fi
+
+DLAID=
+if printf '%s' "$1" | grep -Eq '^(DLA-|)[0-9]+(-[0-9]+|)$'; then
+    DLAID="${1#DLA-}"
+    shift
+fi
+
+PACKAGE="$(tolower "$1")"
+shift
+
+TYPE=security
+if [ regression = "$1" ]; then
+    TYPE=regression
+    shift
+fi
+
+CVE=
+BUGNUM=
+REFERENCES=0
+TEXT=
+
+while [ $# -gt 0 ]; do
+    case "$1" in
+	[cC][vV][eE]-*)
+	    CVE="$CVE $(toupper "$1")"
+	;;
+	[0-9][0-9][0-9][0-9][0-9][0-9]|[#][0-9]*)
+	    BUGNUM="$BUGNUM ${1#\#}"
+	;;
+	*)
+	    error "Don't know what to do with '$1' argument" >&2
+	    exit 1
+	;;
+    esac
+    shift
+done
+
+BUGNUM="$(split_n_sort "$BUGNUM")"
+
+CVE="$(split_n_sort "$CVE")"
+cve_spacing=
+
+for i in $(seq 0 16); do
+    cve_spacing="$cve_spacing "
+done
+sed_cmd='s/((CVE-[0-9-]+[ ]+){4})(.+)$/\1\\n'"$cve_spacing"'\3/g;P;D'
+CVE_LIST="$(printf '%s' "$CVE" | sed -r "$sed_cmd")"
+
+for id in $CVE; do
+    REFERENCES=$(($REFERENCES+1))
+    grep -wq "^$id" data/CVE/list || {
+	warn "'$id' is not known" >&2
+    }
+
+    TEXT="$TEXT\n\n$id\n\n    Description"
+done
+
+if [ $REFERENCES -eq 1 ]; then
+    TEXT=
+fi
+
+if [ -n "$TEXT" ]; then
+    TEXT="Brief introduction $TEXT"
+    
+    if ! $save; then
+	TEXT="The CVE ids will be listed here when --save'ing"
+    fi
+fi
+
+case "$DLAID" in
+    *-*|'')
+	:
+    ;;
+    *)
+	notice "missing DLA revision number, assuming 1" >&2
+	DLAID="$DLAID-1"
+    ;;
+esac
+
+dla_exists() {
+    grep -wq "DLA-$1" data/DLA/list
+}
+
+if $embargoed; then
+    DLAID=EMBRGD-"$PACKAGE"
+fi
+
+if [ -z "$DLAID" ]; then
+    latest_dla="$(sed -nr '/DLA-[0-9]+-1/{s/^.+DLA-([0-9]+).*$/\1/;p;q}' data/DLA/list)"
+    dla=$(($latest_dla+1))
+    c=0
+    while dla_exists "$dla-1"; do
+	dla=$(($dla+1))
+	c=$(($c+1))
+	if [ $c -eq 10 ]; then
+	    error "unable to find an unused DLA id after $c attempts" >&2
+	    error "to workaround specify an id as the first parameter" >&2
+	    exit 1
+	fi
+    done
+    DLAID="$dla-1"
+fi
+
+if dla_exists "$DLAID"; then
+    error "DLA-$DLAID has already been used" >&2
+    exit 1
+fi
+
+if $unembargo; then
+    EMBRGD_ID="EMBRGD-$PACKAGE"
+    mv "DLA-${EMBRGD_ID}" DLA-"$DLAID"
+
+    # get the date of when the embargoed entry was generated
+    gen_date="$(sed -rn "/DLA-${EMBRGD_ID}/{s/^\[(.+)\].+$/\1/;p;t}" data/DLA/list)"
+
+    OLD_DATE="$(date -d "$gen_date" +"%B %d, %Y")"
+
+    NEW_DATE="$(date +"%B %d, %Y")"
+
+    sed -ri "/DLA-${EMBRGD_ID}/{s/\[.+\]/[$(date +"%d %b %Y")]/;s/DLA-${EMBRGD_ID}/DLA-$DLAID/;}" data/DLA/list
+    sed -i "s/${EMBRGD_ID}/$DLAID/g" DLA-"$DLAID"
+
+    echo "'Unembargoing' as DLA-$DLAID"
+    exit
+fi
+
+tmpf=$(mktemp)
+cat doc/DLA.template > $tmpf
+
+if [ "$TYPE" = regression ]; then
+    sed -ri '/^Subject:/s/security update$/regression update/' $tmpf
+fi
+
+if [ $REFERENCES -gt 1 ]; then
+    sed -ri 's/this problem has/these problems have/' $tmpf
+fi
+
+DATE="$(date +"%B %d, %Y")"
+
+setvar DEBEMAIL
+setvar DEBFULLNAME
+setvar PACKAGE
+setvar CVE "$CVE_LIST"
+setvar DLAID
+setvar BUGNUM
+setvar OLDSTABLE
+setvar DATE
+setvar TEXT "${TEXT:-DLA text goes here}"
+
+for dist in $OLDSTABLE; do
+    version="$(eval 'printf "%s" "$'"$dist"_VERSION'"')"
+    if $save && [ -z "$version" ] && grep -q "${dist}_VERSION" "$tmpf"; then
+	printf "Enter $dist's version [unset]: "
+	read version
+	if [ -n "$version" ]; then
+	    eval "${dist}_VERSION='$version'"
+	fi
+    fi
+    [ -z "$version" ] || setvar "${dist}_VERSION" "$version"
+done
+
+if ! $save; then
+    cat $tmpf
+    echo
+    echo " ---- "
+    echo "Pass --save as the first parameter to save the text to DLA-$DLAID"
+    echo "(the data/DLA/list entry will also be added)"
+    rm -f "$tmpf"
+    exit
+else
+    mv -i $tmpf "DLA-$DLAID" || { rm -f $tmpf; exit; }
+    dla_entry=$(mktemp)
+    cat <<EOF > $dla_entry
+[$(date +"%d %b %Y")] DLA-$DLAID $PACKAGE - $TYPE update
+EOF
+
+    if [ "$CVE" ]; then
+	printf "\t{%s}\n" "$CVE" >> $dla_entry
+    fi
+
+    for dist in $OLDSTABLE; do
+	version="$(eval 'printf "%s" "$'"$dist"_VERSION'"')"
+	[ -z "$version" ] || \
+	    printf "\t[%s] - %s %s\n" "$dist" "$PACKAGE" "$version" >> $dla_entry
+    done
+    tmp_list="$(mktemp)"
+    cat $dla_entry data/DLA/list > $tmp_list
+    cat $tmp_list > data/DLA/list
+    rm -f $tmp_list
+    sed -rn '/^'"$PACKAGE"'\b/{: next;n;/^\s/b next;d};p' data/dla-needed.txt > data/dla-needed.txt.new
+    mv data/dla-needed.txt.new data/dla-needed.txt
+    echo "DLA text written to ./DLA-$DLAID"
+fi