diff options
author | Raphael Geissert <geissert@debian.org> | 2014-07-22 20:26:58 +0000 |
---|---|---|
committer | Raphael Geissert <geissert@debian.org> | 2014-07-22 20:26:58 +0000 |
commit | 126807149ddb6d9cd75dd1010e7bd506e18c9bc3 (patch) | |
tree | 4feb2c57272e423ffc9e07e8673a34125d6ddf83 /bin/gen-DLA | |
parent | 1871f7818cd6da424837856b32c879f1c9c638be (diff) |
gen-DLA: similar to gen-DSA, awaiting merge
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@27894 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'bin/gen-DLA')
-rwxr-xr-x | bin/gen-DLA | 328 |
1 files changed, 328 insertions, 0 deletions
diff --git a/bin/gen-DLA b/bin/gen-DLA new file mode 100755 index 0000000000..1fa6a96306 --- /dev/null +++ b/bin/gen-DLA @@ -0,0 +1,328 @@ +#!/bin/sh + +#################### +# Copyright (C) 2011, 2012, 2013, 2014 by Raphael Geissert <geissert@debian.org> +# +# +# This file is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This file is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this file. If not, see <http://www.gnu.org/licenses/>. +#################### + +set -e + +OLDSTABLE=squeeze + +export LANG=C + +[ -f doc/DLA.template ] || { + echo "error: call this script from the root of the repository" >&2 + exit 1 +} + +[ $# -ge 1 ] || { + echo "usage: $0 [--save] [--embargoed|--unembargo] [DLA] package [regression] [cve(s) [bugnumber(s)]]" + echo " 'DLA' is the DLA number, required when issuing a revision" + echo " 'cve(s)' and 'bugnumber(s)' can be passed in any order but" + echo " always AFTER the description" + echo " If it doesn't like your bug number, prefix it with # and report" + exit 1 +} >&2 + +save=false +if [ "$1" = "--save" ]; then + save=true + shift +fi + +embargoed=false +if [ "$1" = "--embargoed" ]; then + embargoed=true + shift +fi + +unembargo=false +if [ "$1" = "--unembargo" ]; then + unembargo=true + shift + set -- "$1" +fi + +toupper() { + printf '%s' "$1" | tr '[:lower:]' '[:upper:]' +} + +tolower() { + printf '%s' "$1" | tr '[:upper:]' '[:lower:]' +} + +split_n_sort() { + printf '%s' "$1" | sed -r 's/[ ,;]+/ /g;s/^ //' | tr ' ' "\n" | sort -u | + sort -n | tr "\n" ' ' | sed -r 's/\s+/ /g;s/\s$//' +} + +_d_space() { + local direction="$1" text="$2" to_length="$3" + local right='' left='' output='' spacing=0 + + if [ "$direction" = 'right' ]; then + right=' ' + elif [ "$direction" = 'left' ]; then + left=' ' + else + echo FIXME >&2 + exit 1 + fi + + spacing=$(($to_length-${#text})) + output="$text" + while [ $spacing -gt 0 ]; do + output="${left}${output}${right}" + spacing=$((spacing-1)) + done + printf '%s' "$output" +} + +left_space() { + _d_space left "$@" +} + +right_space() { + _d_space right "$@" +} + +warn() { + printf "${YELLOW}warning:${NORMAL} %s\n" "$1" +} + +notice() { + printf "${MAGENTA}notice:${NORMAL} %s\n" "$1" +} + +error() { + printf "${RED}error:${NORMAL} %s\n" "$1" +} + +setvar() { + local var="$1" value="$2" + + if [ -z "$value" ]; then + value="$(eval 'printf "%s" "$'"$var"'"')" + fi + + sed -i "s=\$$var=$value=g" "$tmpf" +} + +if which tput >/dev/null; then + RED=$(tput setaf 1) + YELLOW=$(tput setaf 3) + MAGENTA=$(tput setaf 5) + NORMAL=$(tput op) +else + RED='' + YELLOW='' + MAGENTA='' + NORMAL='' +fi + +DLAID= +if printf '%s' "$1" | grep -Eq '^(DLA-|)[0-9]+(-[0-9]+|)$'; then + DLAID="${1#DLA-}" + shift +fi + +PACKAGE="$(tolower "$1")" +shift + +TYPE=security +if [ regression = "$1" ]; then + TYPE=regression + shift +fi + +CVE= +BUGNUM= +REFERENCES=0 +TEXT= + +while [ $# -gt 0 ]; do + case "$1" in + [cC][vV][eE]-*) + CVE="$CVE $(toupper "$1")" + ;; + [0-9][0-9][0-9][0-9][0-9][0-9]|[#][0-9]*) + BUGNUM="$BUGNUM ${1#\#}" + ;; + *) + error "Don't know what to do with '$1' argument" >&2 + exit 1 + ;; + esac + shift +done + +BUGNUM="$(split_n_sort "$BUGNUM")" + +CVE="$(split_n_sort "$CVE")" +cve_spacing= + +for i in $(seq 0 16); do + cve_spacing="$cve_spacing " +done +sed_cmd='s/((CVE-[0-9-]+[ ]+){4})(.+)$/\1\\n'"$cve_spacing"'\3/g;P;D' +CVE_LIST="$(printf '%s' "$CVE" | sed -r "$sed_cmd")" + +for id in $CVE; do + REFERENCES=$(($REFERENCES+1)) + grep -wq "^$id" data/CVE/list || { + warn "'$id' is not known" >&2 + } + + TEXT="$TEXT\n\n$id\n\n Description" +done + +if [ $REFERENCES -eq 1 ]; then + TEXT= +fi + +if [ -n "$TEXT" ]; then + TEXT="Brief introduction $TEXT" + + if ! $save; then + TEXT="The CVE ids will be listed here when --save'ing" + fi +fi + +case "$DLAID" in + *-*|'') + : + ;; + *) + notice "missing DLA revision number, assuming 1" >&2 + DLAID="$DLAID-1" + ;; +esac + +dla_exists() { + grep -wq "DLA-$1" data/DLA/list +} + +if $embargoed; then + DLAID=EMBRGD-"$PACKAGE" +fi + +if [ -z "$DLAID" ]; then + latest_dla="$(sed -nr '/DLA-[0-9]+-1/{s/^.+DLA-([0-9]+).*$/\1/;p;q}' data/DLA/list)" + dla=$(($latest_dla+1)) + c=0 + while dla_exists "$dla-1"; do + dla=$(($dla+1)) + c=$(($c+1)) + if [ $c -eq 10 ]; then + error "unable to find an unused DLA id after $c attempts" >&2 + error "to workaround specify an id as the first parameter" >&2 + exit 1 + fi + done + DLAID="$dla-1" +fi + +if dla_exists "$DLAID"; then + error "DLA-$DLAID has already been used" >&2 + exit 1 +fi + +if $unembargo; then + EMBRGD_ID="EMBRGD-$PACKAGE" + mv "DLA-${EMBRGD_ID}" DLA-"$DLAID" + + # get the date of when the embargoed entry was generated + gen_date="$(sed -rn "/DLA-${EMBRGD_ID}/{s/^\[(.+)\].+$/\1/;p;t}" data/DLA/list)" + + OLD_DATE="$(date -d "$gen_date" +"%B %d, %Y")" + + NEW_DATE="$(date +"%B %d, %Y")" + + sed -ri "/DLA-${EMBRGD_ID}/{s/\[.+\]/[$(date +"%d %b %Y")]/;s/DLA-${EMBRGD_ID}/DLA-$DLAID/;}" data/DLA/list + sed -i "s/${EMBRGD_ID}/$DLAID/g" DLA-"$DLAID" + + echo "'Unembargoing' as DLA-$DLAID" + exit +fi + +tmpf=$(mktemp) +cat doc/DLA.template > $tmpf + +if [ "$TYPE" = regression ]; then + sed -ri '/^Subject:/s/security update$/regression update/' $tmpf +fi + +if [ $REFERENCES -gt 1 ]; then + sed -ri 's/this problem has/these problems have/' $tmpf +fi + +DATE="$(date +"%B %d, %Y")" + +setvar DEBEMAIL +setvar DEBFULLNAME +setvar PACKAGE +setvar CVE "$CVE_LIST" +setvar DLAID +setvar BUGNUM +setvar OLDSTABLE +setvar DATE +setvar TEXT "${TEXT:-DLA text goes here}" + +for dist in $OLDSTABLE; do + version="$(eval 'printf "%s" "$'"$dist"_VERSION'"')" + if $save && [ -z "$version" ] && grep -q "${dist}_VERSION" "$tmpf"; then + printf "Enter $dist's version [unset]: " + read version + if [ -n "$version" ]; then + eval "${dist}_VERSION='$version'" + fi + fi + [ -z "$version" ] || setvar "${dist}_VERSION" "$version" +done + +if ! $save; then + cat $tmpf + echo + echo " ---- " + echo "Pass --save as the first parameter to save the text to DLA-$DLAID" + echo "(the data/DLA/list entry will also be added)" + rm -f "$tmpf" + exit +else + mv -i $tmpf "DLA-$DLAID" || { rm -f $tmpf; exit; } + dla_entry=$(mktemp) + cat <<EOF > $dla_entry +[$(date +"%d %b %Y")] DLA-$DLAID $PACKAGE - $TYPE update +EOF + + if [ "$CVE" ]; then + printf "\t{%s}\n" "$CVE" >> $dla_entry + fi + + for dist in $OLDSTABLE; do + version="$(eval 'printf "%s" "$'"$dist"_VERSION'"')" + [ -z "$version" ] || \ + printf "\t[%s] - %s %s\n" "$dist" "$PACKAGE" "$version" >> $dla_entry + done + tmp_list="$(mktemp)" + cat $dla_entry data/DLA/list > $tmp_list + cat $tmp_list > data/DLA/list + rm -f $tmp_list + sed -rn '/^'"$PACKAGE"'\b/{: next;n;/^\s/b next;d};p' data/dla-needed.txt > data/dla-needed.txt.new + mv data/dla-needed.txt.new data/dla-needed.txt + echo "DLA text written to ./DLA-$DLAID" +fi |