Hi,
Thanks for all the input!
2017-02-28 9:12 GMT+01:00 Sébastien Delafond <s...@debian.org>:
> On Feb/28, Peter Palfrader wrote:
>> Maybe we should be able to pass the name of the .changes file to
>> gen-DSA, and then the script can go and use all the information from
>> there?
>
> Implementation-wise, this sounds like a much more sensible approach, but
> since the *.changes files may not live on the machine where the advisory
> is drafted, I'd still lean toward making this behavior optional.
The originally proposed patch did not cover all use-cases indeed.
I agree that improving the documentation will help a bit, but I think
it will not help much and it will not make preparing DSA-s/DLA-s
much easier.
I have prepared a patch to optionally prepare the template using:
bin/gen-DSA package.changes
Cheers,
Balint
From 2e58b6fddab440f99602fa82c5119fe74aa7a13d Mon Sep 17 00:00:00 2001
From: Balint Reczey <bal...@balintreczey.hu>
Date: Thu, 2 Mar 2017 01:56:47 +0100
Subject: [PATCH] gen-DSA, gen-DLA: Read details from .changes
Package name, version, bug(s) and cve(s) are filled from .changes
file.
---
bin/gen-DSA | 32 ++++++++++++++++++++++++++++++--
1 file changed, 30 insertions(+), 2 deletions(-)
diff --git a/bin/gen-DSA b/bin/gen-DSA
index 80d3251..5b033a5 100755
--- a/bin/gen-DSA
+++ b/bin/gen-DSA
@@ -43,10 +43,14 @@ export LC_ALL=C
}
[ $# -ge 1 ] || {
- echo "usage: $0 [--save] [--embargoed|--unembargo] [$IDMODE] package [regression] [cve(s) [bugnumber(s)]]"
+ echo "usage: $0 [--save] [--embargoed|--unembargo] [$IDMODE] package[.changes] [regression] [cve(s) [bugnumber(s)]] "
echo " '$IDMODE' is the $IDMODE number, required when issuing a revision"
echo " 'cve(s)' and 'bugnumber(s)' can be passed in any order but"
echo " always AFTER the description"
+ echo ""
+ echo " When specifying package.changes the package name, version, additional bug(s) and cve(s)"
+ echo " are parsed from the .changes file."
+ echo ""
echo " If it doesn't like your bug number, prefix it with # and report"
exit 1
} >&2
@@ -153,7 +157,16 @@ if printf '%s' "$1" | grep -Eq '^('"$IDMODE"'-|)[0-9]+(-[0-9]+|)$'; then
shift
fi
-PACKAGE="$(tolower "$1")"
+PACKAGE=
+CHANGES=
+
+if echo "$1" | grep -q '_.*\.changes$'; then
+ CHANGES="$1"
+ PACKAGE=$(awk '/^Source: / {print $2}' $CHANGES)
+else
+ PACKAGE="$(tolower "$1")"
+fi
+
shift
TYPE=security
@@ -183,6 +196,21 @@ while [ $# -gt 0 ]; do
shift
done
+if ! [ -z "$CHANGES" ]; then
+ # parse info from .changes file
+ # Version can occur in GPG signature, thus we exit on first occurence
+ version="$(awk '/^Version: / {print $2; exit 0}' $CHANGES)"
+ dist="$(awk '/^Distribution: / {print $2}' $CHANGES | sed 's/-.*//')"
+ export ${dist}_VERSION="$version"
+
+ for bug in $(awk '/^Closes: / {sub(".*"$2,$2); print $0}' $CHANGES); do
+ BUGNUM="$BUGNUM ${bug#\#}"
+ done
+ for cve in $(awk 'BEGIN {RS="[ ():\n]" } /^CVE-[0-9]+-[0-9]+$/ {print $1}' $CHANGES); do
+ CVE="$CVE $cve"
+ done
+fi
+
BUGNUM="$(split_n_sort "$BUGNUM")"
CVE="$(split_n_sort "$CVE" -V)"
--
2.1.4
