Patchwork [kteam-tools] cve-tracker: add verbose progress reporting, speed up CVE linkage

login
register
mail settings
Submitter Kees Cook
Date May 26, 2011, 6:16 p.m.
Message ID <20110526181611.GH19633@outflux.net>
Download mbox | patch
Permalink /patch/97607/
State New
Headers show

Comments

Kees Cook - May 26, 2011, 6:16 p.m.
Progress reporting, replace CVE linkage, fix reported staging URL.

Signed-off-by: Kees Cook <kees.cook@canonical.com>
---
 stable/create-cve-tracker |   27 +++++++++++++++------------
 1 files changed, 15 insertions(+), 12 deletions(-)
Brad Figg - May 26, 2011, 6:19 p.m.
On 05/26/2011 11:16 AM, Kees Cook wrote:
> Progress reporting, replace CVE linkage, fix reported staging URL.
>
> Signed-off-by: Kees Cook<kees.cook@canonical.com>
> ---
>   stable/create-cve-tracker |   27 +++++++++++++++------------
>   1 files changed, 15 insertions(+), 12 deletions(-)
>
> diff --git a/stable/create-cve-tracker b/stable/create-cve-tracker
> index a06d6eb..b9d957e 100755
> --- a/stable/create-cve-tracker
> +++ b/stable/create-cve-tracker
> @@ -152,8 +152,10 @@ class CreateCveTracker(StdApp):
>           try:
>               self.merge_config_options(self.defaults, cmdline.process(argv, self.defaults))
>               cmdline.verify_options(self.cfg)
> +            print "Starting up ..."
>               self.initialize()
>
> +            print "Connecting to Launchpad ..."
>               lp = self.lp.launchpad
>
>               # Title: CVE-xxxx-xxxx
> @@ -167,30 +169,29 @@ class CreateCveTracker(StdApp):
>               description = "Placeholder"
>
>               try:
> +                print "Creating bug ..."
>                   bug = self.lp.create_bug(project='ubuntu', package='linux', title=title, description=description)
>
>                   try:
> +                    print "Updating tags ..."
>                       bug.tags.append('kernel-cve-tracking-bug')
>
> +                    print "Marking as security ..."
>                       bug.security_related = True
>
> -                    # Link the appropriate cve to the bug
> -                    #
> -                    found = False
> -                    for cve in self.lp.launchpad.cves:
> -                        if title in cve.display_name:
> -                            found = True
> -                            break
> -                    if found:
> -                        bug.lpbug.linkCVE(cve=cve)
> -
> -                    lp = self.lp.launchpad
> +                    # Link the appropriate cve to the bug.
> +                    # Cannot safely use 'linkCVE' due to LP: #439470
> +                    print "Linking to %s ..." % (title)
> +                    bug.add_comment(content=title)
> +
>                       ubuntu = lp.distributions["ubuntu"]
>                       # Add bug tasks for related source packages
>                       #
>                       pkgs = ['linux-fsl-imx51', 'linux-mvl-dove', 'linux-lts-backport-maverick', 'linux-ti-omap4']
>                       for p in pkgs:
> +                        print "Finding source package '%s' ..." % (p)
>                           pkg = ubuntu.getSourcePackage(name=p)
> +                        print "Adding bug task for '%s' ..." % (p)
>                           t = bug.lpbug.addTask(target=pkg)
>
>                       # Nominate for all active series
> @@ -198,12 +199,14 @@ class CreateCveTracker(StdApp):
>                       sc = ubuntu.series_collection
>                       for s in sc:
>                           if s.active:
> +                            print "Adding nomination for '%s' ..." % (s.name)
>                               nomination = bug.lpbug.addNomination(target=s)
> +                            print "Approving nomination for '%s' ..." % (s.name)
>                               if nomination.canApprove():
>                                   nomination.approve()
>
>                       if 'staging' in self.cfg:
> -                        print("https://bugs.qastaging.launchpad.net/bugs/%s" % (bug.id))
> +                        print("https://qastaging.launchpad.net/bugs/%s" % (bug.id))
>                       else:
>                           print("https://bugs.launchpad.net/bugs/%s" % (bug.id))
>

I don't really care for the additional debugging prints. If you want
to add then as part of a --verbose option, I'd be open to that.

Brad
Tim Gardner - May 27, 2011, 3:41 p.m.
On 05/26/2011 11:19 AM, Brad Figg wrote:
> On 05/26/2011 11:16 AM, Kees Cook wrote:
>> Progress reporting, replace CVE linkage, fix reported staging URL.
>>
>> Signed-off-by: Kees Cook<kees.cook@canonical.com>
>> ---
>> stable/create-cve-tracker | 27 +++++++++++++++------------
>> 1 files changed, 15 insertions(+), 12 deletions(-)
>>
>> diff --git a/stable/create-cve-tracker b/stable/create-cve-tracker
>> index a06d6eb..b9d957e 100755
>> --- a/stable/create-cve-tracker
>> +++ b/stable/create-cve-tracker
>> @@ -152,8 +152,10 @@ class CreateCveTracker(StdApp):
>> try:
>> self.merge_config_options(self.defaults, cmdline.process(argv,
>> self.defaults))
>> cmdline.verify_options(self.cfg)
>> + print "Starting up ..."
>> self.initialize()
>>
>> + print "Connecting to Launchpad ..."
>> lp = self.lp.launchpad
>>
>> # Title: CVE-xxxx-xxxx
>> @@ -167,30 +169,29 @@ class CreateCveTracker(StdApp):
>> description = "Placeholder"
>>
>> try:
>> + print "Creating bug ..."
>> bug = self.lp.create_bug(project='ubuntu', package='linux',
>> title=title, description=description)
>>
>> try:
>> + print "Updating tags ..."
>> bug.tags.append('kernel-cve-tracking-bug')
>>
>> + print "Marking as security ..."
>> bug.security_related = True
>>
>> - # Link the appropriate cve to the bug
>> - #
>> - found = False
>> - for cve in self.lp.launchpad.cves:
>> - if title in cve.display_name:
>> - found = True
>> - break
>> - if found:
>> - bug.lpbug.linkCVE(cve=cve)
>> -
>> - lp = self.lp.launchpad
>> + # Link the appropriate cve to the bug.
>> + # Cannot safely use 'linkCVE' due to LP: #439470
>> + print "Linking to %s ..." % (title)
>> + bug.add_comment(content=title)
>> +
>> ubuntu = lp.distributions["ubuntu"]
>> # Add bug tasks for related source packages
>> #
>> pkgs = ['linux-fsl-imx51', 'linux-mvl-dove',
>> 'linux-lts-backport-maverick', 'linux-ti-omap4']
>> for p in pkgs:
>> + print "Finding source package '%s' ..." % (p)
>> pkg = ubuntu.getSourcePackage(name=p)
>> + print "Adding bug task for '%s' ..." % (p)
>> t = bug.lpbug.addTask(target=pkg)
>>
>> # Nominate for all active series
>> @@ -198,12 +199,14 @@ class CreateCveTracker(StdApp):
>> sc = ubuntu.series_collection
>> for s in sc:
>> if s.active:
>> + print "Adding nomination for '%s' ..." % (s.name)
>> nomination = bug.lpbug.addNomination(target=s)
>> + print "Approving nomination for '%s' ..." % (s.name)
>> if nomination.canApprove():
>> nomination.approve()
>>
>> if 'staging' in self.cfg:
>> - print("https://bugs.qastaging.launchpad.net/bugs/%s" % (bug.id))
>> + print("https://qastaging.launchpad.net/bugs/%s" % (bug.id))
>> else:
>> print("https://bugs.launchpad.net/bugs/%s" % (bug.id))
>>
>
> I don't really care for the additional debugging prints. If you want
> to add then as part of a --verbose option, I'd be open to that.
>
> Brad

The advantage to the progress prints is that you don't ^C early if 
Launchpad is really slow.

rtg
Brad Figg - June 6, 2011, 5:37 p.m.
On 05/27/2011 08:41 AM, Tim Gardner wrote:
> On 05/26/2011 11:19 AM, Brad Figg wrote:
>> On 05/26/2011 11:16 AM, Kees Cook wrote:
>>> Progress reporting, replace CVE linkage, fix reported staging URL.
>>>
>>> Signed-off-by: Kees Cook<kees.cook@canonical.com>
>>> ---
>>> stable/create-cve-tracker | 27 +++++++++++++++------------
>>> 1 files changed, 15 insertions(+), 12 deletions(-)
>>>
>>> diff --git a/stable/create-cve-tracker b/stable/create-cve-tracker
>>> index a06d6eb..b9d957e 100755
>>> --- a/stable/create-cve-tracker
>>> +++ b/stable/create-cve-tracker
>>> @@ -152,8 +152,10 @@ class CreateCveTracker(StdApp):
>>> try:
>>> self.merge_config_options(self.defaults, cmdline.process(argv,
>>> self.defaults))
>>> cmdline.verify_options(self.cfg)
>>> + print "Starting up ..."
>>> self.initialize()
>>>
>>> + print "Connecting to Launchpad ..."
>>> lp = self.lp.launchpad
>>>
>>> # Title: CVE-xxxx-xxxx
>>> @@ -167,30 +169,29 @@ class CreateCveTracker(StdApp):
>>> description = "Placeholder"
>>>
>>> try:
>>> + print "Creating bug ..."
>>> bug = self.lp.create_bug(project='ubuntu', package='linux',
>>> title=title, description=description)
>>>
>>> try:
>>> + print "Updating tags ..."
>>> bug.tags.append('kernel-cve-tracking-bug')
>>>
>>> + print "Marking as security ..."
>>> bug.security_related = True
>>>
>>> - # Link the appropriate cve to the bug
>>> - #
>>> - found = False
>>> - for cve in self.lp.launchpad.cves:
>>> - if title in cve.display_name:
>>> - found = True
>>> - break
>>> - if found:
>>> - bug.lpbug.linkCVE(cve=cve)
>>> -
>>> - lp = self.lp.launchpad
>>> + # Link the appropriate cve to the bug.
>>> + # Cannot safely use 'linkCVE' due to LP: #439470
>>> + print "Linking to %s ..." % (title)
>>> + bug.add_comment(content=title)
>>> +
>>> ubuntu = lp.distributions["ubuntu"]
>>> # Add bug tasks for related source packages
>>> #
>>> pkgs = ['linux-fsl-imx51', 'linux-mvl-dove',
>>> 'linux-lts-backport-maverick', 'linux-ti-omap4']
>>> for p in pkgs:
>>> + print "Finding source package '%s' ..." % (p)
>>> pkg = ubuntu.getSourcePackage(name=p)
>>> + print "Adding bug task for '%s' ..." % (p)
>>> t = bug.lpbug.addTask(target=pkg)
>>>
>>> # Nominate for all active series
>>> @@ -198,12 +199,14 @@ class CreateCveTracker(StdApp):
>>> sc = ubuntu.series_collection
>>> for s in sc:
>>> if s.active:
>>> + print "Adding nomination for '%s' ..." % (s.name)
>>> nomination = bug.lpbug.addNomination(target=s)
>>> + print "Approving nomination for '%s' ..." % (s.name)
>>> if nomination.canApprove():
>>> nomination.approve()
>>>
>>> if 'staging' in self.cfg:
>>> - print("https://bugs.qastaging.launchpad.net/bugs/%s" % (bug.id))
>>> + print("https://qastaging.launchpad.net/bugs/%s" % (bug.id))
>>> else:
>>> print("https://bugs.launchpad.net/bugs/%s" % (bug.id))
>>>
>>
>> I don't really care for the additional debugging prints. If you want
>> to add then as part of a --verbose option, I'd be open to that.
>>
>> Brad
>
> The advantage to the progress prints is that you don't ^C early if Launchpad is really slow.
>
> rtg

I'll add in the verbose messages such that they are enabled by use of the --verbose command line
flag.

I don't like the removal of the use of "linkCVE". According to the bug referenced, this is only
an issue if the CVE isn't already know to LP. This patch turns this operation into a manual step
for all CVE, even ones know to LP. Note: we've been doing this for a while now and don't seem
to have run into this issue.

Brad

Patch

diff --git a/stable/create-cve-tracker b/stable/create-cve-tracker
index a06d6eb..b9d957e 100755
--- a/stable/create-cve-tracker
+++ b/stable/create-cve-tracker
@@ -152,8 +152,10 @@  class CreateCveTracker(StdApp):
         try:
             self.merge_config_options(self.defaults, cmdline.process(argv, self.defaults))
             cmdline.verify_options(self.cfg)
+            print "Starting up ..."
             self.initialize()
 
+            print "Connecting to Launchpad ..."
             lp = self.lp.launchpad
 
             # Title: CVE-xxxx-xxxx
@@ -167,30 +169,29 @@  class CreateCveTracker(StdApp):
             description = "Placeholder"
 
             try:
+                print "Creating bug ..."
                 bug = self.lp.create_bug(project='ubuntu', package='linux', title=title, description=description)
 
                 try:
+                    print "Updating tags ..."
                     bug.tags.append('kernel-cve-tracking-bug')
 
+                    print "Marking as security ..."
                     bug.security_related = True
 
-                    # Link the appropriate cve to the bug
-                    #
-                    found = False
-                    for cve in self.lp.launchpad.cves:
-                        if title in cve.display_name:
-                            found = True
-                            break
-                    if found:
-                        bug.lpbug.linkCVE(cve=cve)
-
-                    lp = self.lp.launchpad
+                    # Link the appropriate cve to the bug.
+                    # Cannot safely use 'linkCVE' due to LP: #439470
+                    print "Linking to %s ..." % (title)
+                    bug.add_comment(content=title)
+
                     ubuntu = lp.distributions["ubuntu"]
                     # Add bug tasks for related source packages
                     #
                     pkgs = ['linux-fsl-imx51', 'linux-mvl-dove', 'linux-lts-backport-maverick', 'linux-ti-omap4']
                     for p in pkgs:
+                        print "Finding source package '%s' ..." % (p)
                         pkg = ubuntu.getSourcePackage(name=p)
+                        print "Adding bug task for '%s' ..." % (p)
                         t = bug.lpbug.addTask(target=pkg)
 
                     # Nominate for all active series
@@ -198,12 +199,14 @@  class CreateCveTracker(StdApp):
                     sc = ubuntu.series_collection
                     for s in sc:
                         if s.active:
+                            print "Adding nomination for '%s' ..." % (s.name)
                             nomination = bug.lpbug.addNomination(target=s)
+                            print "Approving nomination for '%s' ..." % (s.name)
                             if nomination.canApprove():
                                 nomination.approve()
 
                     if 'staging' in self.cfg:
-                        print("https://bugs.qastaging.launchpad.net/bugs/%s" % (bug.id))
+                        print("https://qastaging.launchpad.net/bugs/%s" % (bug.id))
                     else:
                         print("https://bugs.launchpad.net/bugs/%s" % (bug.id))