| Message ID | 20200505083843.410785-1-xnox@ubuntu.com |
|---|---|
| State | New |
| Headers | show |
| Series | UBUNTU: download-signed: improve to support grub2 downloads | expand |
Hi Dimitri, What are the packages and series affected by this issue? Thanks, Kleber On 05.05.20 10:38, Dimitri John Ledkov wrote: > - drop unused imports > - drop unused assignments > - switch to argparse, thus gain -h/--help > - add optional positional argument 'signed_type', defaults to 'signed' > but can be specified to 'uefi' for grub2 downloads > - add support to simply download the "current" version > > This enables `./download-signed grub2 current grub2 uefi` to fetch > grub2 signed binaries without breaking any compatibility with any > other invocations of this script. > > BugLink: https://bugs.launchpad.net/bugs/1876875 > Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com> > --- > download-signed | 40 +++++++++++++++++++++++++++++----------- > 1 file changed, 29 insertions(+), 11 deletions(-) > > diff --git a/download-signed b/download-signed > index bed284e..0793696 100755 > --- a/download-signed > +++ b/download-signed > @@ -1,9 +1,9 @@ > #! /usr/bin/python3 > > import hashlib > +import argparse > import os > import re > -import shutil > import sys > import tarfile > from urllib import request > @@ -14,12 +14,28 @@ from urllib.parse import ( > ) > > import apt > -from aptsources.distro import get_distro > > # package_name: package containing the objects we signed > # package_version: package version containing the objects we signed > # src_package: source package name in dists > -(package_name, package_version, src_package) = sys.argv[1:] > +# signed_type: 'signed' or 'uefi' schema in the url > + > +parser = argparse.ArgumentParser() > +parser.add_argument( > + "package_name", > + help="package containining the objects we signed") > +parser.add_argument( > + "package_version", > + help="package version containing the objects we signed, or 'current'") > +parser.add_argument( > + "src_package", > + help="source package name in dists") > +parser.add_argument( > + "signed_type", > + nargs='?', > + default='signed', > + help="subdirectory type in the url, 'signed' or 'uefi'") > +args = parser.parse_args() > > > class SignedDownloader: > @@ -30,7 +46,7 @@ class SignedDownloader: > identify the members and to validate them once downloaded. > """ > > - def __init__(self, package_name, package_version, src_package): > + def __init__(self, package_name, package_version, src_package, signed_type='signed'): > self.package_name = package_name > self.package_version = package_version > self.src_package = src_package > @@ -41,10 +57,13 @@ class SignedDownloader: > cache = apt.Cache() > > self.package = None > - for version in cache[package_name].versions: > - if version.version == self.package_version: > - self.package = version > - break > + if self.package_version == "current": > + self.package = cache[package_name].candidate > + else: > + for version in cache[package_name].versions: > + if version.version == self.package_version: > + self.package = version > + break > > if not self.package: > raise KeyError("{0}: package version not found".format(self.package_name)) > @@ -52,7 +71,7 @@ class SignedDownloader: > origin = self.package.origins[0] > pool_parsed = urlparse(self.package.uri) > self.package_dir = "%s/%s/%s/%s-%s/%s/" % ( > - origin.archive, 'main', 'signed', > + origin.archive, 'main', signed_type, > self.src_package, self.package.architecture, self.package_version) > > # Prepare the master url stem and pull out any username/password. If present > @@ -152,7 +171,6 @@ class SignedDownloader: > if os.path.exists(tarball_filename): > with tarfile.open(tarball_filename) as tarball: > for tarinfo in tarball: > - fullname = os.path.abspath(os.path.join(base, tarinfo.name)) > if not filename.startswith(here): > print('download-signed: {0}: tarball member outside output directory'.format(member)) > sys.exit(1) > @@ -161,5 +179,5 @@ class SignedDownloader: > tarball.extract(tarinfo, base) > > > -downloader = SignedDownloader(package_name, package_version, src_package) > +downloader = SignedDownloader(**vars(args)) > downloader.download('.') >
On 13.05.20 11:05, Kleber Souza wrote: > Hi Dimitri, > > What are the packages and series affected by this issue? I think this is something for devel/unstable and then would come back to us via cranky fix. -Stefan > > > Thanks, > Kleber > > On 05.05.20 10:38, Dimitri John Ledkov wrote: >> - drop unused imports >> - drop unused assignments >> - switch to argparse, thus gain -h/--help >> - add optional positional argument 'signed_type', defaults to 'signed' >> but can be specified to 'uefi' for grub2 downloads >> - add support to simply download the "current" version >> >> This enables `./download-signed grub2 current grub2 uefi` to fetch >> grub2 signed binaries without breaking any compatibility with any >> other invocations of this script. >> >> BugLink: https://bugs.launchpad.net/bugs/1876875 >> Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com> >> --- >> download-signed | 40 +++++++++++++++++++++++++++++----------- >> 1 file changed, 29 insertions(+), 11 deletions(-) >> >> diff --git a/download-signed b/download-signed >> index bed284e..0793696 100755 >> --- a/download-signed >> +++ b/download-signed >> @@ -1,9 +1,9 @@ >> #! /usr/bin/python3 >> >> import hashlib >> +import argparse >> import os >> import re >> -import shutil >> import sys >> import tarfile >> from urllib import request >> @@ -14,12 +14,28 @@ from urllib.parse import ( >> ) >> >> import apt >> -from aptsources.distro import get_distro >> >> # package_name: package containing the objects we signed >> # package_version: package version containing the objects we signed >> # src_package: source package name in dists >> -(package_name, package_version, src_package) = sys.argv[1:] >> +# signed_type: 'signed' or 'uefi' schema in the url >> + >> +parser = argparse.ArgumentParser() >> +parser.add_argument( >> + "package_name", >> + help="package containining the objects we signed") >> +parser.add_argument( >> + "package_version", >> + help="package version containing the objects we signed, or 'current'") >> +parser.add_argument( >> + "src_package", >> + help="source package name in dists") >> +parser.add_argument( >> + "signed_type", >> + nargs='?', >> + default='signed', >> + help="subdirectory type in the url, 'signed' or 'uefi'") >> +args = parser.parse_args() >> >> >> class SignedDownloader: >> @@ -30,7 +46,7 @@ class SignedDownloader: >> identify the members and to validate them once downloaded. >> """ >> >> - def __init__(self, package_name, package_version, src_package): >> + def __init__(self, package_name, package_version, src_package, signed_type='signed'): >> self.package_name = package_name >> self.package_version = package_version >> self.src_package = src_package >> @@ -41,10 +57,13 @@ class SignedDownloader: >> cache = apt.Cache() >> >> self.package = None >> - for version in cache[package_name].versions: >> - if version.version == self.package_version: >> - self.package = version >> - break >> + if self.package_version == "current": >> + self.package = cache[package_name].candidate >> + else: >> + for version in cache[package_name].versions: >> + if version.version == self.package_version: >> + self.package = version >> + break >> >> if not self.package: >> raise KeyError("{0}: package version not found".format(self.package_name)) >> @@ -52,7 +71,7 @@ class SignedDownloader: >> origin = self.package.origins[0] >> pool_parsed = urlparse(self.package.uri) >> self.package_dir = "%s/%s/%s/%s-%s/%s/" % ( >> - origin.archive, 'main', 'signed', >> + origin.archive, 'main', signed_type, >> self.src_package, self.package.architecture, self.package_version) >> >> # Prepare the master url stem and pull out any username/password. If present >> @@ -152,7 +171,6 @@ class SignedDownloader: >> if os.path.exists(tarball_filename): >> with tarfile.open(tarball_filename) as tarball: >> for tarinfo in tarball: >> - fullname = os.path.abspath(os.path.join(base, tarinfo.name)) >> if not filename.startswith(here): >> print('download-signed: {0}: tarball member outside output directory'.format(member)) >> sys.exit(1) >> @@ -161,5 +179,5 @@ class SignedDownloader: >> tarball.extract(tarinfo, base) >> >> >> -downloader = SignedDownloader(package_name, package_version, src_package) >> +downloader = SignedDownloader(**vars(args)) >> downloader.download('.') >> > >
On Wed, 13 May 2020, 10:20 Stefan Bader, <stefan.bader@canonical.com> wrote: > On 13.05.20 11:05, Kleber Souza wrote: > > Hi Dimitri, > > > > What are the packages and series affected by this issue? > > I think this is something for devel/unstable and then would come back to > us via > cranky fix. > > -Stefan > yeap. Plus the kernel's download-signed is cargo culted into other -signed packages. i.e. zipl, grub, fwupd, etc. Which all could in the future benefit from these changes. Regards, Dimitri. > > > > > > Thanks, > > Kleber > > > > On 05.05.20 10:38, Dimitri John Ledkov wrote: > >> - drop unused imports > >> - drop unused assignments > >> - switch to argparse, thus gain -h/--help > >> - add optional positional argument 'signed_type', defaults to 'signed' > >> but can be specified to 'uefi' for grub2 downloads > >> - add support to simply download the "current" version > >> > >> This enables `./download-signed grub2 current grub2 uefi` to fetch > >> grub2 signed binaries without breaking any compatibility with any > >> other invocations of this script. > >> > >> BugLink: https://bugs.launchpad.net/bugs/1876875 > >> Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com> > >> --- > >> download-signed | 40 +++++++++++++++++++++++++++++----------- > >> 1 file changed, 29 insertions(+), 11 deletions(-) > >> > >> diff --git a/download-signed b/download-signed > >> index bed284e..0793696 100755 > >> --- a/download-signed > >> +++ b/download-signed > >> @@ -1,9 +1,9 @@ > >> #! /usr/bin/python3 > >> > >> import hashlib > >> +import argparse > >> import os > >> import re > >> -import shutil > >> import sys > >> import tarfile > >> from urllib import request > >> @@ -14,12 +14,28 @@ from urllib.parse import ( > >> ) > >> > >> import apt > >> -from aptsources.distro import get_distro > >> > >> # package_name: package containing the objects we signed > >> # package_version: package version containing the objects we signed > >> # src_package: source package name in dists > >> -(package_name, package_version, src_package) = sys.argv[1:] > >> +# signed_type: 'signed' or 'uefi' schema in the url > >> + > >> +parser = argparse.ArgumentParser() > >> +parser.add_argument( > >> + "package_name", > >> + help="package containining the objects we signed") > >> +parser.add_argument( > >> + "package_version", > >> + help="package version containing the objects we signed, or > 'current'") > >> +parser.add_argument( > >> + "src_package", > >> + help="source package name in dists") > >> +parser.add_argument( > >> + "signed_type", > >> + nargs='?', > >> + default='signed', > >> + help="subdirectory type in the url, 'signed' or 'uefi'") > >> +args = parser.parse_args() > >> > >> > >> class SignedDownloader: > >> @@ -30,7 +46,7 @@ class SignedDownloader: > >> identify the members and to validate them once downloaded. > >> """ > >> > >> - def __init__(self, package_name, package_version, src_package): > >> + def __init__(self, package_name, package_version, src_package, > signed_type='signed'): > >> self.package_name = package_name > >> self.package_version = package_version > >> self.src_package = src_package > >> @@ -41,10 +57,13 @@ class SignedDownloader: > >> cache = apt.Cache() > >> > >> self.package = None > >> - for version in cache[package_name].versions: > >> - if version.version == self.package_version: > >> - self.package = version > >> - break > >> + if self.package_version == "current": > >> + self.package = cache[package_name].candidate > >> + else: > >> + for version in cache[package_name].versions: > >> + if version.version == self.package_version: > >> + self.package = version > >> + break > >> > >> if not self.package: > >> raise KeyError("{0}: package version not > found".format(self.package_name)) > >> @@ -52,7 +71,7 @@ class SignedDownloader: > >> origin = self.package.origins[0] > >> pool_parsed = urlparse(self.package.uri) > >> self.package_dir = "%s/%s/%s/%s-%s/%s/" % ( > >> - origin.archive, 'main', 'signed', > >> + origin.archive, 'main', signed_type, > >> self.src_package, self.package.architecture, > self.package_version) > >> > >> # Prepare the master url stem and pull out any > username/password. If present > >> @@ -152,7 +171,6 @@ class SignedDownloader: > >> if os.path.exists(tarball_filename): > >> with tarfile.open(tarball_filename) as tarball: > >> for tarinfo in tarball: > >> - fullname = os.path.abspath(os.path.join(base, > tarinfo.name)) > >> if not filename.startswith(here): > >> print('download-signed: {0}: tarball member > outside output directory'.format(member)) > >> sys.exit(1) > >> @@ -161,5 +179,5 @@ class SignedDownloader: > >> tarball.extract(tarinfo, base) > >> > >> > >> -downloader = SignedDownloader(package_name, package_version, > src_package) > >> +downloader = SignedDownloader(**vars(args)) > >> downloader.download('.') > >> > > > > > > >
diff --git a/download-signed b/download-signed index bed284e..0793696 100755 --- a/download-signed +++ b/download-signed @@ -1,9 +1,9 @@ #! /usr/bin/python3 import hashlib +import argparse import os import re -import shutil import sys import tarfile from urllib import request @@ -14,12 +14,28 @@ from urllib.parse import ( ) import apt -from aptsources.distro import get_distro # package_name: package containing the objects we signed # package_version: package version containing the objects we signed # src_package: source package name in dists -(package_name, package_version, src_package) = sys.argv[1:] +# signed_type: 'signed' or 'uefi' schema in the url + +parser = argparse.ArgumentParser() +parser.add_argument( + "package_name", + help="package containining the objects we signed") +parser.add_argument( + "package_version", + help="package version containing the objects we signed, or 'current'") +parser.add_argument( + "src_package", + help="source package name in dists") +parser.add_argument( + "signed_type", + nargs='?', + default='signed', + help="subdirectory type in the url, 'signed' or 'uefi'") +args = parser.parse_args() class SignedDownloader: @@ -30,7 +46,7 @@ class SignedDownloader: identify the members and to validate them once downloaded. """ - def __init__(self, package_name, package_version, src_package): + def __init__(self, package_name, package_version, src_package, signed_type='signed'): self.package_name = package_name self.package_version = package_version self.src_package = src_package @@ -41,10 +57,13 @@ class SignedDownloader: cache = apt.Cache() self.package = None - for version in cache[package_name].versions: - if version.version == self.package_version: - self.package = version - break + if self.package_version == "current": + self.package = cache[package_name].candidate + else: + for version in cache[package_name].versions: + if version.version == self.package_version: + self.package = version + break if not self.package: raise KeyError("{0}: package version not found".format(self.package_name)) @@ -52,7 +71,7 @@ class SignedDownloader: origin = self.package.origins[0] pool_parsed = urlparse(self.package.uri) self.package_dir = "%s/%s/%s/%s-%s/%s/" % ( - origin.archive, 'main', 'signed', + origin.archive, 'main', signed_type, self.src_package, self.package.architecture, self.package_version) # Prepare the master url stem and pull out any username/password. If present @@ -152,7 +171,6 @@ class SignedDownloader: if os.path.exists(tarball_filename): with tarfile.open(tarball_filename) as tarball: for tarinfo in tarball: - fullname = os.path.abspath(os.path.join(base, tarinfo.name)) if not filename.startswith(here): print('download-signed: {0}: tarball member outside output directory'.format(member)) sys.exit(1) @@ -161,5 +179,5 @@ class SignedDownloader: tarball.extract(tarinfo, base) -downloader = SignedDownloader(package_name, package_version, src_package) +downloader = SignedDownloader(**vars(args)) downloader.download('.')
- drop unused imports - drop unused assignments - switch to argparse, thus gain -h/--help - add optional positional argument 'signed_type', defaults to 'signed' but can be specified to 'uefi' for grub2 downloads - add support to simply download the "current" version This enables `./download-signed grub2 current grub2 uefi` to fetch grub2 signed binaries without breaking any compatibility with any other invocations of this script. BugLink: https://bugs.launchpad.net/bugs/1876875 Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com> --- download-signed | 40 +++++++++++++++++++++++++++++----------- 1 file changed, 29 insertions(+), 11 deletions(-)