[gentoo-commits] proj/security:master commit in: bin/

["Pavlos Ratis" <dastergon@gentoo.org>]

commit:     22546d7465a9c58a7bb3487d5611b33e93b1f6cc
Author:     Alex Legler <a3li <AT> gentoo <DOT> org>
AuthorDate: Tue May 17 17:27:55 2011 +0000
Commit:     Pavlos Ratis <dastergon <AT> gentoo <DOT> org>
CommitDate: Tue May 17 17:27:55 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/security.git;a=commit;h=22546d74

acutally add the new tool

svn path=/; revision=2228

---
 bin/target | 346 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 346 insertions(+)

diff --git a/bin/target b/bin/target
new file mode 100755
index 0000000..22001dd
--- /dev/null
+++ b/bin/target
@@ -0,0 +1,346 @@
+#!/usr/bin/env ruby
+# Target 2
+# written by Alex Legler <a3li@gentoo.org>
+# dependencies: app-portage/gentoolkit, dev-lang/ruby[ssl], dev-ruby/highline
+# vim: set sw=2 ts=2:
+
+require 'optparse'
+require 'highline'
+require 'fileutils'
+require 'xmlrpc/client'
+
+class Net::HTTP
+	alias_method :old_initialize, :initialize
+	def initialize(*args)
+		old_initialize(*args)
+		@ssl_context = OpenSSL::SSL::SSLContext.new
+		@ssl_context.verify_mode = OpenSSL::SSL::VERIFY_NONE
+	end
+end
+
+module GenSec
+	module Target
+		# These architectures don't stabilize packages
+		NOSTABLE_ARCHES = ['mips']
+
+		def main(argv)
+			$opts = {
+				:auth_cache => true,
+				:force => false,
+				:liaisons => false,
+				:username => nil,
+				:prestable => false,
+				:quiet => false
+			}
+
+			$ui = HighLine.new
+
+			bug = nil
+			version = nil
+			slot = nil
+
+			optparse = OptionParser.new do |opts|
+				opts.on('-b', '--bug BUGNO', 'The number of the bug to change') do |b|
+					bug = Integer(b)
+				end
+
+				opts.on('-v', '--version VERSION', 'Use this version as stabilization target') do |v|
+					version = v
+				end
+
+				opts.on('-s', '--slot SLOT', 'Use ebuilds from this slot to find the best ebuild') do |s|
+					slot = s
+				end
+
+				opts.on('-l', '--liaisons', 'CC the arch liaisons instead of arch teams') do
+					$opts[:liaisons] = true
+				end
+
+				opts.on('-p', '--prestable', 'Use prestabling instructions') do
+					$opts[:prestable] = true
+				end
+
+				opts.on('-u', '--username USERNAME', 'Use this user name to log in at Bugzilla') do |username|
+					$opts[:username] = username
+				end
+
+				opts.on_tail('-f', '--force', 'Force the operation. Disables asking for confirmation and version checks.') do
+					$opts[:force] = true
+				end
+
+				opts.on_tail('-q', '--quiet', 'Be less noisy') do
+					$opts[:quiet] = true
+				end
+
+				opts.on_tail('-h', '--help', 'Display this screen') do
+					puts opts
+					exit
+				end
+				
+			end
+
+			optparse.banner = "Usage: #{$0} [options] [package]\n\nAvailable options:\n"
+			cmd_options = optparse.parse!(argv)
+
+			if argv.length > 0
+				package = argv.shift
+			else
+				package = Dir.pwd.split('/').last(2).join('/')
+			end
+
+			metadata = get_metadata(package)
+			do_package(metadata, bug, version, slot)
+		end
+
+		def do_package(metadata, bug, version, slot)
+			if metadata[:package] == nil or metadata[:package] == ''
+				e("No package found.")
+			end
+
+			i("Using #{metadata[:package]}") unless $opts[:quiet]
+			#puts metadata.inspect
+
+			best_version = find_best_version(metadata, slot, version)
+			i("Target version: #{best_version}") unless $opts[:quiet]
+
+			# Cover a custom version string that is not there in the local tree
+			if metadata[:keywords].include? best_version
+				already_stable = filter_unstable(metadata[:keywords][best_version]) - NOSTABLE_ARCHES
+			else
+				already_stable = []
+			end
+
+			need_stable = metadata[:stable_arches] - NOSTABLE_ARCHES
+
+			i("Arches this package was ever stable on: #{$ui.color(need_stable.join(', '), :red, :bold)}") unless $opts[:quiet]
+
+			if already_stable.length > 0
+				i("Target version is already stable on:    #{$ui.color(already_stable.join(', '), :green, :bold)}") unless $opts[:quiet]
+			end
+
+			if $opts[:prestable]
+				msg = "Arch Security Liaisons, please test the attached ebuild and report it stable on this bug.\n"
+			elsif $opts[:liaisons] and not $opts[:prestable]
+				msg = "Arch Security Liaisons, please test and mark stable:\n"
+			else
+				msg = "Arches, please test and mark stable:\n"
+			end
+
+			if not $opts[:prestable]
+				msg += "=%s-%s\n" % [metadata[:package], best_version]
+			end
+
+			msg += "Target keywords : \"%s\"\n" % metadata[:stable_arches].join(' ')
+
+			if already_stable.length > 0 and not $opts[:prestable]
+				msg += "Already stable  : \"%s\"\n" % (already_stable.join(' '))
+				msg += "Missing keywords: \"%s\"\n" % (metadata[:stable_arches] - already_stable).join(' ')
+			end
+
+			puts
+			puts msg
+			puts
+
+			if $opts[:liaisons]
+				require File.join(File.dirname(__FILE__), 'liaisons')
+				cc_list = need_stable.map {|arch| @liaisons[arch]}.flatten.map {|liaison| "#{liaison}@gentoo.org"}
+			else
+				cc_list = need_stable.map {|arch| "#{arch}@gentoo.org" }
+			end
+			puts "CC: %s" % cc_list.join(',')
+			exit if bug == nil
+
+			bugi = bug_info(bug)
+			new_whiteboard = update_whiteboard(bugi['whiteboard'])
+
+			puts "Whiteboard: '%s' -> '%s'" % [bugi['whiteboard'], new_whiteboard]
+			puts
+
+			if $opts[:force] or $ui.agree('Continue? (yes/no)')
+				update_bug(bug, new_whiteboard, cc_list, msg)
+			end
+		end
+
+		# Collects metadata information from equery meta
+		def get_metadata(ebuild = Dir.pwd.split('/').last(2).join('/'))
+			keywords = IO.popen("equery --no-color --no-pipe meta --keywords #{ebuild}")
+			result = {:slots => {}, :keywords => {}, :stable_arches => [], :versions => []}
+
+			keywords.lines.each do |line|
+				if line =~ /^ \* (\S*?)\/(\S*?) \[([^\]]*)\]$/
+					result[:package] = "#{$1}/#{$2}"
+					result[:repo] = $3
+					next
+				end
+
+				if line =~ /^(.*?):(.*?):(.*?)$/
+					version, slot, kws = $1, $2, $3
+					result[:versions] << version
+					result[:slots][slot] = [] unless result[:slots].include? slot
+					result[:slots][slot] << version
+					result[:keywords][version] = []
+
+					kws.strip.split(' ').each do |arch|
+						result[:keywords][version] << arch
+
+						if arch =~ /^[^~]*$/
+							result[:stable_arches] << arch
+						end
+					end
+
+					result[:keywords][version].sort!
+					next
+				end
+
+				raise RuntimeError, "Invalid line in equery output. Aborting."
+			end
+
+			result[:stable_arches].uniq!
+			result[:stable_arches].sort!
+			result
+		end
+
+		# Tries to find the best version following the needed specification
+		def find_best_version(metadata, slot, version)
+			if slot == nil and version == nil
+				return metadata[:versions].reject {|item| item =~ /^9999/}.last
+			elsif slot == nil
+				return version
+			else
+				if version == nil
+					return metadata[:slots][slot].reject {|item| item =~ /^9999/}.last
+				elsif metadata[:slots][slot].include?(version)
+					return version
+				else
+					return false
+				end
+			end
+		end
+
+		def update_whiteboard(old_wb)
+			old_wb.gsub(/(ebuild\+?|upstream\+?|stable)\??/, 'stable').gsub(/stable\/stable/, 'stable')
+		end
+
+		def update_bug(bug, whiteboard, cc_list, comment)
+			i("Updating bug #{bug}...")
+			client = xmlrpc_client
+			did_retry = false
+
+			begin
+				result = client.call('Bug.update', {
+					'ids' => [Integer(bug)],
+					'whiteboard' => whiteboard,
+					'cc' => {'add' => cc_list},
+					'keywords' => {'add' => 'STABLEREQ'},
+					'status' => 'IN_PROGRESS',
+					'comment' => {'body' => comment}
+				})
+
+				i("done!")
+				return true
+			rescue XMLRPC::FaultException => e
+				if did_retry
+					e "Failure updating bug information: #{e.message}"
+					return false
+				end
+
+				if e.faultCode == 410
+					log_in
+					did_retry = true
+					retry
+				else
+					e "Failure updating bug information: #{e.message}"
+				end
+			end
+		end
+
+		def bug_info(bugno)
+			client = xmlrpc_client
+			did_retry = false
+
+			begin
+				result = client.call('Bug.get', {'ids' => [Integer(bugno)]})
+				result['bugs'].first
+			rescue XMLRPC::FaultException => e
+				if did_retry
+					e "Failure reading bug information: #{e.message}"
+					return false
+				end
+
+				if e.faultCode == 410
+					log_in
+					did_retry = true
+					retry
+				else
+					e "Failure reading bug information: #{e.message}"
+				end
+			end
+		end
+
+		def log_in
+			client = xmlrpc_client
+
+			if $opts[:username] == nil
+				user = $ui.ask("Bugzilla login: ")
+			else
+				user = $opts[:username]
+			end
+
+			password = $ui.ask("Password: ") {|q| q.echo = false}
+
+			begin
+				i("Logging in...")
+				result = client.call('User.login', {
+					'login' => user,
+					'password' => password
+				})
+
+				cookie_file = File.join(ENV['HOME'], '.gensec-target-auth')
+				FileUtils.rm(cookie_file) if File.exist?(cookie_file)
+				FileUtils.touch(cookie_file)
+				File.chmod(0600, cookie_file)
+				File.open(cookie_file, 'w') {|f| f.write client.cookie }
+
+				return true
+			rescue XMLRPC::FaultException => e
+				e "Failure logging in: #{e.message}"
+				return false
+			end
+		end
+
+		def xmlrpc_client
+			client = XMLRPC::Client.new('bugs.gentoo.org', '/xmlrpc.cgi', 443, nil, nil, nil, nil, true)
+			client.http_header_extra = {'User-Agent' => "Target/2.0 (arch CC tool; http://security.gentoo.org/)"}
+
+			cookie_file = File.join(ENV['HOME'], '.gensec-target-auth')
+			if File.readable? cookie_file
+				client.cookie = File.read(cookie_file)
+			end
+
+			client
+		end
+
+		# Output and misc methods
+		def i(str)
+			$ui.say($ui.color(" * ", :green, :bold) + str)
+		end
+
+		def w(str)
+			$ui.say($ui.color(" * ", :yellow, :bold) + str)
+		end
+
+		def e(str)
+			$ui.say($ui.color(" * ", :red, :bold) + str)
+			exit 1
+		end
+
+		def filter_unstable(ary)
+			ary.reject {|item| item =~ /^~/}
+		end
+	end
+end
+
+if __FILE__ == $0
+	include GenSec::Target
+	main(ARGV)
+end