[Git][security-tracker-team/security-tracker][remove-cve-dist-tags-on-DSA] 2 commits: bin/remove-cve-dist-tags: accept multiple releases

[Emilio Pozuelo Monfort (@pochu)]

Emilio Pozuelo Monfort pushed to branch remove-cve-dist-tags-on-DSA at Debian Security Tracker / security-tracker


Commits:
47cc45fb by Emilio Pozuelo Monfort at 2021-11-03T13:24:39+01:00
bin/remove-cve-dist-tags: accept multiple releases

The release argument is a comma-separated list now.

- - - - -
e6f4c710 by Emilio Pozuelo Monfort at 2021-11-03T13:25:33+01:00
gen-DSA: only call remove-cve-dist-tags once

And do it after we've asked for all the versions. Calling the script
after asking for each version and before asking for the next is
annoying as the script takes some time due to the size of CVE/list.

This way not only do we avoid that wait between user inputs, but we
also avoid calling the script and thus parsing CVE/list multiple times.

- - - - -


2 changed files:

- bin/gen-DSA
- bin/remove-cve-dist-tags


Changes:

=====================================
bin/gen-DSA
=====================================
@@ -357,6 +357,8 @@ for dist in $RELEASES; do
     setvar $dist
 done
 
+DISTS=
+
 for dist in $CODENAMES; do
     version="$(eval 'printf "%s" "$'"$dist"_VERSION'"')"
     if $save && [ -z "$version" ] && grep -q "${dist}_VERSION" "$tmpf"; then
@@ -367,9 +369,11 @@ for dist in $CODENAMES; do
 	fi
     fi
     [ -z "$version" ] || setvar "${dist}_VERSION" "$version"
-    [ -z "$version" ] || bin/remove-cve-dist-tags "${dist}" "${PACKAGE}" ${CVE}
+    [ -z "$version" ] || DISTS="${DISTS},${dist}"
 done
 
+bin/remove-cve-dist-tags "${DISTS#,}" "${PACKAGE}" ${CVE}
+
 if ! $save; then
     cat $tmpf
     echo


=====================================
bin/remove-cve-dist-tags
=====================================
@@ -17,7 +17,7 @@ def keep_annotation(cve, annotation):
         return True
 
     if cve.header.name in cves and \
-       annotation.release == release and \
+       annotation.release in releases and \
        annotation.package == package:
         print(f"removing annotation for {cve.header.name}/{package}/{release}")
         return False
@@ -34,15 +34,17 @@ if len(sys.argv) <= 3:
     # assume there are no CVEs, so nothing to do
     sys.exit(0)
 
-release = sys.argv[1]
+releases = sys.argv[1].split(",")
 package = sys.argv[2]
 cves = sys.argv[3:]
 
 main_list = os.path.dirname(__file__) + '/../data/CVE/list'
 # check if another file was specified in config, e.g. a ExtendedFile
-distconfig = config.get_config()[release]
-if 'maincvefile' in distconfig:
-    main_list = os.path.dirname(__file__) + '/../' + distconfig['maincvefile']
+
+for release in releases:
+    distconfig = config.get_config()[release]
+    if 'maincvefile' in distconfig:
+        main_list = os.path.dirname(__file__) + '/../' + distconfig['maincvefile']
 
 data = parse_list(main_list)
 new_data = []



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/464007faa3b0fc6c3ed75cccb4264121687e0cda...e6f4c7102092d55b5809cb1863b8612b72c3d535

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/464007faa3b0fc6c3ed75cccb4264121687e0cda...e6f4c7102092d55b5809cb1863b8612b72c3d535
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211103/d6835458/attachment-0001.htm>