[Git][security-tracker-team/security-tracker][remove-cve-dist-tags-on-DSA] 2 commits: bin/remove-cve-dist-tags: accept multiple releases

[Emilio Pozuelo Monfort (@pochu)]

Emilio Pozuelo Monfort pushed to branch remove-cve-dist-tags-on-DSA at Debian Security Tracker / security-tracker


Commits:
5c746ce6 by Emilio Pozuelo Monfort at 2021-11-03T13:53:21+01:00
bin/remove-cve-dist-tags: accept multiple releases

The release argument is a comma-separated list now.

- - - - -
ff71382f by Emilio Pozuelo Monfort at 2021-11-03T13:53:21+01:00
gen-DSA: only call remove-cve-dist-tags once

And do it after we've asked for all the versions. Calling the script
after asking for each version and before asking for the next is
annoying as the script takes some time due to the size of CVE/list.

This way not only do we avoid that wait between user inputs, but we
also avoid calling the script and thus parsing CVE/list multiple times.

- - - - -


2 changed files:

- bin/gen-DSA
- bin/remove-cve-dist-tags


Changes:

=====================================
bin/gen-DSA
=====================================
@@ -357,6 +357,8 @@ for dist in $RELEASES; do
     setvar $dist
 done
 
+DISTS=
+
 for dist in $CODENAMES; do
     version="$(eval 'printf "%s" "$'"$dist"_VERSION'"')"
     if $save && [ -z "$version" ] && grep -q "${dist}_VERSION" "$tmpf"; then
@@ -367,9 +369,11 @@ for dist in $CODENAMES; do
 	fi
     fi
     [ -z "$version" ] || setvar "${dist}_VERSION" "$version"
-    [ -z "$version" ] || bin/remove-cve-dist-tags "${dist}" "${PACKAGE}" ${CVE}
+    [ -z "$version" ] || DISTS="${DISTS},${dist}"
 done
 
+bin/remove-cve-dist-tags "${DISTS#,}" "${PACKAGE}" ${CVE}
+
 if ! $save; then
     cat $tmpf
     echo


=====================================
bin/remove-cve-dist-tags
=====================================
@@ -17,9 +17,9 @@ def keep_annotation(cve, annotation):
         return True
 
     if cve.header.name in cves and \
-       annotation.release == release and \
+       annotation.release in releases and \
        annotation.package == package:
-        print(f"removing annotation for {cve.header.name}/{package}/{release}")
+        print(f"removing annotation for {cve.header.name}/{package}/{annotation.release}")
         return False
 
     return True
@@ -34,15 +34,17 @@ if len(sys.argv) <= 3:
     # assume there are no CVEs, so nothing to do
     sys.exit(0)
 
-release = sys.argv[1]
+releases = sys.argv[1].split(",")
 package = sys.argv[2]
 cves = sys.argv[3:]
 
 main_list = os.path.dirname(__file__) + '/../data/CVE/list'
 # check if another file was specified in config, e.g. a ExtendedFile
-distconfig = config.get_config()[release]
-if 'maincvefile' in distconfig:
-    main_list = os.path.dirname(__file__) + '/../' + distconfig['maincvefile']
+
+for release in releases:
+    distconfig = config.get_config()[release]
+    if 'maincvefile' in distconfig:
+        main_list = os.path.dirname(__file__) + '/../' + distconfig['maincvefile']
 
 data = parse_list(main_list)
 new_data = []



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e6f4c7102092d55b5809cb1863b8612b72c3d535...ff71382fd1839e9e66595b5113bd871da8762ed6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e6f4c7102092d55b5809cb1863b8612b72c3d535...ff71382fd1839e9e66595b5113bd871da8762ed6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211103/67babecf/attachment-0001.htm>