Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package obs-service-cargo_audit for
openSUSE:Factory checked in at 2021-06-04 00:33:33
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/obs-service-cargo_audit (Old)
and /work/SRC/openSUSE:Factory/.obs-service-cargo_audit.new.1898 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "obs-service-cargo_audit"
Fri Jun 4 00:33:33 2021 rev:3 rq:897042 version:0.1.3~git0.4f7c8fc
Changes:
--------
---
/work/SRC/openSUSE:Factory/obs-service-cargo_audit/obs-service-cargo_audit.changes
2021-05-20 19:25:31.309828931 +0200
+++
/work/SRC/openSUSE:Factory/.obs-service-cargo_audit.new.1898/obs-service-cargo_audit.changes
2021-06-04 00:33:45.348904540 +0200
@@ -1,0 +2,6 @@
+Wed Jun 02 06:34:49 UTC 2021 - wbr...@suse.de
+
+- Update to version 0.1.3~git0.4f7c8fc:
+ * Add support for selecting a unique lockfile in service usage
+
+-------------------------------------------------------------------
Old:
----
obs-service-cargo_audit-0.1.2~git0.e25df37.tar.gz
New:
----
obs-service-cargo_audit-0.1.3~git0.4f7c8fc.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ obs-service-cargo_audit.spec ++++++
--- /var/tmp/diff_new_pack.VY5i80/_old 2021-06-04 00:33:45.792905818 +0200
+++ /var/tmp/diff_new_pack.VY5i80/_new 2021-06-04 00:33:45.796905830 +0200
@@ -22,7 +22,7 @@
License: MPL-2.0
Group: Development/Tools/Building
URL: https://github.com/openSUSE/obs-service-%{service}
-Version: 0.1.2~git0.e25df37
+Version: 0.1.3~git0.4f7c8fc
Release: 0
Source: %{name}-%{version}.tar.gz
BuildRequires: python3
++++++ _service ++++++
--- /var/tmp/diff_new_pack.VY5i80/_old 2021-06-04 00:33:45.820905899 +0200
+++ /var/tmp/diff_new_pack.VY5i80/_new 2021-06-04 00:33:45.820905899 +0200
@@ -3,7 +3,7 @@
<param
name="url">https://github.com/openSUSE/obs-service-cargo_audit.git</param>
<param name="versionformat">@PARENT_TAG@~git@TAG_OFFSET@.%h</param>
<param name="scm">git</param>
- <param name="revision">v0.1.2</param>
+ <param name="revision">v0.1.3</param>
<param name="match-tag">v*</param>
<param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
<param name="versionrewrite-replacement">\1</param>
++++++ obs-service-cargo_audit-0.1.2~git0.e25df37.tar.gz ->
obs-service-cargo_audit-0.1.3~git0.4f7c8fc.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/obs-service-cargo_audit-0.1.2~git0.e25df37/cargo_audit
new/obs-service-cargo_audit-0.1.3~git0.4f7c8fc/cargo_audit
--- old/obs-service-cargo_audit-0.1.2~git0.e25df37/cargo_audit 2021-05-19
02:24:02.000000000 +0200
+++ new/obs-service-cargo_audit-0.1.3~git0.4f7c8fc/cargo_audit 2021-06-02
06:54:54.000000000 +0200
@@ -42,11 +42,13 @@
description=description,
formatter_class=argparse.RawDescriptionHelpFormatter
)
parser.add_argument("--srcdir")
+parser.add_argument("--lockfile", default=None)
# We always ignore this parameter.
parser.add_argument("--outdir")
args = parser.parse_args()
srcdir = args.srcdir
+lockfile = args.lockfile
def find_file(path, filename):
return [
@@ -56,18 +58,18 @@
]
def generate_lock(path):
- log.debug(f"Running cargo generate-lockfile against: {path}/Cargo.toml")
+ log.debug(f" Running cargo generate-lockfile against: {path}/Cargo.toml")
cmd = [
"cargo", "generate-lockfile", "-q",
"--manifest-path", f"{path}/Cargo.toml",
]
dcmd = " ".join(cmd)
- log.debug(f"Running {dcmd}")
+ log.debug(f" Running {dcmd}")
proc = run(cmd, check=False, stdout=PIPE, stderr=STDOUT)
output = proc.stdout.decode("utf-8").strip()
- log.debug(f"return: {proc.returncode}")
+ log.debug(f" return: {proc.returncode}")
if proc.returncode != 0:
- log.error(f"Could not generate Cargo.lock under {path}")
+ log.error(f" Could not generate Cargo.lock under {path}")
exit(1)
def cargo_audit(lock_file):
@@ -92,42 +94,47 @@
# Issue may have been found!
vuln_count = details["vulnerabilities"]["count"]
if vuln_count > 0:
- log.error(f"possible vulnerabilties: {vuln_count}")
+ log.error(f" possible vulnerabilties: {vuln_count}")
vulns = details["vulnerabilities"]["list"]
for vuln in vulns:
affects = vuln["advisory"]["package"]
cvss = vuln["advisory"]["cvss"]
vid = vuln["advisory"]["id"]
categories = vuln["advisory"]["categories"]
- log.error(f"???? {vid} -> crate: {affects}, cvss: {cvss},
class: {categories}")
- log.error(f"For more information you SHOULD inspect the output of
cargo-audit manually for {lock_file}.")
+ log.error(f" ???? {vid} -> crate: {affects}, cvss: {cvss},
class: {categories}")
+ log.error(f" For more information you SHOULD inspect the output of
cargo-audit manually for {lock_file}.")
return True
- log.info(f"??? No known issues detected in {lock_file}")
+ log.info(f" ??? No known issues detected in {lock_file}")
return False
def main():
- log.info(f"Running OBS Source Service ????: {service_name}")
- log.info(f"Current working dir: {os.getcwd()}")
- log.info(f"Searching for Cargo.lock in: {srcdir}")
-
- cargo_lock_paths = find_file(srcdir, "Cargo.lock")
-
- if not cargo_lock_paths:
- log.info(f"No Rust Cargo.lock found under {srcdir}")
- log.info(f"Searching for Cargo.toml in: {srcdir}")
- if find_file(srcdir, "Cargo.toml"):
- generate_lock(srcdir)
- else:
- log.error(f"No Rust Cargo.toml found under {srcdir}")
- exit(1)
+ log.info(f" Running OBS Source Service ????: {service_name}")
+ log.debug(f" Current working dir: {os.getcwd()}")
+
+ cargo_lock_paths = []
+ if lockfile:
+ cargo_lock_paths = [lockfile]
+ log.info(f" _service configured lock file: {lockfile}")
else:
- log.debug(f"Detected Rust lock files: {cargo_lock_paths}")
+ log.info(f" Searching for Cargo.lock in: {srcdir}")
+ cargo_lock_paths = find_file(srcdir, "Cargo.lock")
+
+ if not cargo_lock_paths:
+ log.info(f" No Rust Cargo.lock found under {srcdir}")
+ log.info(f" Searching for Cargo.toml in: {srcdir}")
+ if find_file(srcdir, "Cargo.toml"):
+ generate_lock(srcdir)
+ else:
+ log.error(f" No Rust Cargo.toml found under {srcdir}")
+ exit(1)
+ else:
+ log.debug(f" Detected Rust lock files: {cargo_lock_paths}")
status = any([cargo_audit(cargo_lock_path) for cargo_lock_path in
cargo_lock_paths])
if status:
- log.error("???? Vulnerabilities may have been found. You must review
these.")
+ log.error(" ?????? Vulnerabilities may have been found. You must
review these.")
exit(1)
- log.info("No known issues detected ????????")
+ log.info(" ???? ???? No known issues detected")
if __name__ == "__main__":
main()
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/obs-service-cargo_audit-0.1.2~git0.e25df37/do_scan.py
new/obs-service-cargo_audit-0.1.3~git0.4f7c8fc/do_scan.py
--- old/obs-service-cargo_audit-0.1.2~git0.e25df37/do_scan.py 1970-01-01
01:00:00.000000000 +0100
+++ new/obs-service-cargo_audit-0.1.3~git0.4f7c8fc/do_scan.py 2021-06-02
06:54:54.000000000 +0200
@@ -0,0 +1,95 @@
+#!/usr/bin/python3
+import subprocess
+import os
+import xml.etree.ElementTree as ET
+
+
+WHATDEPENDS = ["osc", "whatdependson", "openSUSE:Factory", "rust", "standard",
"x86_64"]
+
+CHECKOUT = ["osc", "co", "openSUSE:Factory"]
+UPDATE = ["osc", "up", "openSUSE:Factory"]
+
+
+EXCLUDE = set([
+ 'MozillaFirefox',
+ 'MozillaThunderbird',
+ 'rust',
+ 'seamonkey',
+ 'meson:test'
+])
+
+def list_whatdepends():
+ # osc whatdependson openSUSE:Factory rust standard x86_64
+ raw_depends = subprocess.check_output(WHATDEPENDS, encoding='UTF-8')
+
+ # Split on new lines
+ raw_depends = raw_depends.split('\n')
+
+ # First line is our package name, so remove it.
+ raw_depends = raw_depends[1:]
+
+ # Clean up white space now.
+ raw_depends = [x.strip() for x in raw_depends]
+
+ # Remove any empty strings.
+ raw_depends = [x for x in raw_depends if x != '']
+
+ # Do we have anything that we should exclude?
+ raw_depends = [x for x in raw_depends if x not in EXCLUDE]
+
+ return raw_depends
+
+def checkout_or_update(pkgname):
+ if os.path.exists('openSUSE:Factory') and
os.path.exists(f'openSUSE:Factory/{pkgname}'):
+ print(f"osc up openSUSE:Factory/{pkgname}")
+ subprocess.check_call(["osc", "up", f"openSUSE:Factory/{pkgname}"])
+ else:
+ print(f"osc co openSUSE:Factory/{pkgname}")
+ subprocess.check_call(["osc", "co", f"openSUSE:Factory/{pkgname}"])
+
+def does_have_cargo_audit(pkgname):
+ service = f"openSUSE:Factory/{pkgname}/_service"
+ if os.path.exists(service):
+ root_node = ET.parse(service).getroot()
+ for tag in root_node.findall('service'):
+ if tag.attrib['name'] == 'cargo_audit':
+ return True
+ return False
+
+def do_services(pkgname):
+ try:
+ out = subprocess.check_output(["osc", "service", "ra"],
cwd=f"openSUSE:Factory/{pkgname}", encoding='UTF-8', stderr=subprocess.STDOUT)
+ print(f"??? -- passed")
+ except subprocess.CalledProcessError as e:
+ print(f"???? -- services failed")
+ print(e.stdout)
+
+if __name__ == '__main__':
+ depends = list_whatdepends()
+
+ # For testing, we hardcode the list for dev.
+ # depends = ['kanidm', 'librsvg', 'rust-cbindgen']
+
+ # Check them out, or update if they exist.
+ auditable_depends = []
+ for pkgname in depends:
+ print("---")
+ checkout_or_update(pkgname)
+ # do they have cargo_audit as a service?
+ has_audit = does_have_cargo_audit(pkgname)
+ if not has_audit:
+ print(f"??????
https://build.opensuse.org/package/show/openSUSE:Factory/{pkgname} missing
cargo_audit service")
+ print(f"??????
https://build.opensuse.org/package/users/openSUSE:Factory/{pkgname}";)
+ # subprocess.check_call(["osc", "maintainer",
f"openSUSE:Factory/{pkgname}"])
+ else:
+ # If they do, run services. We may not know what they need for
this to work, so we
+ # have to run the full stack.
+ auditable_depends.append(pkgname)
+
+ for pkgname in auditable_depends:
+ print("---")
+ print(f"???? running services for {pkgname} ...")
+ do_services(pkgname)
+
+ print("--- complete")
+
