~ubuntu-security/ubuntu-security-tools/trunk

#!/bin/bash

#

# Copyright 2007-2011 (C) Jamie Strandboge <jamie@strandboge.com>

# License: GPLv2

#

# Requires UCT to be set to ubuntu-cve-tracker

#

# Usage:

#  copy_sppa_to_repos foo

#  copy_sppa_to_repos --arch "i386,amd64,lpia" foo

#

# Kernel examples:

#  $UST/repo-tools/copy_sppa_to_repos --re 'linux-(headers|image).*-[0-9]+(|-686|(-amd64)?-generic|-common)_' linux-source-2.6.15

#  $UST/repo-tools/copy_sppa_to_repos --re 'linux-(headers|image)-2.*-[0-9]+(|-amd64|-686|(-amd64)?-generic|-common)_' linux

#

# Kernel ABI-tracked examples:

#  $UST/repo-tools/copy_sppa_to_repos --re 'linux-restricted-modules.*(-686|-generic|-common)' linux-restricted-modules{,-2.6.15,-2.6.24}

#  $UST/repo-tools/copy_sppa_to_repos --re 'linux-.*(-686|-generic|-common)' linux-backports-modules-2.6.{15,24,27,28,31}

#  $UST/repo-tools/copy_sppa_to_repos --re 'linux-(ubuntu|headers).*(-686|-generic|-common)' linux-ubuntu-modules-2.6.24

#  $UST/repo-tools/copy_sppa_to_repos linux-meta

#

# By default i386 and amd64 binaries are downloaded. Use ARCH to download

# others.

set -e

ustconf="$HOME/.ubuntu-security-tools.conf"

if [ -s "$ustconf" ]; then

    . "$ustconf"

else

    echo "Could not find '$ustconf'" >&2

    exit 1

fi

help() {

    cat << EOM

Usage: copy_sppa_to_repos [options]

Options:

 -h, --help                 Show this help message and exit

 --ppa=PERSON[/PPA]         Which PPA to use (default is 'ubuntu-security/ppa')

 --distribution=DIST        Which alternative distribution to use (eg,

                            'ubuntu-rtm')

 -a, --arch=ARCH[,ARCH...]  Limit to comma-separated list of archs

 --re=RE                    Only include those matching this regular expression

 --batch                    Limit number of matches when working around

                            LP #302116

 --start-index              Specify starting count when working around

                            LP #302116

 --include-devel            Include development release

 --include-debug            Include *.udeb, -dbg, -dbgsym, and -locale packages

 --include-eol              Include end of life releases

 --release=SERIES           Limit to a specific set of comma-separate releases

 --source-changes-dir=DIR   Specify a directory with source.changes files

 --source                   Include package sources

 --force-binaries           Force binary download over existing packages

 --debug                    Show debug output

EOM

exit 0

}

OPTS=`getopt -o a:,h,f,r: --long ppa:,distribution:,arch:,re:,batch:,force-binaries,include-devel,include-debug,include-eol,release:,start-index:,source-changes-dir:,source,help,debug -n "$0" -- "$@"`

eval set -- "$OPTS"

batch=""

index=""

arch="$ARCH"

ppa=""

distribution=""

re=""

include_devel=""

include_debug=""

include_eol=""

release=""

debug=""

force_binaries=""

source_changes_dir=""

get_source=""

while true ; do

    case "$1" in

        # workaround for bug #302116

        --batch) batch="--batch $2"; shift 2 ;;

        --start-index) index="--start-index $2"; shift 2 ;;

        -h|--help) help ;;

        -f|--force-binaries) force_binaries="yes" ; shift 1;;

        --debug) debug="--debug"; shift 1 ;;

        -a|--arch) arch="$2"; shift 2 ;;

        --ppa) ppa="--ppa $2"; shift 2 ;;

        --distribution) distribution="--distribution $2"; shift 2 ;;

        --re) re="--re $2"; shift 2 ;;

        --include-devel) include_devel="--include-devel" ; shift 1 ;;

        --include-debug) include_debug="--include-debug" ; shift 1 ;;

	--include-eol) include_eol="--include-eol" ; shift 1 ;;

        -r|--release) release="--release $2"; include_devel="--include-devel"; include_eol="--include-eol"; shift 2;;

        --source-changes-dir) source_changes_dir="$2"; shift 2 ;;

        --source) get_source="true"; shift 1 ;;

        --) shift ; break ;;

        *) echo "Unknown option '$1'" ; exit 1 ;;

    esac

done

pkgs="$@"

# Set up defaults

if [ -z "$arch" ]; then

    arch="i386,amd64"

fi

if [ -z "$pkgs" ]; then

    if [ -z "$SRCPKG" ]; then

        echo "Please export SRCPKG. Eg:" >&2

        echo 'SRCPKG=$(echo "srcpkg1 srcpkg2...")' >&2

        exit 1

    else

        pkgs="$SRCPKG"

    fi

fi

echo "Downloading: $pkgs ($arch)"

err=""

tmpdir_changes=""

echo "Changes:"

if [ -d "$source_changes_dir" ]; then

    tmpdir_changes="$source_changes_dir"

    echo "Using cached files in '$source_changes_dir':"

    ls -1 "$source_changes_dir"

else

    tmpdir_changes=`mktemp -d copy_sppa_to_repo-changes.XXXXXXXXXXXXXX --tmpdir`

    $UCT/scripts/sis-changes $release $include_devel $include_eol $debug $ppa $distribution $batch $index --action changes --arch $arch --download $tmpdir_changes --force-download $pkgs || {

        echo ""

        echo "Error downloading changes. Leaving '$tmpdir_changes'."

        exit 1

    }

fi

echo ""

echo "Binaries:"

tmpdir_binaries=`mktemp -d copy_sppa_to_repo-binaries.XXXXXXXXXXXXXX --tmpdir`

[ -n "${get_source}" ] && tmpdir_sources=`mktemp -d copy_sppa_to_repo-sources.XXXXXXXXXXXXXX --tmpdir`

bin_pkgs=

have_pkgs=

if [ -n "$force_binaries" ]; then

    bin_pkgs="$pkgs"

else

    for p in $pkgs ; do

        for i in `ls -1 $tmpdir_changes/${p}_*_source.changes` ; do

            version=`egrep '^Version: ' $i | cut -d ' ' -f 2 | sed 's/^[0-9]:\(.*\)/\1/g'`

            dist=`egrep '^Distribution: ' $i | cut -d ' ' -f 2 | cut -d '-' -f 1`

            if ls ${package_tools_repo_base}/${dist}/*${version}*.deb >/dev/null 2>&1 ; then

                echo "$have_pkgs" | grep -q -v " $p/$dist" && {

                    echo "Found '$p/$dist'"

                    have_pkgs="$have_pkgs $p/$dist"

                }

            else

                if [ -z "$bin_pkgs" ]; then

                    bin_pkgs="$p "

                else

                    echo "$bin_pkgs" | grep -q -v "$p " && bin_pkgs="$bin_pkgs$p "

                fi

            fi

        done

    done

    if [ -n "$have_pkgs" ]; then

        if [ -n "$bin_pkgs" ]; then

            echo ""

            echo "Proceeding to download only (use '--force-binaries' to override):"

            echo "$bin_pkgs"

        else

            echo ""

            echo "Found existing binaries with the same version. Exiting"

            echo "(use '--source-changes-dir $tmpdir_changes --force-binaries' to override)"

            #rm -rf "$tmpdir_changes" "$tmpdir_binaries"

            exit 0

        fi

    fi

fi

$UCT/scripts/sis-changes $release $include_devel $include_debug $include_eol $debug $ppa $distribution $batch $index --action binaries --arch $arch --download $tmpdir_binaries --force-download $re $bin_pkgs || {

    echo ""

    echo "Error downloading binary packages. Leaving '$tmpdir_changes' and '$tmpdir_binaries'."

    exit 1

}

if [ -n "${get_source}" ] ; then

    $UCT/scripts/sis-changes $release $include_devel $include_debug $include_eol $debug $ppa $distribution $batch $index --action source --download $tmpdir_sources --force-download --fetch-orig $re $bin_pkgs || {

    	echo ""

    	echo "Error downloading source packages. Leaving '$tmpdir_changes' and '$tmpdir_binaries'."

    	exit 1

    }

fi

dists_to_update=""

for i in $tmpdir_changes/*_source.changes ; do

    version=`egrep '^Version: ' $i | cut -d ' ' -f 2 | sed 's/^[0-9]:\(.*\)/\1/g'`

    dist=`egrep '^Distribution: ' $i | cut -d ' ' -f 2 | cut -d '-' -f 1`

    mkdir -p ${package_tools_repo_base}/${dist}

    downloaded_binaries=`ls $tmpdir_binaries/*${version}*` || true

    if [ -n "$downloaded_binaries" ]; then

        cp $tmpdir_changes/*${version}* ${package_tools_repo_base}/${dist} || err="yes"

        cp $tmpdir_binaries/*${version}* ${package_tools_repo_base}/${dist} || err="yes"

        if [ -n "${get_source}" ] ; then

            dcmd cp $tmpdir_sources/*${version}*.dsc ${package_tools_repo_base}/${dist} || err="yes"

	fi

    else

        echo "No binaries in '$tmpdir_binaries'. Skipping copy to ${package_tools_repo_base}."

        err="yes"

    fi

    if [ -z "$dists_to_update" ] || echo "$dists_to_update" | grep -qv "$dist" ; then

        dists_to_update="$dists_to_update $dist"

    fi

    chmod go+r ${package_tools_repo_base}/${dist}/*

done

if [ -z "$err" ]; then

    for dist in $dists_to_update ; do

        $UST/repo-tools/update_repo $dist || {

            echo "Error with 'update_repo $dist'" >&2

            err="yes"

        }

    done

fi

if [ -n "$err" ]; then

    echo ""

    echo -n "Errors found. "

    rmdir "$tmpdir_changes" 2>/dev/null || /bin/echo -e "Leaving files in:\n $tmpdir_changes (changes)"

    rmdir "$tmpdir_binaries" 2>/dev/null || echo " $tmpdir_binaries (binaries)"

    [ -n "${get_source}" ] && rmdir "${tmpdir_sources}" 2>/dev/null || echo " ${tmpdir_sources} (sources)"

    exit 1

fi

echo rm -rf ${tmpdir_binaries} ${tmpdir_changes} ${tmpdir_sources}

rm -rf $tmpdir_binaries $tmpdir_changes

if [ -n "${get_source}" ] ; then

    rm -rf "${tmpdir_sources}"

fi