[PATCH] UBUNTU: download-signed: improve to support grub2 downloads

Dimitri John Ledkov xnox at ubuntu.com
Wed May 13 10:53:06 UTC 2020 

On Wed, 13 May 2020, 10:20 Stefan Bader, <stefan.bader at canonical.com> wrote:

> On 13.05.20 11:05, Kleber Souza wrote:
> > Hi Dimitri,
> >
> > What are the packages and series affected by this issue?
>
> I think this is something for devel/unstable and then would come back to
> us via
> cranky fix.
>
> -Stefan
>

yeap. Plus the kernel's download-signed is cargo culted into other -signed
packages. i.e. zipl, grub, fwupd, etc. Which all could in the future
benefit from these changes.

Regards,

Dimitri.




> >
> >
> > Thanks,
> > Kleber
> >
> > On 05.05.20 10:38, Dimitri John Ledkov wrote:
> >> - drop unused imports
> >> - drop unused assignments
> >> - switch to argparse, thus gain -h/--help
> >> - add optional positional argument 'signed_type', defaults to 'signed'
> >>   but can be specified to 'uefi' for grub2 downloads
> >> - add support to simply download the "current" version
> >>
> >> This enables `./download-signed grub2 current grub2 uefi` to fetch
> >> grub2 signed binaries without breaking any compatibility with any
> >> other invocations of this script.
> >>
> >> BugLink: https://bugs.launchpad.net/bugs/1876875
> >> Signed-off-by: Dimitri John Ledkov <xnox at ubuntu.com>
> >> ---
> >>  download-signed | 40 +++++++++++++++++++++++++++++-----------
> >>  1 file changed, 29 insertions(+), 11 deletions(-)
> >>
> >> diff --git a/download-signed b/download-signed
> >> index bed284e..0793696 100755
> >> --- a/download-signed
> >> +++ b/download-signed
> >> @@ -1,9 +1,9 @@
> >>  #! /usr/bin/python3
> >>
> >>  import hashlib
> >> +import argparse
> >>  import os
> >>  import re
> >> -import shutil
> >>  import sys
> >>  import tarfile
> >>  from urllib import request
> >> @@ -14,12 +14,28 @@ from urllib.parse import (
> >>      )
> >>
> >>  import apt
> >> -from aptsources.distro import get_distro
> >>
> >>  # package_name: package containing the objects we signed
> >>  # package_version: package version containing the objects we signed
> >>  # src_package: source package name in dists
> >> -(package_name, package_version, src_package) = sys.argv[1:]
> >> +# signed_type: 'signed' or 'uefi' schema in the url
> >> +
> >> +parser = argparse.ArgumentParser()
> >> +parser.add_argument(
> >> +    "package_name",
> >> +    help="package containining the objects we signed")
> >> +parser.add_argument(
> >> +    "package_version",
> >> +    help="package version containing the objects we signed, or
> 'current'")
> >> +parser.add_argument(
> >> +    "src_package",
> >> +    help="source package name in dists")
> >> +parser.add_argument(
> >> +    "signed_type",
> >> +    nargs='?',
> >> +    default='signed',
> >> +    help="subdirectory type in the url, 'signed' or 'uefi'")
> >> +args = parser.parse_args()
> >>
> >>
> >>  class SignedDownloader:
> >> @@ -30,7 +46,7 @@ class SignedDownloader:
> >>      identify the members and to validate them once downloaded.
> >>      """
> >>
> >> -    def __init__(self, package_name, package_version, src_package):
> >> +    def __init__(self, package_name, package_version, src_package,
> signed_type='signed'):
> >>          self.package_name = package_name
> >>          self.package_version = package_version
> >>          self.src_package = src_package
> >> @@ -41,10 +57,13 @@ class SignedDownloader:
> >>          cache = apt.Cache()
> >>
> >>          self.package = None
> >> -        for version in cache[package_name].versions:
> >> -            if version.version == self.package_version:
> >> -                self.package = version
> >> -                break
> >> +        if self.package_version == "current":
> >> +            self.package = cache[package_name].candidate
> >> +        else:
> >> +            for version in cache[package_name].versions:
> >> +                if version.version == self.package_version:
> >> +                    self.package = version
> >> +                    break
> >>
> >>          if not self.package:
> >>              raise KeyError("{0}: package version not
> found".format(self.package_name))
> >> @@ -52,7 +71,7 @@ class SignedDownloader:
> >>          origin = self.package.origins[0]
> >>          pool_parsed = urlparse(self.package.uri)
> >>          self.package_dir = "%s/%s/%s/%s-%s/%s/" % (
> >> -            origin.archive, 'main', 'signed',
> >> +            origin.archive, 'main', signed_type,
> >>              self.src_package, self.package.architecture,
> self.package_version)
> >>
> >>          # Prepare the master url stem and pull out any
> username/password.  If present
> >> @@ -152,7 +171,6 @@ class SignedDownloader:
> >>          if os.path.exists(tarball_filename):
> >>              with tarfile.open(tarball_filename) as tarball:
> >>                  for tarinfo in tarball:
> >> -                    fullname = os.path.abspath(os.path.join(base,
> tarinfo.name))
> >>                      if not filename.startswith(here):
> >>                          print('download-signed: {0}: tarball member
> outside output directory'.format(member))
> >>                          sys.exit(1)
> >> @@ -161,5 +179,5 @@ class SignedDownloader:
> >>                      tarball.extract(tarinfo, base)
> >>
> >>
> >> -downloader = SignedDownloader(package_name, package_version,
> src_package)
> >> +downloader = SignedDownloader(**vars(args))
> >>  downloader.download('.')
> >>
> >
> >
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20200513/2e258dfe/attachment-0001.html>

More information about the kernel-team mailing list