<div dir="ltr"><div dir="ltr"><br></div><div dir="auto"><div><br><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, 13 May 2020, 10:20 Stefan Bader, <<a href="mailto:stefan.bader@canonical.com" target="_blank">stefan.bader@canonical.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On 13.05.20 11:05, Kleber Souza wrote:<br> > Hi Dimitri,<br> > <br> > What are the packages and series affected by this issue?<br> <br> I think this is something for devel/unstable and then would come back to us via<br> cranky fix.<br><br> -Stefan<br></blockquote><div><br></div><div>yeap. Plus the kernel's download-signed is cargo culted into other -signed packages. i.e. zipl, grub, fwupd, etc. Which all could in the future benefit from these changes.</div><div><br></div><div>Regards,</div><div><br></div><div>Dimitri.</div><div><br></div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"> > <br> > <br> > Thanks,<br> > Kleber<br> > <br> > On 05.05.20 10:38, Dimitri John Ledkov wrote:<br> >> - drop unused imports<br> >> - drop unused assignments<br> >> - switch to argparse, thus gain -h/--help<br> >> - add optional positional argument 'signed_type', defaults to 'signed'<br> >> but can be specified to 'uefi' for grub2 downloads<br> >> - add support to simply download the "current" version<br> >><br> >> This enables `./download-signed grub2 current grub2 uefi` to fetch<br> >> grub2 signed binaries without breaking any compatibility with any<br> >> other invocations of this script.<br> >><br> >> BugLink: <a href="https://bugs.launchpad.net/bugs/1876875" rel="noreferrer noreferrer" target="_blank">https://bugs.launchpad.net/bugs/1876875</a><br> >> Signed-off-by: Dimitri John Ledkov <<a href="mailto:xnox@ubuntu.com" rel="noreferrer" target="_blank">xnox@ubuntu.com</a>><br> >> ---<br> >> download-signed | 40 +++++++++++++++++++++++++++++-----------<br> >> 1 file changed, 29 insertions(+), 11 deletions(-)<br> >><br> >> diff --git a/download-signed b/download-signed<br> >> index bed284e..0793696 100755<br> >> --- a/download-signed<br> >> +++ b/download-signed<br> >> @@ -1,9 +1,9 @@<br> >> #! /usr/bin/python3<br> >> <br> >> import hashlib<br> >> +import argparse<br> >> import os<br> >> import re<br> >> -import shutil<br> >> import sys<br> >> import tarfile<br> >> from urllib import request<br> >> @@ -14,12 +14,28 @@ from urllib.parse import (<br> >> )<br> >> <br> >> import apt<br> >> -from aptsources.distro import get_distro<br> >> <br> >> # package_name: package containing the objects we signed<br> >> # package_version: package version containing the objects we signed<br> >> # src_package: source package name in dists<br> >> -(package_name, package_version, src_package) = sys.argv[1:]<br> >> +# signed_type: 'signed' or 'uefi' schema in the url<br> >> +<br> >> +parser = argparse.ArgumentParser()<br> >> +parser.add_argument(<br> >> + "package_name",<br> >> + help="package containining the objects we signed")<br> >> +parser.add_argument(<br> >> + "package_version",<br> >> + help="package version containing the objects we signed, or 'current'")<br> >> +parser.add_argument(<br> >> + "src_package",<br> >> + help="source package name in dists")<br> >> +parser.add_argument(<br> >> + "signed_type",<br> >> + nargs='?',<br> >> + default='signed',<br> >> + help="subdirectory type in the url, 'signed' or 'uefi'")<br> >> +args = parser.parse_args()<br> >> <br> >> <br> >> class SignedDownloader:<br> >> @@ -30,7 +46,7 @@ class SignedDownloader:<br> >> identify the members and to validate them once downloaded.<br> >> """<br> >> <br> >> - def __init__(self, package_name, package_version, src_package):<br> >> + def __init__(self, package_name, package_version, src_package, signed_type='signed'):<br> >> self.package_name = package_name<br> >> self.package_version = package_version<br> >> self.src_package = src_package<br> >> @@ -41,10 +57,13 @@ class SignedDownloader:<br> >> cache = apt.Cache()<br> >> <br> >> self.package = None<br> >> - for version in cache[package_name].versions:<br> >> - if version.version == self.package_version:<br> >> - self.package = version<br> >> - break<br> >> + if self.package_version == "current":<br> >> + self.package = cache[package_name].candidate<br> >> + else:<br> >> + for version in cache[package_name].versions:<br> >> + if version.version == self.package_version:<br> >> + self.package = version<br> >> + break<br> >> <br> >> if not self.package:<br> >> raise KeyError("{0}: package version not found".format(self.package_name))<br> >> @@ -52,7 +71,7 @@ class SignedDownloader:<br> >> origin = self.package.origins[0]<br> >> pool_parsed = urlparse(self.package.uri)<br> >> self.package_dir = "%s/%s/%s/%s-%s/%s/" % (<br> >> - origin.archive, 'main', 'signed',<br> >> + origin.archive, 'main', signed_type,<br> >> self.src_package, self.package.architecture, self.package_version)<br> >> <br> >> # Prepare the master url stem and pull out any username/password. If present<br> >> @@ -152,7 +171,6 @@ class SignedDownloader:<br> >> if os.path.exists(tarball_filename):<br> >> with tarfile.open(tarball_filename) as tarball:<br> >> for tarinfo in tarball:<br> >> - fullname = os.path.abspath(os.path.join(base, <a href="http://tarinfo.name" rel="noreferrer noreferrer" target="_blank">tarinfo.name</a>))<br> >> if not filename.startswith(here):<br> >> print('download-signed: {0}: tarball member outside output directory'.format(member))<br> >> sys.exit(1)<br> >> @@ -161,5 +179,5 @@ class SignedDownloader:<br> >> tarball.extract(tarinfo, base)<br> >> <br> >> <br> >> -downloader = SignedDownloader(package_name, package_version, src_package)<br> >> +downloader = SignedDownloader(**vars(args))<br> >> downloader.download('.')<br> >><br> > <br> > <br> <br> <br> </blockquote></div></div></div> </div>