[PATCH] Given a package allow to check in which releases security support has ended
When triaging LTS issues I always have to look up what we still support
and what not. Attached script simplifies this a bit:
$ bin/support-ended.py --lists /path/to/debian-security-support/ iceape
Package unsupported in wheezy
Package unsupported in squeeze
Does this make sense? It would be great if we could later add this to
the scripts mangling data/CVE/list to add the <end-of-life> entries
automatically. What would be the right place for that?
I didn't find a place in Debian where we canonically map release names
to release numbers (i.e. squeeze -> 6.x, jessie -> 7.x). I'm sure there
is such a thing so I'm happy about any pointers.
Cheers,
-- Guido
>From e1508578b382be7d10160d6dc4dda74d356abb62 Mon Sep 17 00:00:00 2001
Message-Id: <e1508578b382be7d10160d6dc4dda74d356abb62.1455729125.git.agx@sigxcpu.org>
From: =?UTF-8?q?Guido=20G=C3=BCnther?= <agx@sigxcpu.org>
Date: Wed, 17 Feb 2016 18:04:39 +0100
Subject: [PATCH] Given a package allow to check in which releases security
support has ended
To: debian-lts@lists.debian.org
$ bin/support-ended.py --lists /path/to/debian-security-support/ iceape
Package unsupported in wheezy
Package unsupported in squeeze
---
bin/support-ended.py | 79 ++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 79 insertions(+)
create mode 100755 bin/support-ended.py
diff --git a/bin/support-ended.py b/bin/support-ended.py
new file mode 100755
index 0000000..3cfb331
--- /dev/null
+++ b/bin/support-ended.py
@@ -0,0 +1,79 @@
+#!/usr/bin/python
+# vim: set fileencoding=utf-8 :
+#
+# Copyright 2016 Guido Günther <agx@sigxcpu.org>
+#
+# This file is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 2 of the License, or
+# (at your option) any later version.
+#
+# This file is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this file. If not, see <https://www.gnu.org/licenses/>.
+
+"""Check if and when support ended for a given package"""
+
+import argparse
+import glob
+import os
+import re
+import sys
+
+release_mapping = {
+ 'deb6': 'squeeze',
+ 'deb7': 'wheezy',
+ 'deb8': 'jessie',
+ 'deb9': 'stretch',
+}
+
+
+SUPPORT_ENDED = 0 # security support ended in at least one suite
+SUPPORT_FULL = 2 # fully supported in all known suites
+
+
+def relnum_to_relname(relnum):
+ return release_mapping[relnum]
+
+
+def find_releases(pkg, dir):
+ rels = []
+
+ pkg_re = re.compile(r"(%s)\s+" % pkg)
+ pattern = "security-support-ended.deb*"
+ lists = glob.glob(os.path.join(dir, pattern))
+ if not lists:
+ raise Exception("No lists matching %s found in %s", (pattern, dir))
+
+ for fn in lists:
+ _, ext = os.path.splitext(fn)
+ rel = ext[1:]
+ with open(fn) as f:
+ for line in f:
+ if pkg_re.match(line):
+ rels.append(relnum_to_relname(rel))
+ break
+ return rels
+
+def main():
+ parser = argparse.ArgumentParser(
+ description='Check if and when security support ended for a given package')
+ parser.add_argument('--lists', help='Directory that contains the lists of unsupported packages ', default='.')
+ parser.add_argument('package', nargs=1, help='package to check')
+
+ args = parser.parse_args()
+
+ rels = find_releases(args.package[0], args.lists)
+ if rels:
+ for rel in rels:
+ print("Package unsupported in %s" % rel)
+ else:
+ return SUPPORT_FULL
+ return SUPPORT_ENDED
+
+if __name__ == '__main__':
+ sys.exit(main())
--
2.7.0
Reply to: