Re: [PATCH] Given a package allow to check in which releases security support has ended
Hi,
On Thu, Feb 18, 2016 at 06:02:12PM +0100, Holger Levsen wrote:
> Hi Guido,
>
> On Mittwoch, 17. Februar 2016, Guido Günther wrote:
> > When triaging LTS issues I always have to look up what we still support
> > and what not. Attached script simplifies this a bit:
> >
> > $ bin/support-ended.py --lists /path/to/debian-security-support/ iceape
> > Package unsupported in wheezy
> > Package unsupported in squeeze
>
> very nice!
>
> > I didn't find a place in Debian where we canonically map release names
> > to release numbers (i.e. squeeze -> 6.x, jessie -> 7.x). I'm sure there
> > is such a thing so I'm happy about any pointers.
>
> apt-cache show distro-info
Ahhh...great and there's python-distro-info as well.
I'm not using it yet since there's no support for LTS EOL dates yet (bug
to be filed in a second). It's needed for the new (attached) version
that also validates the packages individual EOL date.
Cheers,
-- Guido
>From 2318cfc52ecbeaed5fee47c8c6d665377e4d4646 Mon Sep 17 00:00:00 2001
Message-Id: <2318cfc52ecbeaed5fee47c8c6d665377e4d4646.1459185378.git.agx@sigxcpu.org>
From: =?UTF-8?q?Guido=20G=C3=BCnther?= <agx@sigxcpu.org>
Date: Wed, 17 Feb 2016 18:04:39 +0100
Subject: [PATCH] Given a package allow to check in which releases security
support has ended
To: debian-lts@lists.debian.org
By default we check if the package will be supported until the release
goes EOL:
$ bin/support-ended.py --lists debian-security-support/ tomcat6
Package unsupported in stretch
Package unsupported in wheezy
Package unsupported in jessie
but we can also check if it support ends within the next N days:
# tomcat6 is marked as EOL for 2016-12-31
$ bin/support-ended.py --lists debian-security-support/ tomcat6 --days 100
<empty>
$ bin/support-ended.py --lists debian-security-support/ tomcat6 --days 300
Package unsupported in stretch
Package unsupported in wheezy
Package unsupported in jessie
---
bin/support-ended.py | 99 ++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 99 insertions(+)
create mode 100755 bin/support-ended.py
diff --git a/bin/support-ended.py b/bin/support-ended.py
new file mode 100755
index 0000000..9a248a8
--- /dev/null
+++ b/bin/support-ended.py
@@ -0,0 +1,99 @@
+#!/usr/bin/python
+# vim: set fileencoding=utf-8 :
+#
+# Copyright 2016 Guido Günther <agx@sigxcpu.org>
+#
+# This file is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 2 of the License, or
+# (at your option) any later version.
+#
+# This file is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this file. If not, see <https://www.gnu.org/licenses/>.
+
+"""Check if and when support ended for a given package"""
+
+import argparse
+import datetime
+import glob
+import os
+import re
+import sys
+
+
+release_mapping = {
+ 'deb6': ('squeeze', '2016-02-29'),
+ 'deb7': ('wheezy', '2018-05-31'),
+ # End date not yet fixed
+ 'deb8': ('jessie', '2020-04-30'),
+ # Not even released yet
+ 'deb9': ('stretch', None),
+}
+
+
+SUPPORT_ENDED = 0 # security support ended in at least one suite
+SUPPORT_FULL = 2 # fully supported in all known suites
+
+
+def relnum_to_relname(relnum):
+ return release_mapping[relnum][0]
+
+
+def release_eol(relnum):
+ eolstr = release_mapping[relnum][1]
+ return iso8601date_to_datetime(eolstr) if eolstr else None
+
+
+def iso8601date_to_datetime(datestr):
+ return datetime.datetime.strptime(datestr, "%Y-%m-%d")
+
+
+def find_releases(pkg, dir, days):
+ rels = []
+ pkg_re = re.compile(r"(?P<PKG>%s)\s+[^\s]+\s+(?P<EOL>[0-9]{4}-[0-9]{2}-[0-9]{2})" % pkg)
+ pattern = "security-support-ended.deb*"
+ lists = glob.glob(os.path.join(dir, pattern))
+ if not lists:
+ raise Exception("No lists matching %s found in %s", (pattern, dir))
+
+ end = datetime.datetime.today() + datetime.timedelta(days=days) if days else None
+
+ for fn in lists:
+ _, ext = os.path.splitext(fn)
+ rel = ext[1:]
+ sup_needed_til = end or release_eol(rel)
+ with open(fn) as f:
+ for line in f:
+ m = pkg_re.match(line)
+ if m:
+ pkgeol = iso8601date_to_datetime(m.group("EOL"))
+ if not sup_needed_til or pkgeol < sup_needed_til:
+ rels.append(relnum_to_relname(rel))
+ break
+ return rels
+
+
+def main():
+ parser = argparse.ArgumentParser(
+ description='Check if and when security support ended for a given package')
+ parser.add_argument('--lists', help='Directory that contains the lists of unsupported packages ', default='.')
+ parser.add_argument('--days', help='days of security support left, 0 == LTS Release end', type=int, default=0)
+ parser.add_argument('package', nargs=1, help='package to check')
+
+ args = parser.parse_args()
+
+ rels = find_releases(args.package[0], args.lists, args.days)
+ if rels:
+ for rel in rels:
+ print("Package unsupported in %s" % rel)
+ else:
+ return SUPPORT_FULL
+ return SUPPORT_ENDED
+
+if __name__ == '__main__':
+ sys.exit(main())
--
2.8.0.rc3
Reply to: