--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: security-tracker: Fetch Sources.xz/Packages.xz when available instead of Sources.gz/Packages.gz
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Sun, 07 Jul 2019 11:05:06 +0200
- Message-id: <156249030674.29649.2880820706343137175.reportbug@eldamar.local>
Package: security-tracker
Severity: important
Control: affects -1 + ftp.debian.org
Starting with the buster release for the *-security and *-backports
suites there are no Sources.gz and Packages.gz available in
http://security.debian.org/debian-security/dists/buster/updates/main/source/
http://security.debian.org/debian-security/dists/bullseye-security/main/source/
But security-tracker is hardcoding fetching the respective gz files in
lib/python/debian_support.py via:
288 def downloadGunzipLines(remote):
289 """Downloads a file from a remote location and gunzips it.
290
291 Returns the lines in the file."""
292
293 data = urllib2.urlopen(remote, timeout=TIMEOUT)
294 try:
295 gfile = gzip.GzipFile(fileobj=StringIO(data.read()))
296 try:
297 return gfile.readlines()
298 finally:
299 gfile.close()
300 finally:
301 data.close()
302
303 def downloadFile(remote, local):
304 """Copies a gzipped remote file to the local system.
305
306 remote - URL, without the .gz suffix
307 local - name of the local file
308 """
309
310 lines = downloadGunzipLines(remote + '.gz')
311 replaceFile(lines, local)
312 return lines
This should be more flexible, depending on what is available (possibly
doing similar as apt-file).
For now ftp-master kindly re-enabled generation of *.gz files as well
for the security archive for buster and bullseye-security (not for
*-backports, which has been disabled temporarily via
https://salsa.debian.org/security-tracker-team/security-tracker/commit/02cd33cd782c84e3e06631bb609e1b480da8bcd1).
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Hi,
On Sun, 07 Jul 2019 11:05:06 +0200 Salvatore Bonaccorso <carnil@debian.org> wrote:
Package: security-tracker
Severity: important
Control: affects -1 + ftp.debian.org
Starting with the buster release for the *-security and *-backports
suites there are no Sources.gz and Packages.gz available in
http://security.debian.org/debian-security/dists/buster/updates/main/source/
http://security.debian.org/debian-security/dists/bullseye-security/main/source/
But security-tracker is hardcoding fetching the respective gz files in
lib/python/debian_support.py via:
288 def downloadGunzipLines(remote):
289 """Downloads a file from a remote location and gunzips it.
290
291 Returns the lines in the file."""
292
293 data = urllib2.urlopen(remote, timeout=TIMEOUT)
294 try:
295 gfile = gzip.GzipFile(fileobj=StringIO(data.read()))
296 try:
297 return gfile.readlines()
298 finally:
299 gfile.close()
300 finally:
301 data.close()
302
303 def downloadFile(remote, local):
304 """Copies a gzipped remote file to the local system.
305
306 remote - URL, without the .gz suffix
307 local - name of the local file
308 """
309
310 lines = downloadGunzipLines(remote + '.gz')
311 replaceFile(lines, local)
312 return lines
This should be more flexible, depending on what is available (possibly
doing similar as apt-file).
Fixed in
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b3e1e759b3038544b1e71ce6ed8707a61406ecb8
For now ftp-master kindly re-enabled generation of *.gz files as well
for the security archive for buster and bullseye-security (not for
*-backports, which has been disabled temporarily via
https://salsa.debian.org/security-tracker-team/security-tracker/commit/02cd33cd782c84e3e06631bb609e1b480da8bcd1).
Now that we support .xz files, I reverted that in
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/88ca724c224790bbf96016aff16c11d4f025db5a
Cheers,
Emilio
--- End Message ---