Bug#931533: marked as done (security-tracker: Fetch Sources.xz/Packages.xz indices when available instead of Sources.gz/Packages.gz)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Wed, 30 Sep 2020 21:37:31 +0200
with message-id <5123b8ca-c865-01e5-47cd-f369f85a777b@debian.org>
and subject line Re: security-tracker: Fetch Sources.xz/Packages.xz when available instead of Sources.gz/Packages.gz
has caused the Debian Bug report #931533,
regarding security-tracker: Fetch Sources.xz/Packages.xz indices when available instead of Sources.gz/Packages.gz
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
931533: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931533
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: security-tracker: Fetch Sources.xz/Packages.xz when available instead of Sources.gz/Packages.gz
• From: Salvatore Bonaccorso <carnil@debian.org>
• Date: Sun, 07 Jul 2019 11:05:06 +0200
• Message-id: <156249030674.29649.2880820706343137175.reportbug@eldamar.local>

Package: security-tracker
Severity: important
Control: affects -1 + ftp.debian.org

Starting with the buster release for the *-security and *-backports
suites there are no Sources.gz and Packages.gz available in 

http://security.debian.org/debian-security/dists/buster/updates/main/source/
http://security.debian.org/debian-security/dists/bullseye-security/main/source/

But security-tracker is hardcoding fetching the respective gz files in
lib/python/debian_support.py via:

288 def downloadGunzipLines(remote):
289     """Downloads a file from a remote location and gunzips it.
290
291     Returns the lines in the file."""
292
293     data = urllib2.urlopen(remote, timeout=TIMEOUT)
294     try:
295         gfile = gzip.GzipFile(fileobj=StringIO(data.read()))
296         try:
297             return gfile.readlines()
298         finally:
299             gfile.close()
300     finally:
301         data.close()
302
303 def downloadFile(remote, local):
304     """Copies a gzipped remote file to the local system.
305
306     remote - URL, without the .gz suffix
307     local - name of the local file
308     """
309
310     lines = downloadGunzipLines(remote + '.gz')
311     replaceFile(lines, local)
312     return lines

This should be more flexible, depending on what is available (possibly
doing similar as apt-file).

For now ftp-master kindly re-enabled generation of *.gz files as well
for the security archive for buster and bullseye-security (not for
*-backports, which has been disabled temporarily via
https://salsa.debian.org/security-tracker-team/security-tracker/commit/02cd33cd782c84e3e06631bb609e1b480da8bcd1).

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

• To: 931533-done@bugs.debian.org, Salvatore Bonaccorso <carnil@debian.org>, Ansgar Burchardt <ansgar@debian.org>
• Subject: Re: security-tracker: Fetch Sources.xz/Packages.xz when available instead of Sources.gz/Packages.gz
• From: Emilio Pozuelo Monfort <pochu@debian.org>
• Date: Wed, 30 Sep 2020 21:37:31 +0200
• Message-id: <5123b8ca-c865-01e5-47cd-f369f85a777b@debian.org>

Hi,

On Sun, 07 Jul 2019 11:05:06 +0200 Salvatore Bonaccorso <carnil@debian.org> wrote:

Package: security-tracker
Severity: important
Control: affects -1 + ftp.debian.org

Starting with the buster release for the *-security and *-backports

suites there are no Sources.gz and Packages.gz available in

http://security.debian.org/debian-security/dists/buster/updates/main/source/
http://security.debian.org/debian-security/dists/bullseye-security/main/source/

But security-tracker is hardcoding fetching the respective gz files in
lib/python/debian_support.py via:

288 def downloadGunzipLines(remote):
289     """Downloads a file from a remote location and gunzips it.
290
291     Returns the lines in the file."""
292
293     data = urllib2.urlopen(remote, timeout=TIMEOUT)
294     try:
295         gfile = gzip.GzipFile(fileobj=StringIO(data.read()))
296         try:
297             return gfile.readlines()
298         finally:
299             gfile.close()
300     finally:
301         data.close()
302
303 def downloadFile(remote, local):
304     """Copies a gzipped remote file to the local system.
305
306     remote - URL, without the .gz suffix
307     local - name of the local file
308     """
309
310     lines = downloadGunzipLines(remote + '.gz')
311     replaceFile(lines, local)
312     return lines

This should be more flexible, depending on what is available (possibly
doing similar as apt-file).

Fixed in https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b3e1e759b3038544b1e71ce6ed8707a61406ecb8

For now ftp-master kindly re-enabled generation of *.gz files as well
for the security archive for buster and bullseye-security (not for
*-backports, which has been disabled temporarily via
https://salsa.debian.org/security-tracker-team/security-tracker/commit/02cd33cd782c84e3e06631bb609e1b480da8bcd1).

Now that we support .xz files, I reverted that in
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/88ca724c224790bbf96016aff16c11d4f025db5a

Cheers,
Emilio

--- End Message ---