diff options
author | Raphael Geissert <geissert@debian.org> | 2013-12-02 23:31:33 +0000 |
---|---|---|
committer | Raphael Geissert <geissert@debian.org> | 2013-12-02 23:31:33 +0000 |
commit | ffc5bba09ec15ba4aefce3dfe8725b84d1b4c764 (patch) | |
tree | 8d3c5a48f75defbfb25cd134a963be84c1f2d9d9 /bin/gen-DSA | |
parent | 5773789094cf78b03bbdafdb27d4cd5b51936488 (diff) |
Allow the DSA text and entries to be generated for embargoed issues
Usage: bin/gen-DSA [--save] --embargo package description cve
Then when about to release you svn *up* and:
bin/gen-DSA --unembargo package
An id will then be assigned and the dates corrected if needed
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@24532 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'bin/gen-DSA')
-rwxr-xr-x | bin/gen-DSA | 40 |
1 files changed, 39 insertions, 1 deletions
diff --git a/bin/gen-DSA b/bin/gen-DSA index 3c4de4e2e5..ca7ffa579c 100755 --- a/bin/gen-DSA +++ b/bin/gen-DSA @@ -35,7 +35,7 @@ export LANG=C } [ $# -ge 2 ] || { - echo "usage: $0 [--save] [DSA] package 'vulnerability desc' [cve(s) [bugnumber(s)]]" + echo "usage: $0 [--save] [--embargoed|--unembargo] [DSA] package 'vulnerability desc' [cve(s) [bugnumber(s)]]" echo " 'DSA' is the DSA number, required when issuing a revision" echo " 'cve(s)' and 'bugnumber(s)' can be passed in any order but" echo " always AFTER the description" @@ -49,6 +49,19 @@ if [ "$1" = "--save" ]; then shift fi +embargoed=false +if [ "$1" = "--embargoed" ]; then + embargoed=true + shift +fi + +unembargo=false +if [ "$1" = "--unembargo" ]; then + unembargo=true + shift + set -- "$1" "${2:-bar}" +fi + toupper() { printf '%s' "$1" | tr '[:lower:]' '[:upper:]' } @@ -253,6 +266,10 @@ dsa_exists() { grep -wq "DSA-$1" data/DSA/list } +if $embargoed; then + DSAID=EMBRGD-"$PACKAGE" +fi + if [ -z "$DSAID" ]; then latest_dsa="$(sed -nr '/DSA-[0-9]+-1/{s/^.+DSA-([0-9]+).*$/\1/;p;q}' data/DSA/list)" dsa=$(($latest_dsa+1)) @@ -274,6 +291,27 @@ if dsa_exists "$DSAID"; then exit 1 fi +if $unembargo; then + EMBRGD_ID="EMBRGD-$PACKAGE" + mv "DSA-${EMBRGD_ID}" DSA-"$DSAID" + + # get the date of when the embargoed entry was generated + gen_date="$(sed -rn "/DSA-${EMBRGD_ID}/{s/^\[(.+)\].+$/\1/;p;t}" data/DSA/list)" + + OLD_DATE="$(date -d "$gen_date" +"%B %d, %Y")" + OLD_SPACEDDATE="$(right_space "$OLD_DATE" "$DATE_SPACING")" + + NEW_DATE="$(date +"%B %d, %Y")" + NEW_SPACEDDATE="$(right_space "$NEW_DATE" "$DATE_SPACING")" + + sed -ri "/DSA-${EMBRGD_ID}/{s/\[.+\]/[$(date +"%d %b %Y")]/;s/DSA-${EMBRGD_ID}/DSA-$DSAID/;}" data/DSA/list + sed -i "s/${EMBRGD_ID}/$DSAID/g" DSA-"$DSAID" + sed -i "s/^$OLD_SPACEDDATE/$NEW_SPACEDDATE/" DSA-"$DSAID" + + echo "'Unembargoing' as DSA-$DSAID" + exit +fi + if echo "$VULNERABILITY" | grep -iq vulnerab; then warn "redundant vulnerability adjective/noun in vuln. summary" >&2 fi |