From: Fabian Ebner <f.ebner@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH proxmox-apt 3/3] check suites: add special check for Debian security repository
Date: Tue, 18 Jan 2022 13:48:22 +0100 [thread overview]
Message-ID: <20220118124822.87502-3-f.ebner@proxmox.com> (raw)
In-Reply-To: <20220118124822.87502-1-f.ebner@proxmox.com>
since the suffix was changed with Debian Bullseye.
Suggested-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
---
src/repositories/file.rs | 31 +++++++++++++++++--
tests/repositories.rs | 31 +++++++++++++++++++
.../sources.list.d.expected/bad-security.list | 4 +++
tests/sources.list.d/bad-security.list | 4 +++
4 files changed, 67 insertions(+), 3 deletions(-)
create mode 100644 tests/sources.list.d.expected/bad-security.list
create mode 100644 tests/sources.list.d/bad-security.list
diff --git a/src/repositories/file.rs b/src/repositories/file.rs
index 3e975fc..1b3ac85 100644
--- a/src/repositories/file.rs
+++ b/src/repositories/file.rs
@@ -297,8 +297,8 @@ impl APTRepositoryFile {
Ok(())
}
- /// Checks if old or unstable suites are configured and also that the
- /// `stable` keyword is not used.
+ /// Checks if old or unstable suites are configured and that the Debian security repository
+ /// has the correct suite. Also checks that the `stable` keyword is not used.
pub fn check_suites(&self, current_codename: DebianCodename) -> Vec<APTRepositoryInfo> {
let mut infos = vec![];
@@ -307,6 +307,22 @@ impl APTRepositoryFile {
continue;
}
+ let is_security_repo = repo.uris.iter().any(|uri| {
+ let uri = uri.trim_end_matches('/');
+ let uri = uri.strip_suffix("debian-security").unwrap_or(uri);
+ let uri = uri.trim_end_matches('/');
+ matches!(
+ uri,
+ "http://security.debian.org" | "https://security.debian.org",
+ )
+ });
+
+ let require_suffix = match is_security_repo {
+ true if current_codename >= DebianCodename::Bullseye => Some("-security"),
+ true => Some("/updates"),
+ false => None,
+ };
+
let mut add_info = |kind: &str, message| {
infos.push(APTRepositoryInfo {
path: self.path.clone(),
@@ -323,7 +339,7 @@ impl APTRepositoryFile {
let message_stable = "use the name of the stable distribution instead of 'stable'!";
for suite in repo.suites.iter() {
- let base_suite = suite_variant(suite).0;
+ let (base_suite, suffix) = suite_variant(suite);
match base_suite {
"oldoldstable" | "oldstable" => {
@@ -352,6 +368,15 @@ impl APTRepositoryFile {
} else if codename > current_codename {
add_info("warning", message_new(base_suite));
}
+
+ if let Some(require_suffix) = require_suffix {
+ if suffix != require_suffix {
+ add_info(
+ "warning",
+ format!("expected suite '{}{}'", current_codename, require_suffix),
+ );
+ }
+ }
}
}
diff --git a/tests/repositories.rs b/tests/repositories.rs
index d79ea72..c6dd351 100644
--- a/tests/repositories.rs
+++ b/tests/repositories.rs
@@ -283,6 +283,37 @@ fn test_check_repositories() -> Result<(), Error> {
assert_eq!(infos, expected_infos);
+ let bad_security = read_dir.join("bad-security.list");
+ let mut file = APTRepositoryFile::new(&bad_security)?.unwrap();
+ file.parse()?;
+
+ let path_string = bad_security.into_os_string().into_string().unwrap();
+
+ let mut expected_infos = vec![];
+ for n in 0..=1 {
+ expected_infos.push(APTRepositoryInfo {
+ path: path_string.clone(),
+ index: n,
+ property: Some("Suites".to_string()),
+ kind: "warning".to_string(),
+ message: "expected suite 'bullseye-security'".to_string(),
+ });
+ }
+ for n in 0..=1 {
+ expected_infos.push(APTRepositoryInfo {
+ path: path_string.clone(),
+ index: n,
+ property: None,
+ kind: "origin".to_string(),
+ message: "Debian".to_string(),
+ });
+ }
+ expected_infos.sort();
+
+ let mut infos = check_repositories(&vec![file], DebianCodename::Bullseye);
+ infos.sort();
+
+ assert_eq!(infos, expected_infos);
Ok(())
}
diff --git a/tests/sources.list.d.expected/bad-security.list b/tests/sources.list.d.expected/bad-security.list
new file mode 100644
index 0000000..3f64ffa
--- /dev/null
+++ b/tests/sources.list.d.expected/bad-security.list
@@ -0,0 +1,4 @@
+deb http://security.debian.org/debian-security/ bullseye/updates main contrib
+
+deb https://security.debian.org bullseye/updates main contrib
+
diff --git a/tests/sources.list.d/bad-security.list b/tests/sources.list.d/bad-security.list
new file mode 100644
index 0000000..3f64ffa
--- /dev/null
+++ b/tests/sources.list.d/bad-security.list
@@ -0,0 +1,4 @@
+deb http://security.debian.org/debian-security/ bullseye/updates main contrib
+
+deb https://security.debian.org bullseye/updates main contrib
+
--
2.30.2
next prev parent reply other threads:[~2022-01-18 12:49 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-18 12:48 [pve-devel] [PATCH proxmox-apt 1/3] upgrade to edition 2021 Fabian Ebner
2022-01-18 12:48 ` [pve-devel] [PATCH proxmox-apt 2/3] clippy fixes Fabian Ebner
2022-01-18 12:48 ` Fabian Ebner [this message]
2022-02-03 8:02 ` [pve-devel] applied-series: [PATCH proxmox-apt 1/3] upgrade to edition 2021 Wolfgang Bumiller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220118124822.87502-3-f.ebner@proxmox.com \
--to=f.ebner@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.