From: Fabian Ebner <f.ebner@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH proxmox-apt 3/3] check suites: add special check for Debian security repository
Date: Tue, 18 Jan 2022 13:48:22 +0100 [thread overview]
Message-ID: <20220118124822.87502-3-f.ebner@proxmox.com> (raw)
In-Reply-To: <20220118124822.87502-1-f.ebner@proxmox.com>
since the suffix was changed with Debian Bullseye.
Suggested-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
---
src/repositories/file.rs | 31 +++++++++++++++++--
tests/repositories.rs | 31 +++++++++++++++++++
.../sources.list.d.expected/bad-security.list | 4 +++
tests/sources.list.d/bad-security.list | 4 +++
4 files changed, 67 insertions(+), 3 deletions(-)
create mode 100644 tests/sources.list.d.expected/bad-security.list
create mode 100644 tests/sources.list.d/bad-security.list
diff --git a/src/repositories/file.rs b/src/repositories/file.rs
index 3e975fc..1b3ac85 100644
--- a/src/repositories/file.rs
+++ b/src/repositories/file.rs
@@ -297,8 +297,8 @@ impl APTRepositoryFile {
Ok(())
}
- /// Checks if old or unstable suites are configured and also that the
- /// `stable` keyword is not used.
+ /// Checks if old or unstable suites are configured and that the Debian security repository
+ /// has the correct suite. Also checks that the `stable` keyword is not used.
pub fn check_suites(&self, current_codename: DebianCodename) -> Vec<APTRepositoryInfo> {
let mut infos = vec![];
@@ -307,6 +307,22 @@ impl APTRepositoryFile {
continue;
}
+ let is_security_repo = repo.uris.iter().any(|uri| {
+ let uri = uri.trim_end_matches('/');
+ let uri = uri.strip_suffix("debian-security").unwrap_or(uri);
+ let uri = uri.trim_end_matches('/');
+ matches!(
+ uri,
+ "http://security.debian.org" | "https://security.debian.org",
+ )
+ });
+
+ let require_suffix = match is_security_repo {
+ true if current_codename >= DebianCodename::Bullseye => Some("-security"),
+ true => Some("/updates"),
+ false => None,
+ };
+
let mut add_info = |kind: &str, message| {
infos.push(APTRepositoryInfo {
path: self.path.clone(),
@@ -323,7 +339,7 @@ impl APTRepositoryFile {
let message_stable = "use the name of the stable distribution instead of 'stable'!";
for suite in repo.suites.iter() {
- let base_suite = suite_variant(suite).0;
+ let (base_suite, suffix) = suite_variant(suite);
match base_suite {
"oldoldstable" | "oldstable" => {
@@ -352,6 +368,15 @@ impl APTRepositoryFile {
} else if codename > current_codename {
add_info("warning", message_new(base_suite));
}
+
+ if let Some(require_suffix) = require_suffix {
+ if suffix != require_suffix {
+ add_info(
+ "warning",
+ format!("expected suite '{}{}'", current_codename, require_suffix),
+ );
+ }
+ }
}
}
diff --git a/tests/repositories.rs b/tests/repositories.rs
index d79ea72..c6dd351 100644
--- a/tests/repositories.rs
+++ b/tests/repositories.rs
@@ -283,6 +283,37 @@ fn test_check_repositories() -> Result<(), Error> {
assert_eq!(infos, expected_infos);
+ let bad_security = read_dir.join("bad-security.list");
+ let mut file = APTRepositoryFile::new(&bad_security)?.unwrap();
+ file.parse()?;
+
+ let path_string = bad_security.into_os_string().into_string().unwrap();
+
+ let mut expected_infos = vec![];
+ for n in 0..=1 {
+ expected_infos.push(APTRepositoryInfo {
+ path: path_string.clone(),
+ index: n,
+ property: Some("Suites".to_string()),
+ kind: "warning".to_string(),
+ message: "expected suite 'bullseye-security'".to_string(),
+ });
+ }
+ for n in 0..=1 {
+ expected_infos.push(APTRepositoryInfo {
+ path: path_string.clone(),
+ index: n,
+ property: None,
+ kind: "origin".to_string(),
+ message: "Debian".to_string(),
+ });
+ }
+ expected_infos.sort();
+
+ let mut infos = check_repositories(&vec![file], DebianCodename::Bullseye);
+ infos.sort();
+
+ assert_eq!(infos, expected_infos);
Ok(())
}
diff --git a/tests/sources.list.d.expected/bad-security.list b/tests/sources.list.d.expected/bad-security.list
new file mode 100644
index 0000000..3f64ffa
--- /dev/null
+++ b/tests/sources.list.d.expected/bad-security.list
@@ -0,0 +1,4 @@
+deb http://security.debian.org/debian-security/ bullseye/updates main contrib
+
+deb https://security.debian.org bullseye/updates main contrib
+
diff --git a/tests/sources.list.d/bad-security.list b/tests/sources.list.d/bad-security.list
new file mode 100644
index 0000000..3f64ffa
--- /dev/null
+++ b/tests/sources.list.d/bad-security.list
@@ -0,0 +1,4 @@
+deb http://security.debian.org/debian-security/ bullseye/updates main contrib
+
+deb https://security.debian.org bullseye/updates main contrib
+
--
2.30.2
next prev parent reply other threads:[~2022-01-18 12:49 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-18 12:48 [pve-devel] [PATCH proxmox-apt 1/3] upgrade to edition 2021 Fabian Ebner
2022-01-18 12:48 ` [pve-devel] [PATCH proxmox-apt 2/3] clippy fixes Fabian Ebner
2022-01-18 12:48 ` Fabian Ebner [this message]
2022-02-03 8:02 ` [pve-devel] applied-series: [PATCH proxmox-apt 1/3] upgrade to edition 2021 Wolfgang Bumiller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220118124822.87502-3-f.ebner@proxmox.com \
--to=f.ebner@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox