[pve-devel] [PATCH pve-manager 0/1] Only check deb sources.list entries

public inbox for pve-devel@lists.proxmox.com
 help / color / mirror / Atom feed

* [pve-devel] [PATCH pve-manager 0/1] Only check deb sources.list entries
@ 2021-07-09  7:24 Rhonda D'Vine
  2021-07-09  7:24 ` [pve-devel] [PATCH pve-manager 1/1] " Rhonda D'Vine
  0 siblings, 1 reply; 6+ messages in thread
From: Rhonda D'Vine @ 2021-07-09  7:24 UTC (permalink / raw)
  To: pve-devel

The check isn't specific enough, it also catches deb-src entries and
would give a false impression of security in certain circumstances, or
lead to false negatives in case you have a deb-src entry for
buster/updates even though you have bullseye-security in just the next
line -- something that isn't that uncommon for developers.

Rhonda D'Vine (1):
  Only check deb sources.list entries

 PVE/CLI/pve6to7.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

-- 
2.30.2

^ permalink raw reply	[flat|nested] 6+ messages in thread

* [pve-devel] [PATCH pve-manager 1/1] Only check deb sources.list entries
  2021-07-09  7:24 [pve-devel] [PATCH pve-manager 0/1] Only check deb sources.list entries Rhonda D'Vine
@ 2021-07-09  7:24 ` Rhonda D'Vine
  2021-07-09  8:33   ` Fabian Ebner
  2021-07-13  4:34   ` [pve-devel] applied: " Thomas Lamprecht
  0 siblings, 2 replies; 6+ messages in thread
From: Rhonda D'Vine @ 2021-07-09  7:24 UTC (permalink / raw)
  To: pve-devel

The check isn't specific enough, it also catches deb-src entries and
would give a false impression of security in certain circumstances, or
lead to false negatives in case you have a deb-src entry for
buster/updates even though you have bullseye-security in just the next
line -- something that isn't that uncommon for developers.

Signed-off-by: Rhonda D'Vine <rhonda@deb.at>
---
 PVE/CLI/pve6to7.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/PVE/CLI/pve6to7.pm b/PVE/CLI/pve6to7.pm
index fb928a9c..30adcb19 100644
--- a/PVE/CLI/pve6to7.pm
+++ b/PVE/CLI/pve6to7.pm
@@ -1010,7 +1010,7 @@ sub check_security_repo {
 
 	    ($line) = split(/#/, $line);
 
-	    next if $line !~ m/^deb/; # is case sensitive
+	    next if $line !~ m/^deb[[:space:]]/; # is case sensitive
 
 	    my $suite;
 
-- 
2.30.2




^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [pve-devel] [PATCH pve-manager 1/1] Only check deb sources.list entries
  2021-07-09  7:24 ` [pve-devel] [PATCH pve-manager 1/1] " Rhonda D'Vine
@ 2021-07-09  8:33   ` Fabian Ebner
  2021-07-09  8:49     ` Rhonda D'Vine
  2021-07-13  4:53     ` Thomas Lamprecht
  2021-07-13  4:34   ` [pve-devel] applied: " Thomas Lamprecht
  1 sibling, 2 replies; 6+ messages in thread
From: Fabian Ebner @ 2021-07-09  8:33 UTC (permalink / raw)
  To: pve-devel, rhonda

Am 09.07.21 um 09:24 schrieb Rhonda D'Vine:
> The check isn't specific enough, it also catches deb-src entries and
> would give a false impression of security in certain circumstances, or
> lead to false negatives in case you have a deb-src entry for
> buster/updates even though you have bullseye-security in just the next
> line -- something that isn't that uncommon for developers.
> 
> Signed-off-by: Rhonda D'Vine <rhonda@deb.at>
> ---
>   PVE/CLI/pve6to7.pm | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/PVE/CLI/pve6to7.pm b/PVE/CLI/pve6to7.pm
> index fb928a9c..30adcb19 100644
> --- a/PVE/CLI/pve6to7.pm
> +++ b/PVE/CLI/pve6to7.pm
> @@ -1010,7 +1010,7 @@ sub check_security_repo {
>   
>   	    ($line) = split(/#/, $line);
>   
> -	    next if $line !~ m/^deb/; # is case sensitive
> +	    next if $line !~ m/^deb[[:space:]]/; # is case sensitive
>   
>   	    my $suite;
>   
> 

Of course, thank you for the fix!

FWIW, Reviewed-by: Fabian Ebner <f.ebner@proxmox.com>

I also noticed that the check is not yet in the stable-6 branch.




^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [pve-devel] [PATCH pve-manager 1/1] Only check deb sources.list entries
  2021-07-09  8:33   ` Fabian Ebner
@ 2021-07-09  8:49     ` Rhonda D'Vine
  2021-07-13  4:53     ` Thomas Lamprecht
  1 sibling, 0 replies; 6+ messages in thread
From: Rhonda D'Vine @ 2021-07-09  8:49 UTC (permalink / raw)
  To: Fabian Ebner; +Cc: pve-devel

   Hi,

* Fabian Ebner <f.ebner@proxmox.com> [2021-07-09 10:33:08 CEST]:
> Am 09.07.21 um 09:24 schrieb Rhonda D'Vine:
> > --- a/PVE/CLI/pve6to7.pm
> > +++ b/PVE/CLI/pve6to7.pm
> > @@ -1010,7 +1010,7 @@ sub check_security_repo {
> >   	    ($line) = split(/#/, $line);
> > -	    next if $line !~ m/^deb/; # is case sensitive
> > +	    next if $line !~ m/^deb[[:space:]]/; # is case sensitive
> >   	    my $suite;
> 
> Of course, thank you for the fix!
> 
> FWIW, Reviewed-by: Fabian Ebner <f.ebner@proxmox.com>
> 
> I also noticed that the check is not yet in the stable-6 branch.

 Right, I didn't check which branches this should be applied, but I
assume that the commit should apply without any troubles there too (and
obviously would make more sense in that branch).

 Cheers,
Rhonda
-- 
Fühlst du dich mutlos, fass endlich Mut, los      |
Fühlst du dich hilflos, geh raus und hilf, los    | Wir sind Helden
Fühlst du dich machtlos, geh raus und mach, los   | 23.55: Alles auf Anfang
Fühlst du dich haltlos, such Halt und lass los    |



^ permalink raw reply	[flat|nested] 6+ messages in thread

* [pve-devel] applied: [PATCH pve-manager 1/1] Only check deb sources.list entries
  2021-07-09  7:24 ` [pve-devel] [PATCH pve-manager 1/1] " Rhonda D'Vine
  2021-07-09  8:33   ` Fabian Ebner
@ 2021-07-13  4:34   ` Thomas Lamprecht
  1 sibling, 0 replies; 6+ messages in thread
From: Thomas Lamprecht @ 2021-07-13  4:34 UTC (permalink / raw)
  To: Proxmox VE development discussion, Rhonda D'Vine

On 09.07.21 09:24, Rhonda D'Vine wrote:
> The check isn't specific enough, it also catches deb-src entries and
> would give a false impression of security in certain circumstances, or
> lead to false negatives in case you have a deb-src entry for
> buster/updates even though you have bullseye-security in just the next
> line -- something that isn't that uncommon for developers.
> 
> Signed-off-by: Rhonda D'Vine <rhonda@deb.at>
> ---
>  PVE/CLI/pve6to7.pm | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
>

applied, with Fabi's R-b tag, thanks!




^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [pve-devel] [PATCH pve-manager 1/1] Only check deb sources.list entries
  2021-07-09  8:33   ` Fabian Ebner
  2021-07-09  8:49     ` Rhonda D'Vine
@ 2021-07-13  4:53     ` Thomas Lamprecht
  1 sibling, 0 replies; 6+ messages in thread
From: Thomas Lamprecht @ 2021-07-13  4:53 UTC (permalink / raw)
  To: Proxmox VE development discussion, Fabian Ebner

On 09.07.21 10:33, Fabian Ebner wrote:
> I also noticed that the check is not yet in the stable-6 branch.
> 

It is in 6.4-13, stable-6 branch was not pushed out though - fixed now.

^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2021-07-13  4:53 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-07-09  7:24 [pve-devel] [PATCH pve-manager 0/1] Only check deb sources.list entries Rhonda D'Vine
2021-07-09  7:24 ` [pve-devel] [PATCH pve-manager 1/1] " Rhonda D'Vine
2021-07-09  8:33   ` Fabian Ebner
2021-07-09  8:49     ` Rhonda D'Vine
2021-07-13  4:53     ` Thomas Lamprecht
2021-07-13  4:34   ` [pve-devel] applied: " Thomas Lamprecht

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox

Service provided by Proxmox Server Solutions GmbH | Privacy | Legal