Commit 1eb7fe09 authored by Carlo Landmeter's avatar Carlo Landmeter

add secfixes generator locally

parent fd66079e
......@@ -4,9 +4,6 @@ ENV NQDIR=/tmp
RUN apk --no-cache add lua5.3 lua5.3-lyaml lua5.3-optarg lua5.3-cjson nq git
ADD https://github.com/alpinelinux/alpine-secdb/raw/master/secfixes.lua \
/usr/share/alpine-secdb/
COPY scripts /usr/local/bin
CMD [ "/usr/bin/nq", "-c", "generate_secdb.sh" ]
......@@ -26,13 +26,13 @@ for REPO in $REPOS; do
fi
echo "Generating secdb for $RELEASE/$REPO"
TMPFILE=$(mktemp)
lua5.3 /usr/share/alpine-secdb/secfixes.lua \
secfixes.lua \
--repo "$REPO" --release "$RELEASE" \
"$HOME"/aports/"$REPO"/*/APKBUILD > "$TMPFILE"
if cmp -s "$TMPFILE" /var/www/html/"$RELEASE"/"$REPO".yaml; then
echo "No changes found yml secfixes, skipping."
else
lua5.3 /usr/share/alpine-secdb/secfixes.lua --verify "$TMPFILE"
secfixes.lua --verify "$TMPFILE"
install -D "$TMPFILE" /var/www/html/"$RELEASE"/"$REPO".yaml
yaml2json.lua "$TMPFILE" > /var/www/html/"$RELEASE"/"$REPO".json
fi
......
#!/usr/bin/lua5.3
-- script to parse the aports tree and generate the secdb yaml
yaml = require('lyaml')
function read_apkbuild(file)
local repo, pkg = file:match("([a-z]+)/([^/]+)/APKBUILD")
local f = io.open(file)
if f == nil then
return
end
while true do
line = f:read("*line")
if line == nil then
break
end
if line:match("^# secfixes") then
local y = " - pkg:\n"..
" name: "..pkg.."\n"
while line ~= nil and line:match("^#") do
local l = line:gsub("^# ", " ")
if l == nil then
break
end
y = y..l.."\n"
line = f:read("*line")
end
f:close()
io.write(y)
return
end
end
f:close()
end
function arch_list(a)
local str=""
for i=1,#a do
str=str.." - "..a[i].."\n"
end
return str
end
function verify_yaml(file)
f = io.open(file)
if f == nil then
return 1
end
print("Verifying "..file)
local data = yaml.load(f:read("*all"))
for _,p in pairs(data.packages) do
assert(type(p.pkg.name) == "string")
assert(type(p.pkg.secfixes) == "table", file..": "..p.pkg.name..": secfixes is not a table")
for k,v in pairs(p.pkg.secfixes) do
assert(type(k) == "string", file..": "..p.pkg.name..": not a string: "..tostring(k))
assert(string.match(k, "^[0-9]+"), p.pkg.name..": "..tostring(k))
assert(type(v) == "table", file..": "..p.pkg.name..": "..k..": not a table")
end
end
f:close()
end
opthelp = [[
--repo=REPO set repository
--release=VERSION distro release branch
--verify=FILE verify generated yaml
]]
archs = {
["v3.2"] = { "x86_64", "x86", "armhf" },
["v3.3"] = { "x86_64", "x86", "armhf" },
["v3.4"] = { "x86_64", "x86", "armhf" },
["v3.5"] = { "x86_64", "x86", "armhf", "aarch64" },
["v3.6"] = { "x86_64", "x86", "armhf", "aarch64", "ppc64le", "s390x" },
["v3.7"] = { "x86_64", "x86", "armhf", "aarch64", "ppc64le", "s390x" },
["v3.8"] = { "x86_64", "x86", "armhf", "aarch64", "ppc64le", "s390x" },
["v3.9"] = { "x86_64", "x86", "armhf", "armv7", "aarch64", "ppc64le", "s390x" },
["v3.10"] = { "x86_64", "x86", "armhf", "armv7", "aarch64", "ppc64le", "s390x" },
["v3.11"] = { "x86_64", "x86", "armhf", "armv7", "aarch64", "ppc64le", "s390x" },
}
opts, args = require('optarg').from_opthelp(opthelp)
if opts.verify then
os.exit(verify_yaml(opts.verify))
end
repo = (opts.repo or "main")
distroversion = (opts.release or "v3.4")
-- print header
io.write(([[
---
distroversion: %s
reponame: %s
archs:
]]..arch_list(archs[distroversion])..[[
urlprefix: http://dl-cdn.alpinelinux.org/alpine
apkurl: "{{urlprefix}}/{{distroversion}}/{{reponame}}/{{arch}}/{{pkg.name}}-{{pkg.ver}}.apk"
packages:
]]):format(distroversion, repo))
for i = 1,#arg do
read_apkbuild(arg[i])
end
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment