[elbe-devel] [PATCH 2/6] elbe: updated: added possibility to prevent downgrades
Torben Hohn
torben.hohn at linutronix.de
Fri Mar 24 09:00:39 CET 2017
On Thu, Mar 23, 2017 at 01:45:43PM +0100, Kurt Kanzenbach wrote:
> Downgrades might be problematic. Thus, allowing it only if a flag is set. The flag
> is simply a file called '.downgrade_allowed' in /var/cache/elbe.
>
> Signed-off-by: Kurt Kanzenbach <kurt at linutronix.de>
> ---
> elbepack/updated.py | 38 ++++++++++++++++++++++++++++++++++++++
> 1 file changed, 38 insertions(+)
>
> diff --git a/elbepack/updated.py b/elbepack/updated.py
> index ffc4636..fed1eb0 100644
> --- a/elbepack/updated.py
> +++ b/elbepack/updated.py
> @@ -35,6 +35,7 @@ from soaplib.serializers.primitive import String
> from suds.client import Client
> from syslog import syslog
> from zipfile import (ZipFile, BadZipfile)
> +from packaging import version
Dont we already depend on python-apt ?
i think it would be better to use
apt_pkg.version_compare
>>> import apt_pkg
>>> apt_pkg.version_compare ("2.3a", "2.3b")
-1
>>> apt_pkg.version_compare ("2.3a", "2.3")
1
>>> apt_pkg.version_compare ("2.3a", "2.4")
-1
>>> apt_pkg.version_compare ("2.3a", "2.3a")
0
>
> from elbepack.aptprogress import (ElbeInstallProgress,
> ElbeAcquireProgress, ElbeOpProgress)
> @@ -343,6 +344,35 @@ def get_current_version ():
> with open ("/etc/updated_version", "r") as version_file:
> return version_file.read ()
>
> +def get_base_version ():
> + xml = etree ("/etc/elbe_base.xml")
> + return xml.text ("/project/version")
> +
> +def is_downgrade (target_version, current_version, base_version):
> + current = current_version
> + if current == "":
> + current = base_version
> + return version.parse (target_version) < version.parse (current)
> +
> +def is_downgrade_allowed ():
> + return os.path.isfile ("/var/cache/elbe/.downgrade_allowed")
> +
> +def reject_downgrade (status, new_xml_file):
> + t_ver = get_target_version(new_xml_file)
> + b_ver = get_base_version()
> +
> + try:
> + c_ver = get_current_version()
> + except IOError as e:
> + status.log ('get current version failed: ' + str (e))
> + c_ver = ""
> +
> + if is_downgrade (t_ver, c_ver, b_ver) and not is_downgrade_allowed ():
> + status.log ('Update is a downgrade and downgrades are not allowed')
> + return True
> +
> + return False
> +
> def apply_update (fname, status):
> # As soon as python-apt closes its opened files on object deletion
> # we can drop this fork workaround. As long as they keep their files
> @@ -389,6 +419,14 @@ def action_select (upd_file, status):
> with rw_access ("/tmp", status):
> upd_file_z.extract ("new.xml", "/tmp/")
>
> + # prevent downgrades
> + try:
> + if reject_downgrade (status, "/tmp/new.xml"):
> + return
> + except Exception as e:
> + status.log ('Error while reading XML files occurred: ' + str(e))
> + return
> +
> xml = etree ("/tmp/new.xml")
> prefix = status.repo_dir + "/" + fname_replace (xml.text ("/project/name"))
> prefix += "_" + fname_replace (xml.text ("/project/version")) + "/"
> --
> 2.1.4
>
>
> _______________________________________________
> elbe-devel mailing list
> elbe-devel at linutronix.de
> https://lists.linutronix.de/mailman/listinfo/elbe-devel
--
Mit freundlichen Grüßen
Torben Hohn
Linutronix GmbH
Standort: Bremen
Phone: +49 7556 25 999 18; Fax.: +49 7556 25 999 99
Firmensitz / Registered Office: D-88690 Uhldingen, Bahnhofstr. 3
Registergericht / Local District Court: Amtsgericht Freiburg i. Br.; HRB
Nr. / Trade register no.: 700 806
Geschäftsführer / Managing Directors: Heinz Egger, Thomas Gleixner
Eine Bitte von uns: Sollten Sie diese E-Mail irrtümlich erhalten haben,
benachrichtigen Sie uns in diesem Falle bitte sobald wie es Ihnen
möglich ist, durch Antwort-Mail. Vielen Dank!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <http://lists.linutronix.de/pipermail/elbe-devel/attachments/20170324/558f071c/attachment.sig>
More information about the elbe-devel
mailing list