Merge pull request #27 from bluca/cpe_rpm

Add --cpe auto and --root options

Author: mrc0mmand

generate-package-notes.py

@@ -57,19 +57,21 @@
 
 import argparse
 import itertools
+import os
 import re
+from pathlib import Path
 
 import simplejson as json
 
 DOC_PARAGRAPHS = ['\n'.join(group)
                   for (key, group) in itertools.groupby(__doc__.splitlines(), bool)
                   if key]
 
-def read_os_release(field):
+def read_os_release(field, root=Path('/')):
     try:
-        f = open('/etc/os-release')
+        f = open(root / 'etc/os-release')
     except FileNotFoundError:
-        f = open('/usr/lib/os-release')
+        f = open(root / 'usr/lib/os-release')
 
     prefix = '{}='.format(field)
     for line in f:
@@ -108,30 +110,20 @@ def parse_args():
     p.add_argument('--package-architecture', metavar='ARCH',
                    help='The code architecture of the binaries (e.g. arm64 or s390x)')
     p.add_argument('--cpe',
-                   help='NIST CPE identifier of the vendor operating system')
+                   help='NIST CPE identifier of the vendor operating system, or \'auto\' to parse from system-release-cpe or os-release')
     p.add_argument('--rpm', metavar='NEVRA',
                    help='Extract type,name,version,architecture from a full rpm name')
     p.add_argument('--debug-info-url', metavar='URL',
                    help='URL of the debuginfod server where sources can be queried')
     p.add_argument('--readonly', metavar='BOOL',
                    type=str_to_bool, default=True,
                    help='Make the notes section read-only (requires binutils 2.38)')
+    p.add_argument('--root', metavar='PATH', type=Path, default="/",
+                   help='When a file (eg: /usr/lib/os-release) is parsed, open it relatively from this hierarchy')
     p.add_argument('--version', action='version', version=f'%(prog)s {__version__}')
 
     opts = p.parse_args()
 
-    if opts.cpe is None:
-        opts.cpe = read_os_release('CPE_NAME')
-
-    if opts.rpm:
-        split = re.match(r'(.*?)-([0-9].*)\.(.*)', opts.rpm)
-        if not split:
-            raise ValueError('{!r} does not seem to be a valid package name'.format(opts.rpm))
-        opts.package_type = 'rpm'
-        opts.package_name = split.group(1)
-        opts.package_version = split.group(2)
-        opts.package_architecture = split.group(3)
-
     return opts
 
 def encode_bytes(arr):
@@ -183,6 +175,24 @@ def json_serialize(s):
                       separators=(',', ':'))
 
 def gather_data(opts):
+    if opts.cpe == 'auto':
+        try:
+            with open(Path(opts.root, 'usr/lib/system-release-cpe'), 'r') as f:
+                opts.cpe = f.read()
+        except FileNotFoundError:
+            opts.cpe = read_os_release('CPE_NAME', root=opts.root)
+            if opts.cpe is None or opts.cpe == "":
+                raise ValueError(f"Could not read {opts.root}usr/lib/system-release-cpe or CPE_NAME from {opts.root}usr/lib/os-release")
+
+    if opts.rpm:
+        split = re.match(r'(.*?)-([0-9].*)\.(.*)', opts.rpm)
+        if not split:
+            raise ValueError('{!r} does not seem to be a valid package name'.format(opts.rpm))
+        opts.package_type = 'rpm'
+        opts.package_name = split.group(1)
+        opts.package_version = split.group(2)
+        opts.package_architecture = split.group(3)
+
     data = {
         'type':         opts.package_type,
         'name':         opts.package_name,
@@ -192,8 +202,8 @@ def gather_data(opts):
     if opts.cpe:
         data['osCpe'] = opts.cpe
     else:
-        data['os'] = read_os_release('ID')
-        data['osVersion'] = read_os_release('VERSION_ID')
+        data['os'] = read_os_release('ID', root=opts.root)
+        data['osVersion'] = read_os_release('VERSION_ID', root=opts.root)
     if opts.debug_info_url:
         data['debugInfoUrl'] = opts.debug_info_url
     return data

generate-package-notes.sh

@@ -54,13 +54,16 @@
 
 json=
 readonly="(READONLY) "
+root=
 
 help() {
     echo "Usage: $0 [OPTION]..."
     echo "Generate a package notes linker script from specified metadata."
     echo
     echo "  -h, --help                      display this help and exit"
     echo "      --readonly BOOL             whether to add the READONLY attribute to script (default: true)"
+    echo "      --root PATH                 when a file (eg: os-release) is parsed, open it relatively to this hierarchy (default: not set)"
+    echo "      --cpe VALUE                 NIST CPE identifier of the vendor operating system, or 'auto' to parse from system-release-cpe or os-release"
     echo "      --package-type TYPE         set the package type (e.g. 'rpm' or 'deb')"
     echo "      --package-name NAME         set the package name"
     echo "      --package-version VERSION   set the package version"
@@ -92,6 +95,8 @@ append_parameter() {
 
 # Support the same fixed parameters as the python script
 parse_options() {
+    cpe=
+
     while :; do
         case $1 in
             -h|-\?|--help)
@@ -109,6 +114,13 @@ parse_options() {
                 esac
                 shift
                 ;;
+            --root)
+                if [ -z "${2}" ] || [ ! -d "${2}" ]; then
+                    invalid_argument "${1}"
+                fi
+                root="${2}"
+                shift
+                ;;
             --package-type)
                 append_parameter "type" "${2}"
                 shift
@@ -126,7 +138,10 @@ parse_options() {
                 shift
                 ;;
             --cpe)
-                append_parameter "osCpe" "${2}"
+                if [ -z "${2}" ]; then
+                    invalid_argument "${1}"
+                fi
+                cpe="${2}"
                 shift
                 ;;
             --debug-info-url)
@@ -148,6 +163,26 @@ parse_options() {
         shift
     done
 
+    # Parse at the end, so that --root can be used in any position
+    if [ "${cpe}" = "auto" ]; then
+        if [ -r "${root}/usr/lib/system-release-cpe" ]; then
+            cpe="$(cat "${root}/usr/lib/system-release-cpe")"
+        elif [ -r "${root}/etc/os-release" ]; then
+            # shellcheck disable=SC1090 disable=SC1091
+            cpe="$(. "${root}/etc/os-release" && echo "${CPE_NAME}")"
+        elif [ -r "${root}/usr/lib/os-release" ]; then
+            # shellcheck disable=SC1090 disable=SC1091
+            cpe="$(. "${root}/usr/lib/os-release" && echo "${CPE_NAME}")"
+        fi
+        if [ -z "${cpe}" ]; then
+            printf 'ERROR: --cpe auto but cannot read %s/usr/lib/system-release-cpe or parse CPE_NAME from %s/etc/os-release or %s/usr/lib/os-release.\n' "${root}" "${root}" "${root}" >&2
+            exit 1
+        fi
+    fi
+    if [ -n "${cpe}" ]; then
+        append_parameter "osCpe" "${cpe}"
+    fi
+
     # Terminate the JSON object
     if [ -n "${json}" ]; then
         json="${json}}"
@@ -235,8 +270,8 @@ write_script() {
 
 if ! parse_options "$@" && [ "$#" -gt 0 ]; then
     # Not supported on every distro
-    if [ -r /usr/lib/system-release-cpe ]; then
-        cpe="$(cat /usr/lib/system-release-cpe)"
+    if [ -r "${root}/usr/lib/system-release-cpe" ]; then
+        cpe="$(cat "${root}/usr/lib/system-release-cpe")"
         json_cpe=",\"osCpe\":\"${cpe}\""
     fi
 

man/generate-package-notes.1

@@ -81,21 +81,20 @@ to
 This defaults to the empty string, but for Debian packages it should
 be set to the Debian architecture identifier of the binary.
 .TP
+.TP
+.BI \-\-root= PATH
+When reading files, for example /usr/lib/system-release-cpe and /usr/lib/os-release,
+open them relatively to the specified directory.
+.TP
 .BI \-\-cpe= CPE
 Set the key
 .I osCpe
 to
 .IR CPE .
-This defaults to the value of the
-.I CPE_NAME
-field in the first of
-.I /etc/os\-release
-or
-.I /usr/lib/os\-release
-that exists.
-Otherwise the key
-.I osCpe
-is omitted in the note.
+If the special value
+.I auto
+is passed, then the content of the /usr/lib/system-release-cpe file, or the value of CPE_NAME
+from os-release if the former was not found, will be used.
 .TP
 .BI \-\-rpm= PACKAGE \- VERSION
 Set the keys

rpm/macros.package-notes-srpm

@@ -54,4 +54,4 @@
 # The command to actually generate the linker script that inserts the
 # notes file. This command is automatically used as part of the build
 # preamble.
-%_generate_package_note_file %[%_package_note_status?"if [ -f %{_rpmconfigdir}/generate-package-notes.sh ]; then %{_rpmconfigdir}/generate-package-notes.sh %[0%{?_package_note_readonly}?"":"--readonly no "]--package-name ${RPM_PACKAGE_NAME:?} --package-version ${RPM_PACKAGE_VERSION:?}-${RPM_PACKAGE_RELEASE:?} --package-architecture ${RPM_ARCH:?} >%{_package_note_file}; fi":""]
+%_generate_package_note_file %[%_package_note_status?"if [ -f %{_rpmconfigdir}/generate-package-notes.sh ]; then %{_rpmconfigdir}/generate-package-notes.sh %[0%{?_package_note_readonly}?"":"--readonly no "]--package-name ${RPM_PACKAGE_NAME:?} --package-version ${RPM_PACKAGE_VERSION:?}-${RPM_PACKAGE_RELEASE:?} --package-architecture ${RPM_ARCH:?} --cpe auto >%{_package_note_file}; fi":""]

tests/resources/fedora-cpe-os-release.ld

@@ -0,0 +1,25 @@
+SECTIONS
+{
+    .note.package (READONLY) : ALIGN(4) {
+        BYTE(0x04) BYTE(0x00) BYTE(0x00) BYTE(0x00) /* Length of Owner including NUL */
+        BYTE(0x38) BYTE(0x00) BYTE(0x00) BYTE(0x00) /* Length of Value including NUL */
+        BYTE(0x7e) BYTE(0x1a) BYTE(0xfe) BYTE(0xca) /* Note ID */
+        BYTE(0x46) BYTE(0x44) BYTE(0x4f) BYTE(0x00) /* Owner: 'FDO\x00' */
+        BYTE(0x7b) BYTE(0x22) BYTE(0x74) BYTE(0x79) /* Value: '{"type":"rpm","osCpe":"cpe:/o:fedoraproject:fedora:34"}\x00' */
+        BYTE(0x70) BYTE(0x65) BYTE(0x22) BYTE(0x3a)
+        BYTE(0x22) BYTE(0x72) BYTE(0x70) BYTE(0x6d)
+        BYTE(0x22) BYTE(0x2c) BYTE(0x22) BYTE(0x6f)
+        BYTE(0x73) BYTE(0x43) BYTE(0x70) BYTE(0x65)
+        BYTE(0x22) BYTE(0x3a) BYTE(0x22) BYTE(0x63)
+        BYTE(0x70) BYTE(0x65) BYTE(0x3a) BYTE(0x2f)
+        BYTE(0x6f) BYTE(0x3a) BYTE(0x66) BYTE(0x65)
+        BYTE(0x64) BYTE(0x6f) BYTE(0x72) BYTE(0x61)
+        BYTE(0x70) BYTE(0x72) BYTE(0x6f) BYTE(0x6a)
+        BYTE(0x65) BYTE(0x63) BYTE(0x74) BYTE(0x3a)
+        BYTE(0x66) BYTE(0x65) BYTE(0x64) BYTE(0x6f)
+        BYTE(0x72) BYTE(0x61) BYTE(0x3a) BYTE(0x33)
+        BYTE(0x34) BYTE(0x22) BYTE(0x7d) BYTE(0x00)
+    }
+}
+INSERT AFTER .note.gnu.build-id;
+/* HINT: add -Wl,-dT,/path/to/this/file to $LDFLAGS */

tests/resources/fedora-cpe-system-release.ld

@@ -0,0 +1,25 @@
+SECTIONS
+{
+    .note.package (READONLY) : ALIGN(4) {
+        BYTE(0x04) BYTE(0x00) BYTE(0x00) BYTE(0x00) /* Length of Owner including NUL */
+        BYTE(0x38) BYTE(0x00) BYTE(0x00) BYTE(0x00) /* Length of Value including NUL */
+        BYTE(0x7e) BYTE(0x1a) BYTE(0xfe) BYTE(0xca) /* Note ID */
+        BYTE(0x46) BYTE(0x44) BYTE(0x4f) BYTE(0x00) /* Owner: 'FDO\x00' */
+        BYTE(0x7b) BYTE(0x22) BYTE(0x74) BYTE(0x79) /* Value: '{"type":"rpm","osCpe":"cpe:/o:fedoraproject:fedora:33"}\x00' */
+        BYTE(0x70) BYTE(0x65) BYTE(0x22) BYTE(0x3a)
+        BYTE(0x22) BYTE(0x72) BYTE(0x70) BYTE(0x6d)
+        BYTE(0x22) BYTE(0x2c) BYTE(0x22) BYTE(0x6f)
+        BYTE(0x73) BYTE(0x43) BYTE(0x70) BYTE(0x65)
+        BYTE(0x22) BYTE(0x3a) BYTE(0x22) BYTE(0x63)
+        BYTE(0x70) BYTE(0x65) BYTE(0x3a) BYTE(0x2f)
+        BYTE(0x6f) BYTE(0x3a) BYTE(0x66) BYTE(0x65)
+        BYTE(0x64) BYTE(0x6f) BYTE(0x72) BYTE(0x61)
+        BYTE(0x70) BYTE(0x72) BYTE(0x6f) BYTE(0x6a)
+        BYTE(0x65) BYTE(0x63) BYTE(0x74) BYTE(0x3a)
+        BYTE(0x66) BYTE(0x65) BYTE(0x64) BYTE(0x6f)
+        BYTE(0x72) BYTE(0x61) BYTE(0x3a) BYTE(0x33)
+        BYTE(0x33) BYTE(0x22) BYTE(0x7d) BYTE(0x00)
+    }
+}
+INSERT AFTER .note.gnu.build-id;
+/* HINT: add -Wl,-dT,/path/to/this/file to $LDFLAGS */

tests/resources/root-no-cpe/usr/lib/os-release

@@ -0,0 +1 @@
+CPE_NAME="cpe:/o:fedoraproject:fedora:34"

tests/resources/root/usr/lib/os-release

@@ -0,0 +1 @@
+ID=fedora

tests/resources/root/usr/lib/system-release-cpe

@@ -0,0 +1 @@
+cpe:/o:fedoraproject:fedora:33

tests/test_basics.py

@@ -2,10 +2,14 @@
 
 import sys
 from importlib import resources
+from pathlib import Path
 
-from _generate_package_notes import generate_section
+from _generate_package_notes import gather_data, generate_section
 
 
+class dict_dot(dict):
+    __getattr__ = dict.get
+
 def test_fedora_package():
     input = dict(type='rpm', name='package', version='1.2.3', architecture='noarch', osCpe='CPE')
     text = '\n'.join(generate_section(input))
@@ -34,3 +38,17 @@ def test_fedora_long_name():
     text = '\n'.join(generate_section(input))
     expected = resources.read_text('resources', 'fedora-long-name.ld')
     assert text == expected[:-1]
+
+def test_auto_cpe_system_release():
+    opts = dict_dot(package_type='rpm', cpe='auto', root=Path(__file__).absolute().parent / 'resources/root/')
+    input = gather_data(opts)
+    text = '\n'.join(generate_section(input))
+    expected = resources.read_text('resources', 'fedora-cpe-system-release.ld')
+    assert text == expected[:-1]
+
+def test_auto_cpe_os_release():
+    opts = dict_dot(package_type='rpm', cpe='auto', root=Path(__file__).absolute().parent / 'resources/root-no-cpe/')
+    input = gather_data(opts)
+    text = '\n'.join(generate_section(input))
+    expected = resources.read_text('resources', 'fedora-cpe-os-release.ld')
+    assert text == expected[:-1]