> > > > I'm not sure if the handling of the ":amd64" architecture suffixes is > > > > ideal. Thoughts? > > Okay, so what would you prefer? To have --except=foo match both > > foo and foo:bar for any value of bar? (and 'foo' documented as > > a bare package name without a ":arch" suffix) > > yes, that.
Here you go: [[[ diff --git a/check-support-status.in b/check-support-status.in index a5437c4..7296360 100755 --- a/check-support-status.in +++ b/check-support-status.in @@ -28,6 +28,7 @@ fi LIST= NOHEADING= STATUSDB_FILE= +EXCEPT= TYPE= NAME="$(basename "$0")" @@ -37,7 +38,7 @@ TODAY="$(date +"%Y%m%d")" TEMP=$( \ getopt \ --options h,V \ - --long help,list:,no-heading,semaphore:,status-db:,type:,version,Version \ + --long help,list:,no-heading,semaphore:,status-db:,except:,type:,version,Version \ -n "$NAME" \ -- "$@" ) @@ -52,6 +53,7 @@ Options: --list FILE database of packages under specific support conditions --no-heading skips printing headlines --status-db FILE database about already reported packages + --except PACKAGES exempt given binary packages (comma-separated list) --type SECURITY_SUPPORT_TYPE earlyend, ended or limited -V, --version display version and exit"; echo } @@ -86,6 +88,16 @@ while true ; do STATUSDB_FILE="$2" shift 2 ;; + --except) + EXCEPT="$2" + case "$EXCEPT" in + *:*) + gettext 'E: --except=<package name> does not allow :<arch> suffixes'; echo + exit 1 + ;; + esac + shift 2 + ;; --type) TYPE="$2" shift 2 @@ -104,17 +116,17 @@ done case "$TYPE" in '') if [ -z "$LIST" ] ; then - REPORT="$($0 --type ended --list [% ENDED %] --status-db "$STATUSDB_FILE" $NOHEADING)" + REPORT="$($0 --type ended --list [% ENDED %] --status-db "$STATUSDB_FILE" --except "$EXCEPT" $NOHEADING)" if [ -n "$REPORT" ] ; then echo "$REPORT" echo fi - REPORT="$($0 --type limited --list [% LIMITED %] --status-db "$STATUSDB_FILE" $NOHEADING)" + REPORT="$($0 --type limited --list [% LIMITED %] --status-db "$STATUSDB_FILE" --except "$EXCEPT" $NOHEADING)" if [ -n "$REPORT" ] ; then echo "$REPORT" echo fi - $0 --type earlyend --list [% ENDED %] --status-db "$STATUSDB_FILE" $NOHEADING + $0 --type earlyend --list [% ENDED %] --status-db "$STATUSDB_FILE" --except "$EXCEPT" $NOHEADING exit 0 fi gettext 'E: Need a --type if --list is given'; echo @@ -240,6 +252,14 @@ cat "$INTERSECTION_LIST" | while read SRC_NAME ; do [% AWK %] '($3=="'"$SRC_NAME"'"){print $1" "$2}' "$INSTALLED_LIST" | \ while read BIN_NAME BIN_VERSION ; do + case ",$EXCEPT," in + *,"$BIN_NAME",*) # plain match (e.g., "binutils") + continue + ;; + *,"${BIN_NAME%:*}",*) # match with arch suffix (e.g., "libbinutils:amd64") + continue + ;; + esac # for earlyend and ended, check packages actually affected (if TMP_WHEN not null) if [ -n "$TMP_WHEN" ] || [ "$TYPE" = limited ] ; then if \ diff --git a/man/check-support-status.txt b/man/check-support-status.txt index a16ef9a..066e042 100644 --- a/man/check-support-status.txt +++ b/man/check-support-status.txt @@ -83,6 +83,12 @@ reported only once. + Default: No records, any affected package will be reported every time. +*--except* 'PACKAGES':: + +Do not alert for the given binary packages (comma-separated list). ++ +Default: Alert for all packages (no exceptions). + *--type* 'TYPE':: One of the following: diff --git a/t/check-support-status.t b/t/check-support-status.t index 784d947..af7c082 100644 --- a/t/check-support-status.t +++ b/t/check-support-status.t @@ -855,6 +855,76 @@ __EOS__ ); } +diag ('exempt packages from listing'); + +foreach my $awk (@AWKs) { + diag ("exempt ($awk)"); + + my $tb = Testbed->new ($dpkg_version); + my ($list_ended, $list_limited, $query_list, $statusdb_file) = $tb->files; + my $exe = $tb->exe ( + $awk, + [ + '--type', 'limited', + '--no-heading', + '--list', $list_limited, + '--status-db', $statusdb_file, + '--except', 'hello,binutils-common', + ], + ); + + write_file ($list_limited, <<__EOS__); +binutils lorem ipsum dolor sit amet +php5 See README.Debian.security for the PHP security policy +__EOS__ + mock_query_list ( + $query_list, + [ + [ 'ioi', 'binutils', '2.34-2' ], + [ 'ioi', 'binutils-common:amd64', '2.34-2', 'binutils' ], + [ 'ioi', 'php5', '5.3.3-7+squeeze19' ], + ], + ); + + # run a first time + my $run = Test::Command->new ('cmd' => $exe); + $run->run; + $run->exit_is_num (0); + + my ($stdout, $stderr) = stdout_n_stderr ($run); + $stderr and diag ("stderr:\n" . $stderr); + my $expect_stdout = <<__EOS__; + +* Source:binutils + Details: lorem ipsum dolor sit amet + Affected binary package: + - binutils (installed version: 2.34-2) + +* Source:php5 + Details: See README.Debian.security for the PHP security policy + Affected binary package: + - php5 (installed version: 5.3.3-7+squeeze19) +__EOS__ + eq_or_diff ( + $stdout, + $expect_stdout, + 'stdout' + ); + + if (ok (-f $statusdb_file, 'status db file was created')) { + my $got = read_file ($statusdb_file); + my $expect = <<__EOS__; +binutils/2.34-2 +php5/5.3.3-7+squeeze19 +__EOS__ + eq_or_diff ( + $got, + $expect, + 'status db file content', + ); + } +} + done_testing; exit 0; ]]] (Normally I'd add an interdiff alongside the new diff, but I'll skip that since you said you only skimmed the original.) > thanks! You're welcome! Daniel P.S. Separate issue: in cases such as — % check-support-status --type foo E: Unknown --type 'foo' % — it would be nice to have "check-support-status: " prefixed to the error message. (Shall I open a separate bug for this?)