subject:"Bug#862073\: ftpmaster.debian.org\: Please POST .buildinfo files to buildinfo.debian.net"

Bug#862073: ftpmaster.debian.org: Please POST .buildinfo files to buildinfo.debian.net

2017-05-16 Thread Holger Levsen

On Tue, May 16, 2017 at 04:38:42PM +0100, Chris Lamb wrote:
> That would solve both of the problems of running as a privileged user and
> be idempotent to boot.
> 
> (As a minor bonus, it would also ensure that the *existing* set of
> archived .buildinfo files would be sent to external services too...)

and fourth, it can also be used for security.debian.org to only upload
public .buildinfo files \o/ 


-- 
cheers,
Holger


signature.asc
Description: Digital signature

Bug#862073: ftpmaster.debian.org: Please POST .buildinfo files to buildinfo.debian.net

2017-05-16 Thread Chris Lamb

Hi Ansgar,

> push .buildinfo files asynchronous and as an unprivileged user.

How about this alternative: as we are already archiving them on
ftp-master, how about a cronjob that would go through that archive,
uploading those that have not been (successfully) uploaded yet?

That would solve both of the problems of running as a privileged user and
be idempotent to boot.

(As a minor bonus, it would also ensure that the *existing* set of
archived .buildinfo files would be sent to external services too...)


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-

Bug#862073: ftpmaster.debian.org: Please POST .buildinfo files to buildinfo.debian.net

2017-05-15 Thread Ansgar Burchardt

Hi,

Chris Lamb writes:
> Attached is a patch submit .buildinfo files to buildinfo.debian.net,
> our experimental system for centrally storing .buildinfo files for
> analysis, retrieval, etc.  We almost have 2,000,000 files there.
>
> This patch supplements the existing filesystem archiving and simply
> performs a POST on the .buildinfo file itself.

I don't think dak should push things to external services while
processing uploads: the code runs as the privileged user (and ideally
doesn't talk to the external world) and we still need a second point
where .buildinfo files are pushed (in case the PUT fails for any
reason).

So we could implement only the second point and push .buildinfo files
asynchronous and as an unprivileged user.

Ansgar

Bug#862073: ftpmaster.debian.org: Please POST .buildinfo files to buildinfo.debian.net

2017-05-08 Thread Chris Lamb

reassign 862073 ftp.debian.org
user reproducible-bui...@lists.alioth.debian.org
usertag 862073 + toolchain
thanks

Chris Lamb wrote:

> Attached is a patch submit .buildinfo files to buildinfo.debian.net,
> our experimental system for centrally storing .buildinfo files for
> analysis, retrieval, etc.  We almost have 2,000,000 files there.

Re-assigning to the correct package & setting usertags; apologies for
the noise.


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-

Bug#862073: ftpmaster.debian.org: Please POST .buildinfo files to buildinfo.debian.net

2017-05-08 Thread Chris Lamb

Package: ftpmaster.debian.org
Severity: wishlist
Tags: patch

Hi,

Attached is a patch submit .buildinfo files to buildinfo.debian.net,
our experimental system for centrally storing .buildinfo files for
analysis, retrieval, etc.  We almost have 2,000,000 files there.

This patch supplements the existing filesystem archiving and simply
performs a POST on the .buildinfo file itself.

As a deployment note, this will actually mean that — right now — most
.buildinfo files will be rejected by buildinfo.debian.net as it only
accepts signed .buildinfo files. However, we intend to fix that
separately via #862059 ("sbuild: please sign buildinfo files").

Also note that this patch enables this for the main archive only.
Please clarify whether I should enable this for the security archive
too; I would not want it to leak the fact we have rebuilt a package
there if itwere embargoed, etc.


  commit a85df018d210c054e7ae0b5a6fe037a537b62e7a
  Author: Chris Lamb 
  Date:   Mon May 8 01:06:03 2017 +0200
  
  Upload buildinfo files to buildinfo.debian.net.
  
  Signed-off-by: Chris Lamb 
  
   config/debian/dak.conf |  5 +
   dak/process_upload.py  | 52 
--
   2 files changed, 55 insertions(+), 2 deletions(-)


Alternatively you can merge from the:

  upload-buildinfo-files-to-buildinfo-debian-net

branch on .


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-
>From a85df018d210c054e7ae0b5a6fe037a537b62e7a Mon Sep 17 00:00:00 2001
From: Chris Lamb 
Date: Mon, 8 May 2017 01:06:03 +0200
Subject: [PATCH] Upload buildinfo files to buildinfo.debian.net.

Signed-off-by: Chris Lamb 
---
 config/debian/dak.conf |  5 +
 dak/process_upload.py  | 52 --
 2 files changed, 55 insertions(+), 2 deletions(-)

diff --git a/config/debian/dak.conf b/config/debian/dak.conf
index 4fa828e56..ad71e4ded 100644
--- a/config/debian/dak.conf
+++ b/config/debian/dak.conf
@@ -119,6 +119,11 @@ Process-New
   LockDir "/srv/ftp-master.debian.org/lock/new/";
 };
 
+BuildinfoService
+{
+  "https://buildinfo.debian.net/api/submit;;
+}
+
 SuiteMappings
 {
  "silent-map squeeze-security oldoldstable-security";
diff --git a/dak/process_upload.py b/dak/process_upload.py
index 51104523f..98fdde4d9 100755
--- a/dak/process_upload.py
+++ b/dak/process_upload.py
@@ -168,6 +168,7 @@ import sys
 import traceback
 import apt_pkg
 import time
+import urllib2
 from sqlalchemy.orm.exc import NoResultFound
 
 from daklib import daklog
@@ -263,7 +264,8 @@ def accept(directory, upload):
 print "ACCEPT"
 
 upload.install()
-process_buildinfos(upload)
+archive_buildinfos(upload)
+upload_buildinfos(upload)
 
 accepted_to_real_suite = False
 for suite in upload.final_suites:
@@ -494,7 +496,12 @@ def process_changes(changes_filenames):
 for directory, c in changes:
 process_it(directory, c, keyring_files)
 
-def process_buildinfos(upload):
+def archive_buildinfos(upload):
+"""
+Archive .buildinfo files locally on the filesystem at
+``Dir::BuildinfoArchive``.
+"""
+
 cnf = Config()
 
 if not cnf.has_key('Dir::BuildinfoArchive'):
@@ -515,6 +522,47 @@ def process_buildinfos(upload):
 Logger.log(["Archiving", x.filename])
 upload.transaction.fs.copy(src, dst, mode=0o644)
 
+def upload_buildinfos(upload):
+"""
+Upload .buildinfo files to the service(s) specified in
+``BuildinfoService``. The data is sent as raw HTTP POST data.
+"""
+
+cnf = Config()
+
+try:
+urls = cnf.value_list('BuildinfoService')
+except KeyError:
+return
+
+for x in upload.changes.files.itervalues():
+if not re_file_buildinfo.match(x.filename):
+continue
+
+with open(os.path.join(upload.directory, x.filename)) as f:
+data = f.read()
+
+opener = urllib2.build_opener(urllib2.HTTPHandler)
+
+for url in urls:
+Logger.log(["Uploading", x.filename, "to", url])
+
+request = urllib2.Request(url, data, {
+'Content-Type': 'application/octet-stream',
+})
+request.get_method = lambda: 'PUT'
+
+try:
+res = urllib2.urlopen(request, timeout=10)
+except urllib2.HTTPError as e:
+Logger.log(['HTTP {}: {}'.format(e.code, e.read().strip())])
+continue
+except Exception:
+Logger.log(['Exception:', traceback.format_exc()])
+continue
+
+Logger.log(['HTTP {}: {}'.format(res.code, res.read().strip())])
+
 ###
 
 def main():
-- 
2.11.0

Bug#862073: ftpmaster.debian.org: Please POST .buildinfo files to buildinfo.debian.net

Bug#862073: ftpmaster.debian.org: Please POST .buildinfo files to buildinfo.debian.net

Bug#862073: ftpmaster.debian.org: Please POST .buildinfo files to buildinfo.debian.net

Bug#862073: ftpmaster.debian.org: Please POST .buildinfo files to buildinfo.debian.net

Bug#862073: ftpmaster.debian.org: Please POST .buildinfo files to buildinfo.debian.net

5 matches

Site Navigation

Mail list logo

Footer information