updater: delete Ubuntu's repository upon bzr errors
By deleting an Ubuntu repository that may be in a bad state, Clair will eventually be able to perform the update, instead of retrying naively. Fixes #169
This commit is contained in:
parent
a03459d02e
commit
34f62ef1f1
@ -92,28 +92,9 @@ func init() {
|
|||||||
func (fetcher *UbuntuFetcher) FetchUpdate(datastore database.Datastore) (resp updater.FetcherResponse, err error) {
|
func (fetcher *UbuntuFetcher) FetchUpdate(datastore database.Datastore) (resp updater.FetcherResponse, err error) {
|
||||||
log.Info("fetching Ubuntu vulnerabilities")
|
log.Info("fetching Ubuntu vulnerabilities")
|
||||||
|
|
||||||
// Check to see if the repository does not already exist.
|
// Pull the bzr repository.
|
||||||
if _, pathExists := os.Stat(fetcher.repositoryLocalPath); fetcher.repositoryLocalPath == "" || os.IsNotExist(pathExists) {
|
if err = fetcher.pullRepository(); err != nil {
|
||||||
// Create a temporary folder and download the repository.
|
return resp, err
|
||||||
p, err := ioutil.TempDir(os.TempDir(), "ubuntu-cve-tracker")
|
|
||||||
if err != nil {
|
|
||||||
return resp, ErrFilesystem
|
|
||||||
}
|
|
||||||
|
|
||||||
// bzr wants an empty target directory.
|
|
||||||
fetcher.repositoryLocalPath = p + "/repository"
|
|
||||||
|
|
||||||
// Create the new repository.
|
|
||||||
err = createRepository(fetcher.repositoryLocalPath)
|
|
||||||
if err != nil {
|
|
||||||
return resp, err
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
// Update the repository that's already on disk.
|
|
||||||
err = updateRepository(fetcher.repositoryLocalPath)
|
|
||||||
if err != nil {
|
|
||||||
return resp, err
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Get revision number.
|
// Get revision number.
|
||||||
@ -182,6 +163,48 @@ func (fetcher *UbuntuFetcher) FetchUpdate(datastore database.Datastore) (resp up
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (fetcher *UbuntuFetcher) pullRepository() (err error) {
|
||||||
|
// Determine whether we should branch or pull.
|
||||||
|
if _, pathExists := os.Stat(fetcher.repositoryLocalPath); fetcher.repositoryLocalPath == "" || os.IsNotExist(pathExists) {
|
||||||
|
// Create a temporary folder to store the repository.
|
||||||
|
if fetcher.repositoryLocalPath, err = ioutil.TempDir(os.TempDir(), "ubuntu-cve-tracker"); err != nil {
|
||||||
|
return ErrFilesystem
|
||||||
|
}
|
||||||
|
|
||||||
|
// Branch repository.
|
||||||
|
if out, err := utils.Exec(fetcher.repositoryLocalPath, "bzr", "branch", "--use-existing-dir", trackerRepository, "."); err != nil {
|
||||||
|
log.Errorf("could not branch Ubuntu repository: %s. output: %s", err, out)
|
||||||
|
return cerrors.ErrCouldNotDownload
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// Pull repository.
|
||||||
|
if out, err := utils.Exec(fetcher.repositoryLocalPath, "bzr", "pull", "--overwrite"); err != nil {
|
||||||
|
os.RemoveAll(fetcher.repositoryLocalPath)
|
||||||
|
|
||||||
|
log.Errorf("could not pull Ubuntu repository: %s. output: %s", err, out)
|
||||||
|
return cerrors.ErrCouldNotDownload
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func getRevisionNumber(pathToRepo string) (int, error) {
|
||||||
|
out, err := utils.Exec(pathToRepo, "bzr", "revno")
|
||||||
|
if err != nil {
|
||||||
|
log.Errorf("could not get Ubuntu repository's revision number: %s. output: %s", err, out)
|
||||||
|
return 0, cerrors.ErrCouldNotDownload
|
||||||
|
}
|
||||||
|
revno, err := strconv.Atoi(strings.TrimSpace(string(out)))
|
||||||
|
if err != nil {
|
||||||
|
log.Errorf("could not parse Ubuntu repository's revision number: %s. output: %s", err, out)
|
||||||
|
return 0, cerrors.ErrCouldNotDownload
|
||||||
|
}
|
||||||
|
return revno, nil
|
||||||
|
}
|
||||||
|
|
||||||
func collectModifiedVulnerabilities(revision int, dbRevision, repositoryLocalPath string) (map[string]struct{}, error) {
|
func collectModifiedVulnerabilities(revision int, dbRevision, repositoryLocalPath string) (map[string]struct{}, error) {
|
||||||
modifiedCVE := make(map[string]struct{})
|
modifiedCVE := make(map[string]struct{})
|
||||||
|
|
||||||
@ -247,40 +270,6 @@ func collectModifiedVulnerabilities(revision int, dbRevision, repositoryLocalPat
|
|||||||
return modifiedCVE, nil
|
return modifiedCVE, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func createRepository(pathToRepo string) error {
|
|
||||||
// Branch repository
|
|
||||||
out, err := utils.Exec("/tmp/", "bzr", "branch", trackerRepository, pathToRepo)
|
|
||||||
if err != nil {
|
|
||||||
log.Errorf("could not branch Ubuntu repository: %s. output: %s", err, out)
|
|
||||||
return cerrors.ErrCouldNotDownload
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
func updateRepository(pathToRepo string) error {
|
|
||||||
// Pull repository
|
|
||||||
out, err := utils.Exec(pathToRepo, "bzr", "pull", "--overwrite")
|
|
||||||
if err != nil {
|
|
||||||
log.Errorf("could not pull Ubuntu repository: %s. output: %s", err, out)
|
|
||||||
return cerrors.ErrCouldNotDownload
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
func getRevisionNumber(pathToRepo string) (int, error) {
|
|
||||||
out, err := utils.Exec(pathToRepo, "bzr", "revno")
|
|
||||||
if err != nil {
|
|
||||||
log.Errorf("could not get Ubuntu repository's revision number: %s. output: %s", err, out)
|
|
||||||
return 0, cerrors.ErrCouldNotDownload
|
|
||||||
}
|
|
||||||
revno, err := strconv.Atoi(strings.TrimSpace(string(out)))
|
|
||||||
if err != nil {
|
|
||||||
log.Errorf("could not parse Ubuntu repository's revision number: %s. output: %s", err, out)
|
|
||||||
return 0, cerrors.ErrCouldNotDownload
|
|
||||||
}
|
|
||||||
return revno, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
func parseUbuntuCVE(fileContent io.Reader) (vulnerability database.Vulnerability, unknownReleases map[string]struct{}, err error) {
|
func parseUbuntuCVE(fileContent io.Reader) (vulnerability database.Vulnerability, unknownReleases map[string]struct{}, err error) {
|
||||||
unknownReleases = make(map[string]struct{})
|
unknownReleases = make(map[string]struct{})
|
||||||
readingDescription := false
|
readingDescription := false
|
||||||
@ -424,7 +413,5 @@ func ubuntuPriorityToSeverity(priority string) types.Priority {
|
|||||||
|
|
||||||
// Clean deletes any allocated resources.
|
// Clean deletes any allocated resources.
|
||||||
func (fetcher *UbuntuFetcher) Clean() {
|
func (fetcher *UbuntuFetcher) Clean() {
|
||||||
if fetcher.repositoryLocalPath != "" {
|
os.RemoveAll(fetcher.repositoryLocalPath)
|
||||||
os.RemoveAll(fetcher.repositoryLocalPath)
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
@ -129,9 +129,7 @@ func (fetcher *NVDMetadataFetcher) Clean() {
|
|||||||
fetcher.lock.Lock()
|
fetcher.lock.Lock()
|
||||||
defer fetcher.lock.Unlock()
|
defer fetcher.lock.Unlock()
|
||||||
|
|
||||||
if fetcher.localPath != "" {
|
os.RemoveAll(fetcher.localPath)
|
||||||
os.RemoveAll(fetcher.localPath)
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func getDataFeeds(dataFeedHashes map[string]string, localPath string) (map[string]NestedReadCloser, map[string]string, error) {
|
func getDataFeeds(dataFeedHashes map[string]string, localPath string) (map[string]NestedReadCloser, map[string]string, error) {
|
||||||
|
Loading…
Reference in New Issue
Block a user