updater: delete Ubuntu's repository upon bzr errors

By deleting an Ubuntu repository that may be in a bad state,
Clair will eventually be able to perform the update, instead of retrying naively.

Fixes #169
This commit is contained in:
Quentin Machu 2016-05-25 15:41:12 -04:00
parent a03459d02e
commit 34f62ef1f1
2 changed files with 47 additions and 62 deletions

View File

@ -92,28 +92,9 @@ func init() {
func (fetcher *UbuntuFetcher) FetchUpdate(datastore database.Datastore) (resp updater.FetcherResponse, err error) {
log.Info("fetching Ubuntu vulnerabilities")
// Check to see if the repository does not already exist.
if _, pathExists := os.Stat(fetcher.repositoryLocalPath); fetcher.repositoryLocalPath == "" || os.IsNotExist(pathExists) {
// Create a temporary folder and download the repository.
p, err := ioutil.TempDir(os.TempDir(), "ubuntu-cve-tracker")
if err != nil {
return resp, ErrFilesystem
}
// bzr wants an empty target directory.
fetcher.repositoryLocalPath = p + "/repository"
// Create the new repository.
err = createRepository(fetcher.repositoryLocalPath)
if err != nil {
return resp, err
}
} else {
// Update the repository that's already on disk.
err = updateRepository(fetcher.repositoryLocalPath)
if err != nil {
return resp, err
}
// Pull the bzr repository.
if err = fetcher.pullRepository(); err != nil {
return resp, err
}
// Get revision number.
@ -182,6 +163,48 @@ func (fetcher *UbuntuFetcher) FetchUpdate(datastore database.Datastore) (resp up
return
}
func (fetcher *UbuntuFetcher) pullRepository() (err error) {
// Determine whether we should branch or pull.
if _, pathExists := os.Stat(fetcher.repositoryLocalPath); fetcher.repositoryLocalPath == "" || os.IsNotExist(pathExists) {
// Create a temporary folder to store the repository.
if fetcher.repositoryLocalPath, err = ioutil.TempDir(os.TempDir(), "ubuntu-cve-tracker"); err != nil {
return ErrFilesystem
}
// Branch repository.
if out, err := utils.Exec(fetcher.repositoryLocalPath, "bzr", "branch", "--use-existing-dir", trackerRepository, "."); err != nil {
log.Errorf("could not branch Ubuntu repository: %s. output: %s", err, out)
return cerrors.ErrCouldNotDownload
}
return nil
}
// Pull repository.
if out, err := utils.Exec(fetcher.repositoryLocalPath, "bzr", "pull", "--overwrite"); err != nil {
os.RemoveAll(fetcher.repositoryLocalPath)
log.Errorf("could not pull Ubuntu repository: %s. output: %s", err, out)
return cerrors.ErrCouldNotDownload
}
return nil
}
func getRevisionNumber(pathToRepo string) (int, error) {
out, err := utils.Exec(pathToRepo, "bzr", "revno")
if err != nil {
log.Errorf("could not get Ubuntu repository's revision number: %s. output: %s", err, out)
return 0, cerrors.ErrCouldNotDownload
}
revno, err := strconv.Atoi(strings.TrimSpace(string(out)))
if err != nil {
log.Errorf("could not parse Ubuntu repository's revision number: %s. output: %s", err, out)
return 0, cerrors.ErrCouldNotDownload
}
return revno, nil
}
func collectModifiedVulnerabilities(revision int, dbRevision, repositoryLocalPath string) (map[string]struct{}, error) {
modifiedCVE := make(map[string]struct{})
@ -247,40 +270,6 @@ func collectModifiedVulnerabilities(revision int, dbRevision, repositoryLocalPat
return modifiedCVE, nil
}
func createRepository(pathToRepo string) error {
// Branch repository
out, err := utils.Exec("/tmp/", "bzr", "branch", trackerRepository, pathToRepo)
if err != nil {
log.Errorf("could not branch Ubuntu repository: %s. output: %s", err, out)
return cerrors.ErrCouldNotDownload
}
return nil
}
func updateRepository(pathToRepo string) error {
// Pull repository
out, err := utils.Exec(pathToRepo, "bzr", "pull", "--overwrite")
if err != nil {
log.Errorf("could not pull Ubuntu repository: %s. output: %s", err, out)
return cerrors.ErrCouldNotDownload
}
return nil
}
func getRevisionNumber(pathToRepo string) (int, error) {
out, err := utils.Exec(pathToRepo, "bzr", "revno")
if err != nil {
log.Errorf("could not get Ubuntu repository's revision number: %s. output: %s", err, out)
return 0, cerrors.ErrCouldNotDownload
}
revno, err := strconv.Atoi(strings.TrimSpace(string(out)))
if err != nil {
log.Errorf("could not parse Ubuntu repository's revision number: %s. output: %s", err, out)
return 0, cerrors.ErrCouldNotDownload
}
return revno, nil
}
func parseUbuntuCVE(fileContent io.Reader) (vulnerability database.Vulnerability, unknownReleases map[string]struct{}, err error) {
unknownReleases = make(map[string]struct{})
readingDescription := false
@ -424,7 +413,5 @@ func ubuntuPriorityToSeverity(priority string) types.Priority {
// Clean deletes any allocated resources.
func (fetcher *UbuntuFetcher) Clean() {
if fetcher.repositoryLocalPath != "" {
os.RemoveAll(fetcher.repositoryLocalPath)
}
os.RemoveAll(fetcher.repositoryLocalPath)
}

View File

@ -129,9 +129,7 @@ func (fetcher *NVDMetadataFetcher) Clean() {
fetcher.lock.Lock()
defer fetcher.lock.Unlock()
if fetcher.localPath != "" {
os.RemoveAll(fetcher.localPath)
}
os.RemoveAll(fetcher.localPath)
}
func getDataFeeds(dataFeedHashes map[string]string, localPath string) (map[string]NestedReadCloser, map[string]string, error) {