Feature #9158
Have a script to keep track of UUI releases
0%
Description
The objective being to come up with a script that:
- Is not written in bash.
- Can be run by cron.
- Uses the
uscan
utility (part of thedevscripts
package) and its--watchfile
option, see the prototype in attachment. - Download updates of UUI to a Git repository.
Files
Subtasks
History
#1 Updated by sajolida 2015-04-17 09:26:52
- Status changed from Confirmed to In Progress
Couldn’t find anything on the website, so I asked upstream directly.
#2 Updated by sajolida 2015-04-18 20:05:04
- Status changed from In Progress to Resolved
I couldn’t get any satisfying answer…
#3 Updated by intrigeri 2015-04-19 06:08:33
> Status changed from In Progress to Resolved
> I couldn’t get any satisfying answer…
Maybe we need to do polling on our side, then?
#4 Updated by sajolida 2015-04-22 11:03:21
But they don’t even have an updated RSS feed… so we could write a
script that parses their webpage a notifies us whenever they have an
update. Is that it?
I could give it a try in ruby-nokogiri.
#5 Updated by intrigeri 2015-04-23 01:39:04
> But they don’t even have an updated RSS feed… so we could write a script that parses their webpage a notifies us whenever they have an update. Is that it?
This would indeed be a solution to the problem at hand :)
> I could give it a try in ruby-nokogiri.
I think that writing and maintaining new code is not needed. Looking for a link that matches that regexp on the UUI web page, and comparing the captured substring with the known last version, should be enough:
"$":http://www\.pendrivelinux\.com/downloads/Universal-USB-Installer/Universal-USB-Installer-([0-9.]+)\.exe
Using uscan
(part of the devscripts
package) with a suitable --watchfile
option, and perhaps a fake, dynamically generated Debian source tree with just the needed files, should be enough. There are probably other suitable already existing programs in Debian. If you have trouble using/configuring uscan, feel free to reassign to me: I know this tool a little bit and could treat this task as funny procrastination ;)
#6 Updated by sajolida 2015-04-27 11:44:06
- File scan_for_uui.sh added
- Status changed from Resolved to In Progress
- QA Check set to Info Needed
Cool! I did that and it worked great. See the script in attachment.
Now I wonder how we could integrate that on our website…
We could maybe have this script running as a cronjob somewhere on lizard. In case of updates it would download the new UUI, commit it to a Git repo, and send an email notification. Then we (starting with me) would pull this repo, download UUI from another source, compare their hashes, and if they match, push the new version in an underlay of the website.
But maybe that’s overkill :)
#7 Updated by sajolida 2015-04-27 11:44:30
- Assignee changed from sajolida to intrigeri
#8 Updated by intrigeri 2015-04-29 08:26:58
> Cool! I did that and it worked great.
:)
> See the script in attachment.
I had a quick look:
- Given what follows, I guess we’ll want to use a saner programming language for this script before we extend its functionality. So I won’t comment on the shell bits themselves.
- Creating temporary files with fixed names is bad practice and can have security implications depending on how the script is run. Better use
mktemp
to set up the working directory.
> Now I wonder how we could integrate that on our website…
> We could maybe have this script running as a cronjob somewhere on lizard. In case of updates it would download the new UUI, commit it to a Git repo, and send an email notification. Then we (starting with me) would pull this repo, download UUI from another source, compare their hashes, and if they match, push the new version in an underlay of the website.
Yep. We can as well have the script do the double download + comparison itself (e.g. one download with Tor, and the other without) before it adds the file to some Git repo we would pull from. I’d love to see uscan offer this functionality, but I’m not dreaming: I doubt any of us has time to add it there.
> But maybe that’s overkill :)
If we want to self-host UUI, the more we automate, the better: IMO the only manual part should be testing that the new UUI works fine for our use cases (until we have automated tests running on Windows!), merging and pushing to the live website. We’re already spending way too much time doing robots’ work, let’s not add to the pile.
#9 Updated by intrigeri 2015-04-29 08:27:27
- Assignee changed from intrigeri to sajolida
- QA Check deleted (
Info Needed)
#10 Updated by sajolida 2015-04-30 05:02:15
- Assignee changed from sajolida to intrigeri
- QA Check set to Info Needed
Disclaimer: this script was only a proof-of-concept to check whether
uscan was able to do the job. We need to agree on what the overall
infrastructure will be before turns this into something real.
> I guess we’ll want to use a saner programming language
Which one are you proposing?
> * Creating temporary files with fixed names is bad practice
I know this already but uscan couldn’t make uscan work from temporary
directories only because it needs to store the state of the previously
fetched URL to be able to know whether it has been updated or not.
So if we want to deploy this on some server, we’ll need at least a real
directory to store the EXE file.
My script is creating and removing the uui folder which is named as
needed by uscan which expects a Debian structure ($software/debian). But
maybe I underestimate or misunderstand the capacities of uscan or the
flexibility of this pseudo-Debian archive (you know I have very little).
> IMO the only manual part should be testing […], merging and pushing to the live website
Fully agreed.
I think that what I need from you now (as tails-sysadmins) is to clarify:
- which programming language would you find acceptable
- where would this be run
- which directory structure would you find acceptable for that
- to which Git repo it would commit
- whether we need a Git repo for that script
#11 Updated by intrigeri 2015-04-30 08:45:36
> Disclaimer: this script was only a proof-of-concept […]
Sure, well understood :)
>> I guess we’ll want to use a saner programming language
> Which one are you proposing?
We’re usually doing Python, Ruby or Perl for this kind of things. Dependencies in Jessie + backports (and Wheezy + backports if you need to see this live soon, as our Jenkins slaves are still running Wheezy).
> couldn’t make uscan work from temporary directories only because it needs to store the state of the previously fetched URL to be able to know whether it has been updated or not.
Really? I thought uscan relied on the last version found in debian/changelog, and both my past experience with it and uscan’s manpage seem to confirm this, so I’m a little bit confused.
Assuming I’m correct, here’s the way I would do it. I would store in a web-accessible location the version number of the UUI we’re distributing (in a plain-text file, to avoid having to look at directory content and parsing filenames), and when creating the fake Debian source package, I would retrieve that information and write it to debian/changelog
so that uscan effectively compares the last available upstream version with the version we’re distributing. And then, once downloaded and verified, it would add new .exe
and update that version number in the underlay repo it can push to.
> * where would this be run
From the top of my mind, either a cronjob on misc.lizard
, or a Jenkins job. Preferably the latter, so that we benefit from its tracking of success/failure, stats, etc. But this shouldn’t matter much from your perspective anyway => if it does, please clarify what system requirements you have, that would be affected by our answer to this question :)
> * which directory structure would you find acceptable for that
Ideally, none at all unless that’s strictly needed. If persistence is required, then we’ll give you a /var/lib/whatever
directory and your stuff will have to manage it properly. We can easily automated deleting old files on our side, if it helps. But as said above, I don’t think that any persistent state is needed here.
> * to which Git repo it would commit
If you need a repo for the new underlay, we’ll create it :)
> * whether we need a Git repo for that script
Yes.
#12 Updated by intrigeri 2015-04-30 08:49:21
- Assignee changed from intrigeri to sajolida
- QA Check deleted (
Info Needed)
#13 Updated by sajolida 2015-05-03 04:43:24
- related to
Bug #9161: Write a security advisory about Claws leaking cleartext to IMAP server added
#14 Updated by sajolida 2015-05-03 06:03:50
- related to deleted (
)Bug #9161: Write a security advisory about Claws leaking cleartext to IMAP server
#15 Updated by sajolida 2015-06-08 15:13:35
- Status changed from In Progress to Confirmed
- Assignee deleted (
sajolida) - Type of work changed from Research to Code
- Starter set to Yes
I still think that’s an interesting idea but I’m too busy to find this exciting. Now that a first investigation has been done, we can mark this as an easy task.
The objective being to come up with a script that:
- Is not written in bash
- Can be run by cron
- Download updates of UUI to a Git repository
#16 Updated by sajolida 2015-06-08 15:25:44
- Subject changed from Investigate how to keep track of UUI releases to Have a script to keep track of UUI releases
- Description updated
#17 Updated by sajolida 2015-08-04 07:20:34
- Status changed from Confirmed to Rejected
During the August monthly meeting we decided to go for a less engineered solution and have volunteers for that. So I’m rejecting this idea. Still, if people show up and want to work on that I would be super happy!