launchpad-reviewers team mailing list archive
-
launchpad-reviewers team
-
Mailing list archive
-
Message #32884
[Merge] ~ruinedyourlife/launchpad:clamav-craft-builds into launchpad:master
RuinedYourLife has proposed merging ~ruinedyourlife/launchpad:clamav-craft-builds into launchpad:master.
Commit message:
Malware scanning for craft builds
Requested reviews:
Launchpad code reviewers (launchpad-reviewers)
For more details, see:
https://code.launchpad.net/~ruinedyourlife/launchpad/+git/launchpad/+merge/491152
This is a copy paste of what is happening for ci builds:
`lib/lp/code/model/cibuildbehaviour.py`
`lib/lp/code/model/tests/test_cibuildbehaviour.py`
--
Your team Launchpad code reviewers is requested to review the proposed merge of ~ruinedyourlife/launchpad:clamav-craft-builds into launchpad:master.
diff --git a/lib/lp/crafts/model/craftrecipebuildbehaviour.py b/lib/lp/crafts/model/craftrecipebuildbehaviour.py
index 21207c7..5f11394 100644
--- a/lib/lp/crafts/model/craftrecipebuildbehaviour.py
+++ b/lib/lp/crafts/model/craftrecipebuildbehaviour.py
@@ -114,6 +114,12 @@ class CraftRecipeBuildBehaviour(BuilderProxyMixin, BuildFarmJobBehaviourBase):
return env_vars
+ def should_scan_malware(self, distribution_name: str) -> bool:
+ try:
+ return config["craftbuild." + distribution_name]["scan_malware"]
+ except NoSectionError:
+ return False
+
@defer.inlineCallbacks
def extraBuildArgs(self, logger=None) -> Generator[Any, Any, BuildArgs]:
"""
@@ -181,6 +187,7 @@ class CraftRecipeBuildBehaviour(BuilderProxyMixin, BuildFarmJobBehaviourBase):
args["environment_variables"] = self.build_environment_variables(
distribution_name
)
+ args["scan_malware"] = self.should_scan_malware(distribution_name)
return args
diff --git a/lib/lp/crafts/tests/test_craftrecipebuildbehaviour.py b/lib/lp/crafts/tests/test_craftrecipebuildbehaviour.py
index 54737e4..972e596 100644
--- a/lib/lp/crafts/tests/test_craftrecipebuildbehaviour.py
+++ b/lib/lp/crafts/tests/test_craftrecipebuildbehaviour.py
@@ -719,6 +719,7 @@ class TestAsyncCraftRecipeBuildBehaviour(
# Verify no environment variables were included
self.assertEqual({}, args.get("environment_variables", {}))
+ self.assertFalse(args["scan_malware"])
@defer.inlineCallbacks
def test_extraBuildArgs_git_include_artifactory_configuration(self):
@@ -767,7 +768,8 @@ class TestAsyncCraftRecipeBuildBehaviour(
"CARGO_ARTIFACTORY1_READ_AUTH": "user:pass",
"MAVEN_ARTIFACTORY1_READ_AUTH": "user:pass",
}
- )
+ ),
+ "scan_malware": Is(False),
}
),
)
@@ -814,6 +816,22 @@ class TestAsyncCraftRecipeBuildBehaviour(
# Verify no environment variables were included
self.assertEqual({}, args.get("environment_variables", {}))
+ @defer.inlineCallbacks
+ def test_extraBuildArgs_scan_malware(self):
+ # scan_malware is read from craftbuild.<distribution>
+ distribution = self.factory.makeDistribution(name="soss")
+ package = self.factory.makeDistributionSourcePackage(
+ distribution=distribution
+ )
+ git_repository = self.factory.makeGitRepository(target=package)
+ [git_ref] = self.factory.makeGitRefs(repository=git_repository)
+ # Enable flag
+ self.pushConfig("craftbuild.soss", scan_malware=True)
+ job = self.makeJob(git_ref=git_ref)
+ with dbuser(config.builddmaster.dbuser):
+ args = yield job.extraBuildArgs()
+ self.assertTrue(args["scan_malware"])
+
class TestAsyncCraftRecipeBuildBehaviourFetchService(
StatsMixin, TestCraftRecipeBuildBehaviourBase
diff --git a/lib/lp/services/config/schema-lazr.conf b/lib/lp/services/config/schema-lazr.conf
index 4c8c713..0d5f38b 100644
--- a/lib/lp/services/config/schema-lazr.conf
+++ b/lib/lp/services/config/schema-lazr.conf
@@ -373,6 +373,10 @@ scan_malware: False
# - CARGO_PUBLISH_AUTH: Authentication token for the Cargo registry
environment_variables: none
+# If true, scan job output for malware.
+# datatype: boolean
+scan_malware: False
+
[codebrowse]
# Where to store codebrowse's sqlite "files changed" caches. If
