Updates to patchman-email

debian/copyright

@@ -6,7 +6,7 @@ Source: https://github.com/furlongm/patchman
 Files: *
 Copyright: 2011-2012 VPAC http://www.vpac.org
            2013-2021 Marcus Furlong <furlongm@gmail.com>
-License: GPL-3.0
+License: GPL-3.0-only
  This package is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
  the Free Software Foundation; version 3 only.

docker/Dockerfile

@@ -1,7 +1,7 @@
 FROM debian:bookworm-slim
 
 RUN apt -y update && apt -y upgrade
-RUN apt install -y apache2 git libapache2-mod-wsgi-py3 mariadb-client python-celery-common python3-celery python3-debian python3-defusedxml python3-lxml python3-mysqldb python3-pip python3-progressbar python3-psycopg2 python3-redis python3-rpm 
+RUN apt install -y apache2 git libapache2-mod-wsgi-py3 mariadb-client python-celery-common python3-celery python3-debian python3-defusedxml python3-lxml python3-mysqldb python3-pip python3-progressbar python3-psycopg2 python3-redis python3-rpm sendmail sharutils uuid-runtime vim weasyprint 
 
 WORKDIR /srv/patchman
 
@@ -10,6 +10,10 @@ COPY ./etc/patchman/apache.conf.example /etc/apache2/sites-available/patchman.co
 
 RUN /srv/patchman/setup.py install
 
+COPY ./email/patchman-email /usr/bin/patchman-email
+COPY ./etc/patchman/patchman-email.conf /etc/patchman/patchman-email.conf
+RUN chmod u+x /usr/bin/patchman-email
+
 RUN a2enmod wsgi
 RUN a2ensite patchman
 

docker/docker-entrypoint.sh

@@ -105,6 +105,12 @@ if "${USE_CACHE}"; then
     fi
 fi
 
+# Set sendmail destination
+if [ -n "${MTA_HOST}" ]; then
+    echo "define(\`SMART_HOST', \`[$MTA_HOST]')dnl" >> /etc/mail/submit.mc
+    m4 /etc/mail/submit.mc > /etc/mail/submit.cf
+fi
+
 # Sync database on container first start
 if [ ! -f /var/lib/patchman/.firstrun ]; then
     patchman-manage makemigrations

email/patchman-email

@@ -145,7 +145,8 @@ report() {
             cat <<-EOF > "$FILE.html"
 			<html><style>
 			body { font-family: "Calibri" }
-			#details table { border-collapse: collapse; width: 20em; white-space: nowrap;}
+			#details table { border-collapse: collapse; width: 20em; white-space: nowrap; }
+			#details table tr:nth-child(1) { font-size: 1.5em; text-decoration: underline; }
 			#updates table { border-collapse: collapse; width: 100%; }
 			#details th, #details tr, #details td { text-align: left; }
 			#updates th, #updates td { padding: 8px; text-align: left; border-bottom: 1px solid #ddd; }
@@ -187,11 +188,11 @@ if [ $# -gt 0 ] && [[ $1 == -* ]]; then
     custom_html="/etc/patchman/patchman-email.html"
 
     # Database credentials configured in /etc/patchman/local_settings.py
-    mysql_db=$(grep -E "'NAME'" /etc/patchman/local_settings.py | grep -v "#" | sed -e "s/'\|,//g" | awk -F " " '{print $2}')
-    mysql_user=$(grep -E "'USER'" /etc/patchman/local_settings.py | grep -v "#" | sed -e "s/'\|,//g" | awk -F " " '{print $2}')
-    mysql_pass=$(grep -E "'PASSWORD'" /etc/patchman/local_settings.py | grep -v "#" | sed -e "s/'\|,//g" | awk -F " " '{print $2}')
-    mysql_host=$(grep -E "'HOST'" /etc/patchman/local_settings.py | grep -v "#" | sed -e "s/'\|,//g" | awk -F " " '{print $2}')
-    mysql_port=$(grep -E "'PORT'" /etc/patchman/local_settings.py | grep -v "#" | sed -e "s/'\|,//g" | awk -F " " '{print $2}')
+    mysql_db=$(grep -E "'NAME'" /etc/patchman/local_settings.py | grep -v "^#" | sed -e "s/'\|,//g" | awk -F " " '{print $2}')
+    mysql_user=$(grep -E "'USER'" /etc/patchman/local_settings.py | grep -v "^#" | sed -e "s/'\|,//g" | awk -F " " '{print $2}')
+    mysql_pass=$(grep -E "'PASSWORD'" /etc/patchman/local_settings.py | grep -v "^#" | sed -e "s/'\|,//g" | awk -F " " '{print $2}')
+    mysql_host=$(grep -E "'HOST'" /etc/patchman/local_settings.py | grep -v "^#" | sed -e "s/'\|,//g" | awk -F " " '{print $2}')
+    mysql_port=$(grep -E "'PORT'" /etc/patchman/local_settings.py | grep -v "^#" | sed -e "s/'\|,//g" | awk -F " " '{print $2}')
 
     while getopts 'aH:T:h' arg; do
         case $arg in

hosts/models.py

@@ -85,7 +85,7 @@ def show(self):
         text += f'Packages     : {self.get_num_packages()}\n'
         text += f'Repos        : {self.get_num_repos()}\n'
         text += f'Updates      : {self.get_num_updates()}\n'
-        text += f'Tags         : {self.tags}\n'
+        text += f'Tags         : {" ".join(self.tags.slugs())}\n'
         text += f'Needs reboot : {self.reboot_required}\n'
         text += f'Updated at   : {self.updated_at}\n'
         text += f'Host repos   : {self.host_repos_only}\n'

hosts/templatetags/report_alert.py

@@ -1,19 +1,18 @@
-# Copyright 2016-2021 Marcus Furlong <furlongm@gmail.com>
+# Copyright 2016-2025 Marcus Furlong <furlongm@gmail.com>
 #
 # This file is part of Patchman.
 #
 # Patchman is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
+# the Free Software Foundation, version 3 only.
 #
 # Patchman is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
-# along with Patchman  If not, see <http://www.gnu.org/licenses/>.
+# along with Patchman. If not, see <http://www.gnu.org/licenses/>
 
 from datetime import timedelta
 

hosts/utils.py

@@ -18,8 +18,9 @@
 from socket import gethostbyaddr, gaierror, herror
 
 from django.db import transaction, IntegrityError
+from taggit.models import Tag
 
-from patchman.signals import error_message
+from patchman.signals import error_message, info_message
 
 
 def update_rdns(host):
@@ -62,7 +63,7 @@ def get_or_create_host(report, arch, osvariant, domain):
             host.osvariant = osvariant
             host.domain = domain
             host.lastreport = report.created
-            host.tags = report.tags
+            host.tags.set(report.tags.split(','), clear=True)
             if report.reboot == 'True':
                 host.reboot_required = True
             else:
@@ -73,3 +74,17 @@ def get_or_create_host(report, arch, osvariant, domain):
     if host:
         host.check_rdns()
         return host
+
+
+def clean_tags():
+    """ Delete Tags that have no Host
+    """
+    tags = Tag.objects.filter(
+        host__isnull=True,
+    )
+    tlen = tags.count()
+    if tlen == 0:
+        info_message.send(sender=None, text='No orphaned Tags found.')
+    else:
+        info_message.send(sender=None, text=f'{tlen} orphaned Tags found.')
+        tags.delete()

packages/models.py

@@ -195,11 +195,11 @@ def __str__(self):
             rel = f'-{self.release}'
         else:
             rel = ''
-        if self.packagetype == self.GENTOO:
+        if self.packagetype == Package.GENTOO:
             return f'{self.category}/{self.name}-{epo}{self.version}{rel}-{self.arch}.{self.get_packagetype_display()}'
-        elif self.packagetype in [self.DEB, self.ARCH]:
+        elif self.packagetype in [Package.DEB, Package.ARCH]:
             return f'{self.name}_{epo}{self.version}{rel}_{self.arch}.{self.get_packagetype_display()}'
-        elif self.packagetype == self.RPM:
+        elif self.packagetype == Package.RPM:
             return f'{self.name}-{epo}{self.version}{rel}-{self.arch}.{self.get_packagetype_display()}'
         else:
             return f'{self.name}-{epo}{self.version}{rel}-{self.arch}.{self.get_packagetype_display()}'

patchman/urls.py

@@ -44,7 +44,7 @@
 router.register(r'package', package_views.PackageViewSet)
 router.register(r'package-update', package_views.PackageUpdateViewSet)
 router.register(r'cve', security_views.CVEViewSet)
-router.register(r'reference', security_views.ReferenceViewSet),
+router.register(r'reference', security_views.ReferenceViewSet)
 router.register(r'erratum', errata_views.ErratumViewSet)
 router.register(r'repo', repo_views.RepositoryViewSet)
 router.register(r'mirror', repo_views.MirrorViewSet)

repos/repo_types/gentoo.py

@@ -226,7 +226,7 @@ def extract_gentoo_overlay_ebuilds(t):
     """ Extract ebuilds from a Gentoo overlay tarball
     """
     extracted_ebuilds = {}
-    for root, dirs, files in os.walk(t):
+    for root, _, files in os.walk(t):
         for name in files:
             if fnmatch(name, '*.ebuild'):
                 package_name = root.replace(t + '/', '')

repos/repo_types/rpm.py

@@ -69,7 +69,7 @@ def refresh_rpm_repo_mirrors(repo, errata_only=False):
     ]
     ts = get_datetime_now()
     enabled_mirrors = repo.mirror_set.filter(mirrorlist=False, refresh=True, enabled=True)
-    for i, mirror in enumerate(enabled_mirrors):
+    for mirror in enabled_mirrors:
         res = find_mirror_url(mirror.url, formats)
         if not res:
             mirror.fail()

requirements.txt

@@ -1,4 +1,4 @@
-Django==4.2.24
+Django==4.2.25
 django-taggit==4.0.0
 django-extensions==3.2.3
 django-bootstrap3==23.1
@@ -15,7 +15,7 @@ python-magic==0.4.27
 gitpython==3.1.44
 tenacity==8.2.3
 celery==5.4.0
-redis==5.2.1
+redis==6.4.0
 django-celery-beat==2.7.0
 tqdm==4.67.1
 cvss==3.4

sbin/patchman

@@ -34,6 +34,7 @@ from errata.utils import mark_errata_security_updates, enrich_errata, \
     scan_package_updates_for_affected_packages
 from errata.tasks import update_errata
 from hosts.models import Host
+from hosts.utils import clean_tags
 from modules.utils import clean_modules
 from packages.utils import clean_packages, clean_packageupdates, clean_packagenames
 from repos.models import Repository
@@ -362,6 +363,7 @@ def dbcheck(remove_duplicates=False):
     clean_repos()
     clean_modules()
     clean_packageupdates()
+    clean_tags()
 
 
 def collect_args():

setup.py

@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright 2013-2021 Marcus Furlong <furlongm@gmail.com>
+# Copyright 2013-2025 Marcus Furlong <furlongm@gmail.com>
 #
 # This file is part of Patchman.
 #

util/__init__.py

@@ -20,6 +20,7 @@
 import magic
 import zlib
 import lzma
+import os
 from datetime import datetime, timezone
 from enum import Enum
 from hashlib import md5, sha1, sha256, sha512
@@ -28,17 +29,23 @@
 from time import time
 from tqdm import tqdm
 
-from patchman.signals import error_message, info_message, debug_message
-
 from django.utils.timezone import make_aware
 from django.utils.dateparse import parse_datetime
 from django.conf import settings
 
+from patchman.signals import error_message, info_message, debug_message
 
 pbar = None
 verbose = None
 Checksum = Enum('Checksum', 'md5 sha sha1 sha256 sha512')
 
+http_proxy = os.getenv('http_proxy')
+https_proxy = os.getenv('https_proxy')
+proxies = {
+   'http': http_proxy,
+   'https': https_proxy,
+}
+
 
 def get_verbosity():
     """ Get the global verbosity level
@@ -107,13 +114,17 @@ def fetch_content(response, text='', ljust=35):
     wait=wait_exponential(multiplier=1, min=1, max=10),
     reraise=False,
 )
-def get_url(url, headers={}, params={}):
+def get_url(url, headers=None, params=None):
     """ Perform a http GET on a URL. Return None on error.
     """
     response = None
+    if not headers:
+        headers = {}
+    if not params:
+        params = {}
     try:
         debug_message.send(sender=None, text=f'Trying {url} headers:{headers} params:{params}')
-        response = requests.get(url, headers=headers, params=params, stream=True, timeout=30)
+        response = requests.get(url, headers=headers, params=params, stream=True, proxies=proxies, timeout=30)
         debug_message.send(sender=None, text=f'{response.status_code}: {response.headers}')
         if response.status_code in [403, 404]:
             return response

util/filterspecs.py

@@ -1,20 +1,19 @@
 # Copyright 2010 VPAC
-# Copyright 2014-2021 Marcus Furlong <furlongm@gmail.com>
+# Copyright 2014-2025 Marcus Furlong <furlongm@gmail.com>
 #
 # This file is part of Patchman.
 #
 # Patchman is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
+# the Free Software Foundation, version 3 only.
 #
 # Patchman is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
-# along with Patchman  If not, see <http://www.gnu.org/licenses/>.
+# along with Patchman. If not, see <http://www.gnu.org/licenses/>
 
 from django.utils.safestring import mark_safe
 from django.db.models.query import QuerySet

util/templatetags/common.py

@@ -1,20 +1,18 @@
-# Copyright 2010 VPAC
-# Copyright 2013-2021 Marcus Furlong <furlongm@gmail.com>
+# Copyright 2013-2025 Marcus Furlong <furlongm@gmail.com>
 #
 # This file is part of Patchman.
 #
 # Patchman is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
+# the Free Software Foundation, version 3 only.
 #
 # Patchman is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
-# along with Patchman  If not, see <http://www.gnu.org/licenses/>.
+# along with Patchman. If not, see <http://www.gnu.org/licenses/>
 
 import re