获取现有可用更新的 saID 集合

Signed-off-by: Jia Chao <jiachao2130@126.com>
过滤出已安装的，最新版本的 rpm 包
2024-07-23 11:09:42 +08:00 · 2024-07-23 10:06:35 +08:00 · 2024-06-26 16:57:46 +08:00
4 changed files with 91 additions and 6 deletions
--- a/Cargo.toml
+++ b/Cargo.toml
@ -7,5 +7,7 @@ edition = "2021"
 clap = { version = "4.0", features = ["derive"] }
 serde = { version = "1", features = ["serde_derive"] }
 toml = { version = "0.8" }
-updateinfo-xmlparser = { git = "https://gitee.com/jiachao2130/updateinfo-xmlparser.git", version = "0.1.0" }
-cvrf-xmlparser = { git = "https://gitee.com/jiachao2130/cvrf-xmlparser.git", version = "0.1.0" }
+updateinfo-xmlparser = { git = "https://git.zhgsun.com:8089/jiachao2130/updateinfo-xmlparser.git", version = "0.1.0" }
+cvrf-xmlparser = { git = "https://git.zhgsun.com:8089/jiachao2130/cvrf-xmlparser.git", version = "0.1.0" }
+rpm-rs = { git = "https://git.zhgsun.com:8089/jiachao2130/rpm-rs.git", version = "0.1.0" }
+lazy_static = { version = "1.5" }
--- a/src/analyzer/db.rs
+++ b/src/analyzer/db.rs
@ -7,13 +7,13 @@ use updateinfo_xmlparser::{UpdateInfoDb, RpmInfo};
 // PackageDb 从 updateinfo 中获取
 // 以包名为键，值为一个 Vector ，里面包含更新的不同版本的 rpm 包信息
 #[derive(Debug, Clone, Serialize, Deserialize)]
-pub struct PacakgeDb {
+pub struct PackgeDb {
    db: HashMap<String, Vec<RpmInfo>>,
 }

-impl PacakgeDb {
+impl PackgeDb {
    pub fn new() -> Self {
-        PacakgeDb {
+        PackgeDb {
            db: HashMap::new(),
        }
    }
@ -31,6 +31,10 @@ impl PacakgeDb {
            }
        }
    }
+
+    pub fn db(&self) -> &HashMap<String, Vec<RpmInfo>> {
+        &self.db
+    }
 }

 // SaDb 为精简版的安全公告集
@ -98,7 +102,7 @@ mod test {
        let mut updatedb = UpdateInfoDb::new();
        updatedb.load_xml(&updatexml).unwrap();

-        let mut pkgdb = PacakgeDb::new();
+        let mut pkgdb = PackgeDb::new();
        pkgdb.load_from_updateinfodb(&updatedb);

        let bash_pkgs = pkgdb.db.get("bash").unwrap();
--- a/src/analyzer/mod.rs
+++ b/src/analyzer/mod.rs
@ -1,4 +1,26 @@
+use std::collections::HashSet;
+
+use lazy_static::lazy_static;
+use rpm_rs::rpm::{
+    get_installed_packages,
+    Package,
+};
+use rpm_rs::rpmio::rpmvercmp;
+use updateinfo_xmlparser::{UpdateInfoDb, RpmInfo};
+
 use crate::cli::Cli;
+use crate::analyzer::db::PackgeDb;
+
+lazy_static! {
+    pub static ref update_pkgs: PackgeDb= {
+        let mut updatedb = UpdateInfoDb::new();
+        updatedb.load_xml("test/updateinfo.xml").unwrap();
+
+        let mut pkgdb = PackgeDb::new();
+        pkgdb.load_from_updateinfodb(&updatedb);
+        pkgdb
+    };
+}

 pub mod db;

@ -35,5 +57,59 @@ fn repoter(cli: &Cli) -> crate::Result<()> {
 }

 fn summary(cli: &Cli) -> crate::Result<()> {
+    let mut sa_ids: HashSet<String> = HashSet::new();
+    // 当前系统所有已安装的 rpm 包
+    let installed = get_installed_packages();
+    // installed 已被消费掉
+    // latest_installed 是所有最新版本软件包的 Vec
+    let latest_installed: Vec<Package> = installed.into_iter().map(|(_, pkgs)| {
+        let mut latest = pkgs[0].clone();
+        for pkg in pkgs.into_iter() {
+            latest = rpmdb_package_vercmp(latest, pkg);
+        }
+        latest
+    }).collect();
+
+    // 获取 sa 更新列表
+    for pkg in latest_installed {
+        let name = pkg.name();
+        if let Some(updates) = update_pkgs.db().get(name) {
+            for update in updates {
+                // epoch 判断
+                match (update.epoch(), pkg.epoch()) {
+                    (Some(_), None) => {
+                        let _ = sa_ids.insert(update.sa().into());
+                    },
+                    (None, Some(_)) => continue,
+                    _ => {}
+                }
+
+                // evr 对比
+                if rpmvercmp(&update.evr(), &pkg.evr()) > 0 {
+                    sa_ids.insert(update.sa().into());
+                }
+            }
+        }
+    }
+
+    println!("{:#?}", sa_ids.len());
+    // TODO: sa -> { rpms, cves }
+
    Ok(())
 }
+
+// 对比两个 rpm Package 的版本，返回最新的一个
+fn rpmdb_package_vercmp(pa: Package, pb: Package) -> Package {
+    // 首先进行 epoch 的比较
+    match (pa.epoch(), pb.epoch()) {
+        (Some(_), None) => return pa,
+        (None, Some(_)) => return pb,
+        _ => {}, // 继续往下对比
+    }
+
+    if rpmvercmp(&pa.evr(), &pb.evr()) > 0 {
+        return pa
+    } else {
+        return pb
+    }
+}
--- a/src/lib.rs
+++ b/src/lib.rs
@ -11,5 +11,8 @@ pub type Result<T> = std::result::Result<T, Error>;

 pub fn cumain() -> Result<()> {
    let cli = cli::parse();
+    // 初始化使用 rpm 默认配置
+    rpm_rs::configure();
+
    analyzer::cuvat_run(&cli)
 }
Author	SHA1	Message	Date
Jia Chao	946f13f35c	获取现有可用更新的 saID 集合 Signed-off-by: Jia Chao <jiachao2130@126.com>	2024-07-23 11:09:42 +08:00
Jia Chao	b4c6fe6a01	过滤出已安装的，最新版本的 rpm 包 Signed-off-by: Jia Chao <jiachao2130@126.com>	2024-07-23 10:06:35 +08:00
Jia Chao	f7374af85c	use git.zhgsun.com Signed-off-by: Jia Chao <jiachao2130@126.com>	2024-06-26 16:57:46 +08:00