def main():
try:
opts, args = getopt.getopt(sys.argv[1:], "hi:o:",
["help", "input=", "output="])
except getopt.GetoptError as err:
# print help information and exit
print(str(err))
print_usage()
sys.exit(2)
# check for required args
if len(sys.argv) < 2:
print("[E] Invalid number of args (required: 2, found: " +
str(len(sys.argv)) + ")!")
print_usage()
sys.exit(2)
# directory containing the CVE patches
input_dir = None
# directory containing the kernel repo to be patched
kernel_repo = sys.argv[-1]
# the place to store the results
output_dir = None
for o, a in opts:
if o in ("-h", "--help"):
print_usage()
sys.exit()
elif o in ("-i", "--input"):
input_dir = a
elif o in ("-o", "--output"):
output_dir = a
else:
print("[E] unhandled option: " + o)
sys.exit(2)
# check for required directories
if output_dir:
ioutils.check_create(output_dir)
if not input_dir or not ioutils.dir_exists(input_dir):
print("[E] invalid CVE input directory: " + str(input_dir))
return
if not output_dir:
print("[E] invalid output directory: " + str(output_dir))
return
if not kernel_repo or not ioutils.dir_exists(kernel_repo):
print("[E] invalid kernel directory: " + kernel_repo)
return
if ".git" not in os.listdir(kernel_repo):
print("[E] kernel directory does not seem to be a git repository")
return
run(kernel_repo, input_dir, output_dir)
def main():
try:
opts, args = getopt.getopt(sys.argv[1:], "hi:b:",
["help", "input=", "basedir="])
except getopt.GetoptError as err:
# print help information and exit
print(str(err))
print_usage()
sys.exit(2)
# check for required args
if len(sys.argv) < 2:
print("[E] Invalid number of args (required: 2, found: "
+ str(len(sys.argv)) + ")!")
print_usage()
sys.exit(2)
# file containing the CVE patch file names
input_file = None
# directory containing the CVE patches
base_dir = None
# directory containing the kernel repo to be patched
kernel_repo = sys.argv[-1]
for o, a in opts:
if o in ("-h", "--help"):
print_usage()
sys.exit()
elif o in ("-i", "--input"):
input_file = a
elif o in ("-b", "--basedir"):
base_dir = a
else:
print("[E] unhandled option: " + o)
sys.exit(2)
if not input_file or not ioutils.file_exists(input_file):
print("[E] invalid CVE input file: " + str(input_file))
return
if not base_dir or not ioutils.dir_exists(base_dir):
print("[E] invalid patch base directory: " + str(base_dir))
return
if not kernel_repo or not ioutils.dir_exists(kernel_repo):
print("[E] invalid kernel directory: " + kernel_repo)
return
if ".git" not in os.listdir(kernel_repo):
print("[E] kernel directory does not seem to be a git repository")
return
local_cves = load_local_cves(base_dir)
run(kernel_repo, input_file, local_cves)
def main():
try:
opts, args = getopt.getopt(
sys.argv[1:], "hpi:o:u:b:",
["help", "push", "input=", "output=", "user="******"branch="])
except getopt.GetoptError as err:
# print help information and exit
print(str(err))
print_usage()
sys.exit(2)
# check for required args
if len(sys.argv) < 3:
print("[E] Invalid number of args (required: 3, found: " +
str(len(sys.argv)) + ")!")
print_usage()
sys.exit(2)
# directory containing the CVE patches
input_dir = None
# directory where we store our output files
output_dir = None
# directory containing the kernel repo to be patched
kernel_repo = sys.argv[-1]
# whether or not we should push to Gerrit
gerrit_upload = False
# Gerrit user
gerrit_user = None
# destination git branch
branch = None
for o, a in opts:
if o in ("-h", "--help"):
print_usage()
sys.exit()
elif o in ("-p", "--push"):
gerrit_upload = True
elif o in ("-i", "--input"):
input_dir = a
elif o in ("-o", "--output"):
output_dir = a
elif o in ("-u", "--user"):
gerrit_user = a
elif o in ("-b", "--branch"):
branch = a
else:
print("[E] unhandled option: " + o)
sys.exit(2)
if not input_dir or not ioutils.dir_exists(input_dir):
print("[E] invalid CVE input directory: " + str(input_dir))
return
ioutils.check_recreate(output_dir)
if not output_dir or not ioutils.dir_exists(output_dir):
print("[E] invalid CVE input directory: " + str(input_dir))
return
if not kernel_repo or not ioutils.dir_exists(kernel_repo):
print("[E] invalid kernel directory: " + kernel_repo)
return
if ".git" not in os.listdir(kernel_repo):
print("[E] kernel directory does not seem to be a git repository")
return
if gerrit_upload:
# check if all requirements are met
if not gerrit_user:
print("[E] Gerrit upload selected, but no user provided (-u)")
sys.exit(2)
if not branch:
print("[E] Gerrit upload selected, but no branch provided (-b)")
sys.exit(2)
# check patch status
cve_check.run(kernel_repo, input_dir, output_dir)
# we want to apply all patches which apply cleanly onto our kernel repo
cleanly_applying_cves_file = os.path.join(output_dir, "CVE_clean")
# if there is nothing to apply, bail out early
if os.stat(cleanly_applying_cves_file).st_size == 0:
print("[W] " + cleanly_applying_cves_file + " is empty, quitting!")
return
# apply patches
local_cves = load_local_cves(input_dir)
cve_apply.run(kernel_repo, cleanly_applying_cves_file, local_cves)
# push to gerrit if requested
if gerrit_upload:
cve_patches_to_push_file = os.path.join(kernel_repo, "CVE_PUSH")
if not ioutils.file_exists(cve_patches_to_push_file):
print("[E] File with patch push information does not exist")
sys.exit(2)
cve_push.run(kernel_repo, cve_patches_to_push_file, gerrit_user,
branch)
# offer to remove the push file
answer = input("[I] Done. Do you want to remove the CVE push file (" +
cve_patches_to_push_file + ")? (Y/n) ")
if answer == "Y":
os.remove(cve_patches_to_push_file)