aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlice Ferrazzi <alice.ferrazzi@gmail.com>2017-08-20 01:41:09 +0900
committerAlice Ferrazzi <alice.ferrazzi@gmail.com>2017-08-20 01:41:09 +0900
commit7dd9bbdced149e3e05d3e6b1681886d6721cc557 (patch)
tree5d7c00b6f1093b4962effc4c351199c6936d1493
parentremove duplicated from the cve list (diff)
downloadelivepatch-7dd9bbdced149e3e05d3e6b1681886d6721cc557.tar.gz
elivepatch-7dd9bbdced149e3e05d3e6b1681886d6721cc557.tar.bz2
elivepatch-7dd9bbdced149e3e05d3e6b1681886d6721cc557.zip
return list of cve id and cve patch after getting the missing cve from the
installed kernel. build and install the cve patches.
-rw-r--r--elivepatch_client/client/cli.py9
-rw-r--r--elivepatch_client/client/security.py10
2 files changed, 15 insertions, 4 deletions
diff --git a/elivepatch_client/client/cli.py b/elivepatch_client/client/cli.py
index 2f45f67..a6b017e 100644
--- a/elivepatch_client/client/cli.py
+++ b/elivepatch_client/client/cli.py
@@ -42,7 +42,14 @@ class Main(object):
print("CVE repository already present.")
print("updating...")
# TODO: update repository
- cve_repository.cve_git_id()
+ cve_patch_list = cve_repository.cve_git_id()
+ for cve_id, cve_patch in cve_patch_list:
+ print(cve_id, cve_patch)
+ current_kernel = Kernel(config.url, config.kernel_version)
+ current_kernel.set_config(config.config)
+ current_kernel.set_main_patch(cve_patch)
+ current_kernel.send_files(applied_patches_list)
+ current_kernel.get_livepatch()
elif config.patch:
patch_manager = patch.ManaGer()
applied_patches_list = patch_manager.list(config.kernel_version)
diff --git a/elivepatch_client/client/security.py b/elivepatch_client/client/security.py
index 7c97f57..a4477ee 100644
--- a/elivepatch_client/client/security.py
+++ b/elivepatch_client/client/security.py
@@ -44,6 +44,7 @@ class CVE(object):
if int(version) > revision_version:
cve_2d_list.append(self.cve_id(major_version, minor_version, version))
+ cve_outfile_list = []
patch_index = 0
if not os.path.exists(self.cve_patches_dir):
os.mkdir(self.cve_patches_dir)
@@ -51,16 +52,19 @@ class CVE(object):
# Remove duplicated cve_id from the cve list for not add the same patch
cve_list = [ii for n,ii in enumerate(cve_list) if ii not in cve_list[:n]]
for cve_id in cve_list:
- self.download_cve_patch(cve_id, str(patch_index))
+ cve_outfile = self.download_cve_patch(cve_id, str(patch_index))
+ cve_outfile_list.append([cve_outfile[0], cve_outfile[1].name])
patch_index +=1
+ return cve_outfile_list
def download_cve_patch(self, cve_id, patch_index):
file_name= self.cve_patches_dir + patch_index + '.patch'
# Download the file from `url` and save it locally under `file_name`:
- with request.urlopen('https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/patch/?id=' + cve_id) as response, \
+ with request.urlopen('https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/patch/?id=' + cve_id[1]) as response, \
open(file_name, 'wb') as out_file:
shutil.copyfileobj(response, out_file)
+ return [cve_id[0],out_file]
def cve_id(self, major_version, minor_version, revision_version):
security_file = open("/tmp/kernel_cve/"+str(major_version)+"."+str(minor_version)+
@@ -75,7 +79,7 @@ class CVE(object):
":") in excluded_line:
for included_line in security_file:
if not "\n" is included_line:
- git_security_id.append(included_line.strip().split(' ')[1])
+ git_security_id.append([included_line.strip().split(' ')[0].replace(':',''),included_line.strip().split(' ')[1]])
else:
# debug
# print('got cve for '+str(major_version)+