diff options
-rw-r--r-- | TODO | 3 | ||||
-rwxr-xr-x | pym/kernelcheck/kernelcheck.py | 31 | ||||
-rw-r--r-- | pym/kernelcheck/lib/kernellib.py | 20 |
3 files changed, 33 insertions, 21 deletions
@@ -16,4 +16,5 @@ - Implement sync properly - Sort print_items - Port cron.py to python3 -- Move arch and genpatch to kernel class +- Move genpatch to kernel class +- Fix userland arch <> kernel arch diff --git a/pym/kernelcheck/kernelcheck.py b/pym/kernelcheck/kernelcheck.py index 0f08425..e7a7ded 100755 --- a/pym/kernelcheck/kernelcheck.py +++ b/pym/kernelcheck/kernelcheck.py @@ -9,7 +9,7 @@ try: from _emerge.userquery import userquery from _emerge.stdout_spinner import stdout_spinner except ImportError: - from _emerge import userquery #FIXME proper checking without except + from _emerge import userquery from _emerge import stdout_spinner import getopt @@ -84,36 +84,41 @@ def main(argv): arch = portage.settings['ARCH'] if not arch: - arch = '?' #FIXME + kernel.arch = '?' + else: + kernel.arch = arch - kernel.genpatch = lib.get_genpatch(lib.PORTDIR, kernel) - if not kernel.genpatch: - genpatch = '' + genpatch = lib.get_genpatch(lib.PORTDIR, kernel) + if not genpatch: + kernel.genpatch = None else: - genpatch = '%s %s (%s)' % ('genpatch', kernel.genpatch.version, - repr(kernel.genpatch)) + kernel.genpatch = genpatch information = { 'Kernel source' : kernel.source, 'Kernel version' : '%s-%s' % (kernel.version, kernel.revision), - 'Kernel patches' : genpatch, - 'Architecture' : arch + 'Kernel patches' : ('genpatch %s (%s)' % (kernel.genpatch.version, + repr(kernel.genpatch)) if kernel.genpatch else ''), + 'Architecture' : kernel.arch } print_items(information, 'Information') print('') print_items(lib.gather_configuration(), 'Configuration') - print('\nDetermining vulnerabilities... done!') #TODO #spin print('') + print('Determining vulnerabilities... '), - evaluation = lib.eval_cve_files(lib.DIR['out'], kernel, arch, None) + evaluation = lib.eval_cve_files(lib.DIR['out'], kernel, spin) if not evaluation: - error('No kernel vulnerability files found!') + error('No kernel vulnerability files found!') #TODO return - kernel_updates = lib.eval_kernel_updates(kernel, evaluation, arch) #FIXME + kernel_updates = lib.eval_kernel_updates(kernel, evaluation, spin) + + print("\b\b done!") + print('') if len(evaluation.affected) is not 0: print_summary(evaluation.affected, kernel_updates) diff --git a/pym/kernelcheck/lib/kernellib.py b/pym/kernelcheck/lib/kernellib.py index 384026f..c95252e 100644 --- a/pym/kernelcheck/lib/kernellib.py +++ b/pym/kernelcheck/lib/kernellib.py @@ -176,6 +176,7 @@ class Genpatch: class Kernel: 'Kernel class' + arch = str() revision = str() source = str() version = str() @@ -425,7 +426,7 @@ def find_cve(cve, directory): return None -def eval_cve_files(directory, kernel, arch, spin=None): +def eval_cve_files(directory, kernel, spin=None): 'Returns a vulnerabilty evaluation' files = parse_cve_files(directory) @@ -438,14 +439,14 @@ def eval_cve_files(directory, kernel, arch, spin=None): evaluation = Evaluation() for item in files: - if spin: #TODO migh be useful in future release (e.g. framework) + if spin: spin.update() evaluation.read += 1 if item.arch not in ARCHES: BUG_ON('[Error] Wrong architecture %s' % item.arch, item.bugid) - if item.arch != arch and item.arch != 'all': + if item.arch != kernel.arch and item.arch != 'all': evaluation.unaffected.append(item) else: evaluation.arch += 1 @@ -524,8 +525,12 @@ def compare_evaluation(kernel, compare): comparison = Comparison() - if kernel.read != compare.read or kernel.arch != compare.arch: - BUG_ON('Kernels do not match: %s' % kernel.read, compare.read) + if kernel.read != compare.read: + BUG_ON('Kernels do not match (read) : %s' % kernel.read, compare.read) + return + + if kernel.arch != compare.arch: + BUG_ON('Kernels do not match (arch) : %s' % kernel.arch, compare.arch) return for item in kernel.affected: @@ -645,7 +650,7 @@ def all_version(source): return versions -def eval_kernel_updates(kernel, kernel_eval, arch, spin=None): #TODO +def eval_kernel_updates(kernel, kernel_eval, spin): "" index = 0 @@ -655,8 +660,9 @@ def eval_kernel_updates(kernel, kernel_eval, arch, spin=None): #TODO if compare.version > kernel.version or \ (compare.version == kernel.version and \ compare.revision > kernel.revision): + compare.arch = kernel.arch compare.genpatch = get_genpatch(PORTDIR, compare) - compare_eval = eval_cve_files(DIR['out'], compare, arch, None) + compare_eval = eval_cve_files(DIR['out'], compare, spin) comparison = compare_evaluation(kernel_eval, compare_eval) for item in comparison.fixed: |