summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--TODO3
-rwxr-xr-xpym/kernelcheck/kernelcheck.py31
-rw-r--r--pym/kernelcheck/lib/kernellib.py20
3 files changed, 33 insertions, 21 deletions
diff --git a/TODO b/TODO
index 0985d67..23973d6 100644
--- a/TODO
+++ b/TODO
@@ -16,4 +16,5 @@
- Implement sync properly
- Sort print_items
- Port cron.py to python3
-- Move arch and genpatch to kernel class
+- Move genpatch to kernel class
+- Fix userland arch <> kernel arch
diff --git a/pym/kernelcheck/kernelcheck.py b/pym/kernelcheck/kernelcheck.py
index 0f08425..e7a7ded 100755
--- a/pym/kernelcheck/kernelcheck.py
+++ b/pym/kernelcheck/kernelcheck.py
@@ -9,7 +9,7 @@ try:
from _emerge.userquery import userquery
from _emerge.stdout_spinner import stdout_spinner
except ImportError:
- from _emerge import userquery #FIXME proper checking without except
+ from _emerge import userquery
from _emerge import stdout_spinner
import getopt
@@ -84,36 +84,41 @@ def main(argv):
arch = portage.settings['ARCH']
if not arch:
- arch = '?' #FIXME
+ kernel.arch = '?'
+ else:
+ kernel.arch = arch
- kernel.genpatch = lib.get_genpatch(lib.PORTDIR, kernel)
- if not kernel.genpatch:
- genpatch = ''
+ genpatch = lib.get_genpatch(lib.PORTDIR, kernel)
+ if not genpatch:
+ kernel.genpatch = None
else:
- genpatch = '%s %s (%s)' % ('genpatch', kernel.genpatch.version,
- repr(kernel.genpatch))
+ kernel.genpatch = genpatch
information = {
'Kernel source' : kernel.source,
'Kernel version' : '%s-%s' % (kernel.version, kernel.revision),
- 'Kernel patches' : genpatch,
- 'Architecture' : arch
+ 'Kernel patches' : ('genpatch %s (%s)' % (kernel.genpatch.version,
+ repr(kernel.genpatch)) if kernel.genpatch else ''),
+ 'Architecture' : kernel.arch
}
print_items(information, 'Information')
print('')
print_items(lib.gather_configuration(), 'Configuration')
- print('\nDetermining vulnerabilities... done!') #TODO #spin
print('')
+ print('Determining vulnerabilities... '),
- evaluation = lib.eval_cve_files(lib.DIR['out'], kernel, arch, None)
+ evaluation = lib.eval_cve_files(lib.DIR['out'], kernel, spin)
if not evaluation:
- error('No kernel vulnerability files found!')
+ error('No kernel vulnerability files found!') #TODO
return
- kernel_updates = lib.eval_kernel_updates(kernel, evaluation, arch) #FIXME
+ kernel_updates = lib.eval_kernel_updates(kernel, evaluation, spin)
+
+ print("\b\b done!")
+ print('')
if len(evaluation.affected) is not 0:
print_summary(evaluation.affected, kernel_updates)
diff --git a/pym/kernelcheck/lib/kernellib.py b/pym/kernelcheck/lib/kernellib.py
index 384026f..c95252e 100644
--- a/pym/kernelcheck/lib/kernellib.py
+++ b/pym/kernelcheck/lib/kernellib.py
@@ -176,6 +176,7 @@ class Genpatch:
class Kernel:
'Kernel class'
+ arch = str()
revision = str()
source = str()
version = str()
@@ -425,7 +426,7 @@ def find_cve(cve, directory):
return None
-def eval_cve_files(directory, kernel, arch, spin=None):
+def eval_cve_files(directory, kernel, spin=None):
'Returns a vulnerabilty evaluation'
files = parse_cve_files(directory)
@@ -438,14 +439,14 @@ def eval_cve_files(directory, kernel, arch, spin=None):
evaluation = Evaluation()
for item in files:
- if spin: #TODO migh be useful in future release (e.g. framework)
+ if spin:
spin.update()
evaluation.read += 1
if item.arch not in ARCHES:
BUG_ON('[Error] Wrong architecture %s' % item.arch, item.bugid)
- if item.arch != arch and item.arch != 'all':
+ if item.arch != kernel.arch and item.arch != 'all':
evaluation.unaffected.append(item)
else:
evaluation.arch += 1
@@ -524,8 +525,12 @@ def compare_evaluation(kernel, compare):
comparison = Comparison()
- if kernel.read != compare.read or kernel.arch != compare.arch:
- BUG_ON('Kernels do not match: %s' % kernel.read, compare.read)
+ if kernel.read != compare.read:
+ BUG_ON('Kernels do not match (read) : %s' % kernel.read, compare.read)
+ return
+
+ if kernel.arch != compare.arch:
+ BUG_ON('Kernels do not match (arch) : %s' % kernel.arch, compare.arch)
return
for item in kernel.affected:
@@ -645,7 +650,7 @@ def all_version(source):
return versions
-def eval_kernel_updates(kernel, kernel_eval, arch, spin=None): #TODO
+def eval_kernel_updates(kernel, kernel_eval, spin):
""
index = 0
@@ -655,8 +660,9 @@ def eval_kernel_updates(kernel, kernel_eval, arch, spin=None): #TODO
if compare.version > kernel.version or \
(compare.version == kernel.version and \
compare.revision > kernel.revision):
+ compare.arch = kernel.arch
compare.genpatch = get_genpatch(PORTDIR, compare)
- compare_eval = eval_cve_files(DIR['out'], compare, arch, None)
+ compare_eval = eval_cve_files(DIR['out'], compare, spin)
comparison = compare_evaluation(kernel_eval, compare_eval)
for item in comparison.fixed: