Find important upstream fixes
Project description
Purpose
This tool shall help identify commits in current source tree that are
available remote on the same branch
available in the parent branch
and are likely to contain bugfixes.
History
When you’re using a 3rd party components in your project it’s hard to balance between keeping it safe and tested against keeping in touch with upstream/mainline, especially when you have to decide if the code is as safe as possible.
Most would rely here on CVE-notifications for the used component and the corresponding version.
I was watching the 2019’s keynote of Greg Kroah-Hartman at Embedded Linux Conference Europe in Lyon where he said, that most issues don’t even get a CVE entry anymore, they will just be fixed with a commit in upstream (at least for the kernel).
This is somehow hard to maintain, as mostly you simply don’t want to change the feature-set (as this has been tested and approved) but need the bug- and issue-fixes from that project.
That is where this tool comes into play - It performs automatic checks if there are upstream fixes available - and if so, if they only contain fixes and NOT features.
Ensurecvs, helps you to ensure and you’re using the best of the used content versioning system
What it does
It extracts the currently used commit from the local repository clone
this can be overridden by specifying --srcrev or --srctag in command line
It extracts the currently used branch from the local repository clone
this can be overridden by specifying --srcbranch in command line
It gets all remote available commits in current branch
It gets all commits made to ‘master’ since current branch has been branched off (an alternative branch to ‘master’ can be specified by using --upstream in command line)
it filters all commits out, that might have been cherry-picked in current branch
all the remaining commits are classified regarding their commit message
commits that are classified to be likely bugfixes are presented at the console (STDOUT)
Usage
usage: ensurecsv [-h] [--srcbranch SRCBRANCH]
[--srcrev SRCREV | --srctag SRCTAG] [--upstream UPSTREAM]
localdir
Ensure that you're using the most secure source code
positional arguments:
localdir Path to local repo
optional arguments:
-h, --help show this help message and exit
--srcbranch SRCBRANCH
Use explicitly given branch
--srcrev SRCREV Use explicitly given source revision
--srctag SRCTAG Use explicitly given tag
--upstream UPSTREAM Use explicitly given branch as upstreamInstallation
From pypi
simply run
pip3 install ensurecvsFrom source
git clone this repository
cd to <clone folder>/ensurecvs
Install the needed requirements by running pip3 install -r requirements.txt
run python3 setup.py build install (possibly ‘sudo’ is needed)
Output
The tool will return
[branch] commit <commit hash>:'<commit message>' is likely to contain bugfixese.g.
[master] commit 173dfc1c07c9fa901a91adbc9bf8fd41961b9837:'Fix compile issue with python-astor' is likely to contain bugfixesthat means that commit 173dfc1c07c9fa901a91adbc9bf8fd41961b9837 currently to be found in branch master is likely to contain a bugfix that isn’t yet used in the currently selected branch
Implementation notes
Currently only git-repositories are supported
Future
If you have interest in one or more of the following topics, feel free to get in contact with me
better commit classification (maybe with something like this here)
better documentation
changeset code analysis for better commit classification
check on out-of-tree patches in local code
compare the changeset diff for cherry-pick analysis
streamline code
svn-repository support
Contribution
Feel free to add issues or pull requests
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
