Skip to main content

Find important upstream fixes

Project description

Build status PyPI version Python version Downloads Language grade: Python


This tool shall help identify commits in current source tree that are

  • available remote on the same branch

  • available in the parent branch

and are likely to contain bugfixes.


When you’re using a 3rd party components in your project it’s hard to balance between keeping it safe and tested against keeping in touch with upstream/mainline, especially when you have to decide if the code is as safe as possible.

Most would rely here on CVE-notifications for the used component and the corresponding version.

I was watching the 2019’s keynote of Greg Kroah-Hartman at Embedded Linux Conference Europe in Lyon where he said, that most issues don’t even get a CVE entry anymore, they will just be fixed with a commit in upstream (at least for the kernel).

This is somehow hard to maintain, as mostly you simply don’t want to change the feature-set (as this has been tested and approved) but need the bug- and issue-fixes from that project.

That is where this tool comes into play - It performs automatic checks if there are upstream fixes available - and if so, if they only contain fixes and NOT features.

Ensurecvs, helps you to ensure and you’re using the best of the used content versioning system

What it does

  • It extracts the currently used commit from the local repository clone

    • this can be overridden by specifying --srcrev or --srctag in command line

  • It extracts the currently used branch from the local repository clone

    • this can be overridden by specifying --srcbranch in command line

  • It gets all remote available commits in current branch

  • It gets all commits made to ‘master’ since current branch has been branched off (an alternative branch to ‘master’ can be specified by using --upstream in command line)

    • it filters all commits out, that might have been cherry-picked in current branch

  • all the remaining commits are classified regarding their commit message

  • commits that are classified to be likely bugfixes are presented at the console (STDOUT)


usage: ensurecsv [-h] [--srcbranch SRCBRANCH]
                 [--srcrev SRCREV | --srctag SRCTAG] [--upstream UPSTREAM]

Ensure that you're using the most secure source code

positional arguments:
  localdir              Path to local repo

optional arguments:
  -h, --help            show this help message and exit
  --srcbranch SRCBRANCH
                        Use explicitly given branch
  --srcrev SRCREV       Use explicitly given source revision
  --srctag SRCTAG       Use explicitly given tag
  --upstream UPSTREAM   Use explicitly given branch as upstream


From pypi

simply run

pip3 install ensurecvs

From source

  • git clone this repository

  • cd to <clone folder>/ensurecvs

  • Install the needed requirements by running pip3 install -r requirements.txt

  • run python3 build install (possibly ‘sudo’ is needed)


The tool will return

[branch] commit <commit hash>:'<commit message>'  is likely to contain bugfixes


[master] commit 173dfc1c07c9fa901a91adbc9bf8fd41961b9837:'Fix compile issue with python-astor' is likely to contain bugfixes

that means that commit 173dfc1c07c9fa901a91adbc9bf8fd41961b9837 currently to be found in branch master is likely to contain a bugfix that isn’t yet used in the currently selected branch

Implementation notes

Currently only git-repositories are supported


If you have interest in one or more of the following topics, feel free to get in contact with me

  • better commit classification (maybe with something like this here)

  • better documentation

  • changeset code analysis for better commit classification

  • check on out-of-tree patches in local code

  • compare the changeset diff for cherry-pick analysis

  • streamline code

  • svn-repository support


Feel free to add issues or pull requests

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

ensurecvs-1.0.3.tar.gz (9.1 kB view hashes)

Uploaded source

Supported by

AWS AWS Cloud computing Datadog Datadog Monitoring Facebook / Instagram Facebook / Instagram PSF Sponsor Fastly Fastly CDN Google Google Object Storage and Download Analytics Huawei Huawei PSF Sponsor Microsoft Microsoft PSF Sponsor NVIDIA NVIDIA PSF Sponsor Pingdom Pingdom Monitoring Salesforce Salesforce PSF Sponsor Sentry Sentry Error logging StatusPage StatusPage Status page