Find important upstream fixes
This tool shall help identify commits in current source tree that are
- available remote on the same branch
- available in the parent branch
and are likely to contain bugfixes.
When you’re using a 3rd party components in your project it’s hard to balance between keeping it safe and tested against keeping in touch with upstream/mainline, especially when you have to decide if the code is as safe as possible.
Most would rely here on CVE-notifications for the used component and the corresponding version.
I was watching the 2019’s keynote of Greg Kroah-Hartman at Embedded Linux Conference Europe in Lyon where he said, that most issues don’t even get a CVE entry anymore, they will just be fixed with a commit in upstream (at least for the kernel).
This is somehow hard to maintain, as mostly you simply don’t want to change the feature-set (as this has been tested and approved) but need the bug- and issue-fixes from that project.
That is where this tool comes into play - It performs automatic checks if there are upstream fixes available - and if so, if they only contain fixes and NOT features.
Ensurecvs, helps you to ensure and you’re using the best of the used content versioning system
What it does
- It extracts the currently used commit from the local repository clone
- this can be overridden by specifying --srcrev or --srctag in command line
- It extracts the currently used branch from the local repository clone
- this can be overridden by specifying --srcbranch in command line
- It gets all remote available commits in current branch
- It gets all commits made to ‘master’ since current branch has been
branched off (an alternative branch to ‘master’ can be specified by
using --upstream in command line)
- it filters all commits out, that might have been cherry-picked in current branch
- all the remaining commits are classified regarding their commit message
- commits that are classified to be likely bugfixes are presented at the console (STDOUT)
usage: ensurecsv [-h] [--srcbranch SRCBRANCH] [--srcrev SRCREV | --srctag SRCTAG] [--upstream UPSTREAM] localdir Ensure that you're using the most secure source code positional arguments: localdir Path to local repo optional arguments: -h, --help show this help message and exit --srcbranch SRCBRANCH Use explicitly given branch --srcrev SRCREV Use explicitly given source revision --srctag SRCTAG Use explicitly given tag --upstream UPSTREAM Use explicitly given branch as upstream
pip3 install ensurecvs
- git clone this repository
- cd to <clone folder>/ensurecvs
- Install the needed requirements by running pip3 install -r requirements.txt
- run python3 setup.py build install (possibly ‘sudo’ is needed)
The tool will return
[branch] commit <commit hash>:'<commit message>' is likely to contain bugfixes
[master] commit 173dfc1c07c9fa901a91adbc9bf8fd41961b9837:'Fix compile issue with python-astor' is likely to contain bugfixes
that means that commit 173dfc1c07c9fa901a91adbc9bf8fd41961b9837 currently to be found in branch master is likely to contain a bugfix that isn’t yet used in the currently selected branch
Currently only git-repositories are supported
If you have interest in one or more of the following topics, feel free to get in contact with me
- better commit classification (maybe with something like this here)
- better documentation
- changeset code analysis for better commit classification
- check on out-of-tree patches in local code
- compare the changeset diff for cherry-pick analysis
- streamline code
- svn-repository support
Feel free to add issues or pull requests
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
|Filename, size||File type||Python version||Upload date||Hashes|
|Filename, size ensurecvs-1.0.3.tar.gz (9.1 kB)||File type Source||Python version None||Upload date||Hashes View|