diff --git a/scripts/check-kernel-fix b/scripts/check-kernel-fix index f163b73..ada93e3 100755 --- a/scripts/check-kernel-fix +++ b/scripts/check-kernel-fix @@ -38,6 +38,7 @@ usage() echo " -h: help" echo " -q: quiet mode (no progress)" echo " -v: verbose mode: show state of each branch and even NOP actions" + echo " -r: refresh any cached data. (git pull VULNS_GIT_PATH, cve, bsc medata)" } branch= @@ -48,8 +49,6 @@ references= cve= top_level= -branches_conf="$(fetch_branches)" - tmpdir=$(mktemp -d /tmp/${0##*/}.XXXXXX) trap 'rm -rf "$tmpdir"' EXIT @@ -306,7 +305,7 @@ find_and_print_toplevel_actions() verbose_mode= quiet_mode= -while getopts "shcvq" OPT +while getopts "hvrq" OPT do case $OPT in h) @@ -316,6 +315,9 @@ do v) verbose_mode=1 ;; + r) + refresh=1 + ;; q) quiet_mode=1 ;; @@ -334,23 +336,25 @@ fi sha=$1 if ! sha_in_upstream "$1" ; then - sha=$(cve2sha $1) + sha=$(cve2sha $1 $refresh) if [ -z "$sha" ] then fail "Can find't sha in upstream: $1" fi fi -cve=$(sha2cve $sha) +cve=$(sha2cve $sha $refresh) bsc= if [ -n "$cve" ] then - bsc=$(cve2bugzilla $cve) - cvss=$(cve2cvss $cve) - echo "Security fix for $cve with CVSS ${cvss:-unknown}" + bsc=$(cve2bugzilla $cve $refresh) + cvss=$(cve2cvss $cve $refresh) + echo "Security fix for $cve $bsc with CVSS ${cvss:-unknown}" fi references="$cve $bsc" +branches_conf="$(fetch_branches $refresh)" + # Check state of each branch for_each_build_branch "$branches_conf" check_branch_state $sha $references diff --git a/scripts/common-functions b/scripts/common-functions index 82a3747..80642fc 100644 --- a/scripts/common-functions +++ b/scripts/common-functions @@ -6,7 +6,9 @@ fetch_cache() local CACHE_URL=$1 local CACHE_FILE=$2 local EXPIRE=$3 + local REFRESH=$4 + [ -n "$REFRESH" ] && rm "$CACHE_FILE" if [[ $(find "$CACHE_FILE" -mtime -${EXPIRE:-7} -print 2>/dev/null) \ && -s "$CACHE_FILE" ]]; then echo $CACHE_FILE @@ -19,21 +21,23 @@ fetch_branches() { local CACHED_BRANCHES="/tmp/$USER-branches.conf" local URL="https://kerncvs.suse.de/branches.conf" + local REFRESH=$1 branches=$CACHED_BRANCHES - fetch_cache $URL $CACHED_BRANCHES + fetch_cache $URL $CACHED_BRANCHES 7 $REFRESH } fetch_cve2bugzilla() { local CACHED_CVE2BSC="/tmp/$USER-cve2bugzilla" local URL="https://gitlab.suse.de/security/cve-database/-/raw/master/data/cve2bugzilla" - fetch_cache $URL $CACHED_CVE2BSC 1 + local REFRESH=$1 + fetch_cache $URL $CACHED_CVE2BSC 1 $REFRESH } cve2bugzilla() { - local CVE2BUGZILLA=$(fetch_cve2bugzilla) local CVE=$1 + local CVE2BUGZILLA=$(fetch_cve2bugzilla $2) local NR_TO_REPORT=1 # The first bsc should be the actual report others are product specific (e.g. LP) for bsc in $(grep $CVE $CVE2BUGZILLA | cut -d: -f2 | head -n $NR_TO_REPORT) @@ -46,13 +50,15 @@ fetch_cve2cvss() { local CACHED_CVE2CVSS="/tmp/$USER-cve2cvss" local URL="http://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" - fetch_cache $URL $CACHED_CVE2CVSS 1 + local REFRESH=$1 + fetch_cache $URL $CACHED_CVE2CVSS 1 $REFRESH } cve2cvss() { - local CVE2CVSS=$(fetch_cve2cvss) local CVE=$1 + local REFRESH=$2 + local CVE2CVSS=$(fetch_cve2cvss $REFRESH) local cvss="$(grep $CVE -A3 $CVE2CVSS | grep score:)" echo ${cvss##*:} @@ -61,7 +67,8 @@ cve2cvss() cve2sha() { local arg=$1 - sha="$(cd $VULNS_GIT_PATH; scripts/cve_search $arg 2>/dev/null | cut -d" " -f7)" + local REFRESH=$2 + sha="$(cd $VULNS_GIT_PATH; [ -n "$REFRESH" ] && git pull >/dev/null 2>&1; scripts/cve_search $arg 2>/dev/null | cut -d" " -f7)" if [ $(echo $sha | wc -c) -eq 41 ] then @@ -72,7 +79,8 @@ cve2sha() sha2cve() { local arg=$1 - cve_sha="$(cd $VULNS_GIT_PATH; scripts/cve_search $arg 2>/dev/null | cut -d" " -f1,7)" + local REFRESH=$2 + cve_sha="$(cd $VULNS_GIT_PATH; [ -n "$REFRESH" ] && git pull >/dev/null 2>&1; scripts/cve_search $arg 2>/dev/null | cut -d" " -f1,7)" if [ $(echo ${cve_sha##* } | wc -c) -eq 41 ] then