d-two/operating-system
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update buildroot to 2020.11-rc2 (#995)

Browse Source 
Signed-off-by: Stefan Agner <stefan@agner.ch>
This commit is contained in:
Stefan Agner
2020-11-16 11:06:25 +01:00
committed by GitHub
parent a0871be6c0
commit 80f02b8ab6
135 changed files with 2059 additions and 669 deletions
Download Patch File Download Diff File Expand all files Collapse all files

196
buildroot/support/scripts/cve-checker
View File

@@ -1,196 +0,0 @@
#!/usr/bin/env python
# Copyright (C) 2009 by Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
# Copyright (C) 2020 by Gregory CLEMENT <gregory.clement@bootlin.com>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
import argparse
import datetime
import os
import json
import sys
import cve as cvecheck
class Package:
def __init__(self, name, version, ignored_cves):
self.name = name
self.version = version
self.cves = list()
self.ignored_cves = ignored_cves
def check_package_cves(nvd_path, packages):
if not os.path.isdir(nvd_path):
os.makedirs(nvd_path)
for cve in cvecheck.CVE.read_nvd_dir(nvd_path):
for pkg_name in cve.pkg_names:
pkg = packages.get(pkg_name, '')
if pkg and cve.affects(pkg.name, pkg.version, pkg.ignored_cves) == cve.CVE_AFFECTS:
pkg.cves.append(cve.identifier)
html_header = """
<head>
<script src=\"https://www.kryogenix.org/code/browser/sorttable/sorttable.js\"></script>
<style type=\"text/css\">
table {
width: 100%;
}
td {
border: 1px solid black;
}
td.centered {
text-align: center;
}
td.wrong {
background: #ff9a69;
}
td.correct {
background: #d2ffc4;
}
</style>
<title>CVE status for Buildroot configuration</title>
</head>
<p id=\"sortable_hint\"></p>
"""
html_footer = """
</body>
<script>
if (typeof sorttable === \"object\") {
document.getElementById(\"sortable_hint\").innerHTML =
\"hint: the table can be sorted by clicking the column headers\"
}
</script>
</html>
"""
def dump_html_pkg(f, pkg):
f.write(" <tr>\n")
f.write(" <td>%s</td>\n" % pkg.name)
# Current version
if len(pkg.version) > 20:
version = pkg.version[:20] + "..."
else:
version = pkg.version
f.write(" <td class=\"centered\">%s</td>\n" % version)
# CVEs
td_class = ["centered"]
if len(pkg.cves) == 0:
td_class.append("correct")
else:
td_class.append("wrong")
f.write(" <td class=\"%s\">\n" % " ".join(td_class))
for cve in pkg.cves:
f.write(" <a href=\"https://security-tracker.debian.org/tracker/%s\">%s<br/>\n" % (cve, cve))
f.write(" </td>\n")
f.write(" </tr>\n")
def dump_html_all_pkgs(f, packages):
f.write("""
<table class=\"sortable\">
<tr>
<td>Package</td>
<td class=\"centered\">Version</td>
<td class=\"centered\">CVEs</td>
</tr>
""")
for pkg in packages:
dump_html_pkg(f, pkg)
f.write("</table>")
def dump_html_gen_info(f, date):
f.write("<p><i>Generated on %s</i></p>\n" % (str(date)))
def dump_html(packages, date, output):
with open(output, 'w') as f:
f.write(html_header)
dump_html_all_pkgs(f, packages)
dump_html_gen_info(f, date)
f.write(html_footer)
def dump_json(packages, date, output):
# Format packages as a dictionnary instead of a list
pkgs = {
pkg.name: {
"version": pkg.version,
"cves": pkg.cves,
} for pkg in packages
}
# The actual structure to dump, add date to it
final = {'packages': pkgs,
'date': str(date)}
with open(output, 'w') as f:
json.dump(final, f, indent=2, separators=(',', ': '))
f.write('\n')
def resolvepath(path):
return os.path.abspath(os.path.expanduser(path))
def parse_args():
parser = argparse.ArgumentParser()
output = parser.add_argument_group('output', 'Output file(s)')
output.add_argument('--html', dest='html', type=resolvepath,
help='HTML output file')
output.add_argument('--json', dest='json', type=resolvepath,
help='JSON output file')
parser.add_argument('--nvd-path', dest='nvd_path',
help='Path to the local NVD database', type=resolvepath,
required=True)
args = parser.parse_args()
if not args.html and not args.json:
parser.error('at least one of --html or --json (or both) is required')
return args
def __main__():
packages = list()
content = json.load(sys.stdin)
for item in content:
pkg = content[item]
p = Package(item, pkg.get('version', ''), pkg.get('ignore_cves', ''))
packages.append(p)
args = parse_args()
date = datetime.datetime.utcnow()
print("Checking packages CVEs")
check_package_cves(args.nvd_path, {p.name: p for p in packages})
if args.html:
print("Write HTML")
dump_html(packages, date, args.html)
if args.json:
print("Write JSON")
dump_json(packages, date, args.json)
__main__()

48
buildroot/support/scripts/pkg-stats
View File

@@ -28,7 +28,9 @@ import subprocess
import json
import sys
sys.path.append('utils/')
brpath = os.path.normpath(os.path.join(os.path.dirname(__file__), "..", ".."))
sys.path.append(os.path.join(brpath, "utils"))
from getdeveloperlib import parse_developers # noqa: E402
import cve as cvecheck # noqa: E402
@@ -66,7 +68,7 @@ def get_defconfig_list():
"""
return [
Defconfig(name[:-len('_defconfig')], os.path.join('configs', name))
for name in os.listdir('configs')
for name in os.listdir(os.path.join(brpath, 'configs'))
if name.endswith('_defconfig')
]
@@ -108,9 +110,10 @@ class Package:
Fills in the .url field
"""
self.status['url'] = ("warning", "no Config.in")
for filename in os.listdir(os.path.dirname(self.path)):
pkgdir = os.path.dirname(os.path.join(brpath, self.path))
for filename in os.listdir(pkgdir):
if fnmatch.fnmatch(filename, 'Config.*'):
fp = open(os.path.join(os.path.dirname(self.path), filename), "r")
fp = open(os.path.join(pkgdir, filename), "r")
for config_line in fp:
if URL_RE.match(config_line):
self.url = config_line.strip()
@@ -138,7 +141,7 @@ class Package:
Fills in the .infras field
"""
self.infras = list()
with open(self.path, 'r') as f:
with open(os.path.join(brpath, self.path), 'r') as f:
lines = f.readlines()
for l in lines:
match = INFRA_RE.match(l)
@@ -178,7 +181,7 @@ class Package:
return
hashpath = self.path.replace(".mk", ".hash")
if os.path.exists(hashpath):
if os.path.exists(os.path.join(brpath, hashpath)):
self.status['hash'] = ("ok", "found")
else:
self.status['hash'] = ("error", "missing")
@@ -191,7 +194,7 @@ class Package:
self.status['patches'] = ("na", "no valid package infra")
return
pkgdir = os.path.dirname(self.path)
pkgdir = os.path.dirname(os.path.join(brpath, self.path))
for subdir, _, _ in os.walk(pkgdir):
self.patch_files = fnmatch.filter(os.listdir(subdir), '*.patch')
@@ -214,8 +217,8 @@ class Package:
"""
Fills in the .warnings and .status['pkg-check'] fields
"""
cmd = ["./utils/check-package"]
pkgdir = os.path.dirname(self.path)
cmd = [os.path.join(brpath, "utils/check-package")]
pkgdir = os.path.dirname(os.path.join(brpath, self.path))
self.status['pkg-check'] = ("error", "Missing")
for root, dirs, files in os.walk(pkgdir):
for f in files:
@@ -300,11 +303,12 @@ def get_pkglist(npackages, package_list):
"toolchain/toolchain-wrapper.mk"]
packages = list()
count = 0
for root, dirs, files in os.walk("."):
for root, dirs, files in os.walk(brpath):
root = os.path.relpath(root, brpath)
rootdir = root.split("/")
if len(rootdir) < 2:
if len(rootdir) < 1:
continue
if rootdir[1] not in WALK_USEFUL_SUBDIRS:
if rootdir[0] not in WALK_USEFUL_SUBDIRS:
continue
for f in files:
if not f.endswith(".mk"):
@@ -316,8 +320,7 @@ def get_pkglist(npackages, package_list):
pkgpath = os.path.join(root, f)
skip = False
for exclude in WALK_EXCLUDES:
# pkgpath[2:] strips the initial './'
if re.match(exclude, pkgpath[2:]):
if re.match(exclude, pkgpath):
skip = True
continue
if skip:
@@ -330,6 +333,12 @@ def get_pkglist(npackages, package_list):
return packages
def get_config_packages():
cmd = ["make", "--no-print-directory", "show-info"]
js = json.loads(subprocess.check_output(cmd))
return js.keys()
def package_init_make_info():
# Fetch all variables at once
variables = subprocess.check_output(["make", "BR2_HAVE_DOT_CONFIG=y", "-s", "printvars",
@@ -678,7 +687,7 @@ def boolean_str(b):
def dump_html_pkg(f, pkg):
f.write(" <tr>\n")
f.write(" <td>%s</td>\n" % pkg.path[2:])
f.write(" <td>%s</td>\n" % pkg.path)
# Patch count
td_class = ["centered"]
@@ -926,6 +935,8 @@ def parse_args():
output.add_argument('--json', dest='json', type=resolvepath,
help='JSON output file')
packages = parser.add_mutually_exclusive_group()
packages.add_argument('-c', dest='configpackages', action='store_true',
help='Apply to packages enabled in current configuration')
packages.add_argument('-n', dest='npackages', type=int, action='store',
help='Number of packages')
packages.add_argument('-p', dest='packages', action='store',
@@ -942,15 +953,18 @@ def __main__():
args = parse_args()
if args.packages:
package_list = args.packages.split(",")
elif args.configpackages:
package_list = get_config_packages()
else:
package_list = None
date = datetime.datetime.utcnow()
commit = subprocess.check_output(['git', 'rev-parse',
commit = subprocess.check_output(['git', '-C', brpath,
'rev-parse',
'HEAD']).splitlines()[0].decode()
print("Build package list ...")
packages = get_pkglist(args.npackages, package_list)
print("Getting developers ...")
developers = parse_developers()
developers = parse_developers(brpath)
print("Build defconfig list ...")
defconfigs = get_defconfig_list()
for d in defconfigs: