Provider for Plainbox - PC Sanity

Merge ~alextu/plainbox-provider-pc-sanity:cve-test into plainbox-provider-pc-sanity:master

  1. Git
  2. lp:~alextu/plainbox-provider-pc-sanity
  3. cve-test
  4. Merge into master
Proposed by Alex Tu
Status: Merged
Merged at revision: 1de7c3573084b1d756099a9e1e91d0af444db372
Proposed branch: ~alextu/plainbox-provider-pc-sanity:cve-test
Merge into: plainbox-provider-pc-sanity:master
Diff against target: 120 lines (+80/-1)
4 files modified
bin/cvescan.sh (+65/-0)
debian/control (+5/-1)
units/pc-sanity/pc-sanity-check-env.pxu (+9/-0)
units/pc-sanity/pc-sanity.pxu (+1/-0)
Reviewer Review Type Date Requested Status
Shih-Yuan Lee Approve
jeremyszu Pending
Rex Tsai Pending
Yuan-Chen Cheng Pending
StanleyHuang Pending
OEM Solutions Group: Engineers Pending
Review via email: mp+395561@code.launchpad.net

Commit message

the result of running this test case:
https://pastebin.canonical.com/p/kH2cYHSWXy/

To post a comment you must log in.
Revision history for this message
Alex Tu (alextu) wrote :

trello card requested this test case : https://trello.com/c/GsQ1dJL8

Revision history for this message
Shih-Yuan Lee (fourdollars) wrote :

Some typos and syntax corrections.

review: Needs Fixing
Revision history for this message
Shih-Yuan Lee (fourdollars) wrote :

More wordings suggestions.

review: Needs Fixing
Revision history for this message
Alex Tu (alextu) wrote :

gitlab pipline verified.
https://gitlab.com/alex-tu-cc/plainbox-provider-pc-sanity/-/pipelines/234377305

Revision history for this message
Shih-Yuan Lee (fourdollars) wrote :

LGTM

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/bin/cvescan.sh b/bin/cvescan.sh
2new file mode 100755
3index 0000000..e3acbec
4--- /dev/null
5+++ b/bin/cvescan.sh
6@@ -0,0 +1,65 @@
7+#!/bin/bash
8+OUT="$PWD"
9+usage() {
10+cat << EOF
11+usage: $0 options
12+
13+ -h|--help print this message
14+ --out The folder you for generated json file. Default is \$PWD
15+EOF
16+exit 0
17+}
18+
19+prepare() {
20+# https://github.com/canonical/sec-cvescan
21+ for pkg in python3-apt python3-pip git jq; do
22+ [ "$(dpkg-query -W -f='${Status}' "$pkg")" = "install ok installed" ] || (sudo apt-get update && DEBIAN_FRONTEND=noninteractive sudo apt install -y "$pkg")
23+ done
24+ git clone https://github.com/canonical/sec-cvescan
25+ export PATH=$HOME/.local/bin/:$PATH
26+ pip3 install --user sec-cvescan/ > /dev/null
27+ rm -rf sec-cvescan
28+}
29+main() {
30+ while [ $# -gt 0 ]
31+ do
32+ case "$1" in
33+ -h | --help)
34+ usage 0
35+ exit 0
36+ ;;
37+ --out)
38+ shift
39+ OUT="$1";
40+ ;;
41+ *)
42+ usage
43+ esac
44+ shift
45+ done
46+
47+ prepare
48+ get_cvescan_json "$OUT/cvescan.json"
49+ parse_cvescan_json "$OUT/cvescan.json"
50+}
51+
52+get_cvescan_json() {
53+ [ -n "$1" ] || exit 1
54+ command -v cvescan || exit 1
55+ cvescan --json > "$1"
56+}
57+
58+parse_cvescan_json() {
59+ [ -n "$1" ] || exit 1
60+ command -v jq || exit 1
61+ if [ "$(jq -r '.summary.num_cves' < "$1")" != "0" ]; then
62+ echo "You have some packages that need an update for CVE."
63+ echo "Please check $1 for details"
64+ exit 1
65+ fi
66+}
67+
68+if [ "${BASH_SOURCE[0]}" = "$0" ]; then
69+ main "$@"
70+fi
71+
72diff --git a/debian/control b/debian/control
73index 73d99aa..67a7a09 100644
74--- a/debian/control
75+++ b/debian/control
76@@ -8,10 +8,14 @@ Vcs-Browser: https://code.launchpad.net/~ville-team/ville/+git/plainbox-provider
77
78 Package: plainbox-provider-pc-sanity
79 Architecture: all
80-Depends: plainbox-provider-checkbox (>= 0.27),
81+Depends: git,
82+ jq,
83+ plainbox-provider-checkbox (>= 0.27),
84 powertop,
85 python3 (>= 3.2),
86+ python3-apt,
87 python3-checkbox-support (>= 0.27),
88+ python3-pip,
89 xautomation,
90 ${misc:Depends},
91 ${shlibs:Depends}
92diff --git a/units/pc-sanity/pc-sanity-check-env.pxu b/units/pc-sanity/pc-sanity-check-env.pxu
93index fec17c8..47db4da 100644
94--- a/units/pc-sanity/pc-sanity-check-env.pxu
95+++ b/units/pc-sanity/pc-sanity-check-env.pxu
96@@ -41,3 +41,12 @@ _summary: to confirm the dell-recoery is what we expected.
97 _description:
98 based on the meeting conclusion of 4/22, we need somerville version before Mario agree Canonical take the duty of dell-recovery sru.
99 Let it support ubuntu-recovery and dell-recovery.
100+
101+plugin: shell
102+category_id: com.canonical.plainbox::miscellanea
103+id: miscellanea/cvescan
104+command:
105+ cvescan.sh --out "$PLAINBOX_SESSION_SHARE"
106+_summary: Scan if all CVEs are fixed well.
107+_description:
108+ Refer to https://github.com/canonical/sec-cvescan, to scan if all CVEs are fixed well on the target machine.
109diff --git a/units/pc-sanity/pc-sanity.pxu b/units/pc-sanity/pc-sanity.pxu
110index b500151..60924f8 100644
111--- a/units/pc-sanity/pc-sanity.pxu
112+++ b/units/pc-sanity/pc-sanity.pxu
113@@ -6,6 +6,7 @@ _description:
114 include:
115 com.canonical.certification::somerville-installation
116 com.canonical.certification::misc/generic/grub_boothole
117+ com.canonical.certification::miscellanea/cvescan
118 com.canonical.certification::miscellanea/check-nvidia
119 com.canonical.certification::miscellanea/debsums
120 com.canonical.certification::miscellanea/turbostate-long-idle-c10

Subscribers

People subscribed via source and target branches