mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-11-24 12:01:59 +01:00
Code Issues Packages Projects Releases Wiki Activity

check_root: Verify that we don't have any applicable GLSA

Browse Source 
Once we've built the packages, verify against the Gentoo Linux Security
Advisories to ensure that we're not shipping anything with known
vulnerabilities.
This commit is contained in:
Matthew Garrett 2016-05-17 16:37:20 -07:00
parent 9e64bef513
commit 922554303b
1 changed files with 24 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
build_library/test_image_content.sh
View File

@ -2,6 +2,26 @@
# Use of this source code is governed by a BSD-style license that can be # Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file. # found in the LICENSE file.
GLSA_WHITELIST=("201412-09")
glsa_image() {
VULNS=()
GLSAS=`glsa-check-$BOARD -t all`
for GLSA in $GLSAS; do
if [[ " ${GLSA_WHITELIST[@]} " =~ " ${GLSA} " ]]; then
continue
else
VULNS+=($GLSA)
fi
done
if [[ ${#VULNS[@]} != 0 ]]; then
echo "The following GLSAs apply: $VULNS"
return 1
fi
return 0
}
test_image_content() { test_image_content() {
local root="$1" local root="$1"
local returncode=0 local returncode=0
@ -45,5 +65,9 @@ test_image_content() {
#returncode=1 #returncode=1
fi fi
if ! glsa_image; then
returncode=1
fi
return $returncode return $returncode
} }