This toolchain is meant for fully automated patching of your Linux kernel.
It consists of three main scripts:
- cve_check.py
- cve_apply.py
- cve_push.py
All those are combined by the main.py script.
The arguments for main.py are as follows:
print("usage: main.py <OPTIONS> kernel_repo\n")
print("<OPTIONS>")
print("\t -h Print this text\n" +
"\t -i Path to the directory containing the CVE patches\n" +
"\t -o Where to store the tool output files\n" +
"\t -p Specify this if you want to push to Gerrit\n" +
"\t -u Your Gerrit user name\n" +
"\t -b The destination branch\n")
As we currently have no way to fetch the CVE git patches directly from the tracker (cve.lineageos.org), we keep them around in this repository for now.
They reside in the "patches" directory and are split up according to the Linux version they apply to.