Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 25 Feb 2021 10:46:43 -0800
From:      Kevin Oberman <rkoberman@gmail.com>
To:        Ed Maste <emaste@freebsd.org>
Cc:        FreeBSD-STABLE Mailing List <freebsd-stable@freebsd.org>
Subject:   Re: How do I know if my 13-stable has security patches?
Message-ID:  <CAN6yY1vyBwwcqsbTXnMjW4tYe6j4uUTK3cNDm_D2L72iDFOrcQ@mail.gmail.com>
In-Reply-To: <CAPyFy2CcTfF3nOVnZHSba_f2gvbzZERgr6C0bCx3oY0RwRogSw@mail.gmail.com>
References:  <CAN6yY1tTt%2BEn6hzMYrjm2fRkUPBAuN9t8%2BR27Z3To_sJRbfUVA@mail.gmail.com> <CAPyFy2Dg9dP5%2BCWvmUhf58b4KotqrtWRt%2BnrZjoiNnzY5mk-eg@mail.gmail.com> <CAN6yY1tQCSxDt_HKdgA81sBN1AWBb_J-GuJYvKZRK0QtNMhWQA@mail.gmail.com> <CAPyFy2CcTfF3nOVnZHSba_f2gvbzZERgr6C0bCx3oY0RwRogSw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Thu, Feb 25, 2021 at 6:10 AM Ed Maste <emaste@freebsd.org> wrote:

> On Thu, 25 Feb 2021 at 02:42, Kevin Oberman <rkoberman@gmail.com> wrote:
> >
> > Thanks, Ed, but where do I find this? uname -a" gives me
> stable/13-007101f87. For a while I was seeing a hyphenated number prefixed
> with a 'c' and I had assumed that that number was the sequence.
>
> It is (was) - we changed from 'c' to avoid having it look like a hex value.
>
> To generate (this part of) uname the build script runs:
>         if [ "$($git_cmd rev-parse --is-shallow-repository)" = false ] ;
> then
>                 git_cnt=$($git_cmd rev-list --first-parent --count
> HEAD 2>/dev/null)
>                 if [ -n "$git_cnt" ] ; then
>                         git="n${git_cnt}-${git}"
>                 fi
>         fi
>
> Would you try running, at the top of your stable/13 src tree:
> git rev-parse --is-shallow-repository
> git rev-list --first-parent --count HEAD
>

I do run a shallow clone, as I suspect most non-developers will.
# git rev-parse --is-shallow-repository
true
# git rev-list --first-parent --count HEAD
133

As for an easy check for the presence of a patch by hash, I like the "git
log --pretty=oneline" | grep  <hash>

This assumes that the sources have NOT been updated since the system was
updated. If they have, you can do a "egrep -n ^<hash>" on both the partial
hash in "uname -a" and in the security announcement and see which is older
by line number.

My thanks to Jeremy Chadwick for this approach.
--
Kevin Oberman, Part time kid herder and retired Network Engineer
E-mail: rkoberman@gmail.com
PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAN6yY1vyBwwcqsbTXnMjW4tYe6j4uUTK3cNDm_D2L72iDFOrcQ>