Bullseye operates on security bulleting zip files can check if the patches are already applied, do apply and apply them for you. For detailed usage instructions, run:
bullseye.py --help
My FP2 source code repo is checked out to /home/dirk/FPIIM and the bulletin zips are in my current working directory.
To check if all framework patches from the May security bulletin are applied we can run:
python bullseye.py --aosp-root /home/dirk/FPIIM --zipfile bulletin_2017_05_preview.zip
This will output:
[BE]: Already applied: external/boringssl 0001-Make-BN_mod_exp_mont_consttime-take-a-const-context..bulletin.patch [BE]: Already applied: external/boringssl 0002-Compute-ECDSA-modular-inverses-with-Fermals-Little-Theorem..bulletin.patch [BE]: Already applied: external/boringssl 0003-Constify-more-BN_MONT_CTX-parameters..bulletin.patch [BE]: Already applied: external/boringssl 0004-Always-use-Fermats-Little-Theorem-in-ecdsa_sign_setup..bulletin.patch [BE]: Already applied: external/giflib 0001-Update-GIFLIB-to-5.1.4-DO-NOT-MERGE.bulletin.patch [BE]: Already applied: external/libavc 0001-Decoder-Fixed-error-handling-for-dangling-fields.bulletin.patch [BE]: Already applied: external/libhevc 0001-Return-error-from-cabac-init-if-offset-is-greater-than-range.bulletin.patch [BE]: Already applied: external/libhevc 0002-Handle-error-return-from-ref-list-in-slice-hdr-parsing.bulletin.patch [BE]: Already applied: external/libhevc 0003-Return-error-if-SPS-parsing-reads-more-bytes-than-the-nal-length.bulletin.patch [BE]: Already applied: external/libmpeg2 0001-Fix-in-handling-header-decode-errors.bulletin.patch [BE]: Already applied: external/libxml2 0001-resolve-merge-conflicts-of-1d43fb67-to-mnc-dev-am-1d462cdbb0.bulletin.patch [BE]: Already applied: frameworks/av 0001-FLACExtractor-copy-protect-mWriteBuffer.bulletin.patch [BE]: Already applied: frameworks/av 0002-Fix-integer-overflow-and-divide-by-zero.bulletin.patch [BE]: Already applied: frameworks/av 0003-Fix-out-of-bounds-access.bulletin.patch [BE]: Already applied: frameworks/av 0004-Fix-NPDs-in-h263-decoder.bulletin.patch [BE]: Already applied: frameworks/av 0005-Add-bounds-check-in-SoftAACEncoder2-onQueueFilled.bulletin.patch [BE]: Already applied: frameworks/av 0006-codecs-handle-onReset-for-a-few-encoders.bulletin.patch [BE]: Already applied: frameworks/av 0007-AudioFlinger-Check-framecount-overflow-when-creating-track.bulletin.patch [BE]: Already applied: frameworks/base 0001-DO-NOT-MERGE-Dont-allow-permission-change-to-runtime.bulletin.patch [BE]: Already applied: frameworks/base 0002-DO-NOT-MERGE-Check-bounds-in-offsetToPtr.bulletin.patch [BE]: Already applied: frameworks/base 0003-DO-NOT-MERGE-Throw-exception-if-slot-has-invalid-offset.bulletin.patch [BE]: Already applied: frameworks/ex 0001-Update-FrameSequence-to-call-new-DGifCloseFile-DO-NOT-MERGE.bulletin.patch [BE]: Already applied: packages/apps/Messaging 0001-Update-callers-*GifCloseFile-for-new-GIFLIB-DO-NOT-MERGE.bulletin.patch [BE]: Already applied: system/bt 0001-Check-the-HCI-length-before-extracting-the-L2CAP-length-and-CID.bulletin.patch
All patches are applied, which is good. :)
You can also display the A-numbers of the patches using the --use-a-number , mainly to make the more concise:
$ python bullseye.py --aosp-root /home/dirk/FPIIM --zipfile bulletin_2017_05_preview.zip --use-a-number [BE]: Already applied: ['A-33752052'] [BE]: Already applied: ['A-33752052'] [BE]: Already applied: ['A-33752052'] [BE]: Already applied: ['A-33752052'] [BE]: Already applied: ['A-34697653'] [BE]: Already applied: ['A-34097672'] [BE]: Already applied: ['A-34897036'] [BE]: Already applied: ['A-34672748'] [BE]: Already applied: ['A-35039946'] [BE]: Already applied: ['A-35219737'] [BE]: Already applied: ['A-32956747'] [BE]: Already applied: ['A-34970788'] [BE]: Already applied: ['A-35763994'] [BE]: Already applied: ['A-34618607'] [BE]: Already applied: ['A-35269635'] [BE]: Already applied: ['A-34617444'] [BE]: Already applied: ['A-34749392', 'A-34705519'] [BE]: Already applied: ['A-34749571'] [BE]: Already applied: ['A-34114230'] [BE]: Already applied: ['A-34128677'] [BE]: Already applied: ['A-34128677'] [BE]: Already applied: ['A-34697653'] [BE]: Already applied: ['A-34697653'] [BE]: Already applied: ['A-34946955']
Lets have a look at the June bulletin:
python bullseye.py --aosp-root /home/dirk/FPIIM --zipfile bulletin_2017_06_preview.zip [BE]: Not yet applied: build 0001-DO-NOT-MERGE-Update-Security-String-to-2017.bulletin.patch [BE]: Not yet applied: build 0002-DO-NOT-MERGE-Update-Security-String-to-2017.bulletin.patch [BE]: Not yet applied: external/libavc 0002-Decoder-Fixed-number-of-MB-calculation-for-.bulletin.patch [BE]: Not yet applied: external/libhevc 0001-Check-only-allocated-mv-bufs-for-releasing-.bulletin.patch [BE]: Not yet applied: external/libhevc 0002-Correct-Tiles-rows-and-cols-check.bulletin.patch [BE]: Already applied: external/libhevc 0003-Set-current-slice-ctb-x-and-y-to-fill-prev-.bulletin.patch [BE]: Not yet applied: external/libvpx 0001-Limit-vpx-decoder-to-4K-frames.bulletin.patch [BE]: Not yet applied: external/libxml2 0001-DO-NOT-MERGE-Disallow-namespace-nodes-in-XP.bulletin.patch [BE]: Not yet applied: external/libxml2 0002-DO-NOT-MERGE-Fix-XPointer-paths-beginning-w.bulletin.patch [BE]: Not yet applied: external/libxml2 0003-DO-NOT-MERGE-Apply-upstream-Chromium-patch-.bulletin.patch [BE]: Not yet applied: external/libxml2 0004-DO-NOT-MERGE-fix-for-the-XPath-nodeTab-use-.bulletin.patch [BE]: Not yet applied: external/libxml2 0005-DO-NOT-MERGE-Heap-buffer-overflow-in-xmlAdd.bulletin.patch [BE]: Not yet applied: external/libxml2 0006-DO-NOT-MERGE-Use-correct-limit-for-port-val.bulletin.patch [BE]: Not yet applied: external/libxml2 0007-DO-NOT-MERGE-Add-validation-for-eternal-eni.bulletin.patch [BE]: Not yet applied: external/pdfium 0001-Backport-734d57d5f7842aa7c2c9f36d62131ab4d8.bulletin.patch [BE]: Not yet applied: external/pdfium 0002-Backport-940100c28ae28931722290794889cf84a9.bulletin.patch [BE]: Not yet applied: external/sonivox 0001-Sonivox-sanity-check-headerLength-in-XMF_Re.bulletin.patch [BE]: Not yet applied: frameworks/av 0002-Avoid-crash-for-stss-sync-sample-number-0.bulletin.patch [BE]: Not yet applied: packages/apps/Bluetooth 0001-Prevent-OPP-from-opening-files-that-aren-t-.bulletin.patch [BE]: Not yet applied: packages/apps/Bluetooth 0002-OPP-Restrict-file-based-URI-access-to-exter.bulletin.patch [BE]: Not yet applied: system/bt 0001-Check-LE-advertising-data-length-before-cac.bulletin.patch [BE]: Not yet applied: system/core 0001-Fix-out-of-bound-read-in-libziparchive.bulletin.patch
We can see that one patch is already applied:
[BE]: Already applied: external/libhevc 0003-Set-current-slice-ctb-x-and-y-to-fill-prev-.bulletin.patch
To checkwhich patches apply we use the combination of the --dry-run flag and the --apply-to-branch BRANCHNAME options. So we could run:
$ python bullseye.py --aosp-root /home/dirk/FPIIM \ --zipfile bulletin_2017_06_preview.zip --use-a-number \ --apply-to-branch GSB_2017_06 --dry-run
However the output will be interleaved with git output which is why we add the --quiet flag.
python bullseye.py --aosp-root /home/dirk/FPIIM --zipfile bulletin_2017_06_preview.zip --use-a-number --apply-to-branch GSB_2017_06 --dry-run --quiet Abandoning repo branch GSB_2017_06 [BE]: Not yet applied: ['A-36137924'] [BE]: Applying 0001-DO-NOT-MERGE-Update-Security-String-to-2017.bulletin.patch. [BE]: for Project build. [BE]: FAIL: doesn't apply. [BE]: Roling back... [BE]: Not yet applied: ['A-37204197'] [BE]: Applying 0002-DO-NOT-MERGE-Update-Security-String-to-2017.bulletin.patch. [BE]: for Project build. [BE]: FAIL: doesn't apply. [BE]: Roling back... [BE]: Not yet applied: ['A-33129467'] [BE]: Applying 0002-Decoder-Fixed-number-of-MB-calculation-for-.bulletin.patch. [BE]: for Project external/libavc. [BE]: FAIL: doesn't apply. [BE]: Roling back... [BE]: Not yet applied: ['A-34819017'] [BE]: Applying 0001-Check-only-allocated-mv-bufs-for-releasing-.bulletin.patch. [BE]: for Project external/libhevc. [BE]: SUCCESS: applied. [BE]: Not yet applied: ['A-34064500'] [BE]: Applying 0002-Correct-Tiles-rows-and-cols-check.bulletin.patch. [BE]: for Project external/libhevc. [BE]: SUCCESS: applied. [BE]: Already applied: ['A-32322258'] [BE]: Not yet applied: ['A-34360591'] [BE]: Applying 0001-Limit-vpx-decoder-to-4K-frames.bulletin.patch. [BE]: for Project external/libvpx. [BE]: SUCCESS: applied. [BE]: Not yet applied: ['A-36554207'] [BE]: Applying 0001-DO-NOT-MERGE-Disallow-namespace-nodes-in-XP.bulletin.patch. [BE]: for Project external/libxml2. [BE]: SUCCESS: applied. [BE]: Not yet applied: ['A-36554209'] [BE]: Applying 0002-DO-NOT-MERGE-Fix-XPointer-paths-beginning-w.bulletin.patch. [BE]: for Project external/libxml2. [BE]: SUCCESS: applied. [BE]: Not yet applied: ['A-36553781'] [BE]: Applying 0003-DO-NOT-MERGE-Apply-upstream-Chromium-patch-.bulletin.patch. [BE]: for Project external/libxml2. [BE]: SUCCESS: applied. [BE]: Not yet applied: ['A-36809819'] [BE]: Applying 0004-DO-NOT-MERGE-fix-for-the-XPath-nodeTab-use-.bulletin.patch. [BE]: for Project external/libxml2. [BE]: SUCCESS: applied. [BE]: Not yet applied: ['A-37104170'] [BE]: Applying 0005-DO-NOT-MERGE-Heap-buffer-overflow-in-xmlAdd.bulletin.patch. [BE]: for Project external/libxml2. [BE]: SUCCESS: applied. [BE]: Not yet applied: ['A-36555370'] [BE]: Applying 0006-DO-NOT-MERGE-Use-correct-limit-for-port-val.bulletin.patch. [BE]: for Project external/libxml2. [BE]: SUCCESS: applied. [BE]: Not yet applied: ['A-36556310'] [BE]: Applying 0007-DO-NOT-MERGE-Add-validation-for-eternal-eni.bulletin.patch. [BE]: for Project external/libxml2. [BE]: SUCCESS: applied. [BE]: Not yet applied: ['A-35443562'] [BE]: Applying 0001-Backport-734d57d5f7842aa7c2c9f36d62131ab4d8.bulletin.patch. [BE]: for Project external/pdfium. [BE]: SUCCESS: applied. [BE]: Not yet applied: ['A-35443562'] [BE]: Applying 0002-Backport-940100c28ae28931722290794889cf84a9.bulletin.patch. [BE]: for Project external/pdfium. [BE]: SUCCESS: applied. [BE]: Not yet applied: ['A-35472997'] [BE]: Applying 0001-Sonivox-sanity-check-headerLength-in-XMF_Re.bulletin.patch. [BE]: for Project external/sonivox. [BE]: SUCCESS: applied. [BE]: Not yet applied: ['A-35645051'] [BE]: Applying 0002-Avoid-crash-for-stss-sync-sample-number-0.bulletin.patch. [BE]: for Project frameworks/av. [BE]: SUCCESS: applied. [BE]: Not yet applied: ['A-35385327'] [BE]: Applying 0001-Prevent-OPP-from-opening-files-that-aren-t-.bulletin.patch. [BE]: for Project packages/apps/Bluetooth. [BE]: SUCCESS: applied. [BE]: Not yet applied: ['A-35310991'] [BE]: Applying 0002-OPP-Restrict-file-based-URI-access-to-exter.bulletin.patch. [BE]: for Project packages/apps/Bluetooth. [BE]: FAIL: doesn't apply. [BE]: Roling back... [BE]: Not yet applied: ['A-33899337'] [BE]: Applying 0001-Check-LE-advertising-data-length-before-cac.bulletin.patch. [BE]: for Project system/bt. [BE]: SUCCESS: applied. [BE]: Not yet applied: ['A-36392138'] [BE]: Applying 0001-Fix-out-of-bound-read-in-libziparchive.bulletin.patch. [BE]: for Project system/core. [BE]: SUCCESS: applied. Was dry run ...rolling back. Abandoning repo branch GSB_2017_06
As you can see bullcatcher creates the branches for the patched projects. It will also abandon those branches befor doing anything if they already exist. if you don't want that use the --skip-abandon flag.
When the --dry-run flag is set it will abandon the branches also after applieding the patches.
Do the same as before drop the --dry-run flag. If the patch applies bullcatcher will stop and show you which A-numbers are addressed in the patch:
[BE]: Not yet applied: ['A-34819017'] [BE]: Applying 0001-Check-only-allocated-mv-bufs-for-releasing-.bulletin.patch. [BE]: for Project external/libhevc. Applying: Check only allocated mv bufs for releasing from reference [BE]: SUCCESS: applied. [BE]: This patch addresses ['A-34819017'] Press enter to continue and change the commit message
Look up the A-Number in JIRA and add our issue number to the commit message. Bullcatches will call git commit --amend, which gives you opportunity to do so.
Either note down which patches did not apply or run the script with exactly the same options again to give you this information.