Claude Backport POC

Claude Code plugin POC for backporting upstream patches to RHEL/CentOS dist-git packages.

Note: This plugin is intended to be run inside a VM, as it performs mock builds during the backport process.

Prerequisites

• Claude Code CLI installed and configured
• centpkg installed and configured
• mock installed and configured
• git with access to upstream repositories
• podman (optional, for CVE reproducer testing)

Installation

Add the marketplace and install the plugin:

/plugin marketplace add https://github.com/lbarczio/claude-backport-poc
/plugin install claude-backport-poc@claude-backport

Verify the installation:

/plugin

Local Development

git clone https://github.com/lbarczio/claude-backport-poc.git
claude
/plugin marketplace add ./claude-backport-poc
/plugin install claude-backport-poc@claude-backport

Usage

From inside a dist-git repository clone:

/claude-backport:backport JIRA_ISSUE BRANCH PATCH_URL [REPRODUCER_URL]

Examples

# Basic backport
/claude-backport:backport RHEL-12345 c10s https://gitlab.com/libtiff/libtiff/-/commit/abc123.patch

# With CVE reproducer verification
/claude-backport:backport RHEL-67890 c10s https://github.com/openssl/openssl/commit/def456.patch https://raw.githubusercontent.com/example/cve-poc/main/reproducer.c

# Multiple patches (comma-separated)
/claude-backport:backport RHEL-11111 c10s https://github.com/curl/curl/commit/aaa.patch,https://github.com/curl/curl/commit/bbb.patch

What It Does

1. Creates a working branch from the provided base branch
2. Downloads and applies upstream patches using cherry-pick (preferred) or git-am (fallback)
3. Updates the spec file with new Patch tags
4. Verifies patches apply with centpkg prep
5. Generates SRPM and runs a mock build
6. (Optional) Reproduces the CVE before/after to verify the fix

Available Plugins

Plugin	Description
claude-backport	Backport upstream patches to RHEL/CentOS dist-git packages