[yum-commits] 2 commits - plugins/aliases plugins/security

James Antill james at osuosl.org
Thu Nov 4 17:12:27 UTC 2010


 plugins/aliases/aliases      |   13 ++++++++
 plugins/security/security.py |   64 ++++++++++++++++++++++++++++++++++---------
 2 files changed, 64 insertions(+), 13 deletions(-)

New commits:
commit bf29e6757eb0992b418a03fa0cd56bb84f38d272
Author: James Antill <james at and.org>
Date:   Thu Nov 4 13:15:39 2010 -0400

    Add --sec-severity, and deal with severity data in updateinfo.

diff --git a/plugins/security/security.py b/plugins/security/security.py
index ed589f3..66e61e2 100755
--- a/plugins/security/security.py
+++ b/plugins/security/security.py
@@ -122,17 +122,23 @@ def ysp_should_filter_pkg(opts, pkgname, notice, used_map):
     elif opts.advisory and notice['update_id'] in opts.advisory:
         used_map['id'][notice['update_id']] = True
         return True
+    elif (opts.severity and notice['type'] == 'security' and
+          notice['severity'] in opts.severity):
+        used_map['sev'][notice['severity']] = True
+        return True
     elif opts.cve and _has_id(used_map, notice['references'], "cve", opts.cve):
         return True
     elif opts.bz and _has_id(used_map, notice['references'],"bugzilla",opts.bz):
         return True
     # FIXME: Add opts for enhancement/etc.? -- __update_info_types__
-    elif opts.security and notice['type'] == 'security':
+    elif (opts.security and notice['type'] == 'security' and
+          (not opts.severity or 'severity' not in notice or
+           not notice['severity'])):
         return True
     elif opts.bugfixes and notice['type'] == 'bugfix':
         return True
     elif not (opts.advisory or opts.cve or opts.bz or
-              opts.security or opts.bugfixes or opts.sec_cmds):
+              opts.security or opts.bugfixes or opts.sec_cmds or opts.severity):
         return True # This is only possible from should_show_pkg
     return False
 
@@ -146,7 +152,7 @@ def ysp_has_info_md(rname, md):
         return md
 
 def ysp_gen_used_map(opts):
-    used_map = {'bugzilla' : {}, 'cve' : {}, 'id' : {}, 'cmd' : {}}
+    used_map = {'bugzilla' : {}, 'cve' : {}, 'id' : {}, 'cmd' : {}, 'sev' : {}}
     for i in opts.sec_cmds:
         used_map['cmd'][i] = False
     for i in opts.advisory:
@@ -155,6 +161,8 @@ def ysp_gen_used_map(opts):
         used_map['bugzilla'][i] = False
     for i in opts.cve:
         used_map['cve'][i] = False
+    for i in opts.severity:
+        used_map['sev'][i] = False
     return used_map
 
 def ysp_chk_used_map(used_map, msg):
@@ -170,6 +178,9 @@ def ysp_chk_used_map(used_map, msg):
     for i in used_map['cve']:
         if not used_map['cve'][i]:
             msg('CVE \"%s\" not found applicable for this system' % i)
+    for i in used_map['sev']:
+        if not used_map['sev'][i]:
+            msg('Severity \"%s\" not found applicable for this system' % i)
 
 class UpdateinfoCommand:
     # Old command names...
@@ -204,7 +215,10 @@ class UpdateinfoCommand:
         t_maxsize = 0
         for (notice, pkgtup, pkg) in data:
             n_maxsize = max(len(notice['update_id']), n_maxsize)
-            t_maxsize = max(len(notice['type']),      t_maxsize)
+            tn = notice['type']
+            if tn == 'security' and notice['severity']:
+                tn = notice['severity'] + '/Sec.'
+            t_maxsize = max(len(tn),                  t_maxsize)
             if show_type:
                 for ref in ysp__safe_refs(notice['references']):
                     if ref['type'] != show_type:
@@ -217,18 +231,22 @@ class UpdateinfoCommand:
                 mark = '  '
                 if _rpm_tup_vercmp(iname2tup[pkgtup[0]], pkgtup) >= 0:
                     mark = 'i '
+            tn = notice['type']
+            if tn == 'security' and notice['severity']:
+                tn = notice['severity'] + '/Sec.'
+
             if show_type and ysp_has_info_md(show_type, notice):
                 for ref in ysp__safe_refs(notice['references']):
                     if ref['type'] != show_type:
                         continue
                     msg("%s %-*s %-*s %s" % (mark, r_maxsize, str(ref['id']),
-                                             t_maxsize, notice['type'], pkg))
+                                             t_maxsize, tn, pkg))
             elif hasattr(pkg, 'name'):
                 print base.fmtKeyValFill("%s: " % pkg.name,
                                          base._enc(pkg.summary))
             else:
                 msg("%s%-*s %-*s %s" % (mark, n_maxsize, notice['update_id'],
-                                        t_maxsize, notice['type'], pkg))
+                                        t_maxsize, tn, pkg))
 
     def info_show_pkgs(self, base, md_info, list_type, show_type,
                        iname2tup, data, msg):
@@ -261,12 +279,18 @@ class UpdateinfoCommand:
         def _msg(x):
             print x
         counts = {}
+        sev_counts = {}
         show_pkg_info_done = {}
         for (notice, pkgtup, pkg) in data:
             if notice['update_id'] in show_pkg_info_done:
                 continue
             show_pkg_info_done[notice['update_id']] = notice
             counts[notice['type']] = counts.get(notice['type'], 0) + 1
+            if notice['type'] == 'security':
+                sev = notice['severity']
+                if sev is None:
+                    sev = ''
+                sev_counts[sev] = sev_counts.get(sev, 0) + 1
 
         maxsize = 0
         for T in ('newpackage', 'security', 'bugfix', 'enhancement'):
@@ -287,7 +311,16 @@ class UpdateinfoCommand:
         for T in ('newpackage', 'security', 'bugfix', 'enhancement'):
             if T not in counts:
                 continue
-            print "    %*u %s notice(s)" % (maxsize, counts[T], outT[T])
+            n = outT[T]
+            if T == 'security' and len(sev_counts) == 1:
+                sn = sev_counts.keys()[0]
+                if sn != '':
+                    n = sn + " " + n
+            print "    %*u %s notice(s)" % (maxsize, counts[T], n)
+            if T == 'security' and len(sev_counts) != 1:
+                for sn in sorted(sev_counts):
+                    args = (maxsize, sev_counts[sn],sn or '?', outT['security'])
+                    print "        %*u %s %s notice(s)" % args
         _check_running_kernel(base, md_info, _msg)
         self.show_pkg_info_done = {}
 
@@ -530,7 +563,7 @@ class SecurityUpdateCommand:
         used_map      = ysp_gen_used_map(opts)
 
         ndata = not (opts.security or opts.bugfixes or
-                     opts.advisory or opts.bz or opts.cve)
+                     opts.advisory or opts.bz or opts.cve or opts.severity)
 
         # NOTE: Not doing obsoletes processing atm. ... maybe we should? --
         # Also worth pointing out we don't go backwards for obsoletes in the:
@@ -567,9 +600,9 @@ class SecurityUpdateCommand:
 def config_hook(conduit):
     '''
     Yum Plugin Config Hook: 
-    Setup the option parser with the '--advisory', '--bz', '--cve', and
-    '--security' command line options. And the 'list-updateinfo',
-    'info-updateinfo', and 'update-minimal' commands.
+    Setup the option parser with the '--advisory', '--bz', '--cve',
+    '--security' and '--severity' command line options. Also the 'updateinfo'
+    and 'update-minimal' commands.
     '''
 
     parser = conduit.getOptParser()
@@ -587,11 +620,13 @@ def config_hook(conduit):
     def obug(opt, key, val, parser):
         parser.values.bugfixes = True
     def ocve(opt, key, val, parser):
-        parser.values.cve.append(val)
+        parser.values.cve.extend(val.split(','))
     def obz(opt, key, val, parser):
         parser.values.bz.append(str(val))
     def oadv(opt, key, val, parser):
-        parser.values.advisory.append(val)
+        parser.values.advisory.extend(val.split(','))
+    def osev(opt, key, val, parser):
+        parser.values.severity.extend(val.split(','))
             
     parser.add_option('--security', action="callback",
                       callback=osec, dest='security', default=False,
@@ -605,6 +640,9 @@ def config_hook(conduit):
     parser.add_option('--bz', action="callback",
                       callback=obz, dest='bz', default=[], type="int",
                       help='Include packages needed to fix the given BZ')
+    parser.add_option('--sec-severity', action="callback",
+                      callback=osev, dest='severity', default=[], type="string",
+                      help='Include security relevant packages, of this severity')
     parser.add_option('--advisory', action="callback",
                       callback=oadv, dest='advisory', default=[], type="string",
                       help='Include packages needed to fix the given advisory')
commit 4b257489bbff96eb4e40c23a2d1ee37a08af7304
Author: James Antill <james at and.org>
Date:   Thu Nov 4 11:50:21 2010 -0400

    Some more aliases.

diff --git a/plugins/aliases/aliases b/plugins/aliases/aliases
index 86df618..ff2809a 100644
--- a/plugins/aliases/aliases
+++ b/plugins/aliases/aliases
@@ -20,6 +20,7 @@ ALLDBG DBG DEVDBG UPTDBG
 ALL DEV UPT ALLSRC ALLDBG
 
 SEC --security
+CRIT --sec-severity=critical
 FORCE --skip-broken --disableexcludes=all
 DUPS --showduplicates
 
@@ -32,6 +33,10 @@ rein reinstall
 
 chk check-update
 
+upi updateinfo
+lp  upi list
+lps upi list security
+
 ls  list
 lsi ls installed
 lsa ls available
@@ -51,6 +56,12 @@ h  history
 hi history info
 hl history list
 hs history summary
+hp history package-list
+
+rl repolist
+
+gi groupinfo
+gl grouplist
 
 dbg-install DBG install
 dbg-inst    DBG inst
@@ -60,6 +71,8 @@ dbg-inst    DBG inst
 
 # lsT UPT ls
 # lsD DEV ls
+# chkT UPT chk
+# chkD UPT chk
 # 
 # lsuT lsT updates
 # lsuD lsD updates


More information about the Yum-commits mailing list