[yum-commits] 4 commits - docs/yum.8 docs/yum-cron.8 etc/Makefile etc/yum-cron.conf etc/yum-cron-security.conf yum-cron/Makefile yum-cron/yum-security.cron.sh yum/fssnapshots.py yum.spec
James Antill
james at osuosl.org
Fri Jan 24 14:48:57 UTC 2014
docs/yum-cron.8 | 1
docs/yum.8 | 4 +-
etc/Makefile | 1
etc/yum-cron-security.conf | 82 ++++++++++++++++++++++++++++++++++++++++++
etc/yum-cron.conf | 6 ++-
yum-cron/Makefile | 1
yum-cron/yum-security.cron.sh | 11 +++++
yum.spec | 65 +++++++++++++++++++++++++++++++--
yum/fssnapshots.py | 3 +
9 files changed, 166 insertions(+), 8 deletions(-)
New commits:
commit fe3045cb48a8e4ddd513bd8b64fad6fa5c2b5913
Author: Ville Skyttä <ville.skytta at iki.fi>
Date: Thu Jan 23 17:02:50 2014 -0500
Drop INSTALL from docs.
diff --git a/yum.spec b/yum.spec
index c6bc8fc..a459944 100644
--- a/yum.spec
+++ b/yum.spec
@@ -401,7 +401,7 @@ exit 0
%files -f %{name}.lang
%defattr(-, root, root, -)
-%doc README AUTHORS COPYING TODO INSTALL ChangeLog PLUGINS
+%doc README AUTHORS COPYING TODO ChangeLog PLUGINS
%if %{move_yum_conf_back}
%config(noreplace) %{_sysconfdir}/yum.conf
%dir %{_sysconfdir}/yum.repos.d
commit 20cc380cdf5481124d2dddb7faada2a271364ab3
Author: James Antill <james at and.org>
Date: Tue Jan 21 16:27:42 2014 -0500
Split cron-daily and cron-hourly into separate packages. Add cron-security.
diff --git a/docs/yum-cron.8 b/docs/yum-cron.8
index db50fc2..7ce1aef 100644
--- a/docs/yum-cron.8
+++ b/docs/yum-cron.8
@@ -29,6 +29,7 @@ just once each day.
.nf
/etc/yum/yum-cron.conf
/etc/yum/yum-cron-hourly.conf
+/etc/yum/yum-cron-security.conf
.fi
.PP
diff --git a/etc/Makefile b/etc/Makefile
index 49f1d81..7c023af 100644
--- a/etc/Makefile
+++ b/etc/Makefile
@@ -32,4 +32,5 @@ install:
install -m 644 yum.bash $(DESTDIR)/$(compdir)/yum
ln -s yum $(DESTDIR)/$(compdir)/yummain.py
install -m 644 yum-cron.conf $(YUMETC)
+ install -m 644 yum-cron-security.conf $(YUMETC)
install -m 644 yum-cron-hourly.conf $(YUMETC)
diff --git a/etc/yum-cron-security.conf b/etc/yum-cron-security.conf
new file mode 100644
index 0000000..b0edd9d
--- /dev/null
+++ b/etc/yum-cron-security.conf
@@ -0,0 +1,82 @@
+[commands]
+# What kind of update to use:
+# default = yum upgrade
+# security = yum --security upgrade
+# security-severity:Critical = yum --sec-severity=Critical upgrade
+# minimal = yum --bugfix upgrade-minimal
+# minimal-security = yum --security upgrade-minimal
+# minimal-security-severity:Critical = --sec-severity=Critical upgrade-minimal
+update_cmd = security
+
+# Whether a message should emitted when updates are available.
+update_messages = yes
+
+# Whether updates should be downloaded when they are available. Note
+# that updates_messages must also be yes for updates to be downloaded.
+download_updates = yes
+
+# Whether updates should be applied when they are available. Note
+# that both update_messages and download_updates must also be yes for
+# the update to be applied
+apply_updates = yes
+
+# Maximum amout of time to randomly sleep, in minutes. The program
+# will sleep for a random amount of time between 0 and random_sleep
+# minutes before running. This is useful for e.g. staggering the
+# times that multiple systems will access update servers. If
+# random_sleep is 0 or negative, the program will run immediately.
+# NOTE this runs after yum-cron-daily, if that is installed,
+# so we will have already waited for that (default 2 hours, 120 mins).
+# Also security updates should be smaller than all updates, anyway.
+random_sleep = 60
+
+
+[emitters]
+# Name to use for this system in messages that are emitted. If
+# system_name is None, the hostname will be used.
+system_name = None
+
+# How to send messages. Valid options are stdio and email. If
+# emit_via includes stdio, messages will be sent to stdout; this is useful
+# to have cron send the messages. If emit_via includes email, this
+# program will send email itself according to the configured options.
+# If emit_via is None or left blank, no messages will be sent.
+emit_via = stdio
+
+# The width, in characters, that messages that are emitted should be
+# formatted to.
+ouput_width = 80
+
+
+[email]
+# The address to send email messages from.
+email_from = root
+
+# List of addresses to send messages to.
+email_to = root
+
+# Name of the host to connect to to send email messages.
+email_host = localhost
+
+
+[groups]
+# List of groups to update
+group_list = None
+
+# The types of group packages to install
+group_package_types = mandatory, default
+
+[base]
+# This section overrides yum.conf
+
+# Use this to filter Yum core messages
+# -4: critical
+# -3: critical+errors
+# -2: critical+errors+warnings (default)
+debuglevel = -2
+
+# skip_broken = True
+mdpolicy = group:main
+
+# Uncomment to auto-import new gpg keys (dangerous)
+# assumeyes = True
diff --git a/etc/yum-cron.conf b/etc/yum-cron.conf
index 7314fae..960fcc9 100644
--- a/etc/yum-cron.conf
+++ b/etc/yum-cron.conf
@@ -24,8 +24,10 @@ apply_updates = no
# minutes before running. This is useful for e.g. staggering the
# times that multiple systems will access update servers. If
# random_sleep is 0 or negative, the program will run immediately.
-# 6*60 = 360
-random_sleep = 360
+# NOTE that we hold up all the other things in cron.daily as we wait,
+# so while waiting for 6+ hours is fine for us it might not be nice
+# for logrotate (so wait for 2 hours by default).
+random_sleep = 120
[emitters]
diff --git a/yum-cron/Makefile b/yum-cron/Makefile
index cd3ff5f..3997b4a 100644
--- a/yum-cron/Makefile
+++ b/yum-cron/Makefile
@@ -20,5 +20,6 @@ install-common:
# Install as 0yum-*.cron so it runs before items like
# manpage update, mlocate, and prelink
install -D -m 755 yum-daily.cron.sh $(DESTDIR)/etc/cron.daily/0yum-daily.cron
+ install -D -m 755 yum-security.cron.sh $(DESTDIR)/etc/cron.daily/0yum-security.cron
install -D -m 755 yum-hourly.cron.sh $(DESTDIR)/etc/cron.hourly/0yum-hourly.cron
install -D -m 755 yum-cron.py $(DESTDIR)/usr/sbin/yum-cron
diff --git a/yum-cron/yum-security.cron.sh b/yum-cron/yum-security.cron.sh
new file mode 100644
index 0000000..2937e20
--- /dev/null
+++ b/yum-cron/yum-security.cron.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+# Only run if this flag is set. The flag is created by the yum-cron init
+# script when the service is started -- this allows one to use chkconfig and
+# the standard "service stop|start" commands to enable or disable yum-cron.
+if [[ ! -f /var/lock/subsys/yum-cron ]]; then
+ exit 0
+fi
+
+# Action!
+exec /usr/sbin/yum-cron /etc/yum/yum-cron-security.conf
diff --git a/yum.spec b/yum.spec
index a3e9bcf..c6bc8fc 100644
--- a/yum.spec
+++ b/yum.spec
@@ -161,9 +161,11 @@ yum-updatesd provides a daemon which checks for available updates and
can notify you when they are available via email, syslog or dbus.
%package cron
-Summary: Files needed to run yum updates as a cron job
+Summary: RPM package installer/updater/manager cron service
Group: System Environment/Base
Requires: yum >= 3.4.3-84 cronie crontabs findutils
+Requires: yum-cron-BE = %{version}-%{release}
+# We'd probably like a suggests for yum-cron-daily here.
%if %{yum_cron_systemd}
BuildRequires: systemd-units
Requires(post): systemd
@@ -178,8 +180,48 @@ Requires(postun): /sbin/service
%endif
%description cron
-These are the files needed to run yum updates as a cron job.
-Install this package if you want auto yum updates nightly via cron.
+These are the files needed to run any of the yum-cron update services.
+
+%package cron-daily
+Summary: Files needed to run yum updates as a daily cron job
+Group: System Environment/Base
+Provides: yum-cron-BE = %{version}-%{release}
+Requires: yum-cron > 3.4.3-131
+
+%description cron-daily
+This is the configuration file for the daily yum-cron update service, which
+lives %{_sysconfdir}/yum/yum-cron.conf.
+Install this package if you want auto yum updates nightly via cron (or something
+else, via. changing the configuration).
+By default this just downloads updates and does not apply them.
+
+%package cron-hourly
+Summary: Files needed to run yum updates as an hourly cron job
+Group: System Environment/Base
+Provides: yum-cron-BE = %{version}-%{release}
+Requires: yum-cron > 3.4.3-131
+
+%description cron-hourly
+This is the configuration file for the daily yum-cron update service, which
+lives %{_sysconfdir}/yum/yum-cron-hourly.conf.
+Install this package if you want automatic yum metadata updates hourly via
+cron (or something else, via. changing the configuration).
+
+%package cron-security
+Summary: Files needed to run security yum updates as once a day
+Group: System Environment/Base
+Provides: yum-cron-BE = %{version}-%{release}
+Requires: yum-cron > 3.4.3-131
+
+%description cron-security
+This is the configuration file for the security yum-cron update service, which
+lives here: %{_sysconfdir}/yum/yum-cron-security.conf
+Install this package if you want automatic yum security updates once a day
+via. cron (or something else, via. changing the configuration -- this will be
+confusing if it's not security updates anymore though).
+By default this will download and _apply_ the security updates, unlike
+yum-cron-daily which will just download all updates by default.
+This runs after yum-cron-daily, if that is installed.
%prep
@@ -415,6 +457,21 @@ exit 0
%{_sbindir}/yum-cron
%{_mandir}/man*/yum-cron.*
+%files cron-daily
+%defattr(-,root,root)
+%{_sysconfdir}/cron.daily/0yum-daily.cron
+%config(noreplace) %{_sysconfdir}/yum/yum-cron.conf
+
+%files cron-hourly
+%defattr(-,root,root)
+%{_sysconfdir}/cron.hourly/0yum-hourly.cron
+%config(noreplace) %{_sysconfdir}/yum/yum-cron-hourly.conf
+
+%files cron-security
+%defattr(-,root,root)
+%{_sysconfdir}/cron.daily/0yum-security.cron
+%config(noreplace) %{_sysconfdir}/yum/yum-cron-security.conf
+
%if %{yum_updatesd}
%files updatesd
%defattr(-, root, root)
commit b3d960fbfe97db9b350c3da038b3c4dbe680d9e5
Author: James Antill <james at and.org>
Date: Wed Jan 22 11:27:34 2014 -0500
Test for lvm binary before using. BZ 1047793.
diff --git a/yum/fssnapshots.py b/yum/fssnapshots.py
index 567cb65..e912ea1 100755
--- a/yum/fssnapshots.py
+++ b/yum/fssnapshots.py
@@ -55,6 +55,9 @@ def _list_vg_names():
names = lvm.listVgNames()
if not names: # Could be just broken...
+ if not os.path.exists("/sbin/lvm"):
+ return [] # Minimal install etc.
+
p = subprocess.Popen(["/sbin/lvm", "vgs", "-o", "vg_name"],
stdout=subprocess.PIPE, stderr=subprocess.PIPE)
err = p.wait()
commit 2494a58c06fb4f6f226f1eb25397256db3d76bf1
Author: James Antill <james at and.org>
Date: Tue Jan 21 16:31:29 2014 -0500
Fix old man page description.
diff --git a/docs/yum.8 b/docs/yum.8
index 25493ee..c9b529e 100644
--- a/docs/yum.8
+++ b/docs/yum.8
@@ -921,8 +921,8 @@ in any yum repository listed in the config file.
.IP
.IP "\fByum list recent\fP"
List packages recently added into the repositories. This is often not helpful,
-but what you may really want to use is "yum list-updateinfo new" from the
-security yum plugin.
+but what you may really want to use is "yum updateinfo list new" although that
+relies on updateinfo data from the repos.
.IP
.PP
More information about the Yum-commits
mailing list