[yum-commits] 4 commits - docs/yum.8 docs/yum-cron.8 etc/Makefile etc/yum-cron.conf etc/yum-cron-security.conf yum-cron/Makefile yum-cron/yum-security.cron.sh yum/fssnapshots.py yum.spec

James Antill james at osuosl.org
Fri Jan 24 14:48:57 UTC 2014 

 docs/yum-cron.8               |    1 
 docs/yum.8                    |    4 +-
 etc/Makefile                  |    1 
 etc/yum-cron-security.conf    |   82 ++++++++++++++++++++++++++++++++++++++++++
 etc/yum-cron.conf             |    6 ++-
 yum-cron/Makefile             |    1 
 yum-cron/yum-security.cron.sh |   11 +++++
 yum.spec                      |   65 +++++++++++++++++++++++++++++++--
 yum/fssnapshots.py            |    3 +
 9 files changed, 166 insertions(+), 8 deletions(-)

New commits:
commit fe3045cb48a8e4ddd513bd8b64fad6fa5c2b5913
Author: Ville Skyttä <ville.skytta at iki.fi>
Date:   Thu Jan 23 17:02:50 2014 -0500

    Drop INSTALL from docs.

diff --git a/yum.spec b/yum.spec
index c6bc8fc..a459944 100644
--- a/yum.spec
+++ b/yum.spec
@@ -401,7 +401,7 @@ exit 0
 
 %files -f %{name}.lang
 %defattr(-, root, root, -)
-%doc README AUTHORS COPYING TODO INSTALL ChangeLog PLUGINS
+%doc README AUTHORS COPYING TODO ChangeLog PLUGINS
 %if %{move_yum_conf_back}
 %config(noreplace) %{_sysconfdir}/yum.conf
 %dir %{_sysconfdir}/yum.repos.d
commit 20cc380cdf5481124d2dddb7faada2a271364ab3
Author: James Antill <james at and.org>
Date:   Tue Jan 21 16:27:42 2014 -0500

    Split cron-daily and cron-hourly into separate packages. Add cron-security.

diff --git a/docs/yum-cron.8 b/docs/yum-cron.8
index db50fc2..7ce1aef 100644
--- a/docs/yum-cron.8
+++ b/docs/yum-cron.8
@@ -29,6 +29,7 @@ just once each day.
 .nf
 /etc/yum/yum-cron.conf
 /etc/yum/yum-cron-hourly.conf
+/etc/yum/yum-cron-security.conf
 .fi 
 
 .PP
diff --git a/etc/Makefile b/etc/Makefile
index 49f1d81..7c023af 100644
--- a/etc/Makefile
+++ b/etc/Makefile
@@ -32,4 +32,5 @@ install:
 	install -m 644 yum.bash $(DESTDIR)/$(compdir)/yum
 	ln -s yum $(DESTDIR)/$(compdir)/yummain.py
 	install -m 644 yum-cron.conf $(YUMETC)
+	install -m 644 yum-cron-security.conf $(YUMETC)
 	install -m 644 yum-cron-hourly.conf $(YUMETC)
diff --git a/etc/yum-cron-security.conf b/etc/yum-cron-security.conf
new file mode 100644
index 0000000..b0edd9d
--- /dev/null
+++ b/etc/yum-cron-security.conf
@@ -0,0 +1,82 @@
+[commands]
+#  What kind of update to use:
+# default                            = yum upgrade
+# security                           = yum --security upgrade
+# security-severity:Critical         = yum --sec-severity=Critical upgrade
+# minimal                            = yum --bugfix upgrade-minimal
+# minimal-security                   = yum --security upgrade-minimal
+# minimal-security-severity:Critical =  --sec-severity=Critical upgrade-minimal
+update_cmd = security
+
+# Whether a message should emitted when updates are available.
+update_messages = yes
+
+# Whether updates should be downloaded when they are available. Note
+# that updates_messages must also be yes for updates to be downloaded.
+download_updates = yes
+
+# Whether updates should be applied when they are available.  Note
+# that both update_messages and download_updates must also be yes for
+# the update to be applied
+apply_updates = yes
+
+# Maximum amout of time to randomly sleep, in minutes.  The program
+# will sleep for a random amount of time between 0 and random_sleep
+# minutes before running.  This is useful for e.g. staggering the
+# times that multiple systems will access update servers.  If
+# random_sleep is 0 or negative, the program will run immediately.
+#  NOTE this runs after yum-cron-daily, if that is installed,
+# so we will have already waited for that (default 2 hours, 120 mins).
+# Also security updates should be smaller than all updates, anyway.
+random_sleep = 60
+
+
+[emitters]
+# Name to use for this system in messages that are emitted.  If
+# system_name is None, the hostname will be used.
+system_name = None
+
+# How to send messages.  Valid options are stdio and email.  If
+# emit_via includes stdio, messages will be sent to stdout; this is useful
+# to have cron send the messages.  If emit_via includes email, this
+# program will send email itself according to the configured options.
+# If emit_via is None or left blank, no messages will be sent.
+emit_via = stdio
+
+# The width, in characters, that messages that are emitted should be
+# formatted to.
+ouput_width = 80
+
+
+[email]
+# The address to send email messages from.
+email_from = root
+
+# List of addresses to send messages to.
+email_to = root
+
+# Name of the host to connect to to send email messages.
+email_host = localhost
+
+
+[groups]
+# List of groups to update
+group_list = None
+
+# The types of group packages to install
+group_package_types = mandatory, default
+
+[base]
+# This section overrides yum.conf
+
+# Use this to filter Yum core messages
+# -4: critical
+# -3: critical+errors
+# -2: critical+errors+warnings (default)
+debuglevel = -2
+
+# skip_broken = True
+mdpolicy = group:main
+
+# Uncomment to auto-import new gpg keys (dangerous)
+# assumeyes = True
diff --git a/etc/yum-cron.conf b/etc/yum-cron.conf
index 7314fae..960fcc9 100644
--- a/etc/yum-cron.conf
+++ b/etc/yum-cron.conf
@@ -24,8 +24,10 @@ apply_updates = no
 # minutes before running.  This is useful for e.g. staggering the
 # times that multiple systems will access update servers.  If
 # random_sleep is 0 or negative, the program will run immediately.
-# 6*60 = 360
-random_sleep = 360
+#  NOTE that we hold up all the other things in cron.daily as we wait,
+# so while waiting for 6+ hours is fine for us it might not be nice
+# for logrotate (so wait for 2 hours by default).
+random_sleep = 120
 
 
 [emitters]
diff --git a/yum-cron/Makefile b/yum-cron/Makefile
index cd3ff5f..3997b4a 100644
--- a/yum-cron/Makefile
+++ b/yum-cron/Makefile
@@ -20,5 +20,6 @@ install-common:
 # Install as 0yum-*.cron so it runs before items like
 # manpage update, mlocate, and prelink
 	install -D -m 755 yum-daily.cron.sh $(DESTDIR)/etc/cron.daily/0yum-daily.cron
+	install -D -m 755 yum-security.cron.sh $(DESTDIR)/etc/cron.daily/0yum-security.cron
 	install -D -m 755 yum-hourly.cron.sh $(DESTDIR)/etc/cron.hourly/0yum-hourly.cron
 	install -D -m 755 yum-cron.py $(DESTDIR)/usr/sbin/yum-cron
diff --git a/yum-cron/yum-security.cron.sh b/yum-cron/yum-security.cron.sh
new file mode 100644
index 0000000..2937e20
--- /dev/null
+++ b/yum-cron/yum-security.cron.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+# Only run if this flag is set. The flag is created by the yum-cron init
+# script when the service is started -- this allows one to use chkconfig and
+# the standard "service stop|start" commands to enable or disable yum-cron.
+if [[ ! -f /var/lock/subsys/yum-cron ]]; then
+  exit 0
+fi
+
+# Action!
+exec /usr/sbin/yum-cron /etc/yum/yum-cron-security.conf
diff --git a/yum.spec b/yum.spec
index a3e9bcf..c6bc8fc 100644
--- a/yum.spec
+++ b/yum.spec
@@ -161,9 +161,11 @@ yum-updatesd provides a daemon which checks for available updates and
 can notify you when they are available via email, syslog or dbus. 
 
 %package cron
-Summary: Files needed to run yum updates as a cron job
+Summary: RPM package installer/updater/manager cron service
 Group: System Environment/Base
 Requires: yum >= 3.4.3-84 cronie crontabs findutils
+Requires: yum-cron-BE = %{version}-%{release}
+# We'd probably like a suggests for yum-cron-daily here.
 %if %{yum_cron_systemd}
 BuildRequires: systemd-units
 Requires(post): systemd
@@ -178,8 +180,48 @@ Requires(postun): /sbin/service
 %endif
 
 %description cron
-These are the files needed to run yum updates as a cron job.
-Install this package if you want auto yum updates nightly via cron.
+These are the files needed to run any of the yum-cron update services.
+
+%package cron-daily
+Summary: Files needed to run yum updates as a daily cron job
+Group: System Environment/Base
+Provides: yum-cron-BE = %{version}-%{release}
+Requires: yum-cron > 3.4.3-131
+
+%description cron-daily
+This is the configuration file for the daily yum-cron update service, which
+lives %{_sysconfdir}/yum/yum-cron.conf.
+Install this package if you want auto yum updates nightly via cron (or something
+else, via. changing the configuration).
+By default this just downloads updates and does not apply them.
+
+%package cron-hourly
+Summary: Files needed to run yum updates as an hourly cron job
+Group: System Environment/Base
+Provides: yum-cron-BE = %{version}-%{release}
+Requires: yum-cron > 3.4.3-131
+
+%description cron-hourly
+This is the configuration file for the daily yum-cron update service, which
+lives %{_sysconfdir}/yum/yum-cron-hourly.conf.
+Install this package if you want automatic yum metadata updates hourly via
+cron (or something else, via. changing the configuration).
+
+%package cron-security
+Summary: Files needed to run security yum updates as once a day
+Group: System Environment/Base
+Provides: yum-cron-BE = %{version}-%{release}
+Requires: yum-cron > 3.4.3-131
+
+%description cron-security
+This is the configuration file for the security yum-cron update service, which
+lives here: %{_sysconfdir}/yum/yum-cron-security.conf
+Install this package if you want automatic yum security updates once a day
+via. cron (or something else, via. changing the configuration -- this will be
+confusing if it's not security updates anymore though).
+By default this will download and _apply_ the security updates, unlike
+yum-cron-daily which will just download all updates by default.
+This runs after yum-cron-daily, if that is installed.
 
 
 %prep
@@ -415,6 +457,21 @@ exit 0
 %{_sbindir}/yum-cron
 %{_mandir}/man*/yum-cron.*
 
+%files cron-daily
+%defattr(-,root,root)
+%{_sysconfdir}/cron.daily/0yum-daily.cron
+%config(noreplace) %{_sysconfdir}/yum/yum-cron.conf
+
+%files cron-hourly
+%defattr(-,root,root)
+%{_sysconfdir}/cron.hourly/0yum-hourly.cron
+%config(noreplace) %{_sysconfdir}/yum/yum-cron-hourly.conf
+
+%files cron-security
+%defattr(-,root,root)
+%{_sysconfdir}/cron.daily/0yum-security.cron
+%config(noreplace) %{_sysconfdir}/yum/yum-cron-security.conf
+
 %if %{yum_updatesd}
 %files updatesd
 %defattr(-, root, root)
commit b3d960fbfe97db9b350c3da038b3c4dbe680d9e5
Author: James Antill <james at and.org>
Date:   Wed Jan 22 11:27:34 2014 -0500

    Test for lvm binary before using. BZ 1047793.

diff --git a/yum/fssnapshots.py b/yum/fssnapshots.py
index 567cb65..e912ea1 100755
--- a/yum/fssnapshots.py
+++ b/yum/fssnapshots.py
@@ -55,6 +55,9 @@ def _list_vg_names():
     names = lvm.listVgNames()
 
     if not names: # Could be just broken...
+        if not os.path.exists("/sbin/lvm"):
+            return [] # Minimal install etc.
+
         p = subprocess.Popen(["/sbin/lvm", "vgs", "-o", "vg_name"],
                              stdout=subprocess.PIPE, stderr=subprocess.PIPE)
         err = p.wait()
commit 2494a58c06fb4f6f226f1eb25397256db3d76bf1
Author: James Antill <james at and.org>
Date:   Tue Jan 21 16:31:29 2014 -0500

    Fix old man page description.

diff --git a/docs/yum.8 b/docs/yum.8
index 25493ee..c9b529e 100644
--- a/docs/yum.8
+++ b/docs/yum.8
@@ -921,8 +921,8 @@ in any yum repository listed in the config file.
 .IP
 .IP "\fByum list recent\fP"
 List packages recently added into the repositories. This is often not helpful,
-but what you may really want to use is "yum list-updateinfo new" from the
-security yum plugin.
+but what you may really want to use is "yum updateinfo list new" although that
+relies on updateinfo data from the repos.
 .IP
 
 .PP

More information about the Yum-commits mailing list