[yum-commits] docs/yum-security.8 plugins/security
James Antill
james at osuosl.org
Tue Oct 20 18:06:46 UTC 2009
docs/yum-security.8 | 13 ++++----
plugins/security/security.py | 69 ++++++++++++++++++++++++++++++++-----------
2 files changed, 60 insertions(+), 22 deletions(-)
New commits:
commit a9e57ce4c54182849dbb128e763f438e4d3d1828
Author: James Antill <james at and.org>
Date: Tue Oct 20 14:02:09 2009 -0400
Add option to list-updateinfo command to see new packages in repos.
Change list-security => list-updateinfo, as it's now grossly wrong.
diff --git a/docs/yum-security.8 b/docs/yum-security.8
index e854151..f8e65d5 100644
--- a/docs/yum-security.8
+++ b/docs/yum-security.8
@@ -16,9 +16,9 @@ This works like the update command, but if you have the the package foo-1
installed and have foo-2 and foo-3 available with updateinfo.xml then
update-minimal will update you to foo-3.
.br
-.I \fR * info-security
+.I \fR * info-updateinfo
.br
-.I \fR * list-security
+.I \fR * list-updateinfo
.PP
both of the last two take these \fIsub-commands\fPs:
.br
@@ -30,14 +30,17 @@ both of the last two take these \fIsub-commands\fPs:
.br
.I \fR * * security
.br
+.I \fR * * new-packages
+.br
.br
.PP
.IP "\fB<advisory> [advisory...]\fP"
Is used to display information about one or more advisories.
.PP
-.IP "\fBlist-security\fP" "\fBinfo-security\fP"
+.IP "\fBlist-updateinfo\fP" "\fBinfo-updateinfo\fP"
Is used to list all of the relevant errata notice information, from the
updateinfo.xml data in yum. This includes bugzillas, CVEs and security updates.
+You can also list "new" packages, by passing new as the first argument.
.IP
.IP "\fBbugzillas / bzs\fP"
Is the subset of the security information, pertaining to the bugzillas.
@@ -89,11 +92,11 @@ yum --security update-minimal
.PP
To get a list of all BZs that are fixed for packages you have installed use:
.IP
-yum list-security bugzillas
+yum list-updateinfo bugzillas
.PP
To get the information on advisory FEDORA-2707-4567 use:
.IP
-yum info-security FEDORA-2707-4567
+yum info-updateinfo FEDORA-2707-4567
.PP
To update packages to the latest version which contain fixes for Bugzillas 123, 456 and 789; and all security updates use:
.IP
diff --git a/plugins/security/security.py b/plugins/security/security.py
index d79916a..8ab8147 100755
--- a/plugins/security/security.py
+++ b/plugins/security/security.py
@@ -29,10 +29,11 @@
# yum --bz 235374 --bz 234688 <cmd>
# yum --advisory FEDORA-2007-420 --advisory FEDORA-2007-346 <cmd>
#
-# yum list-security
-# yum list-security bugzillas / bzs
-# yum list-security cves
-# yum list-security security / sec
+# yum list-updateinfo
+# yum list-updateinfo bugzillas / bzs
+# yum list-updateinfo cves
+# yum list-updateinfo security / sec
+# yum list-updateinfo new
#
# yum update-minimal --security
@@ -144,7 +145,7 @@ def ysp_has_info_md(rname, md):
return md
def ysp_should_show_pkgtup(opts, pkgtup, md_info, used_map, rname=None):
- """ Do we want to show this package in list-security. """
+ """ Do we want to show this package in list-updateinfo. """
name = pkgtup[0]
for (pkgtup, notice) in reversed(md_info.get_applicable_notices(pkgtup)):
@@ -181,10 +182,10 @@ def ysp_chk_used_map(used_map, msg):
class SecurityListCommand:
def getNames(self):
- return ['list-security', 'list-sec']
+ return ['list-updateinfo', 'list-security', 'list-sec']
def getUsage(self):
- return "[security|bugzilla|cve] [PACKAGE-wildcard]"
+ return "[security|bugzilla|cve|new-packages] [PACKAGE-wildcard]"
def getSummary(self):
return "Returns security data for the packages listed, that affects your system"
@@ -192,7 +193,7 @@ class SecurityListCommand:
def doCheck(self, base, basecmd, extcmds):
pass
- def show_pkg(self, msg, pkg, notice, disp=None):
+ def show_pkg(self, base, msg, pkg, notice, disp=None):
# Make the list view much smaller
# ysp_show_pkg_md_info(pkg, md, msg)
if disp and ysp_has_info_md(disp, notice):
@@ -200,12 +201,24 @@ class SecurityListCommand:
if ref['type'] != disp:
continue
msg(" %s %-8s %s" % (str(ref['id']), notice['type'], pkg))
+ elif notice['type'] == 'newpackage':
+ print base.fmtKeyValFill("%s: " % pkg.name, base._enc(pkg.summary))
else:
msg("%s %-8s %s" % (notice['update_id'], notice['type'], pkg))
def show_pkg_exit(self):
pass
-
+
+ def _get_new_pkgs(self, md_info):
+ for notice in md_info.notices:
+ if notice['type'] != "newpackage":
+ continue
+ for upkg in notice['pkglist']:
+ for pkg in upkg['packages']:
+ pkgtup = (pkg['name'], pkg['arch'], pkg['epoch'] or '0',
+ pkg['version'], pkg['release'])
+ yield (notice, pkgtup)
+
def doCommand(self, base, basecmd, extcmds):
self.repos = base.repos
md_info = ysp_gen_metadata(self.repos.listEnabled())
@@ -240,13 +253,35 @@ class SecurityListCommand:
filt_type = "cve"
elif filt_type == "cve":
pass
+ elif filt_type == "newpackages":
+ filt_type = "newpackage"
+ elif filt_type == "new-packages":
+ filt_type = "newpackage"
+ elif filt_type == "new":
+ filt_type = "newpackage"
else:
extcmds = [filt_type] + extcmds
filt_type = None
show_type = filt_type
if filt_type and filt_type in __update_info_types__:
show_type = None
-
+
+ if filt_type == "newpackage":
+ # No filtering here, as we want what isn't installed...
+ done_pkgs = set()
+ for (notice, pkgtup) in sorted(self._get_new_pkgs(md_info),
+ key=lambda x: x[1][0]):
+ if extcmds and not _match_sec_cmd(extcmds, pkgtup[0], notice):
+ continue
+ if pkgtup[0] in done_pkgs:
+ continue
+ pkgs = base.pkgSack.searchPkgTuple(pkgtup)
+ if not pkgs:
+ continue
+ done_pkgs.add(pkgs[0].name)
+ self.show_pkg(base, msg, pkgs[0], notice, None)
+ return 0, [basecmd + ' new done']
+
opts.sec_cmds = extcmds
used_map = ysp_gen_used_map(opts)
name2tup = _get_name2oldpkgtup(base)
@@ -261,7 +296,7 @@ class SecurityListCommand:
d['epoch'] = ''
else:
d['epoch'] = "%s:" % d['e']
- self.show_pkg(msg, "%(n)s-%(epoch)s%(v)s-%(r)s.%(a)s" % d,
+ self.show_pkg(base, msg, "%(n)s-%(epoch)s%(v)s-%(r)s.%(a)s" % d,
notice, show_type)
ysp_chk_used_map(used_map, msg)
@@ -271,9 +306,9 @@ class SecurityListCommand:
class SecurityInfoCommand(SecurityListCommand):
show_pkg_info_done = {}
def getNames(self):
- return ['info-security', 'info-sec']
+ return ['info-updateinfo', 'info-security', 'info-sec']
- def show_pkg(self, msg, pkg, notice, disp=None):
+ def show_pkg(self, base, msg, pkg, notice, disp=None):
if notice['update_id'] in self.show_pkg_info_done:
return
self.show_pkg_info_done[notice['update_id']] = True
@@ -386,8 +421,8 @@ def config_hook(conduit):
'''
Yum Plugin Config Hook:
Setup the option parser with the '--advisory', '--bz', '--cve', and
- '--security' command line options. And the 'list-security',
- 'info-security', and 'update-minimal' commands.
+ '--security' command line options. And the 'list-updateinfo',
+ 'info-updateinfo', and 'update-minimal' commands.
'''
parser = conduit.getOptParser()
@@ -470,9 +505,9 @@ def ysp_check_func_enter(conduit):
ret = {"skip": ndata, "list_cmd": True}
if (args[0] in ["update", "upgrade"]):
ret = {"skip": ndata, "list_cmd": False}
- if (args[0] == "list-sec") or (args[0] == "list-security"):
+ if (args[0] in ("list-sec", "list-security", 'list-updateinfo')):
return (opts, {"skip": True, "list_cmd": True})
- if (args[0] == "info-sec") or (args[0] == "info-security"):
+ if (args[0] in ("info-sec", "info-security", 'info-updateinfo')):
return (opts, {"skip": True, "list_cmd": True})
if ret:
More information about the Yum-commits
mailing list