Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 152255 Details for
Bug 234646
yum plugin for security updates
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
yum security plugin python file
yum-security-plugin.py (text/plain), 10.24 KB, created by
James Antill
on 2007-04-11 07:49:06 UTC
(
hide
)
Description:
yum security plugin python file
Filename:
MIME Type:
Creator:
James Antill
Created:
2007-04-11 07:49:06 UTC
Size:
10.24 KB
patch
obsolete
># This program is free software; you can redistribute it and/or modify ># it under the terms of the GNU General Public License as published by ># the Free Software Foundation; either version 2 of the License, or ># (at your option) any later version. ># ># This program is distributed in the hope that it will be useful, ># but WITHOUT ANY WARRANTY; without even the implied warranty of ># MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ># GNU Library General Public License for more details. ># ># You should have received a copy of the GNU General Public License ># along with this program; if not, write to the Free Software ># Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. ># ># ># Copyright Red Hat Inc. 2007 ># ># Author: James Antill <james.antill@redhat.com> ># ># Examples: ># ># yum --security list updates ># yum --security update > >import yum >import time >from yum.plugins import TYPE_INTERACTIVE >from yum.update_md import UpdateMetadata >from rpmUtils.miscutils import compareEVR >import logging # for commands >from yum import logginglevels > >requires_api_version = '2.5' >plugin_type = (TYPE_INTERACTIVE,) > >def ysp_gen_metadata(conduit): > """ Generate the info. from the updateinfo.xml files. """ > md_info = UpdateMetadata() > for repo in conduit.getRepos().listEnabled(): > if not repo.enabled: > continue > > try: # attempt to grab the updateinfo.xml.gz from the repodata > md_info.add(repo) > except yum.Errors.RepoMDError: > continue # No metadata found for this repo > return md_info > >def ysp_should_show_pkg(pkg, md, rname=None): > """ Do we want to show this package in sec-list. """ > > md = md.get_notice((pkg.name, pkg.ver, pkg.rel)) > if not md: > return None > md = md.get_metadata() > > if not rname and md['references'] or md['type'] == 'security': > return md > if rname: > for ref in md['references']: > if ref['type'] != rname: > continue > return md > > return None > >class SecurityListCommands: > def getNames(self): > return ['sec-list'] > > def getUsage(self): > return 'sec-list' > > def doCheck(self, base, basecmd, extcmds): > pass > > def getRepos(self): # so we can act as a "conduit" > return self.repos > > def doCommand(self, base, basecmd, extcmds): > ygh = base.doPackageLists('updates') > self.repos = base.repos > md_info = ysp_gen_metadata(self) > done = False > logger = logging.getLogger("yum.verbose.main") > def msg(x): > logger.log(logginglevels.INFO_2, x) > > def show_pkg(pkg, md): > msg(pkg) > msg('\t ID ' + md['update_id']) > msg('\t Type ' + md['type']) > msg('\t Issued ' + md['issued']) > if md['issued'] != md['updated']: > msg('\t Updated ' + md['updated']) > if md['references']: > msg('\t References') > for ref in md['references']: > if ref['type'] == 'cve': > msg("\t CVE " + ref['id']) > elif ref['type'] == 'bugzilla': > msg("\t BZ " + ref['id']) > else: > msg("\t *" + ref['type']) > msg('') > > if not extcmds: > for pkg in ygh.updates: > md = ysp_should_show_pkg(pkg, md_info) > if not md: > continue > show_pkg(pkg, md) > elif len(extcmds) == 1 and (extcmds[0] == "bugzillas" or \ > extcmds[0] == "bzs"): > done = False > for pkg in ygh.updates: > md = ysp_should_show_pkg(pkg, md_info, "bugzilla") > if not md: > continue > if not done: > msg(" ---- Bugzillas ----") > done = True > show_pkg(pkg, md) > elif len(extcmds) == 1 and extcmds[0] == "cves": > done = False > for pkg in ygh.updates: > md = ysp_should_show_pkg(pkg, md_info, "cve") > if not md: > continue > if not done: > msg(" ---- CVEs ----") > done = True > show_pkg(pkg, md) > else: > return 1, [str(PluginYumExit('Bad sec-list commands'))] > return 0, ['sec-list done'] > >def config_hook(conduit): > ''' > Yum Plugin Config Hook: > Setup the option parser with the '--security' command line option > ''' > > parser = conduit.getOptParser() > if not parser: > return > > conduit.registerCommand(SecurityListCommands()) > parser.values.advisory = [] > parser.values.cve = [] > parser.values.bz = [] > parser.values.security = False > def osec(opt, key, val, parser): > if parser.values.advisory or parser.values.cve or parser.values.bz: > raise OptionValueError("can't use %s after --cve, --bz or" + > " --advisory" % key) > parser.values.security = True > def ocve(opt, key, val, parser): > if parser.values.security: > raise OptionValueError("can't use %s after --security" % key) > parser.values.cve.append(val) > def obz(opt, key, val, parser): > if parser.values.security: > raise OptionValueError("can't use %s after --security" % key) > parser.values.bz.append(str(val)) > def oadv(opt, key, val, parser): > if parser.values.security: > raise OptionValueError("can't use %s after --security" % key) > parser.values.advisory.append(val) > > parser.add_option('--security', action="callback", > callback=osec, dest='security', default=False, > help='Limit packages to security relevant ones') > parser.add_option('--cve', action="callback", type="string", > callback=ocve, dest='cve', default=[], > help='Limit packages to those need to fix CVE') > parser.add_option('--bz', action="callback", > callback=obz, dest='bz', default=[], type="int", > help='Limit packages to those needed to fix BZ') > parser.add_option('--advisory', action="callback", > callback=oadv, dest='advisory', default=[], type="string", > help='Limit packages to those needed to fix advisories') > ># You might think we'd just use the exclude_hook, and call delPackage ># and indeed that works for list updates etc. ># ># __but__ that doesn't work for dependancies on real updates ># ># So to fix deps. we need to do it at the preresolve stage and take the ># "transaction package list" and then remove packages from that. ># ># __but__ that doesn't work for lists ... so we do it two ways ># >def ysp_should_keep_pkg(opts, pkg, md): > """ Do we want to keep this package to satisfy the security limits. """ > > def has_id(refs, ref_type, ref_ids): > ''' Check if the given ID is a match. ''' > for ref in refs: > if ref['type'] != ref_type: > continue > if ref['id'] not in ref_ids: > continue > return ref > return None > > md = md.get_notice((pkg.name, pkg.ver, pkg.rel)) > if not md: > return False > md = md.get_metadata() > > if opts.advisory and md['update_id'] in opts.advisory: > return True > elif opts.cve and has_id(md['references'], "cve", opts.cve): > return True > elif opts.bz and has_id(md['references'], "bugzilla", opts.bz): > return True > elif opts.security: > return md['type'] == 'security' > else: > return False > >def ysp_check_func_enter(conduit): > """ Stuff we need to do in both list and update modes. """ > > opts, args = conduit.getCmdLine() > > if not (opts.security or opts.advisory or opts.bz or opts.cve): > return (opts, True, False) > > skip = False > list_cmd = False > if len(args) == 2: > if ((args[0] != "list") and (args[0] != "info")): > skip = True > elif args[1] != "updates": > skip = True > else: > list_cmd = True > elif (len(args) == 1) and (args[0] == "check-update"): > list_cmd = True > elif (len(args) == 1) and (args[0] == "update"): > list_cmd = False > else: > skip = True > > return (opts, skip, list_cmd) > >def exclude_hook(conduit): > ''' > Yum Plugin Exclude Hook: > Check and remove packages that don\'t align with the security config. > ''' > > opts, skip, list_cmd = ysp_check_func_enter(conduit) > if skip: > conduit.info(2,'Skipping security plugin, non list/info/update command') > return > > if not list_cmd: > return > > conduit.info(2, 'Limiting package lists to security relevant ones') > > md_info = ysp_gen_metadata(conduit) > > def ysp_del_pkg(pkg): > """ Deletes a package from all trees that yum knows about """ > conduit.info(3," --> %s from %s excluded (non-security)" % > (pkg,pkg.repoid)) > conduit.delPackage(pkg) > > for pkg in conduit.getPackages(): > if not ysp_should_keep_pkg(opts, pkg, md_info): > ysp_del_pkg(pkg) > > >def preresolve_hook(conduit): > ''' > Yum Plugin PreResolve Hook: > Check and remove packages that don\'t align with the security config. > ''' > > opts, skip, list_cmd = ysp_check_func_enter(conduit) > if skip: > conduit.info(2,'Skipping security plugin, non list/info/update command') > return > > if list_cmd: # Note ... shouldn't be called?! > return > > conduit.info(2, 'Limiting packages to security relevant ones') > > md_info = ysp_gen_metadata(conduit) > > def ysp_del_pkg(tspkg): > """ Deletes a package within a transaction. """ > conduit.info(3," --> %s from %s excluded (non-security)" % > (tspkg.po,tspkg.po.repoid)) > tsinfo.remove(tspkg.pkgtup) > > cnt = 0 > tsinfo = conduit.getTsInfo() > tspkgs = tsinfo.getMembers() > for tspkg in tspkgs: > if not ysp_should_keep_pkg(opts, tspkg.po, md_info): > ysp_del_pkg(tspkg) > else: > cnt += 1 > > conduit.info(2, 'Needed %d packages, for security' % (cnt))
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=152255">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 234646
: 152255