Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
Bug 624079 - Additions to updateinfo xml repodata
Additions to updateinfo xml repodata
Product: Fedora
Classification: Fedora
Component: yum (Show other bugs)
All Linux
low Severity medium
: ---
: ---
Assigned To: packaging-team-maint
Fedora Extras Quality Assurance
Depends On:
Blocks: 624086
  Show dependency treegraph
Reported: 2010-08-13 11:17 EDT by Mark J. Cox
Modified: 2014-10-03 08:49 EDT (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2014-10-03 08:49:51 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Proposed patch (3.88 KB, patch)
2010-08-13 11:17 EDT, Mark J. Cox
no flags Details | Diff

  None (edit)
Description Mark J. Cox 2010-08-13 11:17:37 EDT
Created attachment 438697 [details]
Proposed patch

In order to support future products we need to be able to deal with extra fields in the updateinfo repodata.

Testing of current updatinfo consumers (yum security plugin, pup, PackageKit) show they are lenient in parsing and will ignore any of these extra fields if present.

The attached patch (untested) adds 

severity:  For Red Hat errata we provide a single severity rating per update,
"critical", "important", "moderate", or "low".  If this had it's own
field then a consumer of this file could select issues based on
severity, sort by severity, or other useful functions.  The
severity is also mentioned in the summary and in the topic line, but
none of these are displayed by current consumers.

Missing description pieces: At the moment RHN only puts part of the errata details into 'description', leaving out the summary and solution text.  While we
could get RHN to include these in the description field they create, some of this data is perhaps not important when looking at a GUI display of things you need to update.  So we add <summary> and <solution> entities

rights:  Provide a 'rights' entity so any advisory built from the data
in the 'updateinfo' file can state any legal or other rights
notices required.

(and we also note that type="other" is a valid reference type)
Comment 1 James Antill 2010-08-16 15:20:55 EDT
Thanks, just about to check this in. One minor nit though, you copied the code for description by doing:

+            'rights'           : '',
+        if self._md['rights'] is not None:
+            desc = utf8_text_wrap(self._md['rights'], width=64,
+                                  subsequent_indent=' ' * 12 + ': ')
+            head += "     Rights : %s\n" % '\n'.join(desc)

...which is a bug, as '' != None so it'll always show. (description "must" be present, which is why nobody has fixed it there).

 I changed the test to:

+        if self._md['rights']:

...if you want to go the other way, shout.
Comment 2 Mark J. Cox 2010-08-17 03:40:34 EDT
Good catch, thanks.
Comment 4 Mark J. Cox 2010-09-15 06:27:53 EDT
Looks like I missed 'severity' from my patch, but it is in the new updateinfo.xml

For an abstract for testing, see 
Abstract of RHN x86_64-client-5 updateinfo.xml as of Sept 15 2010

Please could you add 'severity' (should look almost identical to the code for 'rights').  Thanks
Comment 5 James Antill 2010-09-15 08:31:32 EDT
Posted for upstream ACK.
And thanks for the updateinfo.xml :).
Comment 6 James Antill 2010-11-04 13:12:35 EDT
Ok, I've finally got around to doing all the client stuff for this in the security plugin.

A couple of questions:

1. Do you want rights displayed by default? (I'm guessing it's going to be the same for all of them, but it's only one line...)

2. Do you want summary/solution displayed by default (seem big and useless, but meh).

3. Atm. I assume that severity is tied to security ... so the option is called --sec-severity, and so with --sec-severity=Critical the --security option does mostly nothing.

4. For "updateinfo list security" I'm doing:

FEDORA-2010-16593 security      xulrunner-
FEDORA-2010-16883 Critical/Sec. xulrunner-

...where I've altered 16883 to have severity=critical (both are security). I assume this is fine?

5. For "updateinfo summary security" I'm doing:

    11 Security notice(s)
        10 ? Security notice(s)
         1 Critical Security notice(s)

...and if they were call Critical it'd be:

    11 Critical Security notice(s)

...again, I ignore any severity data for bugfix/etc. ... I assume this is fine?
Comment 7 Mark J. Cox 2010-11-05 07:17:34 EDT
1 - no, i we don't need to do this
2 - no, let's not do this either.  If they are using yum security then the solution boilerplate isn't much use.
3 - ok
4 - ok
5 - ok
Comment 8 Fedora End Of Life 2013-04-03 15:03:34 EDT
This bug appears to have been reported against 'rawhide' during the Fedora 19 development cycle.
Changing version to '19'.

(As we did not run this process for some time, it could affect also pre-Fedora 19 development
cycle bugs. We are very sorry. It will help us with cleanup during Fedora 19 End Of Life. Thank you.)

More information and reason for this action is here:

Note You need to log in before you can comment on or make changes to this bug.