| 1 |
On Sat, 16 Aug 2003 19:11:36 +0200 |
| 2 |
Paul de Vrieze <pauldv@g.o> wrote: |
| 3 |
|
| 4 |
> On Saturday 16 August 2003 17:59, Karsten Schulz wrote: |
| 5 |
> > *After* rsyncing, but *before* building the cache, emerge should |
| 6 |
> > create a statical version of |
| 7 |
> > app-admin/security/security-VERSION.ebuild with the dependencies |
| 8 |
> > corresponding to the current system and the correct version. After |
| 9 |
> > creating this ebuild, the cache could be build and an emerge -p |
| 10 |
> > security will show the needed updates. That seems to me a few lines |
| 11 |
> > of python code and an introduction of the new GLSA file. |
| 12 |
> > |
| 13 |
> > How is that? |
| 14 |
> |
| 15 |
> Why not just having a utility (or integrate it into emerge) that scans |
| 16 |
> all installed packages, compares them with the list and tries to |
| 17 |
> update those that are with an ebuild in the same slot. If there is no |
| 18 |
> such ebuild it issues a warning. |
| 19 |
|
| 20 |
I don't know how many people actually tested my stuff |
| 21 |
(http://gentoo.devel-net.org/glsa/ in case you haven't seen it) so I'll |
| 22 |
explain how it works: |
| 23 |
|
| 24 |
glsa-check is a tool to read a directory (could also be on a remote |
| 25 |
server) of GLSA files in XML format and can do the following actions on |
| 26 |
it:- print a list of all unchecked GLSAs, using a checkfile that is |
| 27 |
updated on other actions |
| 28 |
- test if the current system is affected by a GLSA |
| 29 |
- print a plaintext version of a GLSA (similar to the current plaintext |
| 30 |
format) |
| 31 |
- tell the user all necessary steps to apply a GLSA to the system |
| 32 |
- apply a GLSA automatically (not implemented yet, I just need to find |
| 33 |
the best way to do it) and add it to the checkfile |
| 34 |
- "inject" the GLSA into the checkfile in case the testing was wrong or |
| 35 |
the user fixed it manually |
| 36 |
|
| 37 |
The glsa-check.py is just a frontend for most parts, the real work is |
| 38 |
done in the glsa.py class, integration in portage at a later stage |
| 39 |
should be rather easy. I'll check with carpaski once we get to this. |
| 40 |
|
| 41 |
If someone doesn't understand why I chose XML over the current plaintext |
| 42 |
format, the reasons are |
| 43 |
- it's IMO easier to parse in python, no custom parser needed |
| 44 |
- allows some enhancements as specifying multiple affected/fixed |
| 45 |
versions or implement multi-language support (not in the current DTD) |
| 46 |
- converting to other formats (e.g. html for online viewing) is easy |
| 47 |
with XSL |
| 48 |
|
| 49 |
So, what is needed to get this working? |
| 50 |
- put the GLSA in a standard location for automated retrieval, I suggest |
| 51 |
both in the rsync tree and somewhere on www.gentoo.org |
| 52 |
- convert all GLSA into XML format, this could be done by the authors or |
| 53 |
a converter script |
| 54 |
- some code additions, nothing major |
| 55 |
- a lot of testing :) |
| 56 |
|
| 57 |
|
| 58 |
Ok, so far the information on the current state, I'm open to any |
| 59 |
questions/suggestions/comments. The code is only a prototype, easy to |
| 60 |
change at the moment. I already discussed this with people on -security |
| 61 |
and -server, so far people seem to like this, but I need the views of |
| 62 |
some devs now. |
| 63 |
|
| 64 |
Marius |
| 65 |
|
| 66 |
-- |
| 67 |
gentoo-dev@g.o mailing list |
Archives