1 |
On Sat, 16 Aug 2003 19:11:36 +0200 |
2 |
Paul de Vrieze <pauldv@g.o> wrote: |
3 |
|
4 |
> On Saturday 16 August 2003 17:59, Karsten Schulz wrote: |
5 |
> > *After* rsyncing, but *before* building the cache, emerge should |
6 |
> > create a statical version of |
7 |
> > app-admin/security/security-VERSION.ebuild with the dependencies |
8 |
> > corresponding to the current system and the correct version. After |
9 |
> > creating this ebuild, the cache could be build and an emerge -p |
10 |
> > security will show the needed updates. That seems to me a few lines |
11 |
> > of python code and an introduction of the new GLSA file. |
12 |
> > |
13 |
> > How is that? |
14 |
> |
15 |
> Why not just having a utility (or integrate it into emerge) that scans |
16 |
> all installed packages, compares them with the list and tries to |
17 |
> update those that are with an ebuild in the same slot. If there is no |
18 |
> such ebuild it issues a warning. |
19 |
|
20 |
I don't know how many people actually tested my stuff |
21 |
(http://gentoo.devel-net.org/glsa/ in case you haven't seen it) so I'll |
22 |
explain how it works: |
23 |
|
24 |
glsa-check is a tool to read a directory (could also be on a remote |
25 |
server) of GLSA files in XML format and can do the following actions on |
26 |
it:- print a list of all unchecked GLSAs, using a checkfile that is |
27 |
updated on other actions |
28 |
- test if the current system is affected by a GLSA |
29 |
- print a plaintext version of a GLSA (similar to the current plaintext |
30 |
format) |
31 |
- tell the user all necessary steps to apply a GLSA to the system |
32 |
- apply a GLSA automatically (not implemented yet, I just need to find |
33 |
the best way to do it) and add it to the checkfile |
34 |
- "inject" the GLSA into the checkfile in case the testing was wrong or |
35 |
the user fixed it manually |
36 |
|
37 |
The glsa-check.py is just a frontend for most parts, the real work is |
38 |
done in the glsa.py class, integration in portage at a later stage |
39 |
should be rather easy. I'll check with carpaski once we get to this. |
40 |
|
41 |
If someone doesn't understand why I chose XML over the current plaintext |
42 |
format, the reasons are |
43 |
- it's IMO easier to parse in python, no custom parser needed |
44 |
- allows some enhancements as specifying multiple affected/fixed |
45 |
versions or implement multi-language support (not in the current DTD) |
46 |
- converting to other formats (e.g. html for online viewing) is easy |
47 |
with XSL |
48 |
|
49 |
So, what is needed to get this working? |
50 |
- put the GLSA in a standard location for automated retrieval, I suggest |
51 |
both in the rsync tree and somewhere on www.gentoo.org |
52 |
- convert all GLSA into XML format, this could be done by the authors or |
53 |
a converter script |
54 |
- some code additions, nothing major |
55 |
- a lot of testing :) |
56 |
|
57 |
|
58 |
Ok, so far the information on the current state, I'm open to any |
59 |
questions/suggestions/comments. The code is only a prototype, easy to |
60 |
change at the moment. I already discussed this with people on -security |
61 |
and -server, so far people seem to like this, but I need the views of |
62 |
some devs now. |
63 |
|
64 |
Marius |
65 |
|
66 |
-- |
67 |
gentoo-dev@g.o mailing list |