1 |
the script I use to get email notifications of the affected ebuilds, |
2 |
that also prepares a shell script that fixes the glsas. |
3 |
|
4 |
might be useful for someone. |
5 |
|
6 |
|
7 |
yours, |
8 |
kos |
9 |
|
10 |
#!/bin/bash |
11 |
tmp="/tmp/.glsa-check" |
12 |
update="/root/run-to-update.sh" |
13 |
glsa="/usr/portage/metadata/glsa" |
14 |
|
15 |
if [ -f $tmp ] ; then |
16 |
rm -f $tmp |
17 |
fi |
18 |
|
19 |
if [ -f $update ] ; then |
20 |
rm -f $update |
21 |
fi |
22 |
|
23 |
emerge --sync >/dev/null 2>&1 |
24 |
glsa-check -n --list affected 2> /dev/null > $tmp |
25 |
|
26 |
arr=(`cat $tmp | awk '{print $1}'`) |
27 |
BUGCOUNT=${#arr[@]} |
28 |
|
29 |
if [ $BUGCOUNT -gt "0" ] ; then |
30 |
|
31 |
echo -e '#!/bin/bash' > $update |
32 |
echo -ne '#relevant as for ' >> $update |
33 |
echo `date +%D` >> $update |
34 |
|
35 |
n=0 |
36 |
while (($n < $BUGCOUNT)); do |
37 |
|
38 |
echo "/usr/bin/glsa-check -f" ${arr[$n]} >> $update |
39 |
cat $glsa/glsa-${arr[$n]}.xml | grep "# emerge" | grep -v "emerge |
40 |
--sync" | \ |
41 |
sed 's/\"\;/\"/g' | sed 's/\>\;/\>/g' | sed 's/<\/code>//g' >> |
42 |
$update |
43 |
echo >> $update |
44 |
let n+=1 |
45 |
done |
46 |
|
47 |
echo -e "\nRun $update to update the system" >> $tmp |
48 |
cat $tmp | /bin/mail -s GLSA_UNAPPLIED email_address@××××××.com |
49 |
rm -rf $tmp |
50 |
fi |
51 |
|
52 |
|
53 |
|
54 |
|
55 |
|
56 |
Sune Kloppenborg Jeppesen wrote: |
57 |
> On Monday 16 April 2007 20:31, Sune Kloppenborg Jeppesen wrote: |
58 |
>> I agree that policy should be updated to reflect this but that got bogged |
59 |
>> down by other issues last I tried. I'll try again. |
60 |
> Ohh well, I must have dropped my memory somewhere I forgot:( |
61 |
> |
62 |
> I actually updated the Gentoo Linux Vulnerability Treatment Policy¹ last |
63 |
> August to reflect that: |
64 |
> |
65 |
> "Kernels |
66 |
> Currently kernels are not covered by the GLSA release process. |
67 |
> Vulnerabilities must still be reported and will be fixed, but no GLSA will be |
68 |
> issued when everything is solved. |
69 |
> Note: This policy should be changed when new tools are added to cover |
70 |
> security vulnerabilities affecting the different kernel sources." |
71 |
> |
72 |
> ¹ http://www.gentoo.org/security/en/vulnerability-policy.xml |
73 |
> |
74 |
|
75 |
-- |
76 |
gentoo-security@g.o mailing list |