Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
portage GLSA integration (aka `emerge security`)
View unanswered posts
View posts from last 24 hours

Goto page 1, 2, 3, 4  Next  
Reply to topic    Gentoo Forums Forum Index Portage & Programming
View previous topic :: View next topic  
Author Message
Genone
Retired Dev
Retired Dev


Joined: 14 Mar 2003
Posts: 9507
Location: beyond the rim

PostPosted: Sat Mar 13, 2004 11:48 am    Post subject: portage GLSA integration (aka `emerge security`) Reply with quote

The first public version of the upcoming GLSA integration code has been released in gentoolkit-0.2.0_pre7. Please read http://www.gentoo.org/proj/en/portage/glsa-integration.xml before using it and again before reporting any bugs (especially the section about known bugs).
Please bear in mind that this script has the purpose to test the GLSA system for general problems and has not all features of the final implementation.
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 20054

PostPosted: Mon Mar 15, 2004 8:24 pm    Post subject: Reply with quote

This is minor, so not sure if it is worth reporting as a bug...
glsa-check -d doesn't like it if . is used instead of - in the GLSA number (200402.02 vs. 200402-02)
Code:
# glsa-check -d 200402.02
[snip]
Traceback (most recent call last):
  File "/usr/bin/glsa-check", line 152, in ?
    myglsa = Glsa(myid, glsaconfig)
  File "/usr/lib/gentoolkit/pym/glsa.py", line 326, in __init__
    self.read()
  File "/usr/lib/gentoolkit/pym/glsa.py", line 341, in read
    self.parse(urllib.urlopen(myurl))
  File "/usr/lib/python2.3/urllib.py", line 76, in urlopen
    return opener.open(url)
  File "/usr/lib/python2.3/urllib.py", line 181, in open
    return getattr(self, name)(url)
  File "/usr/lib/python2.3/urllib.py", line 410, in open_file
    return self.open_local_file(url)
  File "/usr/lib/python2.3/urllib.py", line 420, in open_local_file
    raise IOError(e.errno, e.strerror, e.filename)
IOError: [Errno 2] No such file or directory: '/data/portage/metadata/glsa/glsa-200402.02.xml'


By the way... under what should bugs for this be filed?
_________________
Quis separabit? Quo animo?
Back to top
View user's profile Send private message
Genone
Retired Dev
Retired Dev


Joined: 14 Mar 2003
Posts: 9507
Location: beyond the rim

PostPosted: Mon Mar 15, 2004 10:15 pm    Post subject: Reply with quote

Hmm, guess I'll have to add a few parameter syntax checks. Bugs should go under Portage Development/Tools (and assign them genone@gentoo.org)
Back to top
View user's profile Send private message
sploo22
n00b
n00b


Joined: 21 Aug 2003
Posts: 20
Location: Cayman Brac, Cayman Islands

PostPosted: Mon Mar 22, 2004 11:02 pm    Post subject: Reply with quote

How about this:
Code:
$ glsa-check -p all
WARNING: This tool is completely new and not very tested, so it should not be
used on production systems. It's mainly a test tool for the new GLSA release
and distribution system, it's functionality will later be merged into emerge
and equery.
Please read http://www.gentoo.org/proj/en/portage/glsa-integration.xml
before using this tool AND before reporting a bug.
 
Traceback (most recent call last):
  File "/usr/bin/glsa-check", line 152, in ?
    myglsa = Glsa(myid, glsaconfig)
  File "/usr/lib/gentoolkit/pym/glsa.py", line 326, in __init__
    self.read()
  File "/usr/lib/gentoolkit/pym/glsa.py", line 341, in read
    self.parse(urllib.urlopen(myurl))
  File "/usr/lib/gentoolkit/pym/glsa.py", line 359, in parse
    raise GlsaTypeException(self.DOM.doctype.systemId)
glsa.GlsaTypeException: wrong DOCTYPE: http://www.gentoo.org/dtd/glsa-old.dtd


Sorry to add stress to your life... ;) I thought GLSA's with the old DTD were ignored?
_________________
This signature will self-destruct in 10 seconds. Close browser window now to avoid permanent monitor damage.
Back to top
View user's profile Send private message
Genone
Retired Dev
Retired Dev


Joined: 14 Mar 2003
Posts: 9507
Location: beyond the rim

PostPosted: Wed Mar 24, 2004 4:58 am    Post subject: Reply with quote

They are ... in most cases. I missed one case while adding the exception handler.
Back to top
View user's profile Send private message
Genone
Retired Dev
Retired Dev


Joined: 14 Mar 2003
Posts: 9507
Location: beyond the rim

PostPosted: Thu Apr 01, 2004 9:49 am    Post subject: Reply with quote

Ok, new glsa-check including some bugfixes and enhancements in gentoolkit-0.2.0_pre8
Back to top
View user's profile Send private message
pwnell
n00b
n00b


Joined: 02 Mar 2003
Posts: 29
Location: South Africa

PostPosted: Fri Apr 02, 2004 4:43 pm    Post subject: A hint for people when getting DOCTYPE errors Reply with quote

I have been troubleshooting this error for quite some time now:

invalid GLSA: 200312-02 (error message was: wrong DOCTYPE: None)

when trying to run glsa-check -l. I have the latest one (gentoolkit-0.2.0_pre8 I think). The reason for that is I used to have python-2.2.3-r1 installed, whereas it works if I upgraded that to the latest python-2.3.3
Back to top
View user's profile Send private message
Genone
Retired Dev
Retired Dev


Joined: 14 Mar 2003
Posts: 9507
Location: beyond the rim

PostPosted: Sat Apr 03, 2004 1:54 pm    Post subject: Reply with quote

Only for that GLSA or for others too ?
I haven't really tested glsa-check with different python versions but it doesn't use any 2.3 features, so it shouldn't matter.
Back to top
View user's profile Send private message
dr_strange
Guru
Guru


Joined: 16 Apr 2002
Posts: 480
Location: Cambridge, UK

PostPosted: Thu Apr 08, 2004 8:03 pm    Post subject: Reply with quote

Works fine here, as far as I can tell.
_________________
shine on,

dr_strange

Set the Controls for the Heart of Gentoo
http://magenta.linuxforum.hu
Back to top
View user's profile Send private message
Carlo
Developer
Developer


Joined: 12 Aug 2002
Posts: 3356

PostPosted: Thu Apr 08, 2004 9:09 pm    Post subject: Reply with quote

O.k., it's a bit destructive, but glsa-check -l * causes a nice traceback. A check for valid params would be fine. :)



Carlo
_________________
Please make sure that you have searched for an answer to a question after reading all the relevant docs.
Back to top
View user's profile Send private message
pwnell
n00b
n00b


Joined: 02 Mar 2003
Posts: 29
Location: South Africa

PostPosted: Fri Apr 09, 2004 9:19 am    Post subject: Reply with quote

Genone wrote:
Only for that GLSA or for others too ?
I haven't really tested glsa-check with different python versions but it doesn't use any 2.3 features, so it shouldn't matter.


For all of them.... - both 2003 and 2004 versions
Back to top
View user's profile Send private message
Cheesefoam
Tux's lil' helper
Tux's lil' helper


Joined: 02 Jan 2003
Posts: 89

PostPosted: Thu May 06, 2004 6:56 pm    Post subject: Reply with quote

Is it possible for the future "emerge security" to leave some sort of tag (a special file in a directory, for example), when a run-time service such as Apache is updated?

That way, it would be possible to simply test for the existence of said file with a script in a cron job to see if that package has been updated as a result of a GLSA, and to then restart it automatically.
Back to top
View user's profile Send private message
jsaints
n00b
n00b


Joined: 28 Nov 2003
Posts: 46

PostPosted: Wed May 19, 2004 12:21 am    Post subject: Reply with quote

I have set up a binary host for my internal network.

Are there plans to allow emerge security to use binary packages from package server?
Back to top
View user's profile Send private message
Kalin
Tux's lil' helper
Tux's lil' helper


Joined: 22 Dec 2002
Posts: 130
Location: Germany

PostPosted: Wed Jun 16, 2004 5:32 am    Post subject: Beautifying output Reply with quote

I was trying my first Python script, but...

please see the patch in https://bugs.gentoo.org/show_bug.cgi?id=47953 and test it.

Any comments are welcome (here or in person or in the bug).
Back to top
View user's profile Send private message
Genone
Retired Dev
Retired Dev


Joined: 14 Mar 2003
Posts: 9507
Location: beyond the rim

PostPosted: Wed Jun 16, 2004 10:43 pm    Post subject: Reply with quote

I already have colour support implemented in CVS, just didn't get around to make a new release. For the other part of the patch, it would IMO be better to make a new class "affected" (in addition to "new" and "all") so that it works with all commands.
Btw, I'm sorry that it probably won't be integrated in portage-2.0.51, but I want to use the new API which isn't ready yet as it makes the code much cleaner. If anyone wants to create a patch for the current emerge code I'll be happy to review it, but it won't be in 2.0.51 either as we are short before releasing it and don't want to introduce new major features/bugs (it's already a big change as it is).
Back to top
View user's profile Send private message
Kalin
Tux's lil' helper
Tux's lil' helper


Joined: 22 Dec 2002
Posts: 130
Location: Germany

PostPosted: Thu Jun 17, 2004 4:33 am    Post subject: Reply with quote

Ok, didn't llok in the CVS :-(

Implementing a new class (Affected) will be really better solution, take your time.
Back to top
View user's profile Send private message
dmouritsendk
Tux's lil' helper
Tux's lil' helper


Joined: 22 Jun 2002
Posts: 138
Location: Denmark

PostPosted: Fri Jun 18, 2004 12:29 am    Post subject: Reply with quote

I've tried testing out gentoolkit-0.2.0_pre8 and i just wanted to say glsa-check has worked great here.

Great work, can't wait for it to get intergrated into portage :)
Back to top
View user's profile Send private message
Lance
Tux's lil' helper
Tux's lil' helper


Joined: 02 Apr 2004
Posts: 125

PostPosted: Mon Jun 21, 2004 12:04 pm    Post subject: Reply with quote

I am not sure if it's right for this thread, but when I run
Code:
glsa-check -f all

, it emerge kde-base/kdelibs-3.2.2-r1 over and over again. Should I run with some other option or it's a bug?

Thanks!
_________________
choose Gentoo, choose freedom
Back to top
View user's profile Send private message
ianneub
Tux's lil' helper
Tux's lil' helper


Joined: 29 May 2003
Posts: 90
Location: HB, CA, USA

PostPosted: Tue Jul 06, 2004 9:07 pm    Post subject: Reply with quote

I'm running on a somewhat dated Gentoo install (installed in 2004-02) and when I run:
Code:
glsa-check -l all


I get no glsa listings. Is there something that must be in my profile or some other Portage file somehwere? All the glsa's exist in /usr/portage/metadata/glsa/

This same command works fine on a machine I made last week.

Thanks!
_________________
There's nothing to see here, move along...
Back to top
View user's profile Send private message
Vulpes_Vulpes
Apprentice
Apprentice


Joined: 10 Dec 2003
Posts: 264
Location: Amsterdam

PostPosted: Tue Jul 06, 2004 9:36 pm    Post subject: Reply with quote

Code:
glsa-check -f all

Worked like a charm here. This is a really usefull tool! Tnx for all the effort!!! :D
Back to top
View user's profile Send private message
Genone
Retired Dev
Retired Dev


Joined: 14 Mar 2003
Posts: 9507
Location: beyond the rim

PostPosted: Thu Jul 08, 2004 12:07 am    Post subject: Reply with quote

Lance: sorry, no idea what could be wrong there.
ianneub: any chance you're using python-2.2 or pyxml on that box ? Both are known to make problems with glsa.py.
Back to top
View user's profile Send private message
jpc82
Guru
Guru


Joined: 09 Mar 2003
Posts: 326

PostPosted: Thu Jul 08, 2004 12:27 pm    Post subject: Reply with quote

Here is my problem.


I had a server running gentoo-dev-sources-2.6.3 and when I saw the multiple kernel vulnerabilies I desided to upgrade to the latest version. So I merged gentoo-dev-sources-2.6.7-r8, build the kernel, installed and booted to it. However, glda-check still reports that I am vulnerable. So I do a glsa-check -p, and now it wants to downgrade me to gentoo-dev-sources-2.6.7-r1.

Why is this? As far as I can see from the glsa all >=gentoo-dev-sources-2.6.7 are fine.
Back to top
View user's profile Send private message
Lance
Tux's lil' helper
Tux's lil' helper


Joined: 02 Apr 2004
Posts: 125

PostPosted: Thu Jul 08, 2004 1:41 pm    Post subject: Reply with quote

Genone:

Is there anything I can do to help find a solution?
_________________
choose Gentoo, choose freedom
Back to top
View user's profile Send private message
Genone
Retired Dev
Retired Dev


Joined: 14 Mar 2003
Posts: 9507
Location: beyond the rim

PostPosted: Thu Jul 08, 2004 2:26 pm    Post subject: Reply with quote

Lance: first idea would be to send me the output of
Code:
glsa-check -p all
(in a private message, no need to clutter the thread).

jpc82: I'll look at this when I get home, but I think it's related to SLOTs. DO you have the old version still installed?
Back to top
View user's profile Send private message
jpc82
Guru
Guru


Joined: 09 Mar 2003
Posts: 326

PostPosted: Thu Jul 08, 2004 2:39 pm    Post subject: Reply with quote

The compiled kernel is no longer present, however I have not done a emerge -C OLD_KERNEL, and the kernel source tree is still there.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Portage & Programming All times are GMT
Goto page 1, 2, 3, 4  Next
Page 1 of 4

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum