diff options
| author | Paul Varner <fuzzyray@gentoo.org> | 2009-05-20 21:53:30 +0000 |
|---|---|---|
| committer | Zac Medico <zmedico@gentoo.org> | 2013-01-18 19:21:20 -0800 |
| commit | 4f0733f956d826f26b5a53c92a2c1ebf80181d91 (patch) | |
| tree | 057065ed5ec8fe8f04173cf5949dca36421aec4e | |
| parent | c7e110bae1ec05e9ecd745ac5cc7314006e5026c (diff) | |
| download | portage-4f0733f956d826f26b5a53c92a2c1ebf80181d91.tar.gz portage-4f0733f956d826f26b5a53c92a2c1ebf80181d91.tar.bz2 portage-4f0733f956d826f26b5a53c92a2c1ebf80181d91.zip | |
Do not inject GLSAs into the checkfile when fixing them
There is no reason applied GLSAs must be stored in a checkfile. In the
current glsa-check GUI this will make it impossible to determine whether
the system is still affected by the GLSA (e.g. by re-emerging, or when a
GLSA is changed afterwards).
The current place for the checkfile (/var/cache) is not persistent per
FHS, meaning that people might clean out the contents of their injected
GLSAs. Since glsa.py is moving to portage anyway, we can use
/var/lib/portage as a place to store the injected GLSAs. Documentation
has been updated accordingly.
Note that the old checkfile should not be moved to the previous location
on upgrade since this will cause false negatives due to the above
arguments. A message should appear on upgrade (pkg_postinst or similar).
svn path=/trunk/gentoolkit/; revision=649
http://git.overlays.gentoo.org/gitweb/?p=proj/gentoolkit.git;a=commit;h=4138f5b1b6dbcf1042663a45b3eae1e652bfc9be
| -rw-r--r-- | bin/glsa-check | 7 | ||||
| -rw-r--r-- | pym/portage/glsa.py | 21 |
2 files changed, 15 insertions, 13 deletions
diff --git a/bin/glsa-check b/bin/glsa-check index 3cfe0bac7..2b21d717f 100644 --- a/bin/glsa-check +++ b/bin/glsa-check @@ -55,7 +55,7 @@ modes.add_option("-f", "--fix", action="store_const", const="fix", dest="mode", help="Try to auto-apply this GLSA (experimental)") modes.add_option("-i", "--inject", action="store_const", dest="mode", - help="Inject the given GLSA into the checkfile") + help="inject the given GLSA into the glsa_injected file") modes.add_option("-m", "--mail", action="store_const", const="mail", dest="mode", help="Send a mail with the given GLSAs to the administrator") @@ -144,7 +144,7 @@ glsalist.extend([g for g in params if g not in glsalist]) def summarylist(myglsalist, fd1=sys.stdout, fd2=sys.stderr, encoding="utf-8"): fd1 = codecs.getwriter(encoding)(fd1) fd2 = codecs.getwriter(encoding)(fd2) - fd2.write(white("[A]")+" means this GLSA was already applied,\n") + fd2.write(white("[A]")+" means this GLSA was marked as applied (injected),\n") fd2.write(green("[U]")+" means the system is not affected and\n") fd2.write(red("[N]")+" indicates that the system might be affected.\n\n") @@ -156,7 +156,7 @@ def summarylist(myglsalist, fd1=sys.stdout, fd2=sys.stderr, encoding="utf-8"): if verbose: fd2.write(("invalid GLSA: %s (error message was: %s)\n" % (myid, e))) continue - if myglsa.isApplied(): + if myglsa.isInjected(): status = "[A]" color = white elif myglsa.isVulnerable(): @@ -229,7 +229,6 @@ if mode in ["dump", "fix", "inject", "pretend"]: sys.exit(exitcode) if len(mergelist): sys.stdout.write("\n") - myglsa.inject() elif mode == "pretend": sys.stdout.write("Checking GLSA "+myid+"\n") if not myglsa.isVulnerable(): diff --git a/pym/portage/glsa.py b/pym/portage/glsa.py index 5cc735ba3..84bf7fddc 100644 --- a/pym/portage/glsa.py +++ b/pym/portage/glsa.py @@ -22,7 +22,7 @@ from portage import _unicode_decode from portage import _unicode_encode from portage.versions import pkgsplit, vercmp, best from portage.util import grabfile -from portage.const import CACHE_PATH +from portage.const import PRIVATE_PATH from portage.localization import _ from portage.dep import _slot_separator @@ -42,7 +42,7 @@ def get_applied_glsas(settings): @rtype: list @return: list of glsa IDs """ - return grabfile(os.path.join(settings["EROOT"], CACHE_PATH, "glsa")) + return grabfile(os.path.join(settings["EROOT"], PRIVATE_PATH, "glsa_injected")) # TODO: use the textwrap module instead @@ -661,14 +661,17 @@ class Glsa: self.portdbapi, self.vardbapi)) return rValue - def isApplied(self): + def isInjected(self): """ - Looks if the GLSA IDis in the GLSA checkfile to check if this - GLSA was already applied. + Looks if the GLSA ID is in the GLSA checkfile to check if this + GLSA should be marked as applied. @rtype: Boolean - @return: True if the GLSA was applied, False if not + @returns: True if the GLSA is in the inject file, False if not """ + if not os.access(os.path.join(self.config["EROOT"], + PRIVATE_PATH, "glsa_injected"), os.R_OK): + return False return (self.nr in get_applied_glsas(self.config)) def inject(self): @@ -680,11 +683,11 @@ class Glsa: @rtype: None @return: None """ - if not self.isApplied(): + if not self.isInjected(): checkfile = io.open( _unicode_encode(os.path.join(self.config["EROOT"], - CACHE_PATH, "glsa"), - encoding=_encodings['fs'], errors='strict'), + PRIVATE_PATH, "glsa_injected"), + encoding=_encodings['fs'], errors='strict'), mode='a+', encoding=_encodings['content'], errors='strict') checkfile.write(_unicode_decode(self.nr + "\n")) checkfile.close() |