diff options
| author | Paul Varner <fuzzyray@gentoo.org> | 2009-05-20 21:53:30 +0000 |
|---|---|---|
| committer | Zac Medico <zmedico@gentoo.org> | 2013-01-18 19:21:20 -0800 |
| commit | 4f0733f956d826f26b5a53c92a2c1ebf80181d91 (patch) | |
| tree | 057065ed5ec8fe8f04173cf5949dca36421aec4e /bin | |
| parent | c7e110bae1ec05e9ecd745ac5cc7314006e5026c (diff) | |
| download | portage-4f0733f956d826f26b5a53c92a2c1ebf80181d91.tar.gz portage-4f0733f956d826f26b5a53c92a2c1ebf80181d91.tar.bz2 portage-4f0733f956d826f26b5a53c92a2c1ebf80181d91.zip | |
Do not inject GLSAs into the checkfile when fixing them
There is no reason applied GLSAs must be stored in a checkfile. In the
current glsa-check GUI this will make it impossible to determine whether
the system is still affected by the GLSA (e.g. by re-emerging, or when a
GLSA is changed afterwards).
The current place for the checkfile (/var/cache) is not persistent per
FHS, meaning that people might clean out the contents of their injected
GLSAs. Since glsa.py is moving to portage anyway, we can use
/var/lib/portage as a place to store the injected GLSAs. Documentation
has been updated accordingly.
Note that the old checkfile should not be moved to the previous location
on upgrade since this will cause false negatives due to the above
arguments. A message should appear on upgrade (pkg_postinst or similar).
svn path=/trunk/gentoolkit/; revision=649
http://git.overlays.gentoo.org/gitweb/?p=proj/gentoolkit.git;a=commit;h=4138f5b1b6dbcf1042663a45b3eae1e652bfc9be
Diffstat (limited to 'bin')
| -rw-r--r-- | bin/glsa-check | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/bin/glsa-check b/bin/glsa-check index 3cfe0bac7..2b21d717f 100644 --- a/bin/glsa-check +++ b/bin/glsa-check @@ -55,7 +55,7 @@ modes.add_option("-f", "--fix", action="store_const", const="fix", dest="mode", help="Try to auto-apply this GLSA (experimental)") modes.add_option("-i", "--inject", action="store_const", dest="mode", - help="Inject the given GLSA into the checkfile") + help="inject the given GLSA into the glsa_injected file") modes.add_option("-m", "--mail", action="store_const", const="mail", dest="mode", help="Send a mail with the given GLSAs to the administrator") @@ -144,7 +144,7 @@ glsalist.extend([g for g in params if g not in glsalist]) def summarylist(myglsalist, fd1=sys.stdout, fd2=sys.stderr, encoding="utf-8"): fd1 = codecs.getwriter(encoding)(fd1) fd2 = codecs.getwriter(encoding)(fd2) - fd2.write(white("[A]")+" means this GLSA was already applied,\n") + fd2.write(white("[A]")+" means this GLSA was marked as applied (injected),\n") fd2.write(green("[U]")+" means the system is not affected and\n") fd2.write(red("[N]")+" indicates that the system might be affected.\n\n") @@ -156,7 +156,7 @@ def summarylist(myglsalist, fd1=sys.stdout, fd2=sys.stderr, encoding="utf-8"): if verbose: fd2.write(("invalid GLSA: %s (error message was: %s)\n" % (myid, e))) continue - if myglsa.isApplied(): + if myglsa.isInjected(): status = "[A]" color = white elif myglsa.isVulnerable(): @@ -229,7 +229,6 @@ if mode in ["dump", "fix", "inject", "pretend"]: sys.exit(exitcode) if len(mergelist): sys.stdout.write("\n") - myglsa.inject() elif mode == "pretend": sys.stdout.write("Checking GLSA "+myid+"\n") if not myglsa.isVulnerable(): |