Since yum-security doesn't seem to work I've created a very rough version of it on my own. It requires expect and yum-changelog to be installed on a machine. It makes the assumption that the CVE number will be in the changelog data for any package with a security patch applied. I have my own rsync'd copy of the 5.3 repository that it check's against (I have around 2 dozen machines that need updating when security patch's come out) so I don't do any serious abuse to someone else's repo.
################################################################## #!/bin/bash
# Get a complete list of packages requiring updates, remove junk lines #and strip them down to the package.arch name. Loop once for each package. for PKG in `yum check-update | grep -v ^Loaded\ plugins | grep -v ^Loading\ mirror | grep -v * | grep -v ^$ | awk '{print $1}'`; do
# get the changelog delta for this package, XXXxxx is a record separator #that isn't likely to exists allowing awk to process the entire result as #one record and return an unknown number of lines UPDATE=`expect -c "set timeout -1; spawn /usr/bin/yum --changelog update $PKG; expect "Is this ok"; send "N"" | awk -v RS="XXXxxx" -F"Changes in packages about to be updated:" '{print $2}' | awk -v RS="XXXxxx" -F"Dependencies Resolved" '{print $1}'`
# check for the existence of "CVE" in the returned changelog, if it exists #echo it to STDOUT echo ${UPDATE} | grep CVE > /dev/null if [ $? -eq 0 ] then echo "#### Changelog Delta's for $PKG and it's dependancies ####" echo "${UPDATE}" fi done
##################################################################
Comments, suggestions. Am I recreating the wheel? If I run it against an online repo it takes about 15-20 minutes to return and makes entirely to many calls to yum. Using my own repo it only takes about 3 minutes and doesn't cost me any extra bandwidth.
---------------------------------------------
Jacob Bresciani, Systems Administrator Advanced E-commerce Research Systems Inc. 2307-4464 Markham Street Victoria, BC CANADA V8Z 7X8 +1 250 418 5412 (mobile) +1 250 483 3271 (FAX) www.terapeak.com - eBay Marketplace Research www.aers.ca - Advanced E-commerce Analytics
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Kwan Lowe Sent: Tuesday, April 28, 2009 2:45 PM To: CentOS mailing list Subject: Re: [CentOS] Yum Update issues
On Tue, Apr 28, 2009 at 5:10 PM, Ron Blizzard rb4centos@gmail.com wrote:
Has anyone else run into this issue when running yum update?
I've already run yum clear all, but the problem came back when I ran
yum
update again. Firefox and xulrunner were also being "held up," but I
was
able to update them by running yum update firefox.
As far as I can see there is no yum-complete-transaction command.
yum-complete-transaction is part of yum-utils.
I've seen that error if using third-party repositories or the mirror isn't fully updated _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos