Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

request: security updates report for CentOS #20

Closed
gasperzupancic opened this issue Jun 1, 2016 · 6 comments
Closed

request: security updates report for CentOS #20

gasperzupancic opened this issue Jun 1, 2016 · 6 comments
Labels
enhancement

Comments

@gasperzupancic
Copy link
Contributor

it would be very nice to have the same feature as debian/ubuntu overview with security updates "needed".
@furlongm
Copy link
Owner

furlongm commented Jun 1, 2016

For future reference:

Normally for CentOS the patchman server will check the upsteam repos and patchman will calculate what package updates are needed (without asking the host what update it thinks are needed). Sometimes this can highlight where repos are broken on the hosts (e.g. if patchman and the host report different updates). In patchman you mark the update repo as a security repo and all packages will be marked as security updates.

While this works well for Debian/Ubuntu (as there are separate bugfix and security repos), it doesn't work so well for Red Hat / CentOS. It marks all updates from the update repo as security updates.

For RHEL, we can't connect to the upstream subscription-manager server without authenticating, so patchman can only collect the updates from the host for those repos. It cannot calculate the updates using only the repos. The benefit of this is that you get more detailed information regarding security vs bugfix updates.

It looks like the errata at http://cefs.steve-meier.de/ can be used to add this feature.

@gasperzupancic
Copy link
Contributor Author

what about
https://github.com/wied03/centos-package-cron ?

@furlongm
Copy link
Owner

furlongm commented Jun 3, 2016

For CentOS hosts, you could see if running that on the host works (in addition to collecting updates from the hosts). That would solve it client-side and give people an option.

It uses the same upstream site ( http://cefs.steve-meier.de/ ) that I was going to use for server-side processing, so in theory they should match.

@gasperzupancic
Copy link
Contributor Author

Yes that is what i was aiming to (the same upstream site). Was just trying to help out:) I though maybe you could "merge" that into the server side feeding it with repos and cross matching afterwards with package list. But on the other side you probably can do the same without extra step with this tool.

@furlongm
Copy link
Owner

Can you checkout a13f765 and see if this commit fixes your issue? You may need to follow the instructions in the UPGRADE file to run the migrations after checking out the branch.

@gasperzupancic
Copy link
Contributor Author

hey,

it looks ok for now. After the checkout upgrade procedure wasn't needed altough i followed your instructions. Thanks again for doing a great job!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@furlongm @gasperzupancic