Gentoo Logo

Portage GLSA integration

Content:

1.  Overview

General information

This page is meant to document the implementation of GLEP 14 which deals with the design for a security-only update feature for emerge.

Roadmap

The implementation will take place in the following order:

  1. distribute GLSAs in the portage tree (completed)
  2. release a beta version of the GLSA handling code in gentoolkit (in progress)
  3. move dependency handling code from emerge to portage.py
  4. add glsa.py to portage
  5. integrate functions from glsa-check in emerge and equery

Note: This list might be expanded in the future

2.  Current status

Currently we have a testing version of the proposed implementation released in gentoolkit (versions 0.2.0_pre7 and higher). This implementation consists of the general handling code (in glsa.py) and an interface script glsa-check. While glsa.py will later be included in portage the interface script is only temporary, its functionality will later be included in emerge and/or equery.

Known problems

Currently the following problems are known in the GLSA handling code:

  • The 200402-02 GLSA regarding xfree requires some functionality not present in portage. Because of that many systems will be shown as affected when they are not. As a workaround inject this GLSA.
  • Some of the kernel GLSAs have a similar problem, if glsa-check wants to update your kernel and you think it's not needed please unmerge old kernel sources first. If that doesn't fix the problem you can also inject those GLSAs.
  • glsa-check is not SLOT-aware. This might result in false positives. Please check your system for old versions that are in a different SLOT.
  • GLSAs that were released in 2003 don't follow the current DTD which is required for the portage integration. Until they are converted to the new DTD they will be ignored by glsa-check.(fixed)
  • glsa-check currently doesn't check the given arguments for correct syntax, so if you give it a malformed argument it will likely create a traceback.
  • glsa-check fails when you try to fix, inject, pretend or dump a GLSA that is using the old DTD (which is always the case when you use the all or new keywords). This is caused by a missing check. Will be fixed in the next release.(fixed)
  • On some systems glsa.py won't find the portage module as I forgot to add the portage python path. Fixed in the next release.(fixed)
  • glsa.py apparently has some compability issues when you're using python-2.2 and/or pyxml. Please upgrade to python-2.3 and unmerge pyxml if you get a traceback.
  • Portage can't handle unicode which is passed to it creating a traceback. To fix this glsa.py will convert all strings that are passed to portage functions to ascii format in the next release. All known GLSAs have been adjusted to not contain non-ascii characters.

glsa-check

glsa-check is included in gentoolkit from version 0.2.0_pre7 on.

emerge

The integration into emerge is depending on positive test results from glsa-check and a code reorganization in emerge itself. This reorganization is mandatory to avoid redundant and wasted work and to reduce complexity.

equery

The equery implementation depends on including glsa.py in portage and has therefore not been started yet.


The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.


Print

Updated 06 Oct 2004

Summary: This document attempts to collect all information regarding the upcoming integration of Gentoo Linux Security Advisories into portage.

Marius Mauch

Donate to support our development efforts.

Support OSL

Support OSL

Gentoo Centric Hosting: vr.org

VR Hosted

Tek Alchemy

Tek Alchemy

SevenL.net

SevenL.net

Global Netoptex Inc.

Global Netoptex Inc.

Bytemark

Bytemark

Linux World Expo

Linux World Expo
Copyright 2001-2008 Gentoo Foundation, Inc. Questions, Comments? Contact us.