the script I use to get email notifications of the affected ebuilds,
that also prepares a shell script that fixes the glsas.
might be useful for someone.
yours,
kos
#!/bin/bash
tmp="/tmp/.glsa-check"
update="/root/run-to-update.sh"
glsa="/usr/portage/metadata/glsa"
if [ -f $tmp ] ; then
rm -f $tmp
fi
if [ -f $update ] ; then
rm -f $update
fi
emerge --sync >/dev/null 2>&1
glsa-check -n --list affected 2> /dev/null > $tmp
arr=(`cat $tmp | awk '{print $1}'`)
[EMAIL PROTECTED]
if [ $BUGCOUNT -gt "0" ] ; then
echo -e '#!/bin/bash' > $update
echo -ne '#relevant as for ' >> $update
echo `date +%D` >> $update
n=0
while (($n < $BUGCOUNT)); do
echo "/usr/bin/glsa-check -f" ${arr[$n]} >> $update
cat $glsa/glsa-${arr[$n]}.xml | grep "# emerge" | grep -v "emerge
--sync" | \
sed 's/\"\;/\"/g' | sed 's/\>\;/\>/g' | sed 's/<\/code>//g' >>
$update
echo >> $update
let n+=1
done
echo -e "\nRun $update to update the system" >> $tmp
cat $tmp | /bin/mail -s GLSA_UNAPPLIED [EMAIL PROTECTED]
rm -rf $tmp
fi
Sune Kloppenborg Jeppesen wrote:
> On Monday 16 April 2007 20:31, Sune Kloppenborg Jeppesen wrote:
>> I agree that policy should be updated to reflect this but that got bogged
>> down by other issues last I tried. I'll try again.
> Ohh well, I must have dropped my memory somewhere I forgot:(
>
> I actually updated the Gentoo Linux Vulnerability Treatment Policy¹ last
> August to reflect that:
>
> "Kernels
> Currently kernels are not covered by the GLSA release process.
> Vulnerabilities must still be reported and will be fixed, but no GLSA will be
> issued when everything is solved.
> Note: This policy should be changed when new tools are added to cover
> security vulnerabilities affecting the different kernel sources."
>
> ¹ http://www.gentoo.org/security/en/vulnerability-policy.xml
>
--
[EMAIL PROTECTED] mailing list
