CEFS: CentOS Errata for Spacewalk

This fine piece of software allows you to import errata information from the CentOS-Announce mailing list into your Spacewalk-Server.
For security announcements details from Red Hat (RHSA) can be imported optionally.


  • 20120504: The errata-import script has been updated. It is now capable to import descriptions from Red Hat's OVAL file which you can find HERE (Trent Johnson suggested this on the Spacewalk Mailing-List, thanks)
  • 20120520: Added missing Security Announcements from CentOS 5.8
  • 20120610: Added a command-line option to publish errata after creation. Added options to select type of errata (Security, Bug Fix, Enhancement)
  • 20120619: Added missing Product Enhancement Announcements from CentOS 5.8
  • 20120718: Added missing Bug Fix Announcements from CentOS 5.8
  • 20120917: The errata-import script has been updated. I fixed the --publish option to work as expected. CVEs are now added to Security Advisories.
  • 20120922: The errata-import script has been updated. It now checks the users permissions before publishing.
  • 20120925: Checksums are now available as SHA1 and MD5
  • 20120926: The errata-import script has been updated. User permission check has been improved.
  • 20121005: Errata XML generation has been fully automated.
  • 20121020: Errata XML is now also available in compressed formats: gzip and bzip2
  • 20130114: The errata-import script has been updated. Removed patched Frontier-Client.pm.
  • 20130211: You can now flattr this website.
  • 20130218: The errata-import script has been updated to support Debian Advisories
  • 20130301: The errata-import script and XML have been updated to support the reboot_suggested keyword.
  • 20130313: The errata-import script has been updated to work with API version 12 in Spacewalk 1.9 (Thanks, James)
  • 20130323: The errata-import script has been updated to add packages to existing Errata (new feature)
  • 20130326: Errata XML now contains issue_date and severity fields. It no longer contains advisories from 2006 and before.
  • 20130909: The errata-import script has been updated to work with API version 13 in Spacewalk 2.0 (Thanks, Alex)
  • 20131121: Added missing Announcements from CentOS 5.10
  • 20131208: Errata XML now contains information from the cr-announce-list (Thanks, Kris)
  • 20131210: The addition of the CR Errata broke the parsing for the last two days. Should be fixed now. Sorry. (Thanks, Shawn)
  • 20131213: The errata-import script has been updated to include a --quiet option (Thanks, Aron)
  • 20140311: The errata-import script has been updated to work with API version 14 in Spacewalk 2.1 (Thanks, Rolf)
  • 20140316: Fixed support for API version 14 (Thanks, Christian)
  • 20140711: Errata XML now contains CentOS 7 announcements. And also: Happy Birthday, Mom!
  • 20140723: Errata XML now contains proper announcements for Xen4CentOS (Thanks, Scott)
  • 20140724: The errata-import script has been update to work with API version 15. A --ignore-api-version has been added. (Thanks, Martin and Christian)
  • 20140825: Errata XML now contains CentOS unique announcements (e.g. CEBA-2014:C001)
  • 20140904: To further improve the Errata quality I have started some semi-automated QA. You may therefore see old Errata being added/updated where RPM file names had been incorrect and now fixed.
  • 20140930: The errata-import script has been updated to support exclusion of errata (--exclude-errata)
  • 20141002: There seems to be an issue with importing errata into Spacewalk 2.2. If you experience it, please let me know and report it on the Spacewalk Mailing List
  • 20141002: The errata-import script has been updated to fix the new exclude errata feature
  • 20141007: The errata-import script has been updated to support Satellite 5.6. Satellite apparently uses slightly different API version strings (Thanks, Christian)
  • 20141121: The XML update process has failed for the past two weeks. This is now fixed and everything should be back to normal.
  • 20150105: The first XML update of 2015 is now available, so Happy New Year!
  • 20150420: The errata-import script has been updated to support Spacewalk 2.3 (Thanks, Ugur and Bren)
  • 20150630: The errata-import script has been updated to fix a wrong error message when missing modules


  • Download the latest errata XML file HERE (last updated: June 30, 2015)
  • Download the latest Red Hat OVAL file HERE (optional)
  • Download the errata-import.tar script HERE
  • Extract the downloaded tarball in an empty directory (tar xf errata-import.tar)
  • Make the main script executeable (chmod 755 errata-import.pl)
  • Run the script and follow the instructions (./errata-import.pl)


  • Depending on the performance of your server the inventory process may take multiple minutes per channel (Hint: use --include-channels)
  • All errata are created but not published so you can review them (Hint: look at --publish)
  • You can publish errata via the Web and/or API

    Frequently Asked Questions

  • How (often) is the XML file generated?

    The file is generated by first parsing the CentOS-Announce Archives. A few glitches I found are then fixed and information for CentOS 5.8 (sent unparseable) is added. Finally there are a few sanity checks before the file is released. This process is now fully automated.

  • Can I download the file regularly?

    Yes, of course. If you use wget please use -N to download only if it has changed.

  • Something isn't working. Where can I get help?

    Please run the script with --debug and send me the output via email or upload it to some place like Pastebin and send me a link to it. I will try to help you as time permits.

  • How do I set username and password for the script?

    Set the environment variables SPACEWALK_USER and SPACEWALK_PASS accordingly. Example:

    export SPACEWALK_USER='admin'
    export SPACEWALK_PASS='supersecret'

    Then run the script.

  • I get "Authentication FAILED" errors but the password is correct?

    Make sure that you put your password in parantheses. Otherwise your shell will turn PASSWORD=super$ecret into "super" as $ecret is not defined. Bummer, I know.

    Also note that the script requires a username/password combination for the Spacewalk API and NOT for the underlying Postgres/Oracle database.


    I would like to hear how this tool works for you. You can contact me via email: email (at) steve (dash) meier (dot) de

    If you find this tool helpful and would like to show your appreciation you can do so via PayPal or Flattr: Flattr this


  • A good blog entry describing CEFS (in german AND english)
  • A bachelor thesis on Spacewalk that mentions CEFS
  • A tool to generate an updateinfo.xml from my errata XML file

    If you don't like my approach here are a few other tools that you could look at:
  • Configuring Spacewalk to import CentOS | MISDivision Blog
  • Centos Errata Import Scripts (not updated since early 2012)