CEFS: CentOS Errata for Spacewalk
This fine piece of software allows you to import errata information from the CentOS-Announce mailing list into
For security announcements details from Red Hat (RHSA) can be imported optionally.
20120504: The errata-import script has been updated. It is now capable to import descriptions from Red Hat's OVAL file which you can find
HERE (Trent Johnson suggested this on the Spacewalk Mailing-List, thanks)
20120520: Added missing Security Announcements from CentOS 5.8
20120610: Added a command-line option to publish errata after creation. Added options to select type of errata (Security, Bug Fix, Enhancement)
20120619: Added missing Product Enhancement Announcements from CentOS 5.8
20120718: Added missing Bug Fix Announcements from CentOS 5.8
20120917: The errata-import script has been updated. I fixed the --publish option to work as expected. CVEs are now added to Security Advisories.
20120922: The errata-import script has been updated. It now checks the users permissions before publishing.
20120925: Checksums are now available as SHA1 and MD5
20120926: The errata-import script has been updated. User permission check has been improved.
20121005: Errata XML generation has been fully automated.
20121020: Errata XML is now also available in compressed formats: gzip and bzip2
20130114: The errata-import script has been updated. Removed patched Frontier-Client.pm.
20130211: You can now flattr this website.
20130218: The errata-import script has been updated to support Debian Advisories
20130301: The errata-import script and XML have been updated to support the reboot_suggested keyword.
20130313: The errata-import script has been updated to work with API version 12 in Spacewalk 1.9 (Thanks, James)
20130323: The errata-import script has been updated to add packages to existing Errata (new feature)
20130326: Errata XML now contains issue_date and severity fields. It no longer contains advisories from 2006 and before.
20130909: The errata-import script has been updated to work with API version 13 in Spacewalk 2.0 (Thanks, Alex)
20131121: Added missing Announcements from CentOS 5.10
20131208: Errata XML now contains information from the cr-announce-list (Thanks, Kris)
20131210: The addition of the CR Errata broke the parsing for the last two days. Should be fixed now. Sorry. (Thanks, Shawn)
20131213: The errata-import script has been updated to include a --quiet option (Thanks, Aron)
20140311: The errata-import script has been updated to work with API version 14 in Spacewalk 2.1 (Thanks, Rolf)
20140316: Fixed support for API version 14 (Thanks, Christian)
20140711: Errata XML now contains CentOS 7 announcements. And also: Happy Birthday, Mom!
20140723: Errata XML now contains proper announcements for Xen4CentOS (Thanks, Scott)
20140724: The errata-import script has been update to work with API version 15. A --ignore-api-version has been added. (Thanks, Martin and Christian)
20140825: Errata XML now contains CentOS unique announcements (e.g. CEBA-2014:C001)
20140904: To further improve the Errata quality I have started some semi-automated QA. You may therefore see old Errata being added/updated where RPM file names had been incorrect and now fixed.
20140930: The errata-import script has been updated to support exclusion of errata (--exclude-errata)
20141002: There seems to be an issue with importing errata into Spacewalk 2.2. If you experience it, please let me know and report it on the Spacewalk Mailing List
20141002: The errata-import script has been updated to fix the new exclude errata feature
20141007: The errata-import script has been updated to support Satellite 5.6. Satellite apparently uses slightly different API version strings (Thanks, Christian)
20141121: The XML update process has failed for the past two weeks. This is now fixed and everything should be back to normal.
Download the latest errata XML file HERE (last updated: December 20, 2014)
Download the latest Red Hat OVAL file HERE (optional)
Download the errata-import.tar script HERE
Extract the downloaded tarball in an empty directory (tar xf errata-import.tar)
Make the main script executeable (chmod 755 errata-import.pl)
Run the script and follow the instructions (./errata-import.pl)
Depending on the performance of your server the inventory process may take multiple minutes per channel (Hint: use --include-channels)
All errata are created but not published so you can review them (Hint: look at --publish)
You can publish errata via the Web and/or API
Frequently Asked Questions
How (often) is the XML file generated?
The file is generated by first parsing the CentOS-Announce Archives. A few glitches I found are then fixed and information for CentOS 5.8 (sent unparseable) is added. Finally there are a few sanity checks before the file is released. This process is now fully automated.
Can I download the file regularly?
Yes, of course. If you use wget please use -N to download only if it has changed.
Something isn't working. Where can I get help?
Please run the script with --debug and send me the output via email or upload it to some place like Pastebin and send me a link to it. I will try to help you as time permits.
How do I set username and password for the script?
Set the environment variables SPACEWALK_USER and SPACEWALK_PASS accordingly. Example:
Then run the script.
I get "Authentication FAILED" errors but the password is correct?
Make sure that you put your password in parantheses. Otherwise your shell will turn PASSWORD=super$ecret into "super" as $ecret is not defined. Bummer, I know.
Also note that the script requires a username/password combination for the Spacewalk API and NOT for the underlying Postgres/Oracle database.
I would like to hear how this tool works for you. You can contact me via email:
email (at) steve (dash) meier (dot) de
If you find this tool helpful and would like to show your appreciation you can do so via PayPal or Flattr:
A good blog entry describing CEFS (in german AND english)
A bachelor thesis on Spacewalk that mentions CEFS
A tool to generate an updateinfo.xml from my errata XML file
If you don't like my approach here are a few other tools that you could look at:
Configuring Spacewalk to import CentOS | MISDivision Blog
Centos Errata Import Scripts (not updated since early 2012)