CEFS: CentOS Errata for Spacewalk

This fine piece of software allows you to import errata information from the CentOS-Announce mailing list into your Spacewalk-Server.
For security announcements details from Red Hat (RHSA) can be imported optionally.

News

  • 2020-01-02: Happy New Year! 2020 starts with a bunch of fresh errata for CentOS 8.
  • 2020-01-06: The errata-import script has been updated to fix Issue #21
  • 2020-03-19: Maybe due to Covid-19, CentOS has recently published updates without sending errata information to the mailing list. For this reason, the data is currently slightly out-of-date. If this continues, I may update it manually.
  • 2020-03-22: The errata-import script has been updated to support Spacewalk 2.10. Please note that this is the last official release. You may want to consider migrating to Katello, which is the upstream of RedHat Satellite 6.
  • 2020-03-26: Today the missing announcements from CentOS arrived, so the XML is up-to-date again.
  • 2020-07-05: Today's commit contains a big update on CentOS 8 with 350 errata. CentOS 8 support remains in BETA.
  • 2020-07-10: The errata-import script has been updated to include a Pull Requests from SuSE for compatibility with Uyuni.
  • 2020-08-07: The errata-import script has been updated to include a Pull Request to fix a rare 'Errata already exists' error.
  • 2020-10-15: I have added a new tool to the repository: yum-history-html.pl. It turns the YUM history into a nice HTML page, enriched with errata information. Could be very useful for audits. Let me know if you find this helpful.
  • 2020-10-20: The errata-import script has been updated to include a Pull Request to add the --recent option.
  • 2020-10-23: The errata-import script has been updated to fix Issue #31
  • 2020-12-03: Today's update should include the final set of CentOS 6 errata, which has reached EOL. CentOS 6 errata will be removed on January 1st, 2021 as they will no longer be relevant.
  • 2021-02-01: Happy New Year! As announced, CentOS 6 errata have now been removed. The last commit to include them can be found here.
  • 2021-03-03: The errata-import script has been updated to support API version 25 in Uyuni 2021.02.
  • 2021-05-01: The errata-import script has been updated to support a new Errata attribute (advisory_status), which was recently introduced. See Issue #33 for details.
  • 2021-08-03: This week CentOS issued a few errata with wrong references and also seems to be missing some. I have added manual fixes to the data.
  • 2021-10-15: Something is fishy with the recent libxml2 updates. It seems that CentOS is lagging one commit behind Red Hat and also Scientific Linux. I have reported this to the mailing list.
  • 2021-10-26: CentOS has fixed the libxml2 issue yesterday.
  • 2021-10-27: It seems that Red Hat is no longer serving their OVAL data as uncompressed XML and redirect to the bzip2-compressed version instead. You will need to adapt your download script to deal with that as Perl can not read bzip2 without creating new dependencies.
  • 2021-12-20: The errata-import script has been updated to provide a better error message when encountering a compressed OVAL file.
  • 2022-01-02: Today brings what is probably the last update for CentOS 8 errata as it has reached EOL. This project will continue providing errata information for CentOS 7 until its EOL in mid 2024. Happy New Year!
  • 2022-04-05: The errata-import script has been updated to support API version 26 in Uyuni 2022.03.
  • 2023-07-09: A quick reminder that there are now 12 months left until the end-of-life for CentOS 7. If you haven't started migration plans already, now is the time. This project will continue until the EOL date.
  • 2023-07-11: Red Hat has changed their distribution mechanism for OVAL data. The com.redhat.rhsa-all.xml seems to no longer be available. The rhel-7.oval.xml.bz2 is hopefully a replacement. I haven't tested this though, so any feedback is welcome.

  • Usage

  • Download the latest errata XML file HERE (uncompressed) or bz2 compressed (last updated: March 07, 2024)
  • Download the latest Red Hat OVAL file HERE (optional)
  • Download the errata-import.tar script HERE or the included script HERE
  • Extract the downloaded tarball in an empty directory (tar xf errata-import.tar)
  • Make the main script executeable (chmod 755 errata-import.pl)
  • Run the script and follow the instructions (./errata-import.pl)
  • Notes

  • Depending on the performance of your server the inventory process may take multiple minutes per channel (Hint: use --include-channels)
  • All errata are created but not published so you can review them (Hint: look at --publish)
  • You can publish errata via the Web and/or API

  • Frequently Asked Questions (FAQ)

  • How (often) is the XML file generated?

    The file is generated by first parsing the CentOS-Announce Archives. A few glitches I found are then fixed and information for CentOS 5.8 (sent unparseable) is added. Finally there are a few sanity checks before the file is released. This process is now fully automated.

  • Can I download the file regularly?

    Yes, of course. If you use wget please use -N to download only if it has changed.

  • Can I get the script that generates the XML file?

    No.

  • Something isn't working. Where can I get help?

    Please run the script with --debug and send me the output via email or upload it to some place like Pastebin and send me a link to it. I will try to help you as time permits.

  • How do I set username and password for the script?

    Set the environment variables SPACEWALK_USER and SPACEWALK_PASS accordingly. Example:

    export SPACEWALK_USER='admin'
    export SPACEWALK_PASS='supersecret'

  • I get a "500 read timeout" error when importing errata. Why?

    Your server is likely underpowered. Spacewalk runs a webserver, an application server and a database, all of which need RAM and I/O resources. Check the prerequisites section in the Spacewalk Wiki.

  • I get "Authentication FAILED" errors but the password is correct?

    Make sure that you put your password in parantheses. Otherwise your shell will turn PASSWORD=super$ecret into "super" as $ecret is not defined. Bummer, I know.
    Also note that the script requires a username/password combination for the Spacewalk API and NOT for the underlying Postgres/Oracle database.

  • I don't have Spacewalk. Can I still use this?

    Yes, you actually can. I have recently (October 2017) created a designated yum repository that includes the errata information.
    You can find more information about this repository here.

  • Can I use this with Spacewalk 6 / Katello?

    I have received feedback that pulp_centos_errata_import does the trick. I have not tried this myself nor do I have any experience with these tools.
    A user has also reported that katello-centos-errata-import works for him.

  • Will you support CentOS 8?

    CentOS 8 is supported.

  • Will you support CentOS 8-Stream?

    No. If it gets off the ground, I may support Rocky Linux.Rocky Linux is publishing errata directly and they are integrated into the repositories.

  • Can I use this with Uyuni?

    I have recevied feedback that importing the Errata into Uyuni 4.02 works with no changes.


  • Feedback

    I would like to hear how this tool works for you. You can contact me via email: email (at) steve (dash) meier (dot) de

    If you find this tool helpful and would like to show your appreciation you can do so via PayPal:


    Alternatively, you can donate Bitcoin to 1DftUtWs8XRNqmWwq6ENXfGUbwEDMneTYs.

    Links