CEFS: CentOS Errata for Spacewalk
This fine piece of software allows you to import errata information from the CentOS-Announce mailing list into
For security announcements details from Red Hat (RHSA) can be imported optionally.
20120504: The errata-import script has been updated. It is now capable to import descriptions from Red Hat's OVAL file which you can find
HERE (Trent Johnson suggested this on the Spacewalk Mailing-List, thanks)
20120520: Added missing Security Announcements from CentOS 5.8
20120610: Added a command-line option to publish errata after creation. Added options to select type of errata (Security, Bug Fix, Enhancement)
20120619: Added missing Product Enhancement Announcements from CentOS 5.8
20120718: Added missing Bug Fix Announcements from CentOS 5.8
20120917: The errata-import script has been updated. I fixed the --publish option to work as expected. CVEs are now added to Security Advisories.
20120922: The errata-import script has been updated. It now checks the users permissions before publishing.
20120925: Checksums are now available as SHA1 and MD5
20120926: The errata-import script has been updated. User permission check has been improved.
20121005: Errata XML generation has been fully automated.
20121020: Errata XML is now also available in compressed formats: gzip and bzip2
20130114: The errata-import script has been updated. Removed patched Frontier-Client.pm.
20130211: You can now flattr this website.
20130218: The errata-import script has been updated to support Debian Advisories
20130301: The errata-import script and XML have been updated to support the reboot_suggested keyword.
20130313: The errata-import script has been updated to work with API version 12 in Spacewalk 1.9 (Thanks, James)
20130323: The errata-import script has been updated to add packages to existing Errata (new feature)
20130326: Errata XML now contains issue_date and severity fields. It no longer contains advisories from 2006 and before.
20130909: The errata-import script has been updated to work with API version 13 in Spacewalk 2.0 (Thanks, Alex)
20131121: Added missing Announcements from CentOS 5.10
20131208: Errata XML now contains information from the cr-announce-list (Thanks, Kris)
20131210: The addition of the CR Errata broke the parsing for the last two days. Should be fixed now. Sorry. (Thanks, Shawn)
20131213: The errata-import script has been updated to include a --quiet option (Thanks, Aron)
20140311: The errata-import script has been updated to work with API version 14 in Spacewalk 2.1 (Thanks, Rolf)
20140316: Fixed support for API version 14 (Thanks, Christian)
20140711: Errata XML now contains CentOS 7 announcements. And also: Happy Birthday, Mom!
20140723: Errata XML now contains proper announcements for Xen4CentOS (Thanks, Scott)
20140724: The errata-import script has been update to work with API version 15. A --ignore-api-version has been added. (Thanks, Martin and Christian)
20140825: Errata XML now contains CentOS unique announcements (e.g. CEBA-2014:C001)
20140904: To further improve the Errata quality I have started some semi-automated QA. You may therefore see old Errata being added/updated where RPM file names had been incorrect and now fixed.
20140930: The errata-import script has been updated to support exclusion of errata (--exclude-errata)
20141002: There seems to be an issue with importing errata into Spacewalk 2.2. If you experience it, please let me know and report it on the Spacewalk Mailing List
20141002: The errata-import script has been updated to fix the new exclude errata feature
20141007: The errata-import script has been updated to support Satellite 5.6. Satellite ap¼parentlyuses slightly different API version strings (Thanks, Christian)
Download the latest errata XML file HERE (last updated: October 24, 2014)
Download the latest Red Hat OVAL file HERE (optional)
Download the errata-import.tar script HERE
Extract the downloaded tarball in an empty directory (tar xf errata-import.tar)
Make the main script executeable (chmod 755 errata-import.pl)
Run the script and follow the instructions (./errata-import.pl)
Depending on the performance of your server the inventory process may take multiple minutes per channel (Hint: use --include-channels)
All errata are created but not published so you can review them (Hint: look at --publish)
You can publish errata via the Web and/or API
Frequently Asked Questions
How (often) is the XML file generated?
The file is generated by first parsing the CentOS-Announce Archives. A few glitches I found are then fixed and information for CentOS 5.8 (sent unparseable) is added. Finally there are a few sanity checks before the file is released. This process is now fully automated.
Can I download the file regularly?
Yes, of course. If you use wget please use -N to download only if it has changed.
Something isn't working. Where can I get help?
Please run the script with --debug and send me the output via email or upload it to some place like Pastebin and send me a link to it. I will try to help you as time permits.
How do I set username and password for the script?
Set the environment variables SPACEWALK_USER and SPACEWALK_PASS accordingly. Example:
Then run the script.
I get "Authentication FAILED" errors but the password is correct?
Make sure that you put your password in parantheses. Otherwise your shell will turn PASSWORD=super$ecret into "super" as $ecret is not defined. Bummer, I know.
Also note that the script requires a username/password combination for the Spacewalk API and NOT for the underlying Postgres/Oracle database.
I would like to hear how this tool works for you. You can contact me via email:
email (at) steve (dash) meier (dot) de
If you find this tool helpful and would like to show your appreciation you can do so via PayPal or Flattr:
A good blog entry describing CEFS (in german AND english)
A bachelor thesis on Spacewalk that mentions CEFS
A tool to generate an updateinfo.xml from my errata XML file
If you don't like my approach here are a few other tools that you could look at:
Configuring Spacewalk to import CentOS | MISDivision Blog
Centos Errata Import Scripts (not updated since early 2012)