CEFS: CentOS Errata for Spacewalk

This fine piece of software allows you to import errata information from the CentOS-Announce mailing list into your Spacewalk-Server.
For security announcements details from Red Hat (RHSA) can be imported optionally.


  • 2017-01-01: Happy New Year! The XML no longer contains errata for CentOS 4 (and below) only. For the digital archeologists, the latest commit including these can be found on GitHub
  • 2017-02-12: The errata-import script has been updated to fix an issue with HTML enconding for Debian again. (Thanks, Bernhard)
  • 2017-02-23: There is a new local root exploit that will need patching: CVE-2017-6074.
  • 2017-03-27: As CentOS 5 will reach its EOL on March 31st, I will remove errata for CentOS 5 and older on May 1st.
  • 2017-04-09: The page layout has been updated using Bootstrap.
  • 2017-05-01: As announced, Errata for CentOS 5 and older have been removed. The last version containing them can be found on GitHub
  • 2017-06-21: There are some reports (Icinga2) that the packages from CESA-2017:1484 are causing issues. You may want to postpone upgrading for now.
  • 2017-07-23: I have made some changes to the webserver configuration. HEAD requests are now served directly, GET requests are still redirected to GitHub. Let me know if you encounter any issues.
  • 2017-07-28: Fixed an error in the webserver configuration. All files should download fine again (Thanks, Christopher)
  • 2017-09-30: The errata-import script has been updated to support Spacewalk 2.7
  • 2017-10-08: If you don't have Spacewalk, you can now use my updateinfo repository to get errata information into yum.
  • 2017-10-19: After enabling two-factor authentication on my GitHub account 'git push' no longer worked. This is now fixed.

  • Usage

  • Download the latest errata XML file HERE (uncompressed) or bz2 compressed (last updated: December 09, 2017)
  • Download the latest Red Hat OVAL file HERE (optional)
  • Download the errata-import.tar script HERE or the included script HERE
  • Extract the downloaded tarball in an empty directory (tar xf errata-import.tar)
  • Make the main script executeable (chmod 755 errata-import.pl)
  • Run the script and follow the instructions (./errata-import.pl)
  • Notes

  • Depending on the performance of your server the inventory process may take multiple minutes per channel (Hint: use --include-channels)
  • All errata are created but not published so you can review them (Hint: look at --publish)
  • You can publish errata via the Web and/or API

  • Frequently Asked Questions (FAQ)

  • How (often) is the XML file generated?

    The file is generated by first parsing the CentOS-Announce Archives. A few glitches I found are then fixed and information for CentOS 5.8 (sent unparseable) is added. Finally there are a few sanity checks before the file is released. This process is now fully automated.

  • Can I download the file regularly?

    Yes, of course. If you use wget please use -N to download only if it has changed.

  • Can I get the script that generates the XML file?


  • Something isn't working. Where can I get help?

    Please run the script with --debug and send me the output via email or upload it to some place like Pastebin and send me a link to it. I will try to help you as time permits.

  • How do I set username and password for the script?

    Set the environment variables SPACEWALK_USER and SPACEWALK_PASS accordingly. Example:

    export SPACEWALK_USER='admin'
    export SPACEWALK_PASS='supersecret'

  • I get a "500 read timeout" error when importing errata. Why?

    Your server is likely underpowered. Spacewalk runs a webserver, an application server and a database, all of which need RAM and I/O resources. Check the prerequisites section in the Spacewalk Wiki.

  • I get "Authentication FAILED" errors but the password is correct?

    Make sure that you put your password in parantheses. Otherwise your shell will turn PASSWORD=super$ecret into "super" as $ecret is not defined. Bummer, I know.
    Also note that the script requires a username/password combination for the Spacewalk API and NOT for the underlying Postgres/Oracle database.

  • I don't have Spacewalk. Can I still use this?

    Yes, you actually can. I have recently (October 2017) created a designated yum repository that includes the errata information.
    You can find more information about this repository here.

  • Feedback

    I would like to hear how this tool works for you. You can contact me via email: email (at) steve (dash) meier (dot) de

    If you find this tool helpful and would like to show your appreciation you can do so via PayPal:

    Alternatively, you can donate Bitcoin to 1DftUtWs8XRNqmWwq6ENXfGUbwEDMneTYs.