CEFS: CentOS Errata for Spacewalk

This fine piece of software allows you to import errata information from the CentOS-Announce mailing list into your Spacewalk-Server.
For security announcements details from Red Hat (RHSA) can be imported optionally.

News

  • 2017-01-01: Happy New Year! The XML no longer contains errata for CentOS 4 (and below) only. For the digital archeologists, the latest commit including these can be found on GitHub
  • 2017-02-12: The errata-import script has been updated to fix an issue with HTML enconding for Debian again. (Thanks, Bernhard)
  • 2017-02-23: There is a new local root exploit that will need patching: CVE-2017-6074.
  • 2017-03-27: As CentOS 5 will reach its EOL on March 31st, I will remove errata for CentOS 5 and older on May 1st.
  • 2017-04-09: The page layout has been updated using Bootstrap.
  • 2017-05-01: As announced, Errata for CentOS 5 and older have been removed. The last version containing them can be found on GitHub
  • 2017-06-21: There are some reports (Icinga2) that the packages from CESA-2017:1484 are causing issues. You may want to postpone upgrading for now.
  • 2017-07-23: I have made some changes to the webserver configuration. HEAD requests are now served directly, GET requests are still redirected to GitHub. Let me know if you encounter any issues.
  • 2017-07-28: Fixed an error in the webserver configuration. All files should download fine again (Thanks, Christopher)
  • 2017-09-30: The errata-import script has been updated to support Spacewalk 2.7
  • 2017-10-08: If you don't have Spacewalk, you can now use my updateinfo repository to get errata information into yum.
  • 2017-10-19: After enabling two-factor authentication on my GitHub account 'git push' no longer worked. This is now fixed.
  • 2018-01-01: Happy New Year! As a new year is a good opportunity for a retrospect, I have done so and found an off-by-one bug in the mailing-list parser. This bug caused some postings to the mailing-list to be ignored when they should not have been. Therefore, many errata are updated and also some newly created (that only have one RPM associated). Sorry for any inconvenience this may have caused.
  • 2018-03-06: The errata-import script has been updated to fix Issue #4
  • 2018-04-19: The errata-import script has been updated to support Spacewalk 2.8 and set the newly added severity field
  • 2018-05-09: I am currently testing BunnyCDN to deliver the uncompressed XML file instead of linking to GitHub. Let me know if you encounter any problems.
  • 2018-05-23: The XML file delivered through the CDN is now limited to the last 180 days, due to size. The bz2 compressed version (see below) and the GitHub repository still contain all data should you need it.
  • 2018-05-23: Issue #10, related to the CDN, has been fixed.
  • 2018-05-26: After reducing the XML file to 180 days of content, the checksums (MD5/SHA1) were incorrect. This has been fixed. (Thanks, Andrew)
  • 2018-05-31: There was an issue with uploading the XML to the CDN. This is now fixed.
  • 2018-07-10: There seems to have been an issue with the CDN delivering an old version of the XML. This should now be fixed.

  • Usage

  • Download the latest errata XML file HERE (uncompressed) or bz2 compressed (last updated: November 16, 2018)
  • Download the latest Red Hat OVAL file HERE (optional)
  • Download the errata-import.tar script HERE or the included script HERE
  • Extract the downloaded tarball in an empty directory (tar xf errata-import.tar)
  • Make the main script executeable (chmod 755 errata-import.pl)
  • Run the script and follow the instructions (./errata-import.pl)
  • Notes

  • Depending on the performance of your server the inventory process may take multiple minutes per channel (Hint: use --include-channels)
  • All errata are created but not published so you can review them (Hint: look at --publish)
  • You can publish errata via the Web and/or API

  • Frequently Asked Questions (FAQ)

  • How (often) is the XML file generated?

    The file is generated by first parsing the CentOS-Announce Archives. A few glitches I found are then fixed and information for CentOS 5.8 (sent unparseable) is added. Finally there are a few sanity checks before the file is released. This process is now fully automated.

  • Can I download the file regularly?

    Yes, of course. If you use wget please use -N to download only if it has changed.

  • Can I get the script that generates the XML file?

    No.

  • Something isn't working. Where can I get help?

    Please run the script with --debug and send me the output via email or upload it to some place like Pastebin and send me a link to it. I will try to help you as time permits.

  • How do I set username and password for the script?

    Set the environment variables SPACEWALK_USER and SPACEWALK_PASS accordingly. Example:

    export SPACEWALK_USER='admin'
    export SPACEWALK_PASS='supersecret'

  • I get a "500 read timeout" error when importing errata. Why?

    Your server is likely underpowered. Spacewalk runs a webserver, an application server and a database, all of which need RAM and I/O resources. Check the prerequisites section in the Spacewalk Wiki.

  • I get "Authentication FAILED" errors but the password is correct?

    Make sure that you put your password in parantheses. Otherwise your shell will turn PASSWORD=super$ecret into "super" as $ecret is not defined. Bummer, I know.
    Also note that the script requires a username/password combination for the Spacewalk API and NOT for the underlying Postgres/Oracle database.

  • I don't have Spacewalk. Can I still use this?

    Yes, you actually can. I have recently (October 2017) created a designated yum repository that includes the errata information.
    You can find more information about this repository here.

  • Can I use this with Spacewalk 6 / Katello?

    I have received feedback that pulp_centos_errata_import does the trick. I have not tried this myself nor do I have any experience with these tools.
    A user has also reported that katello-centos-errata-import works for him.


  • Feedback

    I would like to hear how this tool works for you. You can contact me via email: email (at) steve (dash) meier (dot) de

    If you find this tool helpful and would like to show your appreciation you can do so via PayPal:


    Alternatively, you can donate Bitcoin to 1DftUtWs8XRNqmWwq6ENXfGUbwEDMneTYs.

    Links