diff options
| author | fuzzyray <fuzzyray@gentoo.org> | 2009-05-20 21:53:30 +0000 |
|---|---|---|
| committer | fuzzyray <fuzzyray@gentoo.org> | 2009-05-20 21:53:30 +0000 |
| commit | 4138f5b1b6dbcf1042663a45b3eae1e652bfc9be (patch) | |
| tree | d97e27d65dd4946cc37720e8270b0a5f4277dbd4 /bin/glsa-check | |
| parent | b6a2a23926d54ccfa9a1ce331c1bc97dbe2c73d1 (diff) | |
| download | gentoolkit-4138f5b1b6dbcf1042663a45b3eae1e652bfc9be.tar.gz | |
Do not inject GLSAs into the checkfile when fixing them
There is no reason applied GLSAs must be stored in a checkfile. In the
current glsa-check GUI this will make it impossible to determine whether
the system is still affected by the GLSA (e.g. by re-emerging, or when a
GLSA is changed afterwards).
The current place for the checkfile (/var/cache) is not persistent per
FHS, meaning that people might clean out the contents of their injected
GLSAs. Since glsa.py is moving to portage anyway, we can use
/var/lib/portage as a place to store the injected GLSAs. Documentation
has been updated accordingly.
Note that the old checkfile should not be moved to the previous location
on upgrade since this will cause false negatives due to the above
arguments. A message should appear on upgrade (pkg_postinst or similar).
svn path=/trunk/gentoolkit/; revision=649
Diffstat (limited to 'bin/glsa-check')
| -rw-r--r-- | bin/glsa-check | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/bin/glsa-check b/bin/glsa-check index d5ac4e1..3c91d5e 100644 --- a/bin/glsa-check +++ b/bin/glsa-check @@ -29,7 +29,7 @@ optionmap = [ ["-t", "--test", "test if this system is affected by the given GLSA"], ["-p", "--pretend", "show the necessary commands to apply this GLSA"], ["-f", "--fix", "try to auto-apply this GLSA (experimental)"], -["-i", "--inject", "inject the given GLSA into the checkfile"], +["-i", "--inject", "inject the given GLSA into the glsa_injected file"], ["-n", "--nocolor", "disable colors (option)"], ["-e", "--emergelike", "do not use a least-change algorithm (option)"], ["-h", "--help", "show this help message"], @@ -204,7 +204,7 @@ def summarylist(myglsalist, fd1=sys.stdout, fd2=sys.stderr, encoding="utf-8"): fd1 = codecs.getwriter(encoding)(fd1) fd2 = codecs.getwriter(encoding)(fd2) if not quiet: - fd2.write(white("[A]")+" means this GLSA was already applied,\n") + fd2.write(white("[A]")+" means this GLSA was marked as applied (injected),\n") fd2.write(green("[U]")+" means the system is not affected and\n") fd2.write(red("[N]")+" indicates that the system might be affected.\n\n") @@ -216,7 +216,7 @@ def summarylist(myglsalist, fd1=sys.stdout, fd2=sys.stderr, encoding="utf-8"): if verbose: fd2.write(("invalid GLSA: %s (error message was: %s)\n" % (myid, e))) continue - if myglsa.isApplied(): + if myglsa.isInjected(): status = "[A]" color = white elif myglsa.isVulnerable(): @@ -289,7 +289,6 @@ if mode in ["dump", "fix", "inject", "pretend"]: sys.exit(exitcode) if len(mergelist): sys.stdout.write("\n") - myglsa.inject() elif mode == "pretend": sys.stdout.write("Checking GLSA "+myid+"\n") if not myglsa.isVulnerable(): |