Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Gentoo>
  3. Security
broken glsa-check??? No GLSA's???
drew.kirkpatrick at gmail
Feb 11, 2005, 7:33 AM
Post #1 of 13 (5019 views)
Permalink
No bites on the forums, thought I'd hit this up here and see what you
folks think. This has been going on over a week now.

This is weird, I have 3 gentoo boxes, 2 are amd64, one's ppc. The two
at home are still working fine, but the amd64 at work no longer
reports glsa-check --list correctly. Here's what I get:


shadowcat(root)> glsa-check --list
WARNING: This tool is completely new and not very tested, so it should not be
used on production systems. It's mainly a test tool for the new GLSA release
and distribution system, it's functionality will later be merged into emerge
and equery.
Please read http://www.gentoo.org/proj/en/portage/glsa-integration.xml
before using this tool AND before reporting a bug.

[A] means this GLSA was already applied,
[U] means the system is not affected and
[N] indicates that the system might be affected.

shadowcat(root)>



Nothing. I run this every morning after I sync. I ignored it the first
two days, but this is like 4 workdays in a row that glsa-check doesn't
report ANY GLSA's. glsa-check --list still works at home. The only
difference I can see is that the one with the glsa-check problem must
be emerge-webrsync'd because of the base's firewall. Could this be
related to the emerge-webrsync'ing? I do normal emerge --sync's at
home, and glsa-check still works there.
I'm running gentoolkit version 0.2.0...

Any ideas why I no longer see any GLSA's? I rely on this pretty
heavily to keep my systems patched.


-Drew

--
gentoo-security@gentoo.org mailing list
Re: broken glsa-check??? No GLSA's??? [ In reply to ]
koon at gentoo
Feb 11, 2005, 3:02 PM
Post #2 of 13 (4931 views)
Permalink
Drew Kirkpatrick wrote:

> Could this be
> related to the emerge-webrsync'ing? I do normal emerge --sync's at
> home, and glsa-check still works there.
> I'm running gentoolkit version 0.2.0...

GLSAs are synced in /usr/portage/metadata/glsa, have a look in there and
see what happens before/after your sync...

--
Koon

--
gentoo-security@gentoo.org mailing list
Re: broken glsa-check??? No GLSA's??? [ In reply to ]
gentoo-security at umtstrial
Feb 11, 2005, 4:35 PM
Post #3 of 13 (4933 views)
Permalink
On Fri, Feb 11, 2005 at 11:02:34PM +0100, Thierry Carrez wrote:

> GLSAs are synced in /usr/portage/metadata/glsa, have a look in there and
> see what happens before/after your sync...

Oh, that's a shame...

I would have thought the best option would be to have it download an xml
file from gentoo.org or something.

Otherwise this means that you have to do entire syncs daily (or more
often) just to check if you need any security patches.

I would prefer to run the script to see if I need any updates, and then
sync if I did.


Calum

>
> --
> Koon
>
> --
> gentoo-security@gentoo.org mailing list
>

--
gentoo-security@gentoo.org mailing list
Re: broken glsa-check??? No GLSA's??? [ In reply to ]
drew.kirkpatrick at gmail
Feb 11, 2005, 9:33 PM
Post #4 of 13 (4927 views)
Permalink
Oops, I rarely update world/system, I mostly just look for security
patches. Is there a less intrusive means on the servers of syncing
glsa's without emerge --syncing or emerge-webrsyncing?? If so great,
but why did it stop working in the first place? I thought everyone was
syncing their glsa's through daily portage syncs (doh!). Anyone point
a clearly confused individual in the right direction?




On Fri, 11 Feb 2005 23:35:36 +0000, Calum
<gentoo-security@umtstrial.co.uk> wrote:
> On Fri, Feb 11, 2005 at 11:02:34PM +0100, Thierry Carrez wrote:
>
> > GLSAs are synced in /usr/portage/metadata/glsa, have a look in there and
> > see what happens before/after your sync...
>
> Oh, that's a shame...
>
> I would have thought the best option would be to have it download an xml
> file from gentoo.org or something.
>
> Otherwise this means that you have to do entire syncs daily (or more
> often) just to check if you need any security patches.
>
> I would prefer to run the script to see if I need any updates, and then
> sync if I did.
>
>
> Calum
>
> >
> > --
> > Koon
> >
> > --
> > gentoo-security@gentoo.org mailing list
> >
>
> --
> gentoo-security@gentoo.org mailing list
>
>

--
gentoo-security@gentoo.org mailing list
Re: broken glsa-check??? No GLSA's??? [ In reply to ]
pauldv at gentoo
Feb 25, 2005, 1:06 PM
Post #5 of 13 (4926 views)
Permalink
On Saturday 12 February 2005 05:33, Drew Kirkpatrick wrote:
> Oops, I rarely update world/system, I mostly just look for security
> patches. Is there a less intrusive means on the servers of syncing
> glsa's without emerge --syncing or emerge-webrsyncing?? If so great,
> but why did it stop working in the first place? I thought everyone was
> syncing their glsa's through daily portage syncs (doh!). Anyone point
> a clearly confused individual in the right direction?

You could just sync the glsa directory instead of the whole tree. That should
serve the purpose.

Paul

--
Paul de Vrieze
Gentoo Developer
Mail: pauldv@gentoo.org
Homepage: http://www.devrieze.net
Re: broken glsa-check??? No GLSA's??? [ In reply to ]
drew.kirkpatrick at gmail
Feb 25, 2005, 1:33 PM
Post #6 of 13 (4923 views)
Permalink
This was an emerge-webrsync problem that they've fixed, bug ID 81824.
Lance Albertson said something about a small problem migrating to
their new server. Works great now :)


-Drew


On Fri, 25 Feb 2005 21:06:44 +0100, Paul de Vrieze <pauldv@gentoo.org> wrote:
> On Saturday 12 February 2005 05:33, Drew Kirkpatrick wrote:
> > Oops, I rarely update world/system, I mostly just look for security
> > patches. Is there a less intrusive means on the servers of syncing
> > glsa's without emerge --syncing or emerge-webrsyncing?? If so great,
> > but why did it stop working in the first place? I thought everyone was
> > syncing their glsa's through daily portage syncs (doh!). Anyone point
> > a clearly confused individual in the right direction?
>
> You could just sync the glsa directory instead of the whole tree. That should
> serve the purpose.
>
> Paul
>
> --
> Paul de Vrieze
> Gentoo Developer
> Mail: pauldv@gentoo.org
> Homepage: http://www.devrieze.net
>
>
>

--
gentoo-security@gentoo.org mailing list
Re: broken glsa-check??? No GLSA's??? [ In reply to ]
billk at iinet
Feb 25, 2005, 6:04 PM
Post #7 of 13 (4920 views)
Permalink
Whats the best way to just sync the glsa directory. Is there a how-to
somewhere?

Is this something that could be easily cron'd without the hefty download
costs of syncing the whole tree every day.

BillK


On Fri, 2005-02-25 at 21:06 +0100, Paul de Vrieze wrote:
> On Saturday 12 February 2005 05:33, Drew Kirkpatrick wrote:
> > Oops, I rarely update world/system, I mostly just look for security
> > patches. Is there a less intrusive means on the servers of syncing
> > glsa's without emerge --syncing or emerge-webrsyncing?? If so great,
> > but why did it stop working in the first place? I thought everyone was
> > syncing their glsa's through daily portage syncs (doh!). Anyone point
> > a clearly confused individual in the right direction?
>
> You could just sync the glsa directory instead of the whole tree. That should
> serve the purpose.
>
> Paul
>
--
William Kenworthy <billk@iinet.net.au>
Home!


--
gentoo-security@gentoo.org mailing list
Re: broken glsa-check??? No GLSA's??? [ In reply to ]
ramereth at gentoo
Feb 25, 2005, 7:14 PM
Post #8 of 13 (4919 views)
Permalink
On Sat, 2005-02-26 at 09:04 +0800, William Kenworthy wrote:
> Whats the best way to just sync the glsa directory. Is there a how-to
> somewhere?
>
> Is this something that could be easily cron'd without the hefty download
> costs of syncing the whole tree every day.

You shouldn't have to do that, it was a minor bug when I moved some
stuff to a new server (as noted in an earlier email). It should be fixed
now. Sorry for the problems it caused!

> On Fri, 2005-02-25 at 21:06 +0100, Paul de Vrieze wrote:
> > On Saturday 12 February 2005 05:33, Drew Kirkpatrick wrote:
> > > Oops, I rarely update world/system, I mostly just look for security
> > > patches. Is there a less intrusive means on the servers of syncing
> > > glsa's without emerge --syncing or emerge-webrsyncing?? If so great,
> > > but why did it stop working in the first place? I thought everyone was
> > > syncing their glsa's through daily portage syncs (doh!). Anyone point
> > > a clearly confused individual in the right direction?
> >
> > You could just sync the glsa directory instead of the whole tree. That should
> > serve the purpose.
> >
> > Paul
> >
--
Lance Albertson <ramereth@gentoo.org>
Gentoo Infrastructure | Operations Manager

---
GPG Public Key: <http://www.ramereth.net/lance.asc>
Key fingerprint: 0423 92F3 544A 1282 5AB1 4D07 416F A15D 27F4 B742

ramereth/irc.freenode.net

Attached Files:

Re: broken glsa-check??? No GLSA's??? [ In reply to ]
billk at iinet
Feb 25, 2005, 9:37 PM
Post #9 of 13 (4922 views)
Permalink
I realise that, but what I am after is a way to glsa-check without
having to emerge sync each time. It seems very wasteful (in time and
expensive bandwidth) to download the whole tree all the time, in the
hope of seeing just one glsa applicable update. Yes, once an update is
found, the tree will need syncing, but until then is there a simple and
easy way to save a bit?

BillK

On Fri, 2005-02-25 at 20:14 -0600, Lance Albertson wrote:
> On Sat, 2005-02-26 at 09:04 +0800, William Kenworthy wrote:
> > Whats the best way to just sync the glsa directory. Is there a how-to
> > somewhere?
> >
> > Is this something that could be easily cron'd without the hefty download
> > costs of syncing the whole tree every day.
>
> You shouldn't have to do that, it was a minor bug when I moved some
> stuff to a new server (as noted in an earlier email). It should be fixed
> now. Sorry for the problems it caused!
>



--
William Kenworthy <billk@iinet.net.au>
Home!


--
gentoo-security@gentoo.org mailing list
Re: broken glsa-check??? No GLSA's??? [ In reply to ]
billk at iinet
Feb 25, 2005, 11:26 PM
Post #10 of 13 (4912 views)
Permalink
I am subscribed, and this is how I do it at the moment so I am aware of
this methods shortcomings. It is too easy to miss a glsa (I also use
the rdf feed which helps), and on one occasion I even had them listed as
spam (my fault, clicking the wrong button!) until I fixed it.

So a simple, automated method that doesn't need the whole tree synced
would be nice.

BillK

On Fri, 2005-02-25 at 23:07 -0600, Barry.Schwartz@chemoelectric.org
wrote:
> William Kenworthy <billk@iinet.net.au> wrote:
> > It seems very wasteful (in time and
> > expensive bandwidth) to download the whole tree all the time, in the
> > hope of seeing just one glsa applicable update. Yes, once an update is
> > found, the tree will need syncing, but until then is there a simple and
> > easy way to save a bit?
>
> If you subscribe to gentoo-announce you get the GLSAs by e-mail.
> Doesn't this solve your problem?
>
--
William Kenworthy <billk@iinet.net.au>
Home!


--
gentoo-security@gentoo.org mailing list
Re: broken glsa-check??? No GLSA's??? [ In reply to ]
Barry.Schwartz at chemoelectric
Feb 25, 2005, 11:47 PM
Post #11 of 13 (4929 views)
Permalink
William Kenworthy <billk@iinet.net.au> wrote:
> I am subscribed, and this is how I do it at the moment so I am aware of
> this methods shortcomings. It is too easy to miss a glsa (I also use
> the rdf feed which helps), and on one occasion I even had them listed as
> spam (my fault, clicking the wrong button!) until I fixed it.

You might want to try popfile. It's some perl software that goes
between you and a POP server that you can control through a web
browser and which can classify your incoming mail. You can use it to
sort spam from ham, but you can also have it recognize GLSAs and treat
them specially. Popfile has both a trainable bayesian thingamajig
that does a good job, and "magnets" that sort by simple string
matching. The latter method probably can reliably catch GLSAs,
although the bayesian thingamajig also does a good job as long as you
keep it well trained.

There's an ebuild for popfile but I don't use it. I just install it
in my personal files.

--
Barry.Schwartz@chemoelectric.org http://www.chemoelectric.org
"I have directed that in the future I sign each letter." -- Rumsfeld
Re: broken glsa-check??? No GLSA's??? [ In reply to ]
pauldv at gentoo
Feb 26, 2005, 3:15 AM
Post #12 of 13 (4931 views)
Permalink
On Saturday 26 February 2005 05:37, William Kenworthy wrote:
> I realise that, but what I am after is a way to glsa-check without
> having to emerge sync each time. It seems very wasteful (in time and
> expensive bandwidth) to download the whole tree all the time, in the
> hope of seeing just one glsa applicable update. Yes, once an update is
> found, the tree will need syncing, but until then is there a simple and
> easy way to save a bit?

You use rsync, like described in the mirror howto, but you specify the subdir
where glsa's are kept instead of the root dir of the tree. You also might
want to take a look at the rsync manpage.

Paul

--
Paul de Vrieze
Gentoo Developer
Mail: pauldv@gentoo.org
Homepage: http://www.devrieze.net
Re: broken glsa-check??? No GLSA's??? [ In reply to ]
billk at iinet
Feb 27, 2005, 4:19 AM
Post #13 of 13 (4937 views)
Permalink
In roots crontab: (all on one line of course!)

05 04 * * * rsync -Pvv
rsync://rsync.gentoo.org/gentoo-portage/metadata/glsa/* /usr/portage/metadata/glsa/;glsa-check -l|grep "\[N"

Waiting for a new glsa to see what happens ...

The mirror doc appears to have moved - at least I cant find it anymore.
Is there a search, or full list of all the docs and FAQ's availablle:
this idea of splitting everything into categories sucks when a document
you know exists, but doesnt show in any of the obvious spots.

BillK


On Sat, 2005-02-26 at 11:15 +0100, Paul de Vrieze wrote:
> On Saturday 26 February 2005 05:37, William Kenworthy wrote:
> > I realise that, but what I am after is a way to glsa-check without
> > having to emerge sync each time. It seems very wasteful (in time and
> > expensive bandwidth) to download the whole tree all the time, in the
> > hope of seeing just one glsa applicable update. Yes, once an update is
> > found, the tree will need syncing, but until then is there a simple and
> > easy way to save a bit?
>
> You use rsync, like described in the mirror howto, but you specify the subdir
> where glsa's are kept instead of the root dir of the tree. You also might
> want to take a look at the rsync manpage.
>
> Paul
>
--
William Kenworthy <billk@iinet.net.au>
Home!


--
gentoo-security@gentoo.org mailing list

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal