[Spacewalk-list] Importing Debian security errata into Spacewalk
Robert Paschedag
robert.paschedag at web.de
Fri Mar 16 18:02:14 UTC 2018
Hi all,
since a while, I use Steve Meiers script to synchronize Debian
repositories to our spacewalk server. From @philicious
(https://github.com/philicious/spacewalk-scripts) and @pandujar
(https://github.com/pandujar) I also use the excellent work to add
Ubuntu errata information into spacewalk. I used these scripts as basis
to build scripts, that do the same work for Debian security announcements.
So everone who is using Debian systems and uses Spacewalk to "manage"
these systems, feel free to test these scripts.
@philicious just "merged" my PR into its master branch. I requested this
PR, so all "debian" based scripts are held on one place.
Currently there is one requirement.
The "channel" labels for the "distributions" (e.g. "jessie", "stretch")
must "start" with the distribution name.
As said, I use Steve Meiers script to synchronize the debian repos
Here is a list of "channel:url" mapping I use
jessie_main;http://ftp.de.debian.org/debian/dists/jessie/main/binary-amd64/
jessie_contrib;http://ftp.de.debian.org/debian/dists/jessie/contrib/binary-amd64/
jessie_non-free;http://ftp.de.debian.org/debian/dists/jessie/non-free/binary-amd64/
jessie_updates_main;http://ftp.de.debian.org/debian/dists/jessie-updates/main/binary-amd64/
jessie_updates_contrib;http://ftp.de.debian.org/debian/dists/jessie-updates/contrib/binary-amd64/
jessie_updates_non-free;http://ftp.de.debian.org/debian/dists/jessie-updates/non-free/binary-amd64/
jessie_backports_main;http://ftp.de.debian.org/debian/dists/jessie-backports/main/binary-amd64/
jessie_backports_contrib;http://ftp.de.debian.org/debian/dists/jessie-backports/contrib/binary-amd64/
jessie_backports_non-free;http://ftp.de.debian.org/debian/dists/jessie-backports/non-free/binary-amd64/
jessie_security_main;http://security.debian.org/dists/jessie/updates/main/binary-amd64/
jessie_security_contrib;http://security.debian.org/dists/jessie/updates/contrib/binary-amd64/
jessie_security_non-free;http://security.debian.org/dists/jessie/updates/non-free/binary-amd64/
## stretch
stretch_main_main;http://ftp.de.debian.org/debian/dists/stretch/main/binary-amd64/
stretch_main_contrib;http://ftp.de.debian.org/debian/dists/stretch/contrib/binary-amd64/
stretch_main_non-free;http://ftp.de.debian.org/debian/dists/stretch/non-free/binary-amd64/
stretch_updates_main;http://ftp.de.debian.org/debian/dists/stretch-updates/main/binary-amd64/
stretch_updates_contrib;http://ftp.de.debian.org/debian/dists/stretch-updates/contrib/binary-amd64/
stretch_updates_non-free;http://ftp.de.debian.org/debian/dists/stretch-updates/non-free/binary-amd64/
stretch_backports_main;http://ftp.de.debian.org/debian/dists/stretch-backports/main/binary-amd64/
stretch_backports_contrib;http://ftp.de.debian.org/debian/dists/stretch-backports/contrib/binary-amd64/
stretch_backports_non-free;http://ftp.de.debian.org/debian/dists/stretch-backports/non-free/binary-amd64/
stretch_security_main;http://security.debian.org/dists/stretch/updates/main/binary-amd64/
stretch_security_contrib;http://security.debian.org/dists/stretch/updates/contrib/binary-amd64/
stretch_security_non-free;http://security.debian.org/dists/stretch/updates/non-free/binary-amd64/
As said before, there is the current limitation that the channel label
must start with the name of the distribution (e.g. "jessie" or
"stretch"). This might be changed in
https://github.com/philicious/spacewalk-scripts/blob/fb82685ab78e18138f94584b26759ba039eb5617/errata-import-debian.py#L158
But if you have the channels like I have and already have the packages
synchronized, you start with
getDebianAnnouncement.py
to download the debian security announcements of *this* year and the
year before. These files also gets parsed through "html2text" (you need
to install this package on the SW server - yum install html2text).
parseDebian.py
parses these files and creates an XML file (just like parseUbuntu.py).
For every distribution that is listed within a security announcement,
one errata (for this distribution will be created, as long there are
packages found for this distribution within SW). So if you have
"stretch" and "jessie", you will get "jessie-DSA-1234" errata and
"stretch-DSA-1234" errata within SW.
Use
errata-import-debian.py
to parse the XML file and create the errata within SW.
This is how the output of "errata-import-debian.py" looks if called with
"-d 1" (is just from today, only 2 new announcements parsed)
Started errata import..... Debug level: 1
[+] Creating inventory from Server:
[+] Including channel(s): ['jessie_security_main',
'jessie_security_contrib', 'jessie_security_non-free',
'stretch_security_main', 'stretch_security_contrib',
'stretch_security_non-free']
[+] Retrieving Package List from Channel: jessie_security_main
[+] Retrieving Package List from Channel: jessie_security_contrib
[+] Retrieving Package List from Channel: jessie_security_non-free
[+] Retrieving Package List from Channel: stretch_security_main
[+] Retrieving Package List from Channel: stretch_security_contrib
[+] Retrieving Package List from Channel: stretch_security_non-free
[+] Retrieving data from /tmp/debian_security/debian-errata.xml
[+] stretch-DSA-4138-1 doesn't exist: creating
[+] Creating errata stretch-DSA-4138-1:
[+] stretch-DSA-4139-1 doesn't exist: creating
[+] Creating errata stretch-DSA-4139-1:
[+] jessie-DSA-4139-1 doesn't exist: creating
[+] Creating errata jessie-DSA-4139-1:
Finished errata import
Hope this helps someone.
Robert
More information about the Spacewalk-list
mailing list