How are RPM packages marked as “security†updates?
Clash Royale CLAN TAG#URR8PPP
up vote
1
down vote
favorite
If I am applying yum install -y --security and a package is updated; how is the package "marked" as a security update?
For example, lets say I have a package blah that I maintain, its current version is 1.18.3. If I build a new package as 1.18.4 is it automatically a "security" package? If not, how/where is the documentation to mark the package as "security" update?
centos rhel security rpm packaging
asked Apr 10 at 1:22
user1529891
1,84752042
add a comment |Â
up vote
1
down vote
favorite
If I am applying yum install -y --security and a package is updated; how is the package "marked" as a security update?
For example, lets say I have a package blah that I maintain, its current version is 1.18.3. If I build a new package as 1.18.4 is it automatically a "security" package? If not, how/where is the documentation to mark the package as "security" update?
centos rhel security rpm packaging
asked Apr 10 at 1:22
user1529891
1,84752042
If you're building your own packages, you could also put all the security updates in a dedicated repository.
– Cristian Ciupitu
Apr 10 at 3:20
add a comment |Â
up vote
1
down vote
favorite
up vote
1
down vote
favorite
If I am applying yum install -y --security and a package is updated; how is the package "marked" as a security update?
For example, lets say I have a package blah that I maintain, its current version is 1.18.3. If I build a new package as 1.18.4 is it automatically a "security" package? If not, how/where is the documentation to mark the package as "security" update?
centos rhel security rpm packaging
asked Apr 10 at 1:22
user1529891
1,84752042
If I am applying yum install -y --security and a package is updated; how is the package "marked" as a security update?
For example, lets say I have a package blah that I maintain, its current version is 1.18.3. If I build a new package as 1.18.4 is it automatically a "security" package? If not, how/where is the documentation to mark the package as "security" update?
centos rhel security rpm packaging
asked Apr 10 at 1:22
user1529891
1,84752042
edited Apr 10 at 1:42
asked Apr 10 at 1:22
user1529891
1,84752042
asked Apr 10 at 1:22
user1529891
1,84752042
asked Apr 10 at 1:22
user1529891
1,84752042
1,84752042
If you're building your own packages, you could also put all the security updates in a dedicated repository.
– Cristian Ciupitu
Apr 10 at 3:20
add a comment |Â
If you're building your own packages, you could also put all the security updates in a dedicated repository.
– Cristian Ciupitu
Apr 10 at 3:20
If you're building your own packages, you could also put all the security updates in a dedicated repository.
– Cristian Ciupitu
Apr 10 at 3:20
If you're building your own packages, you could also put all the security updates in a dedicated repository.
– Cristian Ciupitu
Apr 10 at 3:20
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
1
down vote
accepted
yum does this via yum-security(8) plugin which is part of yum (no need install it separately) for CentOS 7 (official RHEL docs).
When you produce yum update ... --security yum download repository meta info updates in /var/lib/<arch>/<repo>. Each package in meta info file (organised as xml file) contains type field in <update> tag. If type=security then update is security update.
When you produce yum update --cve <CVE> or yum update --bugzilla <bugzilla_id> then yum analyses tag <references> for tags <reference> of each package in meta info for field type contains bugzilla. If you typed --cve then CVE comparison to title field of <reference> tag. If you typed --bugzilla, then bugzilla_id comparison to id field of <reference> tag.
The update_md.py file from yum package contains described upper functionality:
$ rpm -ql yum|grep update_md
/usr/lib/python2.7/site-packages/yum/update_md.py
P.S. Debian packages (DEB) contains urgency field in packages changelogs is might be useful for security updates.
answered Apr 13 at 15:56
Yurij Goncharuk
2,2582521
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
1
down vote
accepted
yum does this via yum-security(8) plugin which is part of yum (no need install it separately) for CentOS 7 (official RHEL docs).
When you produce yum update ... --security yum download repository meta info updates in /var/lib/<arch>/<repo>. Each package in meta info file (organised as xml file) contains type field in <update> tag. If type=security then update is security update.
When you produce yum update --cve <CVE> or yum update --bugzilla <bugzilla_id> then yum analyses tag <references> for tags <reference> of each package in meta info for field type contains bugzilla. If you typed --cve then CVE comparison to title field of <reference> tag. If you typed --bugzilla, then bugzilla_id comparison to id field of <reference> tag.
The update_md.py file from yum package contains described upper functionality:
$ rpm -ql yum|grep update_md
/usr/lib/python2.7/site-packages/yum/update_md.py
P.S. Debian packages (DEB) contains urgency field in packages changelogs is might be useful for security updates.
answered Apr 13 at 15:56
Yurij Goncharuk
2,2582521
add a comment |Â
up vote
1
down vote
accepted
yum does this via yum-security(8) plugin which is part of yum (no need install it separately) for CentOS 7 (official RHEL docs).
When you produce yum update ... --security yum download repository meta info updates in /var/lib/<arch>/<repo>. Each package in meta info file (organised as xml file) contains type field in <update> tag. If type=security then update is security update.
When you produce yum update --cve <CVE> or yum update --bugzilla <bugzilla_id> then yum analyses tag <references> for tags <reference> of each package in meta info for field type contains bugzilla. If you typed --cve then CVE comparison to title field of <reference> tag. If you typed --bugzilla, then bugzilla_id comparison to id field of <reference> tag.
The update_md.py file from yum package contains described upper functionality:
$ rpm -ql yum|grep update_md
/usr/lib/python2.7/site-packages/yum/update_md.py
P.S. Debian packages (DEB) contains urgency field in packages changelogs is might be useful for security updates.
answered Apr 13 at 15:56
Yurij Goncharuk
2,2582521
add a comment |Â
up vote
1
down vote
accepted
up vote
1
down vote
accepted
yum does this via yum-security(8) plugin which is part of yum (no need install it separately) for CentOS 7 (official RHEL docs).
When you produce yum update ... --security yum download repository meta info updates in /var/lib/<arch>/<repo>. Each package in meta info file (organised as xml file) contains type field in <update> tag. If type=security then update is security update.
When you produce yum update --cve <CVE> or yum update --bugzilla <bugzilla_id> then yum analyses tag <references> for tags <reference> of each package in meta info for field type contains bugzilla. If you typed --cve then CVE comparison to title field of <reference> tag. If you typed --bugzilla, then bugzilla_id comparison to id field of <reference> tag.
The update_md.py file from yum package contains described upper functionality:
$ rpm -ql yum|grep update_md
/usr/lib/python2.7/site-packages/yum/update_md.py
P.S. Debian packages (DEB) contains urgency field in packages changelogs is might be useful for security updates.
answered Apr 13 at 15:56
Yurij Goncharuk
2,2582521
yum does this via yum-security(8) plugin which is part of yum (no need install it separately) for CentOS 7 (official RHEL docs).
When you produce yum update ... --security yum download repository meta info updates in /var/lib/<arch>/<repo>. Each package in meta info file (organised as xml file) contains type field in <update> tag. If type=security then update is security update.
When you produce yum update --cve <CVE> or yum update --bugzilla <bugzilla_id> then yum analyses tag <references> for tags <reference> of each package in meta info for field type contains bugzilla. If you typed --cve then CVE comparison to title field of <reference> tag. If you typed --bugzilla, then bugzilla_id comparison to id field of <reference> tag.
The update_md.py file from yum package contains described upper functionality:
$ rpm -ql yum|grep update_md
/usr/lib/python2.7/site-packages/yum/update_md.py
P.S. Debian packages (DEB) contains urgency field in packages changelogs is might be useful for security updates.
answered Apr 13 at 15:56
Yurij Goncharuk
2,2582521
answered Apr 13 at 15:56
Yurij Goncharuk
2,2582521
answered Apr 13 at 15:56
Yurij Goncharuk
2,2582521
answered Apr 13 at 15:56
Yurij Goncharuk
2,2582521
2,2582521
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f436661%2fhow-are-rpm-packages-marked-as-security-updates%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
If you're building your own packages, you could also put all the security updates in a dedicated repository.
– Cristian Ciupitu
Apr 10 at 3:20