How are RPM packages marked as âsecurityâ updates?
Clash Royale CLAN TAG#URR8PPP
up vote
1
down vote
favorite
If I am applying yum install -y --security
and a package is updated; how is the package "marked" as a security update?
For example, lets say I have a package blah
that I maintain, its current version is 1.18.3
. If I build a new package as 1.18.4
is it automatically a "security" package? If not, how/where is the documentation to mark the package as "security" update?
centos rhel security rpm packaging
add a comment |Â
up vote
1
down vote
favorite
If I am applying yum install -y --security
and a package is updated; how is the package "marked" as a security update?
For example, lets say I have a package blah
that I maintain, its current version is 1.18.3
. If I build a new package as 1.18.4
is it automatically a "security" package? If not, how/where is the documentation to mark the package as "security" update?
centos rhel security rpm packaging
If you're building your own packages, you could also put all the security updates in a dedicated repository.
â Cristian Ciupitu
Apr 10 at 3:20
add a comment |Â
up vote
1
down vote
favorite
up vote
1
down vote
favorite
If I am applying yum install -y --security
and a package is updated; how is the package "marked" as a security update?
For example, lets say I have a package blah
that I maintain, its current version is 1.18.3
. If I build a new package as 1.18.4
is it automatically a "security" package? If not, how/where is the documentation to mark the package as "security" update?
centos rhel security rpm packaging
If I am applying yum install -y --security
and a package is updated; how is the package "marked" as a security update?
For example, lets say I have a package blah
that I maintain, its current version is 1.18.3
. If I build a new package as 1.18.4
is it automatically a "security" package? If not, how/where is the documentation to mark the package as "security" update?
centos rhel security rpm packaging
edited Apr 10 at 1:42
asked Apr 10 at 1:22
user1529891
1,84752042
1,84752042
If you're building your own packages, you could also put all the security updates in a dedicated repository.
â Cristian Ciupitu
Apr 10 at 3:20
add a comment |Â
If you're building your own packages, you could also put all the security updates in a dedicated repository.
â Cristian Ciupitu
Apr 10 at 3:20
If you're building your own packages, you could also put all the security updates in a dedicated repository.
â Cristian Ciupitu
Apr 10 at 3:20
If you're building your own packages, you could also put all the security updates in a dedicated repository.
â Cristian Ciupitu
Apr 10 at 3:20
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
1
down vote
accepted
yum
does this via yum-security(8) plugin which is part of yum
(no need install it separately) for CentOS 7 (official RHEL docs).
When you produce yum update ... --security
yum
download repository meta info updates in /var/lib/<arch>/<repo>
. Each package in meta info file (organised as xml
file) contains type
field in <update>
tag. If type=security
then update is security update.
When you produce yum update --cve <CVE>
or yum update --bugzilla <bugzilla_id>
then yum
analyses tag <references>
for tags <reference>
of each package in meta info for field type
contains bugzilla
. If you typed --cve
then CVE
comparison to title
field of <reference>
tag. If you typed --bugzilla
, then bugzilla_id
comparison to id
field of <reference>
tag.
The update_md.py
file from yum
package contains described upper functionality:
$ rpm -ql yum|grep update_md
/usr/lib/python2.7/site-packages/yum/update_md.py
P.S. Debian packages (DEB) contains urgency
field in packages changelogs is might be useful for security updates.
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
1
down vote
accepted
yum
does this via yum-security(8) plugin which is part of yum
(no need install it separately) for CentOS 7 (official RHEL docs).
When you produce yum update ... --security
yum
download repository meta info updates in /var/lib/<arch>/<repo>
. Each package in meta info file (organised as xml
file) contains type
field in <update>
tag. If type=security
then update is security update.
When you produce yum update --cve <CVE>
or yum update --bugzilla <bugzilla_id>
then yum
analyses tag <references>
for tags <reference>
of each package in meta info for field type
contains bugzilla
. If you typed --cve
then CVE
comparison to title
field of <reference>
tag. If you typed --bugzilla
, then bugzilla_id
comparison to id
field of <reference>
tag.
The update_md.py
file from yum
package contains described upper functionality:
$ rpm -ql yum|grep update_md
/usr/lib/python2.7/site-packages/yum/update_md.py
P.S. Debian packages (DEB) contains urgency
field in packages changelogs is might be useful for security updates.
add a comment |Â
up vote
1
down vote
accepted
yum
does this via yum-security(8) plugin which is part of yum
(no need install it separately) for CentOS 7 (official RHEL docs).
When you produce yum update ... --security
yum
download repository meta info updates in /var/lib/<arch>/<repo>
. Each package in meta info file (organised as xml
file) contains type
field in <update>
tag. If type=security
then update is security update.
When you produce yum update --cve <CVE>
or yum update --bugzilla <bugzilla_id>
then yum
analyses tag <references>
for tags <reference>
of each package in meta info for field type
contains bugzilla
. If you typed --cve
then CVE
comparison to title
field of <reference>
tag. If you typed --bugzilla
, then bugzilla_id
comparison to id
field of <reference>
tag.
The update_md.py
file from yum
package contains described upper functionality:
$ rpm -ql yum|grep update_md
/usr/lib/python2.7/site-packages/yum/update_md.py
P.S. Debian packages (DEB) contains urgency
field in packages changelogs is might be useful for security updates.
add a comment |Â
up vote
1
down vote
accepted
up vote
1
down vote
accepted
yum
does this via yum-security(8) plugin which is part of yum
(no need install it separately) for CentOS 7 (official RHEL docs).
When you produce yum update ... --security
yum
download repository meta info updates in /var/lib/<arch>/<repo>
. Each package in meta info file (organised as xml
file) contains type
field in <update>
tag. If type=security
then update is security update.
When you produce yum update --cve <CVE>
or yum update --bugzilla <bugzilla_id>
then yum
analyses tag <references>
for tags <reference>
of each package in meta info for field type
contains bugzilla
. If you typed --cve
then CVE
comparison to title
field of <reference>
tag. If you typed --bugzilla
, then bugzilla_id
comparison to id
field of <reference>
tag.
The update_md.py
file from yum
package contains described upper functionality:
$ rpm -ql yum|grep update_md
/usr/lib/python2.7/site-packages/yum/update_md.py
P.S. Debian packages (DEB) contains urgency
field in packages changelogs is might be useful for security updates.
yum
does this via yum-security(8) plugin which is part of yum
(no need install it separately) for CentOS 7 (official RHEL docs).
When you produce yum update ... --security
yum
download repository meta info updates in /var/lib/<arch>/<repo>
. Each package in meta info file (organised as xml
file) contains type
field in <update>
tag. If type=security
then update is security update.
When you produce yum update --cve <CVE>
or yum update --bugzilla <bugzilla_id>
then yum
analyses tag <references>
for tags <reference>
of each package in meta info for field type
contains bugzilla
. If you typed --cve
then CVE
comparison to title
field of <reference>
tag. If you typed --bugzilla
, then bugzilla_id
comparison to id
field of <reference>
tag.
The update_md.py
file from yum
package contains described upper functionality:
$ rpm -ql yum|grep update_md
/usr/lib/python2.7/site-packages/yum/update_md.py
P.S. Debian packages (DEB) contains urgency
field in packages changelogs is might be useful for security updates.
answered Apr 13 at 15:56
Yurij Goncharuk
2,2582521
2,2582521
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f436661%2fhow-are-rpm-packages-marked-as-security-updates%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
If you're building your own packages, you could also put all the security updates in a dedicated repository.
â Cristian Ciupitu
Apr 10 at 3:20