Blame SOURCES/BZ-1002491-remove-security-plugin.patch

085af2
commit a5c7a3011bb9d2497c980791111389d226445281
085af2
Author: Zdenek Pavlas <zpavlas@redhat.com>
085af2
Date:   Thu Oct 3 14:15:11 2013 +0200
085af2
085af2
    remove yum-plugin-security. BZ 1002491
085af2
    
085af2
    This functionality is now implemented in core (yum updateinfo).
085af2
085af2
diff --git a/docs/Makefile b/docs/Makefile
085af2
index acb8559..481f0f3 100644
085af2
--- a/docs/Makefile
085af2
+++ b/docs/Makefile
085af2
@@ -5,7 +5,7 @@ DOCS = repoquery package-cleanup repo-rss yumdownloader yum-builddep yum-changel
085af2
        find-repos-of-install needs-restarting repo-graph repoclosure \
085af2
        repomanage repotrack verifytree yum-config-manager
085af2
 DOCS5 = yum-changelog.conf yum-versionlock.conf yum-fs-snapshot.conf
085af2
-DOCS8 = yum-security yum-complete-transaction yumdb
085af2
+DOCS8 = yum-complete-transaction yumdb
085af2
 
085af2
 all:
085af2
 	echo "Nothing to do"
085af2
diff --git a/docs/yum-security.8 b/docs/yum-security.8
085af2
deleted file mode 100644
085af2
index c7d9c8b..0000000
085af2
--- a/docs/yum-security.8
085af2
+++ /dev/null
085af2
@@ -1,190 +0,0 @@
085af2
-.\" yum security plugin
085af2
-.TH "yum-security" "8" "12 April 2007" "James Antill" ""
085af2
-.SH "NAME"
085af2
-yum security plugin
085af2
-.SH "SYNOPSIS"
085af2
-\fByum\fP [options] [command] [package ...]
085af2
-.SH "DESCRIPTION"
085af2
-.PP 
085af2
-This plugin extends \fByum\fP to allow lists and updates to be limited using security relevant criteria.
085af2
-.PP 
085af2
-Added yum \fIcommand\fPs are:
085af2
-.br 
085af2
-.I \fR yum update-minimal
085af2
-.PP 
085af2
-This works like the update command, but if you have the package foo-1
085af2
-installed and have foo-2 and foo-3 available with updateinfo.xml then
085af2
-update-minimal will update you to foo-3.
085af2
-.br 
085af2
-.I \fR yum updateinfo info
085af2
-.br 
085af2
-.I \fR yum updateinfo list
085af2
-.br 
085af2
-.I \fR yum updateinfo summary
085af2
-.PP 
085af2
-All of the last three take these \fIsub-command\fPs:
085af2
-.br 
085af2
-.I \fR yum updateinfo * all
085af2
-.br 
085af2
-.I \fR yum updateinfo * available
085af2
-.br 
085af2
-.I \fR yum updateinfo * installed
085af2
-.br 
085af2
-.I \fR yum updateinfo * updates
085af2
-.PP 
085af2
-and then:
085af2
-.br 
085af2
-.I \fR * <advisory> [advisory...]
085af2
-.br 
085af2
-.I \fR * <package>
085af2
-.br 
085af2
-.I \fR * bugzillas
085af2
-.br 
085af2
-.I \fR * cves
085af2
-.br 
085af2
-.I \fR * enhancement
085af2
-.br 
085af2
-.I \fR * security
085af2
-.br 
085af2
-.I \fR * new-packages
085af2
-.br 
085af2
-.br 
085af2
-.PP
085af2
-.IP "\fBall\fP"
085af2
-Is used to display information about both install and available advisories.
085af2
-.PP
085af2
-.IP "\fBavailable\fP"
085af2
-Is used to display information about just available advisories. This is the
085af2
-default.
085af2
-.PP
085af2
-.IP "\fBinstalled\fP"
085af2
-Is used to display information about just install advisories.
085af2
-.PP
085af2
-.IP "\fBupdates\fP"
085af2
-This is mostly the same as "available" but it only shows advisory information
085af2
-for packages that can be updated to.
085af2
-.PP
085af2
-.IP "\fB<advisory> [advisory...]\fP"
085af2
-Is used to display information about one or more advisories.
085af2
-.PP 
085af2
-.IP "\fB<package> [package...]\fP"
085af2
-Is used to display information about one or more packages.
085af2
-.PP 
085af2
-.IP "\fBlist\fP"
085af2
-Is used to list all of the relevant errata notice information, from the
085af2
-updateinfo.xml data in yum. This includes bugzillas, CVEs, security updates and
085af2
-new.
085af2
-.PP 
085af2
-.IP "\fBinfo\fP"
085af2
-Is used to show all the errata notice information, from the
085af2
-updateinfo.xml data in yum. This includes bugzillas, CVEs, security updates and
085af2
-new.
085af2
-.PP 
085af2
-.IP "\fBlist\fP"
085af2
-Is used to list all of the relevant errata notice information, from the
085af2
-updateinfo.xml data in yum. This includes bugzillas, CVEs, security updates and
085af2
-new.
085af2
-.IP 
085af2
-.IP "\fBbugzillas / bzs\fP"
085af2
-Is the subset of the updateinfo information, pertaining to the bugzillas.
085af2
-.IP 
085af2
-.IP "\fBcves\fP"
085af2
-Is the subset of the updateinfo information, pertaining to the CVEs.
085af2
-.IP 
085af2
-.IP "\fBsecurity / sec\fP"
085af2
-Is the subset of the updateinfo information, pertaining to security.
085af2
-.IP "\fBbugfix\fP"
085af2
-Is the subset of the updateinfo information, pertaining to bugfixes.
085af2
-.IP "\fBenhancement\fP"
085af2
-Is the subset of the updateinfo information, pertaining to enhancements.
085af2
-.IP "\fBrecommended\fP"
085af2
-Is the subset of the updateinfo information, pertaining to recommended updates.
085af2
-.IP "\fBnew-packages\fP"
085af2
-Is the subset of the updateinfo information, pertaining to new packages. These
085af2
-are packages which weren't available at the initial release of your
085af2
-distribution.
085af2
-.IP
085af2
-.PP
085af2
-.SH "GENERAL OPTIONS"
085af2
-There are four options added to yum that are available in the "list updates", "info updates", "check-update" and "update" commands. They are:
085af2
-.PP 
085af2
-.IP "\fB\-\-advisory\fP"
085af2
-This option includes packages corresponding to the advisory ID, Eg. FEDORA-2201-123.
085af2
-.IP "\fB\-\-bz\fP"
085af2
-This option includes packages that say they fix a Bugzilla ID, Eg. 123.
085af2
-.IP "\fB\-\-cve\fP"
085af2
-This option includes packages that say they fix a CVE - Common Vulnerabilities and Exposures ID (http://cve.mitre.org/about/), Eg. CVE-2201-0123.
085af2
-.IP "\fB\-\-bugfixes\fP"
085af2
-This option includes packages that say they fix a bugfix issue.
085af2
-.IP "\fB\-\-security\fP"
085af2
-This option includes packages that say they fix a security issue.
085af2
-.PP
085af2
-.PP
085af2
-
085af2
-.SH "EXAMPLES"
085af2
-.PP
085af2
-To list all updates that are security relevant, and get a return code on whether there are security updates use:
085af2
-.IP
085af2
-yum \-\-security check-update
085af2
-.PP
085af2
-To upgrade packages that have security errata (upgrades to the latest
085af2
-available package) use:
085af2
-.IP
085af2
-yum \-\-security update
085af2
-.PP
085af2
-To upgrade packages that have security errata (upgrades to the last
085af2
-security errata package) use:
085af2
-.IP
085af2
-yum \-\-security update-minimal
085af2
-.PP
085af2
-To get a list of all BZs that are fixed for packages you have installed use:
085af2
-.IP
085af2
-yum updateinfo list bugzillas
085af2
-.PP
085af2
-To get a list of all security advisories, including the ones you have already
085af2
-installed use:
085af2
-.IP
085af2
-yum updateinfo list all security
085af2
-.PP
085af2
-To get the information on advisory FEDORA-2707-4567 use:
085af2
-.IP
085af2
-yum updateinfo info FEDORA-2707-4567
085af2
-.PP
085af2
-To update packages to the latest version which contain fixes for Bugzillas 123, 456 and 789; and all security updates use:
085af2
-.IP
085af2
-yum \-\-bz 123 \-\-bz 456 \-\-bz 789 \-\-security update
085af2
-.PP
085af2
-To update to the packages which just update Bugzillas 123, 456 and 789; and all security updates use:
085af2
-.IP
085af2
-yum \-\-bz 123 \-\-bz 456 \-\-bz 789 \-\-security update-minimal
085af2
-.PP
085af2
-To get an info list of the latest packages which contain fixes for Bugzilla 123; CVEs CVE-2207-0123 and CVE-2207-3210; and Fedora advisories FEDORA-2707-4567 and FEDORA-2707-7654 use:
085af2
-.IP
085af2
-yum \-\-bz 123 \-\-cve CVE-2207-0123 \-\-cve CVE-2207-3210 \-\-advisory FEDORA-2707-4567 \-\-advisory FEDORA-2707-7654 info updates
085af2
-.PP
085af2
-To get a list of packages which are "new".
085af2
-.IP
085af2
-yum updateinfo list new
085af2
-.PP
085af2
-To get a summary of advisories you haven't installed yet use:
085af2
-.IP
085af2
-yum updateinfo summary
085af2
-
085af2
-
085af2
-.SH "SEE ALSO"
085af2
-.nf
085af2
-.I yum (8)
085af2
-.I yum.conf (5)
085af2
-.fi
085af2
-
085af2
-.SH "AUTHORS"
085af2
-.nf
085af2
-James Antill <james.antill@redhat.com>.
085af2
-.fi
085af2
-
085af2
-.SH "BUGS"
085af2
-The update-minimal command ignores the \-\-obsoletes flag.
085af2
-
085af2
-The update-minimal command can only directly affect things atm., so if you update pkgA minimally but that requires an update to pkgB then pkgB will be updated to the newest version by the depsolver. Also the above will happen even if you've also minimally updated pkgB, if either the direct (minimal) update for pkgB happens after or if the minimal update for pkgB doesn't satisfy the requirements of pkgA.
085af2
-
085af2
-The main "problem" is that if the data is not correct the plugin cannot work correctly. For instance "\-\-bz 123" will not fix BZ 123 if a package is updated to fix that BZ without referencing that it does so in the updateinfo.xml.
085af2
diff --git a/plugins/security/security.conf b/plugins/security/security.conf
085af2
deleted file mode 100644
085af2
index 8e4d76c..0000000
085af2
--- a/plugins/security/security.conf
085af2
+++ /dev/null
085af2
@@ -1,2 +0,0 @@
085af2
-[main]
085af2
-enabled=1
085af2
diff --git a/plugins/security/security.py b/plugins/security/security.py
085af2
deleted file mode 100755
085af2
index a60cf9b..0000000
085af2
--- a/plugins/security/security.py
085af2
+++ /dev/null
085af2
@@ -1,892 +0,0 @@
085af2
-#! /usr/bin/python -tt
085af2
-# This program is free software; you can redistribute it and/or modify
085af2
-# it under the terms of the GNU General Public License as published by
085af2
-# the Free Software Foundation; either version 2 of the License, or
085af2
-# (at your option) any later version.
085af2
-#
085af2
-# This program is distributed in the hope that it will be useful,
085af2
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
085af2
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
085af2
-# GNU Library General Public License for more details.
085af2
-#
085af2
-# You should have received a copy of the GNU General Public License
085af2
-# along with this program; if not, write to the Free Software
085af2
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
085af2
-#
085af2
-#
085af2
-# Copyright Red Hat Inc. 2007, 2008
085af2
-#
085af2
-# Author: James Antill <james.antill@redhat.com>
085af2
-#
085af2
-# Examples:
085af2
-#
085af2
-#  yum --security info updates
085af2
-#  yum --security list updates
085af2
-#  yum --security check-update
085af2
-#  yum --security update
085af2
-#
085af2
-# yum --cve CVE-2007-1667      <cmd>
085af2
-# yum --bz  235374 --bz 234688 <cmd>
085af2
-# yum --advisory FEDORA-2007-420 --advisory FEDORA-2007-346 <cmd>
085af2
-#
085af2
-# yum list-updateinfo
085af2
-# yum list-updateinfo bugzillas / bzs
085af2
-# yum list-updateinfo cves
085af2
-# yum list-updateinfo security / sec
085af2
-# yum list-updateinfo new
085af2
-#
085af2
-# yum summary-updateinfo
085af2
-#
085af2
-# yum update-minimal --security
085af2
-
085af2
-import yum
085af2
-import fnmatch
085af2
-from yum.plugins import TYPE_INTERACTIVE
085af2
-from yum.update_md import UpdateMetadata
085af2
-import logging # for commands
085af2
-
085af2
-from yum.constants import *
085af2
-
085af2
-import rpmUtils.miscutils
085af2
-
085af2
-requires_api_version = '2.5'
085af2
-plugin_type = (TYPE_INTERACTIVE,)
085af2
-__package_name__ = "yum-plugin-security"
085af2
-
085af2
-# newpackages is weird, in that we'll never display that because we filter to
085af2
-# things relevant to installed pkgs...
085af2
-__update_info_types__ = ("security", "bugfix", "enhancement",
085af2
-                         "recommended", "newpackage")
085af2
-
085af2
-def _rpm_tup_vercmp(tup1, tup2):
085af2
-    """ Compare two "std." tuples, (n, a, e, v, r). """
085af2
-    return rpmUtils.miscutils.compareEVR((tup1[2], tup1[3], tup1[4]),
085af2
-                                         (tup2[2], tup2[3], tup2[4]))
085af2
-
085af2
-class CliError(yum.Errors.YumBaseError):
085af2
-
085af2
-    """
085af2
-    Command line interface related Exception.
085af2
-    """
085af2
-
085af2
-    def __init__(self, args=''):
085af2
-        yum.Errors.YumBaseError.__init__(self)
085af2
-        self.args = args
085af2
-
085af2
-def ysp_gen_metadata(repos):
085af2
-    """ Generate the info. from the updateinfo.xml files. """
085af2
-    md_info = UpdateMetadata()
085af2
-    for repo in repos:
085af2
-        if not repo.enabled:
085af2
-            continue
085af2
-        
085af2
-        try: # attempt to grab the updateinfo.xml.gz from the repodata
085af2
-            md_info.add(repo)
085af2
-        except yum.Errors.RepoMDError:
085af2
-            continue # No metadata found for this repo
085af2
-    return md_info
085af2
-
085af2
-def ysp__safe_refs(refs):
085af2
-    """ Sometimes refs == None, if so return the empty list here. 
085af2
-        So we don't have to check everywhere. """
085af2
-    if refs == None:
085af2
-        return []
085af2
-    return refs
085af2
-
085af2
-def _match_sec_cmd(sec_cmds, pkgname, notice):
085af2
-    for i in sec_cmds:
085af2
-        if fnmatch.fnmatch(pkgname, i):
085af2
-            return i
085af2
-        if notice['update_id'] == i:
085af2
-            return i
085af2
-    return None
085af2
-
085af2
-def _has_id(used_map, refs, ref_type, ref_ids):
085af2
-    ''' Check if the given ID is a match. '''
085af2
-    for ref in ysp__safe_refs(refs):
085af2
-        if ref['type'] != ref_type:
085af2
-            continue
085af2
-        if ref['id'] not in ref_ids:
085af2
-            continue
085af2
-        used_map[ref_type][ref['id']] = True
085af2
-        return ref
085af2
-    return None
085af2
-    
085af2
-def ysp_should_filter_pkg(opts, pkgname, notice, used_map):
085af2
-    """ Do the package filtering for should_show and should_keep. """
085af2
-    
085af2
-    rcmd = _match_sec_cmd(opts.sec_cmds, pkgname, notice)
085af2
-    if rcmd:
085af2
-        used_map['cmd'][rcmd] = True
085af2
-        return True
085af2
-    elif opts.advisory and notice['update_id'] in opts.advisory:
085af2
-        used_map['id'][notice['update_id']] = True
085af2
-        return True
085af2
-    elif (opts.severity and notice['type'] == 'security' and
085af2
-          notice['severity'] in opts.severity):
085af2
-        used_map['sev'][notice['severity']] = True
085af2
-        return True
085af2
-    elif opts.cve and _has_id(used_map, notice['references'], "cve", opts.cve):
085af2
-        return True
085af2
-    elif opts.bz and _has_id(used_map, notice['references'],"bugzilla",opts.bz):
085af2
-        return True
085af2
-    # FIXME: Add opts for enhancement/etc.? -- __update_info_types__
085af2
-    elif (opts.security and notice['type'] == 'security' and
085af2
-          (not opts.severity or 'severity' not in notice or
085af2
-           not notice['severity'])):
085af2
-        return True
085af2
-    elif opts.bugfixes and notice['type'] == 'bugfix':
085af2
-        return True
085af2
-    elif not (opts.advisory or opts.cve or opts.bz or
085af2
-              opts.security or opts.bugfixes or opts.sec_cmds or opts.severity):
085af2
-        return True # This is only possible from should_show_pkg
085af2
-    return False
085af2
-
085af2
-def ysp_has_info_md(rname, md):
085af2
-    if rname in __update_info_types__:
085af2
-        if md['type'] == rname:
085af2
-            return md
085af2
-    for ref in ysp__safe_refs(md['references']):
085af2
-        if ref['type'] != rname:
085af2
-            continue
085af2
-        return md
085af2
-
085af2
-def ysp_gen_used_map(opts):
085af2
-    used_map = {'bugzilla' : {}, 'cve' : {}, 'id' : {}, 'cmd' : {}, 'sev' : {}}
085af2
-    for i in opts.sec_cmds:
085af2
-        used_map['cmd'][i] = False
085af2
-    for i in opts.advisory:
085af2
-        used_map['id'][i] = False
085af2
-    for i in opts.bz:
085af2
-        used_map['bugzilla'][i] = False
085af2
-    for i in opts.cve:
085af2
-        used_map['cve'][i] = False
085af2
-    for i in opts.severity:
085af2
-        used_map['sev'][i] = False
085af2
-    return used_map
085af2
-
085af2
-def ysp_chk_used_map(used_map, msg):
085af2
-    for i in used_map['cmd']:
085af2
-        if not used_map['cmd'][i]:
085af2
-            msg('No update information found for \"%s\"' % i)
085af2
-    for i in used_map['id']:
085af2
-        if not used_map['id'][i]:
085af2
-            msg('Advisory \"%s\" not found applicable for this system' % i)
085af2
-    for i in used_map['bugzilla']:
085af2
-        if not used_map['bugzilla'][i]:
085af2
-            msg('BZ \"%s\" not found applicable for this system' % i)
085af2
-    for i in used_map['cve']:
085af2
-        if not used_map['cve'][i]:
085af2
-            msg('CVE \"%s\" not found applicable for this system' % i)
085af2
-    for i in used_map['sev']:
085af2
-        if not used_map['sev'][i]:
085af2
-            msg('Severity \"%s\" not found applicable for this system' % i)
085af2
-
085af2
-class UpdateinfoCommand:
085af2
-    # Old command names...
085af2
-    direct_cmds = {'list-updateinfo'    : 'list',
085af2
-                   'list-security'      : 'list',
085af2
-                   'list-sec'           : 'list',
085af2
-                   'info-updateinfo'    : 'info',
085af2
-                   'info-security'      : 'info',
085af2
-                   'info-sec'           : 'info',
085af2
-                   'summary-updateinfo' : 'summary'}
085af2
-
085af2
-    #  Note that this code (instead of using inheritance and multiple
085af2
-    # cmd classes) means that "yum help" only displays the updateinfo command.
085af2
-    # Which is what we want, because the other commands are just backwards
085af2
-    # compatible gunk we don't want the user using).
085af2
-    def getNames(self):
085af2
-        return ['updateinfo'] + sorted(self.direct_cmds.keys())
085af2
-
085af2
-    def getUsage(self):
085af2
-        return "[info|list|...] [security|...] [installed|available|all] [pkgs|id]"
085af2
-
085af2
-    def getSummary(self):
085af2
-        return "Acts on repository update information"
085af2
-
085af2
-    def doCheck(self, base, basecmd, extcmds):
085af2
-        pass
085af2
-
085af2
-    def list_show_pkgs(self, base, md_info, list_type, show_type,
085af2
-                       iname2tup, data, msg):
085af2
-        n_maxsize = 0
085af2
-        r_maxsize = 0
085af2
-        t_maxsize = 0
085af2
-        for (notice, pkgtup, pkg) in data:
085af2
-            n_maxsize = max(len(notice['update_id']), n_maxsize)
085af2
-            tn = notice['type']
085af2
-            if tn == 'security' and notice['severity']:
085af2
-                tn = notice['severity'] + '/Sec.'
085af2
-            t_maxsize = max(len(tn),                  t_maxsize)
085af2
-            if show_type:
085af2
-                for ref in ysp__safe_refs(notice['references']):
085af2
-                    if ref['type'] != show_type:
085af2
-                        continue
085af2
-                    r_maxsize = max(len(str(ref['id'])), r_maxsize)
085af2
-
085af2
-        for (notice, pkgtup, pkg) in data:
085af2
-            mark = ''
085af2
-            if list_type == 'all':
085af2
-                mark = '  '
085af2
-                if _rpm_tup_vercmp(iname2tup[pkgtup[0]], pkgtup) >= 0:
085af2
-                    mark = 'i '
085af2
-            tn = notice['type']
085af2
-            if tn == 'security' and notice['severity']:
085af2
-                tn = notice['severity'] + '/Sec.'
085af2
-
085af2
-            if show_type and ysp_has_info_md(show_type, notice):
085af2
-                for ref in ysp__safe_refs(notice['references']):
085af2
-                    if ref['type'] != show_type:
085af2
-                        continue
085af2
-                    msg("%s %-*s %-*s %s" % (mark, r_maxsize, str(ref['id']),
085af2
-                                             t_maxsize, tn, pkg))
085af2
-            elif hasattr(pkg, 'name'):
085af2
-                print base.fmtKeyValFill("%s: " % pkg.name,
085af2
-                                         base._enc(pkg.summary))
085af2
-            else:
085af2
-                msg("%s%-*s %-*s %s" % (mark, n_maxsize, notice['update_id'],
085af2
-                                        t_maxsize, tn, pkg))
085af2
-
085af2
-    def info_show_pkgs(self, base, md_info, list_type, show_type,
085af2
-                       iname2tup, data, msg):
085af2
-        show_pkg_info_done = {}
085af2
-        for (notice, pkgtup, pkg) in data:
085af2
-            if notice['update_id'] in show_pkg_info_done:
085af2
-                continue
085af2
-            show_pkg_info_done[notice['update_id']] = notice
085af2
-
085af2
-            if hasattr(notice, 'text'):
085af2
-                debug_log_lvl = yum.logginglevels.DEBUG_3
085af2
-                vlog = logging.getLogger("yum.verbose.main")
085af2
-                if vlog.isEnabledFor(debug_log_lvl):
085af2
-                    obj = notice.text(skip_data=[])
085af2
-                else:
085af2
-                    obj = notice.text()
085af2
-            else:
085af2
-                # Python-2.4.* doesn't understand str(x) returning unicode
085af2
-                obj = notice.__str__()
085af2
-
085af2
-            if list_type == 'all':
085af2
-                if _rpm_tup_vercmp(iname2tup[pkgtup[0]], pkgtup) >= 0:
085af2
-                    obj = obj + "\n  Installed : true"
085af2
-                else:
085af2
-                    obj = obj + "\n  Installed : false"
085af2
-            msg(obj)
085af2
-
085af2
-    def summary_show_pkgs(self, base, md_info, list_type, show_type,
085af2
-                          iname2tup, data, msg):
085af2
-        def _msg(x):
085af2
-            print x
085af2
-        counts = {}
085af2
-        sev_counts = {}
085af2
-        show_pkg_info_done = {}
085af2
-        for (notice, pkgtup, pkg) in data:
085af2
-            if notice['update_id'] in show_pkg_info_done:
085af2
-                continue
085af2
-            show_pkg_info_done[notice['update_id']] = notice
085af2
-            counts[notice['type']] = counts.get(notice['type'], 0) + 1
085af2
-            if notice['type'] == 'security':
085af2
-                sev = notice['severity']
085af2
-                if sev is None:
085af2
-                    sev = ''
085af2
-                sev_counts[sev] = sev_counts.get(sev, 0) + 1
085af2
-
085af2
-        maxsize = 0
085af2
-        for T in ('newpackage', 'security', 'bugfix', 'enhancement'):
085af2
-            if T not in counts:
085af2
-                continue
085af2
-            size = len(str(counts[T]))
085af2
-            if maxsize < size:
085af2
-                maxsize = size
085af2
-        if not maxsize:
085af2
-            _check_running_kernel(base, md_info, _msg)
085af2
-            return
085af2
-
085af2
-        outT = {'newpackage' : 'New Package',
085af2
-                'security' : 'Security',
085af2
-                'bugfix' : 'Bugfix',
085af2
-                'enhancement' : 'Enhancement'}
085af2
-        print "Updates Information Summary:", list_type
085af2
-        for T in ('newpackage', 'security', 'bugfix', 'enhancement'):
085af2
-            if T not in counts:
085af2
-                continue
085af2
-            n = outT[T]
085af2
-            if T == 'security' and len(sev_counts) == 1:
085af2
-                sn = sev_counts.keys()[0]
085af2
-                if sn != '':
085af2
-                    n = sn + " " + n
085af2
-            print "    %*u %s notice(s)" % (maxsize, counts[T], n)
085af2
-            if T == 'security' and len(sev_counts) != 1:
085af2
-                def _sev_sort_key(key):
085af2
-                    # We want these in order, from "highest" to "lowest".
085af2
-                    # Anything unknown is "higher". meh.
085af2
-                    return {'Critical' : "zz1",
085af2
-                            'Important': "zz2",
085af2
-                            'Moderate' : "zz3",
085af2
-                            'Low'      : "zz4",
085af2
-                            }.get(key, key)
085af2
-
085af2
-                for sn in sorted(sev_counts, key=_sev_sort_key):
085af2
-                    args = (maxsize, sev_counts[sn],sn or '?', outT['security'])
085af2
-                    print "        %*u %s %s notice(s)" % args
085af2
-        _check_running_kernel(base, md_info, _msg)
085af2
-        self.show_pkg_info_done = {}
085af2
-
085af2
-    def _get_new_pkgs(self, md_info):
085af2
-        for notice in md_info.notices:
085af2
-            if notice['type'] != "newpackage":
085af2
-                continue
085af2
-            for upkg in notice['pkglist']:
085af2
-                for pkg in upkg['packages']:
085af2
-                    pkgtup = (pkg['name'], pkg['arch'], pkg['epoch'] or '0',
085af2
-                              pkg['version'], pkg['release'])
085af2
-                    yield (notice, pkgtup)
085af2
-
085af2
-    _cmd2filt = {"bugzillas" : "bugzilla",
085af2
-                 "bugzilla" : "bugzilla",
085af2
-                 "bzs" : "bugzilla",
085af2
-                 "bz" : "bugzilla",
085af2
-
085af2
-                 "sec" : "security",
085af2
-
085af2
-                 "cves" : "cve",
085af2
-                 "cve" : "cve",
085af2
-
085af2
-                 "newpackages" : "newpackage",
085af2
-                 "new-packages" : "newpackage",
085af2
-                 "newpackage" : "newpackage",
085af2
-                 "new-package" : "newpackage",
085af2
-                 "new" : "newpackage"}
085af2
-    for filt_type in __update_info_types__:
085af2
-        _cmd2filt[filt_type] = filt_type
085af2
-
085af2
-    def doCommand(self, base, basecmd, extcmds):
085af2
-        if basecmd in self.direct_cmds:
085af2
-            subcommand = self.direct_cmds[basecmd]
085af2
-        elif extcmds and extcmds[0] in ('list', 'info', 'summary'):
085af2
-            subcommand = extcmds[0]
085af2
-            extcmds = extcmds[1:]
085af2
-        elif extcmds and extcmds[0] in self._cmd2filt:
085af2
-            subcommand = 'list'
085af2
-        elif extcmds:
085af2
-            subcommand = 'info'
085af2
-        else:
085af2
-            subcommand = 'summary'
085af2
-
085af2
-        if subcommand == 'list':
085af2
-            return self.doCommand_li(base, 'updateinfo list', extcmds,
085af2
-                                     self.list_show_pkgs)
085af2
-        if subcommand == 'info':
085af2
-            return self.doCommand_li(base, 'updateinfo info', extcmds,
085af2
-                                     self.info_show_pkgs)
085af2
-
085af2
-        if subcommand == 'summary':
085af2
-            return self.doCommand_li(base, 'updateinfo summary', extcmds,
085af2
-                                     self.summary_show_pkgs)
085af2
-
085af2
-    def doCommand_li_new(self, base, list_type, extcmds, md_info, msg,
085af2
-                         show_pkgs):
085af2
-        done_pkgs = set()
085af2
-        data = []
085af2
-        for (notice, pkgtup) in sorted(self._get_new_pkgs(md_info),
085af2
-                                       key=lambda x: x[1][0]):
085af2
-            if extcmds and not _match_sec_cmd(extcmds, pkgtup[0], notice):
085af2
-                continue
085af2
-            n = pkgtup[0]
085af2
-            if n in done_pkgs:
085af2
-                continue
085af2
-            ipkgs = list(reversed(sorted(base.rpmdb.searchNames([n]))))
085af2
-            if list_type in ('installed', 'updates') and not ipkgs:
085af2
-                done_pkgs.add(n)
085af2
-                continue
085af2
-            if list_type == 'available' and ipkgs:
085af2
-                done_pkgs.add(n)
085af2
-                continue
085af2
-
085af2
-            pkgs = base.pkgSack.searchPkgTuple(pkgtup)
085af2
-            if not pkgs:
085af2
-                continue
085af2
-            if list_type == "updates" and pkgs[0].verLE(ipkgs[0]):
085af2
-                done_pkgs.add(n)
085af2
-                continue
085af2
-            done_pkgs.add(n)
085af2
-            data.append((notice, pkgtup, pkgs[0]))
085af2
-        show_pkgs(base, md_info, list_type, None, {}, data, msg)
085af2
-
085af2
-    def _parse_extcmds(self, extcmds):
085af2
-        filt_type = None
085af2
-        show_type = None
085af2
-        if len(extcmds) >= 1:
085af2
-            filt_type = None
085af2
-            
085af2
-            if extcmds[0] in self._cmd2filt:
085af2
-                filt_type = self._cmd2filt[extcmds.pop(0)]
085af2
-            show_type = filt_type
085af2
-            if filt_type and filt_type in __update_info_types__:
085af2
-                show_type = None
085af2
-        return extcmds, show_type, filt_type
085af2
-
085af2
-    def doCommand_li(self, base, basecmd, extcmds, show_pkgs):
085af2
-        self.repos = base.repos
085af2
-        md_info = ysp_gen_metadata(self.repos.listEnabled())
085af2
-        def msg(x):
085af2
-            #  Don't use: logger.log(logginglevels.INFO_2, x)
085af2
-            # or -q deletes everything.
085af2
-            print x
085af2
-
085af2
-        opts, cmdline = base.plugins.cmdline
085af2
-        extcmds, show_type, filt_type = self._parse_extcmds(extcmds)
085af2
-
085af2
-        list_type = "available"
085af2
-        if extcmds and extcmds[0] in ("updates","available","installed", "all"):
085af2
-            list_type = extcmds.pop(0)
085af2
-
085af2
-        if filt_type == "newpackage":
085af2
-            # No filtering here, as we want what isn't installed...
085af2
-            self.doCommand_li_new(base, list_type, extcmds, md_info, msg,
085af2
-                                  show_pkgs)
085af2
-            return 0, [basecmd + ' new done']
085af2
-
085af2
-        opts.sec_cmds = extcmds
085af2
-        used_map = ysp_gen_used_map(opts)
085af2
-        iname2tup = {}
085af2
-        if False: pass
085af2
-        elif list_type in ('installed', 'all'):
085af2
-            name2tup = _get_name2allpkgtup(base)
085af2
-            iname2tup = _get_name2instpkgtup(base)
085af2
-        elif list_type == 'updates':
085af2
-            name2tup = _get_name2oldpkgtup(base)
085af2
-        elif list_type == 'available':
085af2
-            name2tup = _get_name2instpkgtup(base)
085af2
-
085af2
-        def _show_pkgtup(pkgtup):
085af2
-            name = pkgtup[0]
085af2
-            notices = reversed(md_info.get_applicable_notices(pkgtup))
085af2
-            for (pkgtup, notice) in notices:
085af2
-                if filt_type and not ysp_has_info_md(filt_type, notice):
085af2
-                    continue
085af2
-
085af2
-                if list_type == 'installed':
085af2
-                    # Remove any that are newer than what we have installed
085af2
-                    if _rpm_tup_vercmp(iname2tup[name], pkgtup) < 0:
085af2
-                        continue
085af2
-
085af2
-                if ysp_should_filter_pkg(opts, name, notice, used_map):
085af2
-                    yield (pkgtup, notice)
085af2
-
085af2
-        data = []
085af2
-        for pkgname in sorted(name2tup):
085af2
-            for (pkgtup, notice) in _show_pkgtup(name2tup[pkgname]):
085af2
-                d = {}
085af2
-                (d['n'], d['a'], d['e'], d['v'], d['r']) = pkgtup
085af2
-                if d['e'] == '0':
085af2
-                    d['epoch'] = ''
085af2
-                else:
085af2
-                    d['epoch'] = "%s:" % d['e']
085af2
-                data.append((notice, pkgtup,
085af2
-                            "%(n)s-%(epoch)s%(v)s-%(r)s.%(a)s" % d))
085af2
-        show_pkgs(base, md_info, list_type, show_type, iname2tup, data, msg)
085af2
-
085af2
-        ysp_chk_used_map(used_map, msg)
085af2
-
085af2
-        return 0, [basecmd + ' done']
085af2
-            
085af2
-
085af2
-# "Borrowed" from yumcommands.py
085af2
-def yumcommands_checkRootUID(base):
085af2
-    """
085af2
-    Verify that the program is being run by the root user.
085af2
-
085af2
-    @param base: a YumBase object.
085af2
-    """
085af2
-    if base.conf.uid != 0:
085af2
-        base.logger.critical('You need to be root to perform this command.')
085af2
-        raise CliError
085af2
-def yumcommands_checkGPGKey(base):
085af2
-    if not base.gpgKeyCheck():
085af2
-        for repo in base.repos.listEnabled():
085af2
-            if repo.gpgcheck != 'false' and repo.gpgkey == '':
085af2
-                msg = """
085af2
-You have enabled checking of packages via GPG keys. This is a good thing. 
085af2
-However, you do not have any GPG public keys installed. You need to download
085af2
-the keys for packages you wish to install and install them.
085af2
-You can do that by running the command:
085af2
-    rpm --import public.gpg.key
085af2
-
085af2
-
085af2
-Alternatively you can specify the url to the key you would like to use
085af2
-for a repository in the 'gpgkey' option in a repository section and yum 
085af2
-will install it for you.
085af2
-
085af2
-For more information contact your distribution or package provider.
085af2
-"""
085af2
-                base.logger.critical(msg)
085af2
-                raise CliError
085af2
-
085af2
-def _get_name2pkgtup(base, pkgtups):
085af2
-    name2tup = {}
085af2
-    for pkgtup in pkgtups:
085af2
-        # Get the latest "old" pkgtups
085af2
-        if (pkgtup[0] in name2tup and
085af2
-            _rpm_tup_vercmp(name2tup[pkgtup[0]], pkgtup) > 0):
085af2
-            continue
085af2
-        name2tup[pkgtup[0]] = pkgtup
085af2
-    return name2tup
085af2
-def _get_name2oldpkgtup(base):
085af2
-    """ Get the pkgtups for all installed pkgs. which have an update. """
085af2
-    oupdates = map(lambda x: x[1], base.up.getUpdatesTuples())
085af2
-    return _get_name2pkgtup(base, oupdates)
085af2
-def _get_name2instpkgtup(base):
085af2
-    """ Get the pkgtups for all installed pkgs. """
085af2
-    return _get_name2pkgtup(base, base.rpmdb.simplePkgList())
085af2
-def _get_name2allpkgtup(base):
085af2
-    """ Get the pkgtups for all installed pkgs. and munge that to be the
085af2
-        first possible pkgtup. """
085af2
-    ofirst = [(pt[0], pt[1], '0','0','0') for pt in base.rpmdb.simplePkgList()]
085af2
-    return _get_name2pkgtup(base, ofirst)
085af2
-
085af2
-
085af2
-
085af2
-class SecurityUpdateCommand:
085af2
-    def getNames(self):
085af2
-        return ['update-minimal']
085af2
-
085af2
-    def getUsage(self):
085af2
-        return "[PACKAGE-wildcard]"
085af2
-
085af2
-    def getSummary(self):
085af2
-        return "Works like update, but goes to the 'newest' package match which fixes a problem that affects your system"
085af2
-
085af2
-    def doCheck(self, base, basecmd, extcmds):
085af2
-        yumcommands_checkRootUID(base)
085af2
-        yumcommands_checkGPGKey(base)
085af2
-
085af2
-    def doCommand(self, base, basecmd, extcmds):
085af2
-        if hasattr(base, 'run_with_package_names'):
085af2
-            base.run_with_package_names.add(__package_name__)
085af2
-        md_info       = ysp_gen_metadata(base.repos.listEnabled())
085af2
-        opts          = base.plugins.cmdline[0]
085af2
-        opts.sec_cmds = []
085af2
-        used_map      = ysp_gen_used_map(opts)
085af2
-
085af2
-        ndata = not (opts.security or opts.bugfixes or
085af2
-                     opts.advisory or opts.bz or opts.cve or opts.severity)
085af2
-
085af2
-        # NOTE: Not doing obsoletes processing atm. ... maybe we should? --
085af2
-        # Also worth pointing out we don't go backwards for obsoletes in the:
085af2
-        # update --security case etc.
085af2
-
085af2
-        # obsoletes = base.up.getObsoletesTuples(newest=False)
085af2
-        # for (obsoleting, installed) in sorted(obsoletes, key=lambda x: x[0]):
085af2
-        #   pass
085af2
-
085af2
-        # Tuples == (n, a, e, v, r)
085af2
-        oupdates  = map(lambda x: x[1], base.up.getUpdatesTuples())
085af2
-        for oldpkgtup in sorted(oupdates):
085af2
-            data = md_info.get_applicable_notices(oldpkgtup)
085af2
-            if ndata: # No options means pick the oldest update
085af2
-                data.reverse()
085af2
-
085af2
-            for (pkgtup, notice) in data:
085af2
-                name = pkgtup[0]
085af2
-                if extcmds and not _match_sec_cmd(extcmds, name, notice):
085af2
-                    continue
085af2
-                if (not ndata and
085af2
-                    not ysp_should_filter_pkg(opts, name, notice, used_map)):
085af2
-                    continue
085af2
-                base.update(name=pkgtup[0], arch=pkgtup[1], epoch=pkgtup[2],
085af2
-                            version=pkgtup[3], release=pkgtup[4])
085af2
-                break
085af2
-
085af2
-        if len(base.tsInfo) > 0:
085af2
-            msg = '%d packages marked for minimal Update' % len(base.tsInfo)
085af2
-            return 2, [msg]
085af2
-        else:
085af2
-            return 0, ['No Packages marked for minimal Update']
085af2
-
085af2
-def config_hook(conduit):
085af2
-    '''
085af2
-    Yum Plugin Config Hook: 
085af2
-    Setup the option parser with the '--advisory', '--bz', '--cve',
085af2
-    '--security' and '--severity' command line options. Also the 'updateinfo'
085af2
-    and 'update-minimal' commands.
085af2
-    '''
085af2
-
085af2
-    parser = conduit.getOptParser()
085af2
-    if not parser:
085af2
-        return
085af2
-
085af2
-    if hasattr(parser, 'plugin_option_group'):
085af2
-        parser = parser.plugin_option_group
085af2
-
085af2
-    conduit.registerCommand(UpdateinfoCommand())
085af2
-    conduit.registerCommand(SecurityUpdateCommand())
085af2
-    def osec(opt, key, val, parser):
085af2
-         # CVE is a subset of --security on RHEL, but not on Fedora
085af2
-        parser.values.security = True
085af2
-    def obug(opt, key, val, parser):
085af2
-        parser.values.bugfixes = True
085af2
-    def ocve(opt, key, val, parser):
085af2
-        parser.values.cve.extend(val.split(','))
085af2
-    def obz(opt, key, val, parser):
085af2
-        parser.values.bz.append(str(val))
085af2
-    def oadv(opt, key, val, parser):
085af2
-        parser.values.advisory.extend(val.split(','))
085af2
-    def osev(opt, key, val, parser):
085af2
-        parser.values.severity.extend(val.split(','))
085af2
-            
085af2
-    parser.add_option('--security', action="callback",
085af2
-                      callback=osec, dest='security', default=False,
085af2
-                      help='Include security relevant packages')
085af2
-    parser.add_option('--bugfixes', action="callback",
085af2
-                      callback=obug, dest='bugfixes', default=False,
085af2
-                      help='Include bugfix relevant packages')
085af2
-    parser.add_option('--cve', action="callback", type="string",
085af2
-                      callback=ocve, dest='cve', default=[],
085af2
-                      help='Include packages needed to fix the given CVE')
085af2
-    parser.add_option('--bz', action="callback",
085af2
-                      callback=obz, dest='bz', default=[], type="int",
085af2
-                      help='Include packages needed to fix the given BZ')
085af2
-    parser.add_option('--sec-severity', action="callback",
085af2
-                      callback=osev, dest='severity', default=[], type="string",
085af2
-                      help='Include security relevant packages, of this severity')
085af2
-    parser.add_option('--advisory', action="callback",
085af2
-                      callback=oadv, dest='advisory', default=[], type="string",
085af2
-                      help='Include packages needed to fix the given advisory')
085af2
-
085af2
-#  You might think we'd just use the exclude_hook, and call delPackage
085af2
-# and indeed that works for list updates etc.
085af2
-#
085af2
-# __but__ that doesn't work for dependancies on real updates
085af2
-#
085af2
-#  So to fix deps. we need to do it at the preresolve stage and take the
085af2
-# "transaction package list" and then remove packages from that.
085af2
-#
085af2
-# __but__ that doesn't work for lists ... so we do it two ways
085af2
-#
085af2
-def ysp_should_keep_pkg(opts, pkgtup, md_info, used_map):
085af2
-    """ Do we want to keep this package to satisfy the security limits. """
085af2
-    name = pkgtup[0]
085af2
-    for (pkgtup, notice) in md_info.get_applicable_notices(pkgtup):
085af2
-        if ysp_should_filter_pkg(opts, name, notice, used_map):
085af2
-            return True
085af2
-    return False
085af2
-
085af2
-def ysp_check_func_enter(conduit):
085af2
-    """ Stuff we need to do in both list and update modes. """
085af2
-    
085af2
-    opts, args = conduit.getCmdLine()
085af2
-
085af2
-    ndata = not (opts.security or opts.bugfixes or
085af2
-                 opts.advisory or opts.bz or opts.cve or opts.severity)
085af2
-    
085af2
-    ret = None
085af2
-    if len(args) >= 2:
085af2
-        if ((args[0] == "list") and (args[1] in ("obsoletes", "updates"))):
085af2
-            ret = {"skip": ndata, "list_cmd": True}
085af2
-        if ((args[0] == "info") and (args[1] in ("obsoletes", "updates"))):
085af2
-            ret = {"skip": ndata, "list_cmd": True}
085af2
-    if len(args):
085af2
-
085af2
-        # All the args. stuff is done in our command:
085af2
-        if (args[0] == "update-minimal"):
085af2
-            return (opts, {"skip": True, "list_cmd": False, "msg": True})
085af2
-            
085af2
-        if (args[0] == "check-update"):
085af2
-            ret = {"skip": ndata, "list_cmd": True}
085af2
-        if (args[0] in ["update", "upgrade"]):
085af2
-            ret = {"skip": ndata, "list_cmd": False}
085af2
-        if args[0] == 'updateinfo':
085af2
-            return (opts, {"skip": True, "list_cmd": True})
085af2
-        if (args[0] in UpdateinfoCommand.direct_cmds):
085af2
-            return (opts, {"skip": True, "list_cmd": True})
085af2
-
085af2
-    if ret:
085af2
-        return (opts, ret)
085af2
-    
085af2
-    if not ndata:
085af2
-        conduit.error(2, 'Skipping security plugin, other command')
085af2
-    return (opts, {"skip": True, "list_cmd": False, "msg": True})
085af2
-
085af2
-def exclude_hook(conduit):
085af2
-    '''
085af2
-    Yum Plugin Exclude Hook:
085af2
-    Check and remove packages that don\'t align with the security config.
085af2
-    '''
085af2
-    
085af2
-    opts, info = ysp_check_func_enter(conduit)
085af2
-    if info["skip"]:
085af2
-        return
085af2
-
085af2
-    if not info["list_cmd"]:
085af2
-        return
085af2
-    
085af2
-    if hasattr(conduit, 'registerPackageName'):
085af2
-        conduit.registerPackageName(__package_name__)
085af2
-    conduit.info(2, 'Limiting package lists to security relevant ones')
085af2
-    
085af2
-    md_info = ysp_gen_metadata(conduit.getRepos().listEnabled())
085af2
-
085af2
-    def ysp_del_pkg(pkg):
085af2
-        """ Deletes a package from all trees that yum knows about """
085af2
-        conduit.info(3," --> %s from %s excluded (non-security)" %
085af2
-                     (pkg,pkg.repoid))
085af2
-        conduit.delPackage(pkg)
085af2
-
085af2
-    opts.sec_cmds = []
085af2
-    used_map = ysp_gen_used_map(opts)
085af2
-
085af2
-    # The official API is:
085af2
-    #
085af2
-    # pkgs = conduit.getPackages()
085af2
-    #
085af2
-    # ...however that is _extremely_ slow, deleting all packages. So we ask
085af2
-    # for the list of update packages, which is all we care about.    
085af2
-    upds = conduit._base.doPackageLists(pkgnarrow='updates')
085af2
-    pkgs = upds.updates
085af2
-    # In theory we don't need to do this in some cases, but meh.
085af2
-    upds = conduit._base.doPackageLists(pkgnarrow='obsoletes')
085af2
-    pkgs += upds.obsoletes
085af2
-
085af2
-    name2tup = _get_name2oldpkgtup(conduit._base)
085af2
-    
085af2
-    tot = 0
085af2
-    cnt = 0
085af2
-    for pkg in pkgs:
085af2
-        tot += 1
085af2
-        name = pkg.name
085af2
-        if (name not in name2tup or
085af2
-            not ysp_should_keep_pkg(opts, name2tup[name], md_info, used_map)):
085af2
-            ysp_del_pkg(pkg)
085af2
-            continue
085af2
-        cnt += 1
085af2
-
085af2
-    ysp_chk_used_map(used_map, lambda x: conduit.error(2, x))
085af2
-    if cnt:
085af2
-        conduit.info(2, '%d package(s) needed for security, out of %d available' % (cnt, tot))
085af2
-    else:
085af2
-        conduit.info(2, 'No packages needed for security; %d packages available' % tot)
085af2
-
085af2
-    _check_running_kernel(conduit._base, md_info, lambda x: conduit.info(2, x))
085af2
-
085af2
-def _check_running_kernel(yb, md_info, msg):
085af2
-    if not hasattr(yum.misc, 'get_running_kernel_pkgtup'):
085af2
-        return # Back compat.
085af2
-
085af2
-    kern_pkgtup = yum.misc.get_running_kernel_pkgtup(yb.ts)
085af2
-    if kern_pkgtup[0] is None:
085af2
-        return
085af2
-
085af2
-    found_sec = False
085af2
-    for (pkgtup, notice) in md_info.get_applicable_notices(kern_pkgtup):
085af2
-        if found_sec or notice['type'] != 'security':
085af2
-            continue
085af2
-        found_sec = True
085af2
-        ipkg = yb.rpmdb.searchPkgTuple(pkgtup)
085af2
-        if not ipkg:
085af2
-            continue # Not installed
085af2
-        ipkg = ipkg[0]
085af2
-
085af2
-        e = ''
085af2
-        if kern_pkgtup[2] != '0':
085af2
-            e = '%s:' % kern_pkgtup[2]
085af2
-        rpkg = '%s-%s%s-%s.%s' % (kern_pkgtup[0], e,
085af2
-                                  kern_pkgtup[3], kern_pkgtup[4],
085af2
-                                  kern_pkgtup[1])
085af2
-
085af2
-        msg('Security: %s is an installed security update' % ipkg)
085af2
-        msg('Security: %s is the currently running version' % rpkg)
085af2
-        break
085af2
-
085af2
-
085af2
-def preresolve_hook(conduit):
085af2
-    '''
085af2
-    Yum Plugin PreResolve Hook:
085af2
-    Check and remove packages that don\'t align with the security config.
085af2
-    '''
085af2
-
085af2
-    opts, info = ysp_check_func_enter(conduit)
085af2
-    if info["skip"]:
085af2
-        return
085af2
-
085af2
-    if info["list_cmd"]:
085af2
-        return
085af2
-    
085af2
-    if hasattr(conduit, 'registerPackageName'):
085af2
-        conduit.registerPackageName(__package_name__)
085af2
-    conduit.info(2, 'Limiting packages to security relevant ones')
085af2
-
085af2
-    md_info = ysp_gen_metadata(conduit.getRepos().listEnabled())
085af2
-
085af2
-    def ysp_del_pkg(tspkg):
085af2
-        """ Deletes a package within a transaction. """
085af2
-        conduit.info(3," --> %s from %s excluded (non-security)" %
085af2
-                     (tspkg.po,tspkg.po.repoid))
085af2
-        tsinfo.remove(tspkg.pkgtup)
085af2
-
085af2
-    tot = 0
085af2
-    cnt = 0
085af2
-    opts.sec_cmds = []
085af2
-    used_map = ysp_gen_used_map(opts)
085af2
-    tsinfo = conduit.getTsInfo()
085af2
-    tspkgs = tsinfo.getMembers()
085af2
-    #  Ok, here we keep any pkgs that pass "ysp" tests, then we keep all
085af2
-    # related pkgs ... Ie. "installed" version marked for removal.
085af2
-    keep_pkgs = set()
085af2
-
085af2
-    count_states = set(TS_INSTALL_STATES + [TS_ERASE])
085af2
-    count_pkgs = set()
085af2
-    for tspkg in tspkgs:
085af2
-        if tspkg.output_state in count_states:
085af2
-            count_pkgs.add(tspkg.po)
085af2
-
085af2
-    name2tup = _get_name2oldpkgtup(conduit._base)
085af2
-    for tspkg in tspkgs:
085af2
-        if tspkg.output_state in count_states:
085af2
-            tot += 1
085af2
-        name = tspkg.po.name
085af2
-        if (name not in name2tup or
085af2
-            not ysp_should_keep_pkg(opts, name2tup[name], md_info, used_map)):
085af2
-            continue
085af2
-        if tspkg.output_state in count_states:
085af2
-            cnt += 1
085af2
-        keep_pkgs.add(tspkg.po)
085af2
-
085af2
-    scnt = cnt
085af2
-    mini_depsolve_again = True
085af2
-    while mini_depsolve_again:
085af2
-        mini_depsolve_again = False
085af2
-
085af2
-        for tspkg in tspkgs:
085af2
-            if tspkg.po in keep_pkgs:
085af2
-                # Find any related pkgs, and add them:
085af2
-                for (rpkg, reason) in tspkg.relatedto:
085af2
-                    if rpkg not in keep_pkgs:
085af2
-                        if rpkg in count_pkgs:
085af2
-                            cnt += 1
085af2
-                        keep_pkgs.add(rpkg)
085af2
-                        mini_depsolve_again = True
085af2
-            else:
085af2
-                # If related to any keep pkgs, add us
085af2
-                for (rpkg, reason) in tspkg.relatedto:
085af2
-                    if rpkg in keep_pkgs:
085af2
-                        if rpkg in count_pkgs:
085af2
-                            cnt += 1
085af2
-                        keep_pkgs.add(tspkg.po)
085af2
-                        mini_depsolve_again = True
085af2
-                        break
085af2
-
085af2
-    for tspkg in tspkgs:
085af2
-        if tspkg.po not in keep_pkgs:
085af2
-            ysp_del_pkg(tspkg)
085af2
-
085af2
-    ysp_chk_used_map(used_map, lambda x: conduit.error(2, x))
085af2
-    
085af2
-    if cnt:
085af2
-        conduit.info(2, '%d package(s) needed (+%d related) for security, out of %d available' % (scnt, cnt - scnt, tot))
085af2
-    else:
085af2
-        conduit.info(2, 'No packages needed for security; %d packages available' % tot)
085af2
-
085af2
-if __name__ == '__main__':
085af2
-    print "This is a plugin that is supposed to run from inside YUM"
085af2
diff --git a/po/POTFILES.in b/po/POTFILES.in
085af2
index d85030c..2f12118 100644
085af2
--- a/po/POTFILES.in
085af2
+++ b/po/POTFILES.in
085af2
@@ -34,7 +34,6 @@ plugins/merge-conf/merge-conf.py
085af2
 plugins/aliases/aliases.py
085af2
 plugins/protectbase/protectbase.py
085af2
 plugins/versionlock/versionlock.py
085af2
-plugins/security/security.py
085af2
 plugins/nofsync/nofsync.py
085af2
 plugins/tmprepo/tmprepo.py
085af2
 plugins/priorities/priorities.py
085af2
diff --git a/yum-utils.spec b/yum-utils.spec
085af2
index 6d6d699..de6fbfd 100644
085af2
--- a/yum-utils.spec
085af2
+++ b/yum-utils.spec
085af2
@@ -155,20 +155,6 @@ This yum plugin adds the "--merge-conf" command line option. With this option,
085af2
 Yum will ask you what to do with config files which have changed on updating a
085af2
 package.
085af2
 
085af2
-%package -n yum-plugin-security
085af2
-Summary: Yum plugin to enable security filters
085af2
-Group: System Environment/Base
085af2
-Provides: yum-security = %{version}-%{release}
085af2
-Obsoletes: yum-security < 1.1.20-0
085af2
-Conflicts: yum-security < 1.1.20-0
085af2
-Requires: yum >= 3.2.18
085af2
-
085af2
-%description -n yum-plugin-security
085af2
-This plugin adds the options --security, --cve, --bz and --advisory flags
085af2
-to yum and the list-security and info-security commands.
085af2
-The options make it possible to limit list/upgrade of packages to specific
085af2
-security relevant ones. The commands give you the security information.
085af2
-
085af2
 %package -n yum-plugin-upgrade-helper
085af2
 Summary: Yum plugin to help upgrades to the next distribution version
085af2
 Group: System Environment/Base
085af2
@@ -396,7 +382,6 @@ plugins="\
085af2
  tsflags \
085af2
  priorities \
085af2
  merge-conf \
085af2
- security \
085af2
  upgrade-helper \
085af2
  aliases \
085af2
  list-data \
085af2
@@ -565,13 +550,6 @@ fi
085af2
 %config(noreplace) %{_sysconfdir}/yum/pluginconf.d/merge-conf.conf
085af2
 %{pluginhome}/merge-conf.*
085af2
 
085af2
-%files -n yum-plugin-security
085af2
-%defattr(-, root, root)
085af2
-%doc COPYING
085af2
-%config(noreplace) %{_sysconfdir}/yum/pluginconf.d/security.conf
085af2
-%{pluginhome}/security.*
085af2
-%{_mandir}/man8/yum-security.8.*
085af2
-
085af2
 %files -n yum-plugin-upgrade-helper
085af2
 %defattr(-, root, root)
085af2
 %doc COPYING