Adds support for listing advisory patches with Yum

2024-11-08 09:23:56 +00:00 · 2017-04-06 12:10:02 +01:00 · 2017-04-06 12:10:02 +01:00 · 0dcd7a3ea5
commit 0dcd7a3ea5
parent 40214081e2
1 changed files with 72 additions and 0 deletions
--- a/salt/modules/yumpkg.py
+++ b/salt/modules/yumpkg.py
@ -1243,6 +1243,16 @@ def install(name=None,
                         if y is not None and '*' in y]
        _available = list_repo_pkgs(*has_wildcards, byrepo=False, **kwargs)
        pkg_params_items = six.iteritems(pkg_params)
+    elif pkg_type == 'advisory':
+        pkg_params_items = []
+        cur_patches = list_patches()
+        for advisory_id in pkg_params:
+            if not advisory_id in cur_patches:
+                raise CommandExecutionError(
+                    'Advisory id "{0}" not found'.format(advisory_id)
+                )
+            else:
+                pkg_params_items.append(advisory_id)
    else:
        pkg_params_items = []
        for pkg_source in pkg_params:
@ -1267,6 +1277,9 @@ def install(name=None,
    for pkg_item_list in pkg_params_items:
        if pkg_type == 'repository':
            pkgname, version_num = pkg_item_list
+        elif pkg_type == 'advisory':
+            pkgname = pkg_item_list
+            version_num = None
        else:
            try:
                pkgname, pkgpath, version_num = pkg_item_list
@ -1281,6 +1294,8 @@ def install(name=None,
                    to_reinstall.append((pkgname, pkgname))
                else:
                    to_install.append((pkgname, pkgname))
+            elif pkg_type == 'advisory':
+                to_install.append((pkgname, pkgname))
            else:
                to_install.append((pkgname, pkgpath))
        else:
@ -2912,3 +2927,60 @@ def diff(*paths):
                    local_pkgs[pkg]['path'], path) or 'Unchanged'

    return ret
+
+
+def _get_patches(installed_only=None):
+    '''
+    List all known patches in repos.
+    '''
+    patches = {}
+
+    cmd = [_yum(), '--quiet', 'updateinfo', 'list', 'security', 'all']
+    ret = __salt__['cmd.run_stdout'](
+        cmd,
+        python_shell=False
+    )
+    for line in salt.utils.itertools.split(ret, os.linesep):
+        inst, advisory_id, sev, pkg = re.match('([i|\s]) ([^\s]+) +([^\s]+) +([^\s]+)',
+                                               line).groups()
+        if inst != 'i' and installed_only:
+           continue
+        patches[advisory_id] = {
+            'installed': True if inst == 'i' else False,
+            'summary': pkg
+        }
+    return patches
+
+
+def list_patches(refresh=False):
+    '''
+    List all known advisory patches from available repos.
+
+    refresh
+        force a refresh if set to True.
+        If set to False (default) it depends on yum if a refresh is
+        executed.
+
+    CLI Examples:
+
+    .. code-block:: bash
+
+        salt '*' pkg.list_patches
+    '''
+    if refresh:
+        refresh_db()
+
+    return _get_patches()
+
+
+def list_installed_patches():
+    '''
+    List installed advisory patches on the system.
+
+    CLI Examples:
+
+    .. code-block:: bash
+
+        salt '*' pkg.list_installed_patches
+    '''
+    return _get_patches(installed_only=True)