Since yum-security doesn't seem to work I've created a very rough version of it on my own. It requires expect and yum-changelog to be installed on a machine. It makes the assumption that the CVE number will be in the changelog data for any package with a security patch applied. I have my own rsync'd copy of the 5.3 repository that it check's against (I have around 2 dozen machines that need updating when security patch's come out) so I don't do any serious abuse to someone else's repo. ################################################################## #!/bin/bash # Get a complete list of packages requiring updates, remove junk lines #and strip them down to the package.arch name. Loop once for each package. for PKG in `yum check-update | grep -v ^Loaded\ plugins | grep -v ^Loading\ mirror | grep -v \* | grep -v ^$ | awk '{print $1}'`; do # get the changelog delta for this package, XXXxxx is a record separator #that isn't likely to exists allowing awk to process the entire result as #one record and return an unknown number of lines UPDATE=`expect -c "set timeout -1; spawn /usr/bin/yum --changelog update $PKG; expect \"Is this ok\"; send \"N\"" | awk -v RS="XXXxxx" -F"Changes in packages about to be updated:" '{print $2}' | awk -v RS="XXXxxx" -F"Dependencies Resolved" '{print $1}'` # check for the existence of "CVE" in the returned changelog, if it exists #echo it to STDOUT echo ${UPDATE} | grep CVE > /dev/null if [ $? -eq 0 ] then echo "#### Changelog Delta's for $PKG and it's dependancies ####" echo "${UPDATE}" fi done ################################################################## Comments, suggestions. Am I recreating the wheel? If I run it against an online repo it takes about 15-20 minutes to return and makes entirely to many calls to yum. Using my own repo it only takes about 3 minutes and doesn't cost me any extra bandwidth. --------------------------------------------- Jacob Bresciani, Systems Administrator Advanced E-commerce Research Systems Inc. 2307-4464 Markham Street Victoria, BC CANADA V8Z 7X8 +1 250 418 5412 (mobile) +1 250 483 3271 (FAX) www.terapeak.com - eBay Marketplace Research www.aers.ca - Advanced E-commerce Analytics -----Original Message----- From: centos-bounces@xxxxxxxxxx [mailto:centos-bounces@xxxxxxxxxx] On Behalf Of Kwan Lowe Sent: Tuesday, April 28, 2009 2:45 PM To: CentOS mailing list Subject: Re: Yum Update issues On Tue, Apr 28, 2009 at 5:10 PM, Ron Blizzard <rb4centos@xxxxxxxxx> wrote: > Has anyone else run into this issue when running yum update? > > > I've already run yum clear all, but the problem came back when I ran yum > update again. Firefox and xulrunner were also being "held up," but I was > able to update them by running yum update firefox. > > As far as I can see there is no yum-complete-transaction command. > yum-complete-transaction is part of yum-utils. I've seen that error if using third-party repositories or the mirror isn't fully updated _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos