Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12:Update
PackageKit.2392
bsc#951592-zypp-Raise-priority-of-ZYPP-stack-up...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File bsc#951592-zypp-Raise-priority-of-ZYPP-stack-updates-if-a-secur.patch of Package PackageKit.2392
From 7a03688dbd5f13a30eb108b0d03992bef4afbaac Mon Sep 17 00:00:00 2001 From: Michael Andres <ma@suse.de> Date: Fri, 30 Oct 2015 14:48:33 +0100 Subject: [PATCH] zypp: Raise priority of ZYPP stack updates if a security patch is shadowed (bnc#951592) --- backends/zypp/pk-backend-zypp.cpp | 51 ++++++++++++++++++++++++++------------- 1 file changed, 34 insertions(+), 17 deletions(-) diff --git a/backends/zypp/pk-backend-zypp.cpp b/backends/zypp/pk-backend-zypp.cpp index 6ab86dd..726e1c4 100644 --- a/backends/zypp/pk-backend-zypp.cpp +++ b/backends/zypp/pk-backend-zypp.cpp @@ -119,6 +119,13 @@ enum PkgSearchType { SEARCH_TYPE_RESOLVE = 3 }; +/** Details about the kind of content returned by zypp_get_patches. */ +enum class SelfUpdate { + kNo, ///< applicable patches (no ZYPP stack update) + kYes, ///< a ZYPP stack update (must be applied first) + kYesAndShaddowsSecurity ///< a ZYPP stack update is shadowing applicable security patches +}; + /// \class PoolStatusSaver /// \brief Helper to restore the pool status after doing operations on it. /// @@ -142,10 +149,6 @@ public: * FIXME */ gchar * _repoName; -/** Used to show/install only an update to ourself. This way if we find a critical bug - * in the way we update packages we will install the fix before any other updates. - */ -gboolean _updating_self = FALSE; /** * Build a package_id from the specified resolvable. The returned @@ -1202,12 +1205,15 @@ zypp_get_package_updates (string repo, set<PoolItem> &pks) } /** - * Returns a set of all patches the could be installed + * Returns a set of all patches the could be installed. + * An applicable ZYPP stack update will shadow all other updates (must be installed + * first). Check for shadowed security updates. */ -static void +static SelfUpdate zypp_get_patches (PkBackendJob *job, ZYpp::Ptr zypp, set<PoolItem> &patches) { - _updating_self = FALSE; + SelfUpdate detail = SelfUpdate::kNo; + bool sawSecurityPatch = false; zypp->resolver ()->setIgnoreAlreadyRecommended (TRUE); zypp->resolver ()->resolvePool (); @@ -1217,7 +1223,11 @@ zypp_get_patches (PkBackendJob *job, ZYpp::Ptr zypp, set<PoolItem> &patches) // check if the patch is needed and not set to taboo if((*it)->isNeeded() && !((*it)->candidateObj ().isUnwanted())) { Patch::constPtr patch = asKind<Patch>((*it)->candidateObj ().resolvable ()); - if (_updating_self) { + if (!sawSecurityPatch && patch->category () == "security") { + sawSecurityPatch = true; + } + + if (detail == SelfUpdate::kYes) { if (patch->restartSuggested ()) patches.insert ((*it)->candidateObj ()); } @@ -1225,28 +1235,33 @@ zypp_get_patches (PkBackendJob *job, ZYpp::Ptr zypp, set<PoolItem> &patches) patches.insert ((*it)->candidateObj ()); // check if the patch updates libzypp or packageKit and show only these - if (!_updating_self && patch->restartSuggested ()) { - _updating_self = TRUE; + if (patch->restartSuggested () && detail == SelfUpdate::kNo) { + detail = SelfUpdate::kYes; patches.clear (); patches.insert ((*it)->candidateObj ()); } } } + + if (detail == SelfUpdate::kYes && sawSecurityPatch) { + detail = SelfUpdate::kYesAndShaddowsSecurity; + } + return detail; } /** * Return the best, most friendly selection of update patches and packages that - * we can find. Also manages _updating_self to prioritise critical infrastructure + * we can find. Also manages SelfUpdate to prioritise critical infrastructure * updates. */ -static void +static SelfUpdate zypp_get_updates (PkBackendJob *job, ZYpp::Ptr zypp, set<PoolItem> &candidates) { typedef set<PoolItem>::iterator pi_it_t; - zypp_get_patches (job, zypp, candidates); + SelfUpdate detail = zypp_get_patches (job, zypp, candidates); - if (!_updating_self) { + if (detail == SelfUpdate::kNo) { // exclude the patch-repository string patchRepo; if (!candidates.empty ()) { @@ -1302,6 +1317,7 @@ zypp_get_updates (PkBackendJob *job, ZYpp::Ptr zypp, set<PoolItem> &candidates) candidates.insert (packages.begin (), packages.end ()); } } + return detail; } /** @@ -1725,7 +1741,6 @@ pk_backend_initialize (GKeyFile *conf, PkBackend *backend) zypp_logging (); g_debug ("zypp_backend_initialize"); - //_updating_self = FALSE; } /** @@ -2233,7 +2248,7 @@ backend_get_updates_thread (PkBackendJob *job, GVariant *params, gpointer user_d warn_outdated_repos (job, pool); set<PoolItem> candidates; - zypp_get_updates (job, zypp, candidates); + SelfUpdate detail = zypp_get_updates (job, zypp, candidates); pk_backend_job_set_percentage (job, 80); @@ -2243,7 +2258,9 @@ backend_get_updates_thread (PkBackendJob *job, GVariant *params, gpointer user_d // Emit the package PkInfoEnum infoEnum = PK_INFO_ENUM_ENHANCEMENT; - if (isKind<Patch>(res)) { + if (detail == SelfUpdate::kYesAndShaddowsSecurity) { + infoEnum = PK_INFO_ENUM_SECURITY; // bsc#951592: raise priority if security patch is shadowed + } else if (isKind<Patch>(res)) { Patch::constPtr patch = asKind<Patch>(res); if (patch->category () == "recommended") { infoEnum = PK_INFO_ENUM_IMPORTANT; -- 1.8.4.5
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor