Skip to content
This repository has been archived by the owner on Jan 31, 2023. It is now read-only.

Fix check_yum for excluded packages in RHEL 7 #26

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Fix check_yum for excluded packages in RHEL 7 #26

wants to merge 1 commit into from

Conversation

moschlar
Copy link

@moschlar moschlar commented Nov 4, 2016

In our case, there were lots of lines like --> libuuid-2.23.2-22.el7_1.i686 from rhel-7-server-rpms excluded (updateinfo) in the output of yum --security check-update which
triggered the test for len(output) > number_total_updates + 25.

This simply sets a flag when at least one entry like this is found and
then skips that test.

I am aware that this may falsely match when a package or repo are named
including something like excluded.

In our case, there were lots of lines like `-->
libuuid-2.23.2-22.el7_1.i686 from rhel-7-server-rpms excluded
(updateinfo)` in the output of `yum --security check-update` which
triggered the test for `len(output) > number_total_updates + 25`.

This simply sets a flag when at least one entry like this is found and
then skips that test.

I am aware that this may falsely match when a package or repo are named
including something like excluded.
@clintonm9
Copy link

This fixed my issue, thanks you @moschlar

Copy link

@HOSTED-POWER HOSTED-POWER left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixes for me too, why not include it in default branch?

for line in output:
if "excluded" in line:

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I know you mentioned about this falsely matching, but adding a space on either side should improve this. I have a couple other ideas that I'll mention elsewhere.

@wyardley
Copy link

wyardley commented Mar 29, 2017

I have a related one with lines like this:

 --> kernel-3.10.0-514.10.2.el7.x86_64 from xyz removed (updateinfo)
 --> libini_config-1.3.0-27.el7.x86_64 from xyz removed (updateinfo)
 --> procps-ng-3.3.10-3.el7.x86_64 from @base removed (updateinfo)
 --> grep-2.20-1.el7.x86_64 from @base removed (updateinfo)

I wonder if something like the attached might not be better, for several reasons
patch.txt

Not sure if the behavior should be configurable or not (so that people can choose whether they want packages marked as "excluded" or "removed" counted? Or even changed so that it counts excluded packages explicitly so that people can be warned even if there are security updates for packages that are somehow pinned or otherwise excluded?

On an unrelated note, the standard for Python is 4 space soft-tabs /ducks

@desylva
Copy link

desylva commented Nov 26, 2019

This fixed my issue on AWS Linux 2, thanks you @moschlar

@HariSekhon
Copy link

HariSekhon commented Nov 27, 2019

Have you guys tried the original version of this code which is still maintained and has received a lot more updates at

https://github.com/HariSekhon/Nagios-Plugins

I tend to avoid things that will just skip the test and instead use the outputs from other people's servers to update matching logic.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants