[Salix-main] Check repo packages for updates against SBo using asbt

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

[Salix-main] Check repo packages for updates against SBo using asbt

Aaditya Bagga
Hi guys,

I am primarily a Slackware user but have Salix installed in a VM that I
occasionally use.
I have written a tool called asbt
(https://github.com/aadityabagga/asbt), which I use for managing my SBo
packages.

Today while using Salix, I tried out `asbt -c all`
This command checks all installed packages for updates from a git clone
of http://slackbuilds.org/ on a user's machine, and discovered that some
packages were out of date.

The reason for this post is to suggest that maybe asbt can be used to
check and update the SBo packages in Salix repos.
Sorry for being presumptuous, probably you guys already have a tool for
doing such a thing :)

Regards,
Aaditya


------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
Salix-main mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/salix-main
Reply | Threaded
Open this post in threaded view
|

Re: [Salix-main] Check repo packages for updates against SBo using asbt

Tim Beech
This looks like a useful tool. I tried to install it from SBo (as per
the readme) and got an error because the 0.9.7 tarball is downloaded but the
SlackBuild is looking for 0.9.8.

Thanks very much for letting us know about it!

Tim / mimosa

On Thu, 9 Oct 2014, Aaditya Bagga wrote:

> Hi guys,
>
> I am primarily a Slackware user but have Salix installed in a VM that I
> occasionally use.
> I have written a tool called asbt
> (https://github.com/aadityabagga/asbt), which I use for managing my SBo
> packages.
>
> Today while using Salix, I tried out `asbt -c all`
> This command checks all installed packages for updates from a git clone
> of http://slackbuilds.org/ on a user's machine, and discovered that some
> packages were out of date.
>
> The reason for this post is to suggest that maybe asbt can be used to
> check and update the SBo packages in Salix repos.
> Sorry for being presumptuous, probably you guys already have a tool for
> doing such a thing :)
>
> Regards,
> Aaditya
>
>
> ------------------------------------------------------------------------------
> Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
> Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
> Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
> Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
> http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
> _______________________________________________
> Salix-main mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/salix-main
>

------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
Salix-main mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/salix-main
Reply | Threaded
Open this post in threaded view
|

Re: [Salix-main] Check repo packages for updates against SBo using asbt

Tim Beech
In reply to this post by Aaditya Bagga
Ah, my mistake - package list out of date!

On Thu, 9 Oct 2014, Aaditya Bagga wrote:

> Hi guys,
>
> I am primarily a Slackware user but have Salix installed in a VM that I
> occasionally use.
> I have written a tool called asbt
> (https://github.com/aadityabagga/asbt), which I use for managing my SBo
> packages.
>
> Today while using Salix, I tried out `asbt -c all`
> This command checks all installed packages for updates from a git clone
> of http://slackbuilds.org/ on a user's machine, and discovered that some
> packages were out of date.
>
> The reason for this post is to suggest that maybe asbt can be used to
> check and update the SBo packages in Salix repos.
> Sorry for being presumptuous, probably you guys already have a tool for
> doing such a thing :)
>
> Regards,
> Aaditya
>
>
> ------------------------------------------------------------------------------
> Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
> Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
> Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
> Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
> http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
> _______________________________________________
> Salix-main mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/salix-main
>

------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
Salix-main mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/salix-main
Reply | Threaded
Open this post in threaded view
|

Re: [Salix-main] Check repo packages for updates against SBo using asbt

Aaditya Bagga
In reply to this post by Tim Beech
Thanks Tim, glad to be of help.
If you have any queries / bug reports feel free to email me :)

On 10/09/2014 09:57 PM, tim.beech wrote:

> This looks like a useful tool. I tried to install it from SBo (as per
> the readme) and got an error because the 0.9.7 tarball is downloaded but the
> SlackBuild is looking for 0.9.8.
>
> Thanks very much for letting us know about it!
>
> Tim / mimosa
>
> On Thu, 9 Oct 2014, Aaditya Bagga wrote:
>
>> Hi guys,
>>
>> I am primarily a Slackware user but have Salix installed in a VM that I
>> occasionally use.
>> I have written a tool called asbt
>> (https://github.com/aadityabagga/asbt), which I use for managing my SBo
>> packages.
>>
>> Today while using Salix, I tried out `asbt -c all`
>> This command checks all installed packages for updates from a git clone
>> of http://slackbuilds.org/ on a user's machine, and discovered that some
>> packages were out of date.
>>
>> The reason for this post is to suggest that maybe asbt can be used to
>> check and update the SBo packages in Salix repos.
>> Sorry for being presumptuous, probably you guys already have a tool for
>> doing such a thing :)
>>
>> Regards,
>> Aaditya
>>
>>
>> ------------------------------------------------------------------------------
>> Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
>> Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
>> Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
>> Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
>> http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
>> _______________________________________________
>> Salix-main mailing list
>> [hidden email]
>> https://lists.sourceforge.net/lists/listinfo/salix-main
>>
> ------------------------------------------------------------------------------
> Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
> Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
> Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
> Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
> http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
> _______________________________________________
> Salix-main mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/salix-main



------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
Salix-main mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/salix-main
Reply | Threaded
Open this post in threaded view
|

Re: [Salix-main] Check repo packages for updates against SBo using asbt

George Vlahavas
In reply to this post by Aaditya Bagga
Hi Aaditya,

On Thu, 9 Oct 2014, Aaditya Bagga wrote:

> Hi guys,
>
> I am primarily a Slackware user but have Salix installed in a VM that I
> occasionally use.
> I have written a tool called asbt
> (https://github.com/aadityabagga/asbt), which I use for managing my SBo
> packages.

Thanks for notifying us about your tool. It certainly looks interesting
and should be helpful.

> Today while using Salix, I tried out `asbt -c all`
> This command checks all installed packages for updates from a git clone
> of http://slackbuilds.org/ on a user's machine, and discovered that some
> packages were out of date.

Can you post which packages these were? Since our own copy of the SBo
repositories syncs with the main SBo repo every few hours, I'm thinking
you are replacing packages which are available in our binary package
repos.

For more info on how our SBo mirror works see this blog post that I just
uploaded:
http://salixos.blogspot.gr/2014/10/our-sbo-mirrors.html

(I had actually written half of that some months ago, but never got around
to finishing it. Your mail gave me the incentive to do so)

> The reason for this post is to suggest that maybe asbt can be used to
> check and update the SBo packages in Salix repos.
> Sorry for being presumptuous, probably you guys already have a tool for
> doing such a thing :)

In general, software installed from slackbuilds is managed through
Sourcery, slapt-src and lately spi. However, there is no mechanism to
upgrade slackbuilds if a newer version of a slackbuild is up (that is on
purpose). Users need to manually check which version they have installed
and the version available in the SBo repos
(using: slapt-src --show slackbuild_name) and if they want to upgrade,
then they just choose to install the slackbuild again.

------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
Salix-main mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/salix-main
Reply | Threaded
Open this post in threaded view
|

Re: [Salix-main] Check repo packages for updates against SBo using asbt

Aaditya Bagga
Hi George,

Thank you for your detailed answer :)

 From updates to repo packages, I meant that packages installed on a
user's system, that have an updated version from SBo.
The list from my system (pretty vanilla Salix-Xfce-14.1) is as follows:

$ asbt -c all
catfish:    0.3.2 -> 1.2.1
fakeroot:    1.20 -> 1.12.4
galculator:    2.1.2 -> 2.1.3
gstreamer1:    1.2.2 -> 1.4.1
inxi:    1.9.17 -> 2.2.8
libbluray:    0.4.0 -> 0.6.2
libburn:    1.3.4 -> 1.3.6
libetpan:    1.2 -> 1.5
libisofs:    1.3.4 -> 1.3.6
libvpx:    1.2.0 -> 1.3.0
libwebp:    0.3.1 -> 0.4.0
mutagen:    1.22 -> 1.24
orc:    0.4.18 -> 0.4.22
perl-extutils-depends:    0.306 -> 0.308
perl-glib:    1.303 -> 1.305
perl-gtk2:    1.249 -> 1.248
pysetuptools:    1.3.1 -> 6.0.2
sshfs-fuse:    2.4 -> 2.5
unrar:    5.0.12 -> 5.0.14
urlgrabber:    3.9.1 -> 3.10
volumeicon:    0.4.6 -> 0.5.0
webkitgtk:    2.2.5 -> 2.4.6
wv:    1.2.4 -> 1.2.9
xfce4-genmon-plugin:    3.4 -> 3.4.0
xfce4-places-plugin:    1.5.0 -> 1.6.0
zope.interface:    4.0.5 -> 4.1.0

After reading your blog post, I understand that it is design choice of
not updating a SBo package unless its a security update.
I think it may be a difficult task though to separate out the security
updates from normal updates.
(If I could help in any way, please let me know) :)

Regards,
Aaditya

On 10/09/2014 11:19 PM, George Vlahavas wrote:

> Hi Aaditya,
>
> On Thu, 9 Oct 2014, Aaditya Bagga wrote:
>
>> Hi guys,
>>
>> I am primarily a Slackware user but have Salix installed in a VM that I
>> occasionally use.
>> I have written a tool called asbt
>> (https://github.com/aadityabagga/asbt), which I use for managing my SBo
>> packages.
> Thanks for notifying us about your tool. It certainly looks interesting
> and should be helpful.
>
>> Today while using Salix, I tried out `asbt -c all`
>> This command checks all installed packages for updates from a git clone
>> of http://slackbuilds.org/ on a user's machine, and discovered that some
>> packages were out of date.
> Can you post which packages these were? Since our own copy of the SBo
> repositories syncs with the main SBo repo every few hours, I'm thinking
> you are replacing packages which are available in our binary package
> repos.
>
> For more info on how our SBo mirror works see this blog post that I just
> uploaded:
> http://salixos.blogspot.gr/2014/10/our-sbo-mirrors.html
>
> (I had actually written half of that some months ago, but never got around
> to finishing it. Your mail gave me the incentive to do so)
>
>> The reason for this post is to suggest that maybe asbt can be used to
>> check and update the SBo packages in Salix repos.
>> Sorry for being presumptuous, probably you guys already have a tool for
>> doing such a thing :)
> In general, software installed from slackbuilds is managed through
> Sourcery, slapt-src and lately spi. However, there is no mechanism to
> upgrade slackbuilds if a newer version of a slackbuild is up (that is on
> purpose). Users need to manually check which version they have installed
> and the version available in the SBo repos
> (using: slapt-src --show slackbuild_name) and if they want to upgrade,
> then they just choose to install the slackbuild again.
>
> ------------------------------------------------------------------------------
> Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
> Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
> Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
> Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
> http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
> _______________________________________________
> Salix-main mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/salix-main



------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
Salix-main mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/salix-main
Reply | Threaded
Open this post in threaded view
|

Re: [Salix-main] Check repo packages for updates against SBo using asbt

George Vlahavas
n

On Thu, 9 Oct 2014, Aaditya Bagga wrote:

> Hi George,
>
> Thank you for your detailed answer :)
>
> From updates to repo packages, I meant that packages installed on a
> user's system, that have an updated version from SBo.
> The list from my system (pretty vanilla Salix-Xfce-14.1) is as follows:
>
> $ asbt -c all
> catfish:    0.3.2 -> 1.2.1
> fakeroot:    1.20 -> 1.12.4
> galculator:    2.1.2 -> 2.1.3
> gstreamer1:    1.2.2 -> 1.4.1
> inxi:    1.9.17 -> 2.2.8
> libbluray:    0.4.0 -> 0.6.2
> libburn:    1.3.4 -> 1.3.6
> libetpan:    1.2 -> 1.5
> libisofs:    1.3.4 -> 1.3.6
> libvpx:    1.2.0 -> 1.3.0
> libwebp:    0.3.1 -> 0.4.0
> mutagen:    1.22 -> 1.24
> orc:    0.4.18 -> 0.4.22
> perl-extutils-depends:    0.306 -> 0.308
> perl-glib:    1.303 -> 1.305
> perl-gtk2:    1.249 -> 1.248
> pysetuptools:    1.3.1 -> 6.0.2
> sshfs-fuse:    2.4 -> 2.5
> unrar:    5.0.12 -> 5.0.14
> urlgrabber:    3.9.1 -> 3.10
> volumeicon:    0.4.6 -> 0.5.0
> webkitgtk:    2.2.5 -> 2.4.6
> wv:    1.2.4 -> 1.2.9
> xfce4-genmon-plugin:    3.4 -> 3.4.0
> xfce4-places-plugin:    1.5.0 -> 1.6.0
> zope.interface:    4.0.5 -> 4.1.0

Yes, every single one of them is a case of the last "problem" I'm
mentioning in the blog post. Notice how some of them are actually
downgrades and one (xfce4-genmon-plugin) is trying to replace the
installed package with one that is exactly the same version.

In a salix system and using only the package management and slackbuild
management tools that we provide (slapt-get/gslapt, slapt-src/sourcery and
spi) you would never see these, as the respective slackbuilds are simply
removed from our sbo mirror as mentioned in the blog post. This is the
"confusion" I'm talking about in the blog.

> After reading your blog post, I understand that it is design choice of
> not updating a SBo package unless its a security update.
> I think it may be a difficult task though to separate out the security
> updates from normal updates.
> (If I could help in any way, please let me know) :)

No, that is not how it goes. Whatever version is available in SBo is also
available in the salix mirror of SBo, with the exception being stuff that
is already present as prebuilt binary packages in the salix repos (as all
those in your list).

------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
Salix-main mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/salix-main
Reply | Threaded
Open this post in threaded view
|

Re: [Salix-main] Check repo packages for updates against SBo using asbt

Aaditya Bagga
Thank you for the explanation.

I get what you are trying to say and agree that it would be confusing
for users to see different versions of the same package in GSlapt and
Sourcery :)

That is the reason that when a SBo package is added to the Salix repo,
its removed from the Salix SBo repo so that the same package (versions
could be same or different) does not exist in two repos.

However its late at night here, so I will try to discuss it tomorrow :)

Regards,
Aaditya

On 10/10/2014 12:50 AM, George Vlahavas wrote:

> n
>
> On Thu, 9 Oct 2014, Aaditya Bagga wrote:
>
>> Hi George,
>>
>> Thank you for your detailed answer :)
>>
>>  From updates to repo packages, I meant that packages installed on a
>> user's system, that have an updated version from SBo.
>> The list from my system (pretty vanilla Salix-Xfce-14.1) is as follows:
>>
>> $ asbt -c all
>> catfish:    0.3.2 -> 1.2.1
>> fakeroot:    1.20 -> 1.12.4
>> galculator:    2.1.2 -> 2.1.3
>> gstreamer1:    1.2.2 -> 1.4.1
>> inxi:    1.9.17 -> 2.2.8
>> libbluray:    0.4.0 -> 0.6.2
>> libburn:    1.3.4 -> 1.3.6
>> libetpan:    1.2 -> 1.5
>> libisofs:    1.3.4 -> 1.3.6
>> libvpx:    1.2.0 -> 1.3.0
>> libwebp:    0.3.1 -> 0.4.0
>> mutagen:    1.22 -> 1.24
>> orc:    0.4.18 -> 0.4.22
>> perl-extutils-depends:    0.306 -> 0.308
>> perl-glib:    1.303 -> 1.305
>> perl-gtk2:    1.249 -> 1.248
>> pysetuptools:    1.3.1 -> 6.0.2
>> sshfs-fuse:    2.4 -> 2.5
>> unrar:    5.0.12 -> 5.0.14
>> urlgrabber:    3.9.1 -> 3.10
>> volumeicon:    0.4.6 -> 0.5.0
>> webkitgtk:    2.2.5 -> 2.4.6
>> wv:    1.2.4 -> 1.2.9
>> xfce4-genmon-plugin:    3.4 -> 3.4.0
>> xfce4-places-plugin:    1.5.0 -> 1.6.0
>> zope.interface:    4.0.5 -> 4.1.0
> Yes, every single one of them is a case of the last "problem" I'm
> mentioning in the blog post. Notice how some of them are actually
> downgrades and one (xfce4-genmon-plugin) is trying to replace the
> installed package with one that is exactly the same version.
>
> In a salix system and using only the package management and slackbuild
> management tools that we provide (slapt-get/gslapt, slapt-src/sourcery and
> spi) you would never see these, as the respective slackbuilds are simply
> removed from our sbo mirror as mentioned in the blog post. This is the
> "confusion" I'm talking about in the blog.
>
>> After reading your blog post, I understand that it is design choice of
>> not updating a SBo package unless its a security update.
>> I think it may be a difficult task though to separate out the security
>> updates from normal updates.
>> (If I could help in any way, please let me know) :)
> No, that is not how it goes. Whatever version is available in SBo is also
> available in the salix mirror of SBo, with the exception being stuff that
> is already present as prebuilt binary packages in the salix repos (as all
> those in your list).
>
> ------------------------------------------------------------------------------
> Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
> Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
> Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
> Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
> http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
> _______________________________________________
> Salix-main mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/salix-main



------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
Salix-main mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/salix-main