I think it's time to release the GLSA update tool to users. It should be kept as an external tool for some time, so that bugs in it don't affect other portage functions. When it's better tested I'll write patches to integrate it into emerge itself.
Created attachment 20291 [details] base class to handle GLSAs, contains the backend code This class contains all the xml parsing code, it's currently designed to interface with emerge and portageq, that will be changed to internal portage calls later. I suggest it's put in the same directory as portage.py
Created attachment 20292 [details] tool to use glsa.py This script is the user interface to glsa.py, it should be in /usr/lib/portage/bin/ . Its functionality will later go into emerge.
Any chance that you could post a glsa.conf file, or should the defaults just work ? I did a wget on http://www.gentoo.org/security/en/glsa/glsa-200310-03.xml?passthru=1 and placed it in /usr/portage/glsa/. Anything else I need to test this ?
The defaults should work, I don't use a glsa.conf myself. If you have a GLSA in /usr/portage/glsa it should be used (the HTTP/FTP stuff is not completely implemented).
Created attachment 22530 [details] rewritten glsa class for the new DTD
Created attachment 22531 [details] revised tool for the rewritten glsa class
ok, this is the brand new code for the new DTD from Swift. It's also changed to interface with portage directly (no more calls to portageq) and uses the standard portage config way to get variables (so no glsa.conf, just add the things to make.conf if you want to override the defaults).
I'll stop posting new attachments here, the latest versions are in CVS in gentoo-projects/gentoo-security/GLSA/user-tools
Putting a hold on feature requests for portage as they are drowning out the bugs. Most of these features should be available in the next major version of portage. But for the time being, they are just drowning out the major bugs and delaying the next version's progress. Any bugs that contain patches and any bugs for etc-update or dispatch-conf can be reopened. Sorry, I'm just not good enough with bugzilla. ;)
Fixed for a long time.