For a while now I was running glsa-check -t all as a post update. I was assuming that `glsa-check -t all` was going to report successfully if my machine has updated packages. I WAS WRONG! I turns out that running `glsa-check` -t all` does not yield the same result when running manually and when running as a post script. Here is my case: Running in my shell: ``` # glsa-check -t all 2>&1 This system is affected by the following GLSAs: 201807-04 ``` In a post update script which looks like this: ``` # cat /etc/portage/repo.postsync.d/glsa #!/bin/sh repository_name=${1} # The URI to which the repository was synced. sync_uri=${2} # The path to the repository. repository_path=${3} # Portage assumes that a hook succeeded if it exits with 0 code. If no # explicit exit is done, the exit code is the exit code of last spawned # command. Since our script is a bit more complex, we want to control # the exit code explicitly. if [[ x"${repository_name}" == x"gentoo" ]]; then /usr/bin/glsa-check -t all 2>&1 fi exit 0 ``` called from the shell directly ``` # /etc/portage/repo.postsync.d/glsa gentoo This system is affected by the following GLSAs: 201807-04 ``` So, now I expected the same result after `emerge --sync`: ``` # emerge --sync >>> Syncing repository 'gentoo' into '/usr/portage'... * Using keys from /usr/share/openpgp-keys/gentoo-release.asc * Refreshing keys from keyserver ... [ ok ] >>> Starting rsync with rsync://[2a00:1828:a00d:ffff::6]/gentoo-portage... >>> Checking server timestamp ... Welcome to turnstone.gentoo.org / rsync.gentoo.org Server Address : 89.238.71.6, 2a00:1828:a00d:ffff::6 Contact Name : mirror-admin@gentoo.org Hardware : 16 x Intel(R) Xeon(R) CPU E5530 @ 2.40GHz, 24160MB RAM Sponsor : Manitu GmbH, St. Wendel, Germany Please note: common gentoo-netiquette says you should not sync more than once a day. Users who abuse the rsync.gentoo.org rotation may be added to a temporary ban list. MOTD autogenerated by update-rsync-motd on Tue Jan 2 08:34:00 UTC 2018 receiving incremental file list ... snipped ... Total bytes sent: 32.41K Total bytes received: 4.11M sent 32.41K bytes received 4.11M bytes 919.90K bytes/sec total size is 215.77M speedup is 52.12 * Manifest timestamp: 2018-08-02 13:38:39 UTC * Valid OpenPGP signature found: * - primary key: DCD05B71EAB94199527F44ACDB6B8C1F96D8BF6D * - subkey: E1D6ABB63BFCFB4BA02FDF1CEC590EEAC9189250 * - timestamp: 2018-08-02 13:38:39 UTC * Verifying /usr/portage ... [ ok ] === Sync completed for gentoo This system is not affected by any of the listed GLSAs Action: sync for repo: gentoo, returned code = 0 ``` Confused and baffled, I am now resorting to not using glsa-check like this. So now I have to type: emerge --sync && glsa-check -t all Which does a better job, even though it is not supposed too...
glsa-check is included with >=sys-apps/portage-2.3.72 (bug 463952).