fix-cves¶

Command to fix cves

usage: pubtools-pulp-fix-cves [-h] [--debug] [--udcache-url UDCACHE_URL]
                              [--udcache-user UDCACHE_USER]
                              [--udcache-password UDCACHE_PASSWORD]
                              [--udcache-certificate UDCACHE_CERTIFICATE]
                              [--udcache-certificate-key UDCACHE_CERTIFICATE_KEY]
                              [--pulp-url PULP_URL] [--pulp-user PULP_USER]
                              [--pulp-password PULP_PASSWORD]
                              [--pulp-certificate PULP_CERTIFICATE]
                              [--pulp-certificate-key PULP_CERTIFICATE_KEY]
                              [--pulp-insecure]
                              [--pulp-throttle PULP_THROTTLE] [--pulp-fake]
                              [--clean] [--force] [--advisory ADVISORY]
                              [--cves CVES]

Named Arguments¶

--debug, -d

Show debug logs; can be provided up to three times to enable more logs

Default: 0

--advisory

advisory to fix. e.g. –advisory RHXA-1234:56

--cves

full list of desired CVEs for the advisory must be provided with both existing and the new ones. Current list of CVEs will be overwritten by the provided list. e.g. –cves CVE-987,CVE-456 or –cves CVE-987 –cves CVE-456

Unified Downloads Cache environment¶

--udcache-url

Base URL of UD cache flush API; if omitted, UD cache flush features are disabled.

--udcache-user

Username for UD cache flush

--udcache-password

Password for UD cache flush (or set UDCACHE_PASSWORD)

Default: “”

--udcache-certificate

Client certificate for UD cache flush (or set UDCACHE_CERT)

Default: “”

--udcache-certificate-key

Client key for UD cache flush (or set UDCACHE_KEY)

Default: “”

Pulp environment¶

--pulp-url

Pulp server URL

--pulp-user

Pulp username

--pulp-password

Pulp password (or set PULP_PASSWORD environment variable)

--pulp-certificate

Pulp certificate. Can also be a single file (.pem)

--pulp-certificate-key

Pulp certificate key

--pulp-insecure

Allow unverified HTTPS connection to Pulp

Default: False

--pulp-throttle

Allows to enqueue or run only specified number of Pulp tasks at one moment (or set PULP_THROTTLE environment variable)

--pulp-fake

Use a fake in-memory Pulp client rather than interacting with a real server. For development/testing only, may have limited functionality.

Default: False

Publish options¶

Options affecting the behavior of Pulp repo publishes.

--clean

attempt to delete remote content not in the repo

Default: False

--force

force publish of repos even if Pulp thinks nothing has changed

Default: False

Example¶

A typical invocation of fix-cves would look like this:

pubtools-pulp-fix-cves \
  --pulp-url https://pulp.example.com/ \
  --pulp-user admin \
  --pulp-password XXXXX \
  --advisory RHXA-123:45 \
  --cves CVE-123,CVE-345

Mentioned CVEs will be updated in the advisory and uploaded to one of the randomly picked repo from the list of repos the advisory belongs to. All those repos will then be published.

Example: with cache flush¶

If the repo is listed for Unified Downloads,UD cache flush may be enabled with –udcache-url.

pubtools-pulp-fix-cves \
  --pulp-url https://pulp.example.com/ \
  --pulp-user admin \
  --pulp-password XXXXX \
  --udcache-url https://ud.example.com/ \
  --advisory RHXA-123:45 \
  --cves CVE-123,CVE-345

Once the advisory is updated and the related repos are published, caches will be cleared for the provided urls.

fix-cves¶

Named Arguments¶

Unified Downloads Cache environment¶

Pulp environment¶

Publish options¶

Example¶

Example: with cache flush¶

pubtools-pulp

Navigation

Related Topics