fix-cves¶

Command to fix cves

usage: pubtools-pulp-fix-cves [-h] [--debug] [--udcache-url UDCACHE_URL]
                              [--udcache-user UDCACHE_USER]
                              [--udcache-password UDCACHE_PASSWORD]
                              [--cdn-url CDN_URL] [--cdn-cert CDN_CERT]
                              [--cdn-key CDN_KEY] [--cdn-ca-cert CDN_CA_CERT]
                              [--cdn-arl-template [CDN_ARL_TEMPLATE [CDN_ARL_TEMPLATE ...]]]
                              [--fastpurge-host FASTPURGE_HOST]
                              [--fastpurge-client-token FASTPURGE_CLIENT_TOKEN]
                              [--fastpurge-client-secret FASTPURGE_CLIENT_SECRET]
                              [--fastpurge-access-token FASTPURGE_ACCESS_TOKEN]
                              [--fastpurge-root-url FASTPURGE_ROOT_URL]
                              [--pulp-url PULP_URL] [--pulp-user PULP_USER]
                              [--pulp-password PULP_PASSWORD]
                              [--pulp-certificate PULP_CERTIFICATE]
                              [--pulp-certificate-key PULP_CERTIFICATE_KEY]
                              [--pulp-insecure]
                              [--pulp-throttle PULP_THROTTLE] [--pulp-fake]
                              [--clean] [--force] [--advisory ADVISORY]
                              [--cves CVES]

Named Arguments¶

--debug, -d

Show debug logs; can be provided up to three times to enable more logs

Default: 0

--advisory

advisory to fix. e.g. –advisory RHXA-1234:56

--cves

full list of desired CVEs for the advisory must be provided with both existing and the new ones. Current list of CVEs will be overwritten by the provided list. e.g. –cves CVE-987,CVE-456 or –cves CVE-987 –cves CVE-456

Unified Downloads Cache environment¶

--udcache-url

Base URL of UD cache flush API; if omitted, UD cache flush features are disabled.

--udcache-user

Username for UD cache flush

--udcache-password

Password for UD cache flush (or set UDCACHE_PASSWORD)

Default: “”

CDN Client environment¶

--cdn-url

Base URL of CDN, if omitted, CDN won’t be requested for special data (e.g. headers for ARLs)

--cdn-cert

Client certificate for CDN client

--cdn-key

Client key for CDN client

--cdn-ca-cert

CA certificate for CDN

--cdn-arl-template

ARL template used for flushing cache by ARL

Default: []

Akamai FastPurge environment¶

--fastpurge-host

FastPurge hostname (xxx.purge.akamaiapis.net)

--fastpurge-client-token

Fast Purge client token

--fastpurge-client-secret

FastPurge client secret (or set FASTPURGE_SECRET environment variable)

Default: “”

--fastpurge-access-token

FastPurge access token

--fastpurge-root-url

Root URL of CDN for all cache purges (or set FASTPURGE_ROOT_URL environment variable). If omitted, FastPurge features are disabled.

Default: “”

Pulp environment¶

--pulp-url

Pulp server URL

--pulp-user

Pulp username

--pulp-password

Pulp password (or set PULP_PASSWORD environment variable)

--pulp-certificate

Pulp certificate. Can also be a single file (.pem)

--pulp-certificate-key

Pulp certificate key

--pulp-insecure

Allow unverified HTTPS connection to Pulp

Default: False

--pulp-throttle

Allows to enqueue or run only specified number of Pulp tasks at one moment (or set PULP_THROTTLE environment variable)

--pulp-fake

Use a fake in-memory Pulp client rather than interacting with a real server. For development/testing only, may have limited functionality.

Default: False

Publish options¶

Options affecting the behavior of Pulp repo publishes.

--clean

attempt to delete remote content not in the repo

Default: False

--force

force publish of repos even if Pulp thinks nothing has changed

Default: False

Example¶

A typical invocation of fix-cves would look like this:

pubtools-pulp-fix-cves \
  --pulp-url https://pulp.example.com/ \
  --pulp-user admin \
  --pulp-password XXXXX \
  --advisory RHXA-123:45 \
  --cves CVE-123,CVE-345

Mentioned CVEs will be updated in the advisory and uploaded to one of the randomly picked repo from the list of repos the advisory belongs to. All those repos will then be published.

Example: with cache flush¶

If the Pulp server is configured to publish to Akamai CDN, cache flush may be enabled by providing –fastpurge-root-url to publish and clear the Akamai cache to get the updated advisory. If the repo is listed for Unified Downloads,UD cache flush may be enabled with –udcache-url.

pubtools-pulp-fix-cves \
  --pulp-url https://pulp.example.com/ \
  --pulp-user admin \
  --pulp-password XXXXX \
  --fastpurge-root-url https://cdn.example.com/ \
  --udcache-url https://ud.example.com/ \
  --advisory RHXA-123:45 \
  --cves CVE-123,CVE-345

Once the advisory is updated and the related repos are published, caches will be cleared for the provided urls.

fix-cves¶

Named Arguments¶

Unified Downloads Cache environment¶

CDN Client environment¶

Akamai FastPurge environment¶

Pulp environment¶

Publish options¶

Example¶

Example: with cache flush¶

pubtools-pulp

Navigation

Related Topics