little monkey

elstel.org

by Elws. Starnight

checkroot v1.6 released

Categoría: programs,
Origen: SecuritySW,
Idioma: en,
Tipo:
update
.
adaptation to recent changes of openSUSE; many important bugfixes, new output format:
adpatation I.: recognition of preinstalled packages being of repo "InstallationImage" (since openSUSE 11.2);
adaptation II.: repository description no more stored in file named primary.xml.gz; name is now correctly fetched fromout of repomd.xml.: needed for usage of --update and ----seekunknown
adaptation III.: do not reeimport gpg-keys that have already been imported for another repo; i.e. avoid unnecessary error messages on reimportation-attempts that have not been generated before (gpg or gpg2 need to be installed).
changes: --update updates only for the case that the previous obtention-repo can be determined with 100% certainity (no more updating if repo at all or just lastly installed package version can not be determined fromout of history)
improvements: repositories that no more packages are installed from are disregaraded; repository source URLs may now start with "file:/"
important bugfixes: fetching errors resolved whenever the name of one package had been prefix of another, correct rpm-wrapper that parses rpm´s text output and can differ between verification errors and changes detected in the package; no more fatal error if package has been installed from unknown repository (not in history); no spurious analysis files are generated unless all packages have been checked; recreation of a repo with same name as deleted is now supported.



checkroot v1.5 released

Categoría: programs,
Origen: SecuritySW,
Idioma: en,
Tipo:
update
.
various bugfixes, new output format, small package coverage improvements:
bugfix: verified.annot (output) was sometimes delted by accident with version 1.4 ** important **
maximum of 4 tries if rpm can not be downloaded (no more hang in quasi-infintite loop)
do not skip parsing core repos (*/repo/oss/*,repo-oss,repo-non-oss) on --seekunknown(&--update): they do not keep old rpm-file versions available.
different ver/arches of same package installed: assume all of them are of same repo (previously only one ver-arch allowed for any package)
found other ver/arch in zypper.lvarious bugfixes, new output format, small package coverage improvements:
bugfix: verified.annot (output) was sometimes delted by accident with version 1.4 ** important **
maximum of 4 tries if rpm can not be downloaded (no more hang in quasi-infintite loop)
do not skip parsing core repos (*/repo/oss/*,repo-oss,repo-non-oss) on --seekunknown(&--update): they do not keep old rpm-file versions available.
different ver/arches of same package installed: assume all of them are of same repo (previously only one ver-arch allowed for any package)
found other ver/arch in zypper.log than is actually installed: previously: guess of same repo as in zypper.log; now: guess that of other repo if exact ver-arch match can be achieved on usage of --seekunknown (provider-repo may have changed).
changed format of output files: "pkg ver-rel arch" instead of "pkg-ver-rel": easier to parse
tiny bugfixes: number of updates that could not be performed: displayed correctly; no spurious "root not found" error message when run on plain dir; detects if pkgs.lis is missing; detects and crops if zero length primary.xml[.gz] "downloaded".
og than is actually installed: previously: guess of same repo as in zypper.log; now: guess that of other repo if exact ver-arch match can be achieved on usage of --seekunknown (provider-repo may have changed).
changed format of output files: "pkg ver-rel arch" instead of "pkg-ver-rel": easier to parse
tiny bugfixes: number of updates that could not be performed: displayed correctly; no spurious "root not found" error message when run on plain dir; detects if pkgs.lis is missing; detects and crops if zero length primary.xml[.gz] "downloaded".



checkroot v1.4 released

Categoría: programs,
Origen: SecuritySW,
Idioma: en,
Tipo:
update
.
reports an error if rpm --verify fails. ** important ** (problem has arosen due to a bug in rpm (bug 527191).
added the --update and --seekunknown switches: They provide a better coverage/hit rate where package headers have to be downloaded (due to an invalid signature).
continue scanning on reinvocation if interrupted by keyboard (even if root has different mountpoint),
rootkit.files: added rpm (a very common target for rootkits)



checkroot v1.1 released

Categoría: programs,
Origen: SecuritySW,
Idioma: en,
Tipo:
update
.
skip intro if keys already fetched
python-rpm dependency dropped for readhistory
try to fetch with currently installed version-release-no if latest update does not show up in zypp history (f.i. if updated with rug) but assume same repo as before
setup ipc with readhistory: for future changes
option parsing improved



checkroot v0.9 released

Categoría: programs,
Origen: SecuritySW,
Idioma: en,
Tipo:
update
.
better colorization: orange if signature invalid; red only if header download failed
best effort: try to verify even if signature invalid and header download failed (unless not disabled by -p)
updated: rootkit files (df, telnet, libc, kernel, ...)
offer a --verbose switch passed to rpm --verify
crop spurios % chars in uri: %253A -> %3A (%25~%) zypper bug? -> buildservice repos at http://download.opensuse.org/repositories
other improvements & bugfixes (option parsing, --freshen switch, errmsg if not root, repo-root guessing ...)