Updateinfo: A yum repository with CentOS Errata information

This site hosts a yum repository which includes CentOS Errata information (CESA, CEEA, CEBA).
It will allow you to see which vulnerabilities exist and which updates fix them.

News

  • 2017-10-08: After a few weeks of testing and integration, this project is now live!
  • 2017-10-18: I am still working on the Patreon integration so please send me an email (see Feedback section) if you don't receive one from me automatically after signing up through Patreon. Sorry for any inconvenience.
  • 2017-10-16: CVE information is now included in the repository.
  • 2017-10-16: You can now browse the errata information in this repository for CentOS 7 and CentOS 6.

  • Usage

  • Step 1: Become a patron of this project on Patreon. It's $1/month and will help me run this site and pay for Amazon CloudFront which serves the content.
  • Step 2: Create a new repository file (in /etc/yum.repos.d) as below (replacing @ with %40) with the credentials from your signup confirmation email (not your Patreon login):

          cat > /etc/yum.repos.d/updates_cefs.repo <<EOF
          [updates_cefs]
          name=CentOS-\$releasever - Updates (from CEFS)
          baseurl=https://you%40example.com:PASSWORD@updateinfo.cefs.steve-meier.de/\$releasever/updates/\$basearch/
          gpgcheck=1
          enabled=1
          EOF

  • Step 3: Replace the email address and PASSWORD with your email address and the password you received (again, not your Patreon password).
  • Step 4: If you are running CentOS 6.x, install the yum security plugin:

          yum install yum-security

  • Step 5: Run yum updateinfo list to get a list of errata which apply to your system.

    Once the repository is set up successfully you can run yum -q updateinfo list to get a list of available errata to be installed.

    Example output:
    CEBA-2017:1604              bugfix         chkconfig-1.7.2-1.el7_3.1.x86_64
    CEBA-2017:1613              bugfix         dracut-033-463.el7_3.2.x86_64
    CEBA-2017:1613              bugfix         dracut-config-rescue-033-463.el7_3.2.x86_64
    CEBA-2017:1613              bugfix         dracut-network-033-463.el7_3.2.x86_64
    CEBA-2017:1618              bugfix         gawk-4.0.2-4.el7_3.1.x86_64
    CESA-2017:1481              Important/Sec. glibc-2.17-157.el7_3.4.x86_64
    CESA-2017:1481              Important/Sec. glibc-common-2.17-157.el7_3.4.x86_64
    CESA-2017:1481              Important/Sec. glibc-devel-2.17-157.el7_3.4.x86_64
    CESA-2017:1481              Important/Sec. glibc-headers-2.17-157.el7_3.4.x86_64
    CESA-2017:1484              Important/Sec. kernel-3.10.0-514.21.2.el7.x86_64
    CESA-2017:1615              Important/Sec. kernel-3.10.0-514.26.1.el7.x86_64
    CESA-2017:1484              Important/Sec. kernel-devel-3.10.0-514.21.2.el7.x86_64
    CESA-2017:1615              Important/Sec. kernel-devel-3.10.0-514.26.1.el7.x86_64
    CESA-2017:1484              Important/Sec. kernel-headers-3.10.0-514.21.2.el7.x86_64
    CESA-2017:1615              Important/Sec. kernel-headers-3.10.0-514.26.1.el7.x86_64
    CESA-2017:1484              Important/Sec. kernel-tools-3.10.0-514.21.2.el7.x86_64
    CESA-2017:1615              Important/Sec. kernel-tools-3.10.0-514.26.1.el7.x86_64
    CESA-2017:1484              Important/Sec. kernel-tools-libs-3.10.0-514.21.2.el7.x86_64
    CESA-2017:1615              Important/Sec. kernel-tools-libs-3.10.0-514.26.1.el7.x86_64
    CESA-2017:1484              Important/Sec. python-perf-3.10.0-514.21.2.el7.x86_64
    CESA-2017:1615              Important/Sec. python-perf-3.10.0-514.26.1.el7.x86_64
    CEBA-2017:1607              bugfix         xfsprogs-4.5.0-10.el7_3.x86_64

    You can now install security updates only by running yum -q update --security

    Example output:
    =========================================================================================================================
     Package                         Arch                 Version                           Repository                  Size
    =========================================================================================================================
    Installing:
     kernel                          x86_64               3.10.0-514.26.1.el7               updates_cefs                37 M
     kernel-devel                    x86_64               3.10.0-514.26.1.el7               updates_cefs                13 M
    Updating:
     glibc                           x86_64               2.17-157.el7_3.4                  updates_cefs               3.6 M
     glibc-common                    x86_64               2.17-157.el7_3.4                  updates_cefs                11 M
     glibc-devel                     x86_64               2.17-157.el7_3.4                  updates_cefs               1.1 M
     glibc-headers                   x86_64               2.17-157.el7_3.4                  updates_cefs               669 k
     kernel-headers                  x86_64               3.10.0-514.26.1.el7               updates_cefs               4.8 M
     kernel-tools                    x86_64               3.10.0-514.26.1.el7               updates_cefs               4.0 M
     kernel-tools-libs               x86_64               3.10.0-514.26.1.el7               updates_cefs               3.9 M
     python-perf                     x86_64               3.10.0-514.26.1.el7               updates_cefs               4.0 M
    Removing:
     kernel                          x86_64               3.10.0-514.2.2.el7                @updates                   148 M
     kernel-devel                    x86_64               3.10.0-514.2.2.el7                @updates                    34 M
    
    Transaction Summary
    =========================================================================================================================
    Install  2 Packages
    Upgrade  8 Packages
    Remove   2 Packages
    
    Is this ok [y/d/N]:

    You can also install updates selectively by referencing a specific advisory: yum update --advisory=CESA-2017:1481

    Example output:
    [... output omitted ...]
    4 package(s) needed (+0 related) for security, out of 20 available
    Resolving Dependencies
    --> Running transaction check
    ---> Package glibc.x86_64 0:2.17-157.el7_3.2 will be updated
    ---> Package glibc.x86_64 0:2.17-157.el7_3.4 will be an update
    ---> Package glibc-common.x86_64 0:2.17-157.el7_3.2 will be updated
    ---> Package glibc-common.x86_64 0:2.17-157.el7_3.4 will be an update
    ---> Package glibc-devel.x86_64 0:2.17-157.el7_3.2 will be updated
    ---> Package glibc-devel.x86_64 0:2.17-157.el7_3.4 will be an update
    ---> Package glibc-headers.x86_64 0:2.17-157.el7_3.2 will be updated
    ---> Package glibc-headers.x86_64 0:2.17-157.el7_3.4 will be an update
    --> Finished Dependency Resolution
    
    Dependencies Resolved
    
    ==========================================================================================================================================
     Package                           Arch                       Version                              Repository                        Size
    ==========================================================================================================================================
    Updating:
     glibc                             x86_64                     2.17-157.el7_3.4                     updates_cefs                     3.6 M
     glibc-common                      x86_64                     2.17-157.el7_3.4                     updates_cefs                      11 M
     glibc-devel                       x86_64                     2.17-157.el7_3.4                     updates_cefs                     1.1 M
     glibc-headers                     x86_64                     2.17-157.el7_3.4                     updates_cefs                     669 k
    
    Transaction Summary
    ==========================================================================================================================================
    Upgrade  4 Packages
    
    Total download size: 17 M
    Is this ok [y/d/N]:

    Last, but not least, you can also install updates linked to CVEs: yum update --cve CVE-2016-8399

    Example output
    [... output omitted ...]
    Resolving Dependencies
    --> Running transaction check
    ---> Package kernel.x86_64 0:3.10.0-693.5.2.el7 will be installed
    ---> Package kernel-headers.x86_64 0:3.10.0-693.2.2.el7 will be updated
    ---> Package kernel-headers.x86_64 0:3.10.0-693.5.2.el7 will be an update
    ---> Package kernel-tools.x86_64 0:3.10.0-693.2.2.el7 will be updated
    ---> Package kernel-tools.x86_64 0:3.10.0-693.5.2.el7 will be an update
    ---> Package kernel-tools-libs.x86_64 0:3.10.0-693.2.2.el7 will be updated
    ---> Package kernel-tools-libs.x86_64 0:3.10.0-693.5.2.el7 will be an update
    ---> Package python-perf.x86_64 0:3.10.0-693.2.2.el7 will be updated
    ---> Package python-perf.x86_64 0:3.10.0-693.5.2.el7 will be an update
    --> Finished Dependency Resolution
    
    Dependencies Resolved
    
    ========================================================================================================================================
     Package                           Arch                     Version                                Repository                      Size
    ========================================================================================================================================
    Installing:
     kernel                            x86_64                   3.10.0-693.5.2.el7                     updates_cefs                    43 M
    Updating:
     kernel-headers                    x86_64                   3.10.0-693.5.2.el7                     updates_cefs                   6.0 M
     kernel-tools                      x86_64                   3.10.0-693.5.2.el7                     updates_cefs                   5.1 M
     kernel-tools-libs                 x86_64                   3.10.0-693.5.2.el7                     updates_cefs                   5.0 M
     python-perf                       x86_64                   3.10.0-693.5.2.el7                     updates_cefs                   5.1 M
    
    Transaction Summary
    ========================================================================================================================================
    Install  1 Package
    Upgrade  4 Packages
    
    Total download size: 64 M
    Is this ok [y/d/N]:
  • Frequently Asked Questions (FAQ)

  • Q: Is it safe to install your repository? Can I trust you?


    That's a good question.
    My repository contains exactly the same packages as the official CentOS mirrors do.
    As mirrors also have the same trust issue, yum performs signature verification on all packages before installation.
    If I modified a package, yum would warn you about the incorrect signature and you would (hopefully) abort the installation.

    I could remove packages from this repository (e.g. kernel updates) but your system would still learn about them through the default repositories.

    So, yes, it's safe to add the repository but you should always be careful about any warnings popping up and not dismiss them easily.

  • Q: Which CentOS versions are supported?


    6.x and 7.x, as older versions have reached end of support.

  • Q: Why do I get HTTP error 401 (Unauthorized) when running yum check-update?


    This repository is for Patrons only. If you are a Patron of this project you will receive a username and password by email which will allow you to get access.

  • Q: Can I use this on multiple servers?


    Yes. As long as you are a Patron, I don't care wether you use the repository on one or a dozen servers. If you have a really big installation please consider using a proxy to conserve my bandwidth.

  • Q: Why is this not free?


    When I started a previous project I had a lot of hope that people would recognize the value and give back something. Unfortunately, that's not the case. Although downloaded by big corporations and even three-letter agencies, I did not receive enough donations to pay for the site, let alone buy myself a cold beer. That's why I rely on Patreon for this project.

  • Q: Why does CentOS not provide this information?


    I wish they did and still hope they ultimately will. You'll have to ask them yourself.

  • Q: Something isn't working. Where can I get help?


    You can send me an email and I will try to answer as my time permits.


  • Feedback

    I would like to hear how this tool works for you. You can contact me via email: email (at) steve (dash) meier (dot) de