gentoo security sanity

Eventually I would like to automate this… but this is good enough for now:

To see if you have any vulnerable packages hanging out on your system, you want to start playing with glsa-check. This is in the gentoolkit ebuild, so install that if you don’t have it already.

Run:

glsa-check -p all

ack! what horrible illegible output. Time to fix that with some awk magic

glsa-check -p all | awk '/^ +\c*/{print $0}'

Translating the regex to english we get, “if there is at least one space at the beginning of the line and it is followed by any number of non-control characters, then print the line”. As it turns out this matches the packages that need to be upgraded.