Gentoo glsa-check

Ronald Farrer
2 min readApr 12, 2024
Photo by Miłosz Klinowski on Unsplash

Quick Primer on using Gentoo’s glsa-check tool.

glsa-check --help
usage: glsa-check <option> [glsa-id | all | new | affected]

-h, --help show this help message and exit
-V, --version Show information about glsa-check
-q, --quiet Be less verbose and do not send empty mail
-v, --verbose Print more messages
-n, --nocolor Removes color from output
-e, --emergelike Upgrade to latest version (not least-change)
-c, --cve Show CVE IDs in listing mode
-r, --reverse List GLSAs in reverse order

-l, --list List a summary for the given GLSA(s) or set and whether they affect the system
-d, --dump Show all information about the GLSA(s) or set
--print Alias for --dump
-t, --test Test if this system is affected by the GLSA(s) or set and output the GLSA ID(s)
-p, --pretend Show the necessary steps to remediate the system
-f, --fix (experimental) Attempt to remediate the system based on the instructions given in the GLSA(s) or
set. This will only upgrade (when an upgrade path exists) or remove packages
-i, --inject Inject the given GLSA(s) into the glsa_injected file
-m, --mail Send a mail with the given GLSAs to the administrator

glsa-list can contain an arbitrary number of GLSA ids, filenames containing GLSAs or the special identifiers 'all'
and 'affected'