API to check outdated packages

snapcraft
1

Hi, I sometimes receive emails about outdated packages in my snap.
Is there any API I can use to check the current status?

Something like https://snapcraft.io/api/security/my_unsafe_snap

{
  "name": "my_unsafe_snap",
  "channels": {
    "stable": {
      "revision": 5,
      "outdatedPackages": [
        {
          "packageName": "libglib2.0-0",
          "USNs": {
            "url": "https://ubuntu.com/security/notices/USN-4764-1",
            "code": "4764-1",
            "issue": "GLib could be made to create files if it opened a specially crafted archive."
          }
        }
        ]
    }
  }
}

I currently have a CI that rebuilds the snap weekly, but if such an API existed I could add a daily conditional rebuild.

2

You can locally run the review-tools snap’s check-notices command against your snap which gives you JSON output of affected USN’s for the snap’s stage-packages

$ review-tools.check-notices somesnap_80.snap

output:

{
  "somesnap": {
    "80": {
      "libglib2.0-0": [
        "4759-1",
        "4764-1"
      ],
      "libtiff5": [
        "4755-1"
      ]
    }
  }
}

if you are doing this on a lot of snaps, you can pre-load the USN database with

$ cd $HOME/snap/review-tools/common
$ review-tools.fetch-usn-db database.json.bz2

and then do

$ review-tools.check-notices --no-fetch somesnap_80.snap
5 Likes
3

Amazing, thanks a lot. Is this documented anywhere on snap docs? :blush:

4

No, I don’t think so, but I can try and start one…

1 Like
5

Great thanks :smiley: If you do, please, link back here, so I can check it and eventually contribute :blush:

6

See Checking Ubuntu Security Notices for a snap

2 Likes
7

Thanks, great job! :smiley: