From 2941ca605635d8ed0cfd52f286c3eb38b34bf392 Mon Sep 17 00:00:00 2001 From: Marcus Furlong Date: Fri, 18 Apr 2025 12:16:19 -0400 Subject: [PATCH 1/3] update README --- README.md | 169 ++++++++++++++++++++++-------------------------------- 1 file changed, 70 insertions(+), 99 deletions(-) diff --git a/README.md b/README.md index d425c5fda..d9d7449c4 100644 --- a/README.md +++ b/README.md @@ -31,20 +31,20 @@ time packages are installed or removed on a host. ## Installation -See [the installation guide](https://github.com/furlongm/patchman/blob/master/INSTALL.md) +See [the installation guide](https://github.com/furlongm/patchman/blob/main/INSTALL.md) for installation options. ## Usage The web interface contains a dashboard with items that need attention, and -various pages to manipulate hosts, repositories, packages, operating systems and -reports. +various pages to manipulate and view hosts, repositories and mirrors, packages, +operating system releases and variants, reports, errata and CVEs. To populate the database, simply run the client on some hosts: ```shell -$ patchman-client -s http://patchman.example.org +$ patchman-client -s http://patchman.example.com ``` This should provide some initial data to work with. @@ -56,69 +56,56 @@ the usage: ```shell $ sbin/patchman -h -usage: patchman [-h] [-f] [-q] [-r] [-R REPO] [-lr] [-lh] [-u] [-A] [-H HOST] - [-p] [-c] [-d] [-n] [-a] [-D hostA hostB] +usage: patchman [-h] [-f] [-q] [-r] [-R REPO] [-lr] [-lh] [-dh] [-u] [-A] [-shro | -uhro] [-sdns | -udns] [-H HOST] [-p] [-c] [-d] [-rd] [-n] [-a] [-D hostA hostB] [-e] [-E ERRATUM_TYPE] [-v] [--cve CVE] [--fetch-nist-data] Patchman CLI tool -optional arguments: +options: -h, --help show this help message and exit - -f, --force Ignore stored checksums and force-refresh all mirrors + -f, --force Ignore stored checksums and force-refresh all Mirrors -q, --quiet Quiet mode (e.g. for cronjobs) - -r, --refresh-repos Refresh repositories - -R REPO, --repo REPO Only perform action on a specific repository (repo_id) - -lr, --list-repos List all repositories - -lh, --list-hosts List all hosts - -u, --host-updates Find host updates + -r, --refresh-repos Refresh Repositories + -R REPO, --repo REPO Only perform action on a specific Repository (repo_id) + -lr, --list-repos List all Repositories + -lh, --list-hosts List all Hosts + -dh, --delete-hosts Delete hosts, requires -H, matches substring patterns + -u, --host-updates Find Host updates -A, --host-updates-alt - Find host updates (alternative algorithm that may be - faster when there are many homogeneous hosts) - -H HOST, --host HOST Only perform action on a specific host (fqdn) + Find Host updates (alternative algorithm that may be faster when there are many homogeneous hosts) + -shro, --set-host-repos-only + Set host_repos_only, requires -H, matches substring patterns + -uhro, --unset-host-repos-only + Unset host_repos_only, requires -H, matches substring patterns + -sdns, --set-check-dns + Set check_dns, requires -H, matches substring patterns + -udns, --unset-check-dns + Unset check_dns, requires -H, matches substring patterns + -H HOST, --host HOST Only perform action on a specific Host (fqdn) -p, --process-reports - Process pending reports - -c, --clean-reports Remove all but the last three reports + Process pending Reports + -c, --clean-reports Remove all but the last three Reports -d, --dbcheck Perform some sanity checks and clean unused db entries - -n, --dns-checks Perform reverse DNS checks if enabled for that host - -a, --all Convenience flag for -r -A -p -c -d -n + -rd, --remove-duplicates + Remove duplicates during dbcheck - this may take some time + -n, --dns-checks Perform reverse DNS checks if enabled for that Host + -a, --all Convenience flag for -r -A -p -c -d -n -e -D hostA hostB, --diff hostA hostB - Show differences between two hosts in diff-like output - -e, --errata Download CentOS errata from https://cefs.steve- - meier.de/ + Show differences between two Hosts in diff-like output + -e, --update-errata Update Errata + -E ERRATUM_TYPE, --erratum-type ERRATUM_TYPE + Only update the specified Erratum type (e.g. `yum`, `ubuntu`, `arch`) + -v, --update-cves Update CVEs from https://cve.org + --cve CVE Only update the specified CVE (e.g. CVE-2024-1234) + --fetch-nist-data, -nd + Fetch NIST CVE data in addition to MITRE data (rate-limited to 1 API call every 6 seconds) ``` -## Dependencies +### Client dependencies -### Server-side dependencies - - -``` -python3-django -python3-django-tagging -python3-django-extensions -python3-django-bootstrap3 -python3-djangorestframework -python3-debian -python3-rpm -python3-progressbar -python3-lxml -python3-defusedxml -python3-requests -python3-colorama -python3-magic -python3-humanize -python3-yaml -``` - -The server can optionally make use of celery to asynchronously process the -reports sent by hosts. - - -### Client-side dependencies - -The client-side dependencies are kept to a minimum. `rpm` and `dpkg` are +The client dependencies are kept to a minimum. `rpm` and `dpkg` are required to report packages, `yum`, `dnf`, `zypper` and/or `apt` are required to report repositories. These packages are normally installed by default on -most systems. +most systems. `which`, `mktemp`, `flock` and `curl` are also required. deb-based OS's do not always change the kernel version when a kernel update is installed, so the `update-notifier-common` package can optionally be installed @@ -134,24 +121,26 @@ The default settings will be fine for most people but depending on your setup, there may be some initial work required to logically organise the data sent in the host reports. The following explanations may help in this case. -There are a number of basic objects - Hosts, Repositories, Packages, Operating -Systems and Reports. There are also Operating System Groups (which are optional) -and Mirrors. +There are a number of basic objects: Hosts, Repositories and Mirrors, Packages, +Operating Systems Releases and Variants, Reports and Errata. ### Host -A Host is a single host, e.g. test01.example.org. +A Host is a single host, e.g. test-host-01.example.com. -### Operating System -A Host runs an Operating System, e.g. CentOS 7.7, Debian 10.1, Ubuntu 18.04 +### Operating System Releases and Variants +A Host runs an Operating System Release, e.g. Rocky 10, Debian 13, +Ubuntu 24.04. The particular version running is called a Operating System +Variant. e.g. Debian 13.1, Ubuntu 24.04.4 and Variants are linked to a +Release. For some OS's like Arch Linux, there are no Variants. ### Package A Package is a package that is either installed on a Host, or is available to -download from a Repository mirror, e.g. `strace-4.8-11.el7.x86_64`, -`grub2-tools-2.02-0.34.el7.centos.x86_64`, etc. +download from a Repository mirror, e.g. `strace-4.8-11.el10.x86_64`, +`grub2-tools-2.02-0.34.el10.rocky.x86_64`, etc. ### Mirror -A Mirror is a collection of Packages available on the web, e.g. a `yum`, `yast` -or `apt` repo. +A Mirror is a collection of Packages available on the web, e.g. a `yum` or +`apt` repo. ### Repository A Repository is a collection of Mirrors. Typically all the Mirrors will contain @@ -160,45 +149,27 @@ their Mirrors together. For Debian-based hosts, you may need to link all Mirrors that form a Repository using the web interface. This may reduce the time required to find updates. Repositories can be marked as being security or non-security. This makes most sense with Debian and Ubuntu repositories where -security updates are delivered via security repositories. For CentOS security +security updates are delivered via security repositories. For rpm security updates, see the Erratum section below. -### Report -A Host creates a Report using `patchman-client`. This Report is sent to the -Patchman server. The Report contains the Host's Operating System, and lists -of the installed Packages and enabled Repositories on the Host. The Patchman -server processes and records the list of Packages and Repositories contained in -the Report. - -### Operating System Group (optional) -An OSGroup is a collection of OS's. For example, an OSGroup named "Ubuntu 18.04" -would be comprised of the following OS's: - -``` -Ubuntu 18.04.1 -Ubuntu 18.04.2 -Ubuntu 18.04.5 -``` - -Likewise, an OSGroup named "CentOS 7" would be made up of the following OS's: - -``` -CentOS 7.5 -CentOS 7.7.1511 -``` - -Repositories can be associated with an OSGroup, or with the Host itself. If the -`use_host_repos variable` is set to True for a Host, then updates are found by -looking only at the Repositories that belong to that Host. This is the default -behaviour and does not require OSGroups to be configured. +Repositories can be associated with an OS Release, or with the Host itself. If +the `use_host_repos` variable is set to True for a Host, then updates are found +by looking only at the Repositories that belong to that Host. This is the +default behaviour. If `use_host_repos` is set to False, the update-finding process looks at the -OSGroup that the Host's Operating System is in, and uses the OSGroup's -Repositories to determine the applicable updates. This is useful in environments -where many hosts are homogeneous (e.g. cloud/cluster environments). +OS Release that the Hosts Operating System Variant is associated with, and +uses that Releases Repositories to determine the applicable updates. This is +useful in environments where many hosts are homogeneous. + +### Report +Hosts create Reports using `patchman-client`. This Report is sent to the +Patchman server. The Report contains the Hosts running kernel, Operating System, +installed Packages and enabled Repositories. The Patchman server processes the +Report records the information contained therein. ### Erratum -Errata for CentOS can be downloaded from https://cefs.steve-meier.de/ . -These errata are parsed and stored in the database. If a PackageUpdate -contains a package that is a security update in the errata, then that update is -marked as being a security update. +Errata for many OS's can downloaded by the patchman server. These Errata are +parsed and stored in the database. If a PackageUpdate contains a package that +is a security update in an Erratum, then that update is marked as being a +security update. CVE and CVSS data is used to complement this information. From d01f0eb081df3d79cbe7879a20c5a4bd83b84066 Mon Sep 17 00:00:00 2001 From: Marcus Furlong Date: Fri, 18 Apr 2025 18:38:04 -0400 Subject: [PATCH 2/3] add errata source options to config file --- errata/sources/distros/debian.py | 2 +- errata/sources/distros/ubuntu.py | 2 +- etc/patchman/local_settings.py | 12 ++++++++++++ 3 files changed, 14 insertions(+), 2 deletions(-) diff --git a/errata/sources/distros/debian.py b/errata/sources/distros/debian.py index 93ae2bd54..20f5c8cef 100644 --- a/errata/sources/distros/debian.py +++ b/errata/sources/distros/debian.py @@ -263,7 +263,7 @@ def get_accepted_debian_codenames(): """ Get acceptable Debian OS codenames Can be overridden by specifying DEBIAN_CODENAMES in settings """ - default_codenames = ['bookworm', 'bullseye'] + default_codenames = ['bookworm', 'trixie'] accepted_codenames = get_setting_of_type( setting_name='DEBIAN_CODENAMES', setting_type=list, diff --git a/errata/sources/distros/ubuntu.py b/errata/sources/distros/ubuntu.py index 7f50962ce..6807f25b3 100644 --- a/errata/sources/distros/ubuntu.py +++ b/errata/sources/distros/ubuntu.py @@ -202,7 +202,7 @@ def get_accepted_ubuntu_codenames(): """ Get acceptable Ubuntu OS codenames Can be overridden by specifying UBUNTU_CODENAMES in settings """ - default_codenames = ['focal', 'jammy', 'noble'] + default_codenames = ['jammy', 'noble'] accepted_codenames = get_setting_of_type( setting_name='UBUNTU_CODENAMES', setting_type=list, diff --git a/etc/patchman/local_settings.py b/etc/patchman/local_settings.py index 181c4c4d2..8adac26f3 100644 --- a/etc/patchman/local_settings.py +++ b/etc/patchman/local_settings.py @@ -41,6 +41,18 @@ # Number of days to wait before raising that a host has not reported DAYS_WITHOUT_REPORT = 14 +# list of errata sources to update, remove unwanted ones to improve performance +ERRATA_OS_UPDATES = ['yum', 'rocky', 'alma', 'arch', 'ubuntu', 'debian'] + +# list of Alma Linux releases to update +ALMA_RELEASES = [8, 9] + +# list of Debian Linux releases to update +DEBIAN_CODENAMES = ['bookworm', 'trixie'] + +# list of Ubuntu Linux releases to update +UBUNTU_CODENAMES = ['jammy', 'noble'] + # Whether to run patchman under the gunicorn web server RUN_GUNICORN = False From f998d6fda25cd89ba7993b02d4ff0c37b7b35852 Mon Sep 17 00:00:00 2001 From: Marcus Furlong Date: Fri, 18 Apr 2025 11:56:41 -0400 Subject: [PATCH 3/3] update installation instructions --- BUILD.md | 9 +- INSTALL.md | 198 ++++++++++++++++++++++----------- etc/patchman/local_settings.py | 2 +- 3 files changed, 138 insertions(+), 71 deletions(-) diff --git a/BUILD.md b/BUILD.md index ed55358ee..447690e71 100644 --- a/BUILD.md +++ b/BUILD.md @@ -5,21 +5,24 @@ vim VERSION.txt # modify version git add VERSION.txt version=$( /usr/share/keyrings/openbytes.gpg -echo "deb [signed-by=/usr/share/keyrings/openbytes.gpg] https://repo.openbytes.ie/patchman/ubuntu jammy main" > /etc/apt/sources.list.d/patchman.list +echo "deb [signed-by=/usr/share/keyrings/openbytes.gpg] https://repo.openbytes.ie/patchman/ubuntu noble main" > /etc/apt/sources.list.d/patchman.list apt update apt -y install python3-patchman patchman-client patchman-manage createsuperuser @@ -26,22 +26,23 @@ patchman-manage createsuperuser ```shell curl -sS https://repo.openbytes.ie/openbytes.gpg > /usr/share/keyrings/openbytes.gpg -echo "deb [signed-by=/usr/share/keyrings/openbytes.gpg] https://repo.openbytes.ie/patchman/debian bookworm main" > /etc/apt/sources.list.d/patchman.list +echo "deb [signed-by=/usr/share/keyrings/openbytes.gpg] https://repo.openbytes.ie/patchman/debian bookworm-backports main" > /etc/apt/sources.list.d/patchman.list +echo "deb http://deb.debian.org/debian bookworm-backports main" > /etc/apt/sources.list.d/backports.list apt update -apt -y install python3-patchman patchman-client +apt -y install -t bookworm-backports python3-patchman patchman-client patchman-manage createsuperuser ``` -### CentOS 9 +### Rocky 10 -This also applies to Rocky/Alma/RHEL +This also applies to Alma, RHEL, etc. ```shell curl -sS https://repo.openbytes.ie/openbytes.gpg > /etc/pki/rpm-gpg/RPM-GPG-KEY-openbytes cat <> /etc/yum.repos.d/openbytes.repo [openbytes] name=openbytes -baseurl=https://repo.openbytes.ie/patchman/el9 +baseurl=https://repo.openbytes.ie/patchman/el10 enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-openbytes @@ -60,7 +61,7 @@ TBD - not working yet ```shell apt -y install gcc libxml2-dev libxslt1-dev virtualenv python3-dev zlib1g-dev # (debian/ubuntu) -dnf -y install gcc libxml2-devel libxslt-devel python3-virtualenv # (centos/rocky/alma) +dnf -y install gcc libxml2-devel libxslt-devel python3-virtualenv # (rocky/alma/redhat) mkdir /srv/patchman cd /srv/patchman python3 -m venv .venv @@ -74,7 +75,7 @@ gunicorn patchman.wsgi -b 0.0.0.0:80 ### Source -#### Ubuntu 22.04 (jammy) +#### Ubuntu 24.04 (noble) 1. Install dependencies @@ -107,9 +108,9 @@ cp /srv/patchman/etc/patchman/local_settings.py /etc/patchman/ # Configuration -## Patchman Settings +## Patchman Server Settings -Modify `/etc/patchman/local_settings.py` to configure patchman. +Modify `/etc/patchman/local_settings.py` to configure the patchman server. If installing from source or using virtualenv, the following settings should be configured: @@ -119,28 +120,32 @@ be configured: * STATIC_ROOT - should point to `/srv/patchman/run/static` if installing from source -## Patchman-client Settings +The default settings for errata downloading may include operating systems that +are not relevant to a given deployment. If this is the case, modify the +`ERRATA_OS_UPDATES` setting in `/etc/patchman/local_settings.py`. Further +distribution-specific settings are also available to only download errata +for specific versions/codenames. + +## Patchman Client Settings -The client comes with a default configuration. This configuration will attempt to upload the reports to a server at *patchman.example.com*. This configuration needs to be updated to connect to your own patchman installation. +The client comes with a default configuration that will attempt to upload the +reports to a server at *patchman.example.com*. This configuration needs to be +updated to connect to the correct patchman server. -In `/etc/patchman/patchman-client.conf`, look for the following line(s): +Change the following lines in `/etc/patchman/patchman-client.conf`: ``` # Patchman server -server=https://patchman.example.com +server=https://patchman.example.com # Options to curl curl_options="--insecure --connect-timeout 60 --max-time 300" -... ``` - * *server* needs to point the URL where your patchman server -is running - * *--insecure* in the curl_options tells the client to ignore certificates, if you set them up correctly and are using patchman with "https:/...", you could remove this flag to increase security - - - - + * *server* needs to point the URL where the local patchman server is running + * *--insecure* in the curl options tells the client to ignore certificates. + If the patchman server is set up correctly with certificates this flag can + be removed to increase security. ## Configure Database @@ -151,10 +156,13 @@ production deployments. MySQL or PostgreSQL are better choices. To configure the sqlite database backend: -1. Create the database directory specified in the settings file: +1. Create the database directory specified in the settings file, touch the +database file and set the journal mode to WAL: ```shell mkdir -p /var/lib/patchman/db +touch /var/lib/patchman/db/patchman.db +sqlite3 /var/lib/patchman/db/patchman.db 'PRAGMA journal_mode=WAL;' ``` 2. Modify `/etc/patchman/local_settings.py` as follows: @@ -163,7 +171,7 @@ mkdir -p /var/lib/patchman/db DATABASES = { 'default': { 'ENGINE': 'django.db.backends.sqlite3', - 'NAME': '/var/lib/patchman/db/patchman.db' + 'NAME': '/var/lib/patchman/db/patchman.db', } } ``` @@ -199,16 +207,16 @@ Query OK, 0 rows affected (0.00 sec) ``` DATABASES = { - 'default': { - 'ENGINE': 'django.db.backends.mysql', - 'NAME': 'patchman', - 'USER': 'patchman', - 'PASSWORD': 'changeme', - 'HOST': '', - 'PORT': '', - 'STORAGE_ENGINE': 'INNODB', - 'CHARSET' : 'utf8' - } + 'default': { + 'ENGINE': 'django.db.backends.mysql', + 'NAME': 'patchman', + 'USER': 'patchman', + 'PASSWORD': 'changeme', + 'HOST': '', + 'PORT': '', + 'STORAGE_ENGINE': 'INNODB', + 'CHARSET': 'utf8', + } } ``` @@ -250,15 +258,15 @@ GRANT ``` DATABASES = { - 'default': { - 'ENGINE': 'django.db.backends.postgresql_psycopg2', - 'NAME': 'patchman', - 'USER': 'patchman', - 'PASSWORD': 'changeme', - 'HOST': '127.0.0.1', - 'PORT': '', - 'CHARSET' : 'utf8' - } + 'default': { + 'ENGINE': 'django.db.backends.postgresql_psycopg2', + 'NAME': 'patchman', + 'USER': 'patchman', + 'PASSWORD': 'changeme', + 'HOST': '127.0.0.1', + 'PORT': '', + 'CHARSET': 'utf8', + } } ``` @@ -273,8 +281,7 @@ After configuring a database backend, the django database should be synced: collect static files: ```shell -patchman-manage makemigrations -patchman-manage migrate --run-syncdb --fake-initial +patchman-manage migrate --run-syncdb patchman-manage createsuperuser patchman-manage collectstatic ``` @@ -285,6 +292,27 @@ N.B. To run patchman-manage when installing from source, run `./manage.py` 2. Restart the web server after syncing the database. +### Migrate from sqlite to another database backend + +The prebuilt package installations use sqlite as the default database backend, +but this is not recommended in production. To migrate from sqlite to another +database backend, use the following procedure: + +1. Dump the sqlite database to a json file + +```shell +patchman-manage dumpdata --exclude packages.Packagestring -e contenttypes -e auth.Permission --natural-foreign --natural-primary --indent 4 > patchman-db.json +``` + +2. Create the new database and add the new database settings to `/etc/patchman/local_settings.py` + +3. Sync the new database and load the existing data: + +``` +patchman-manage migrate --run-syncdb +patchman-manage loaddata patchman-db.json +``` + ## Configure Web Server ### Apache @@ -301,7 +329,7 @@ a2enconf patchman ```shell vi /etc/apache2/conf-available/patchman.conf -service apache2 reload +systemctl reload apache2 ``` 3. If installing from source, allow apache access to the settings and to the sqlite db: @@ -321,9 +349,10 @@ The django interface should be available at http://127.0.0.1/patchman/ #### Daily cronjob on patchman server -A daily cronjob on the patchman server should be run to process reports, -perform database maintenance, check for upstream updates, and find updates for -clients. +A daily cronjob on the patchman server can be run to process reports, perform +database maintenance, check for upstream updates, and find updates for clients. +Alternatively, run celery as outlined below for finer granularity over the +timing of these tasks and for increased concurrency. ``` patchman -a @@ -337,16 +366,17 @@ patchman-client ### Celery -Install Celery for realtime processing of reports from clients: +Install Celery for realtime processing of reports from clients and for periodic +maintenance tasks. The celery configuation file is in `/etc/patchman/celery.conf` #### Ubuntu / Debian ```shell apt -y install python3-celery redis python3-redis python-celery-common -C_FORCE_ROOT=1 celery -b redis://127.0.0.1:6379/0 -A patchman worker -l INFO -E +/usr/bin/celery --broker redis://127.0.0.1:6379/0 --app patchman worker --loglevel info --beat --scheduler django_celery_beat.schedulers:DatabaseScheduler --task-events --pool threads ``` -#### CentOS / Rocky / Alma +#### Rocky / Alma / RHEL Currently waiting on https://bugzilla.redhat.com/show_bug.cgi?id=2032543 @@ -355,21 +385,54 @@ dnf -y install python3-celery redis python3-redis systemctl restart redis semanage port -a -t http_port_t -p tcp 6379 setsebool -P httpd_can_network_connect 1 -C_FORCE_ROOT=1 celery -b redis://127.0.0.1:6379/0 -A patchman worker -l INFO -E +/usr/bin/celery --broker redis://127.0.0.1:6379/0 --app patchman worker --loglevel info --beat --scheduler django_celery_beat.schedulers:DatabaseScheduler --task-events --pool threads ``` -Add the last command to an initscript (e.g. /etc/rc.local) to make celery -persistent over reboot. +#### Persistence + +There is a systemd unit file for celery to make the service persistent over reboot: -Enable celery by adding `USE_ASYNC_PROCESSING = True` to `/etc/patchman/local_settings.py` +`etc/systemd/system/patchman-celery.service` -### Memcached +If installing from prebuilt packages, this should be enabled by default. -Memcached can optionally be run to reduce the load on the server. + +### Caching + +Memcached or Redis can optionally be run to reduce the load on the server. +Note that caching may result in the web interface showing results that are +out of date with the database, so this is disabled by default. + + +#### Redis + +Install Redis: + +```shell +apt -y install redis python3-redis # (debian/ubuntu) +dnf -y install redis python3-redis # (rocky/alma/redhat) +systemctl restart redis/redis-server +``` + +and add the following to `/etc/patchman/local_settings.py` + +``` +CACHES = { + 'default': { + 'BACKEND': 'django.core.cache.backends.redis.RedisCache', + 'LOCATION': 'redis://127.0.0.1:6379', + 'TIMEOUT': 30, + } +} +``` + +#### Memcacached + +Install Memcached ```shell apt -y install memcached python3-pymemcache # (debian/ubuntu) -dnf -y install memcached python3-pymemcache # (centos/rocky/alma) +dnf -y install memcached python3-pymemcache # (rocky/alma/redhat) systemctl restart memcached ``` @@ -377,13 +440,14 @@ and add the following to `/etc/patchman/local_settings.py` ``` CACHES = { - 'default': { - 'BACKEND': 'django.core.cache.backends.memcached.PyMemcacheCache', - 'LOCATION': '127.0.0.1:11211', + 'default': { + 'BACKEND': 'django.core.cache.backends.memcached.PyMemcacheCache', + 'LOCATION': '127.0.0.1:11211', + 'TIMEOUT': 30, 'OPTIONS': { 'ignore_exc': True, }, - } + } } ``` diff --git a/etc/patchman/local_settings.py b/etc/patchman/local_settings.py index 8adac26f3..f0603a3b8 100644 --- a/etc/patchman/local_settings.py +++ b/etc/patchman/local_settings.py @@ -8,7 +8,7 @@ DATABASES = { 'default': { -# 'ENGINE': 'django.db.backends.sqlite3', # noqa disabled until django 5.1 is in use, see https://blog.pecar.me/django-sqlite-dblock +# 'ENGINE': 'django.db.backends.sqlite3', # noqa - disabled until django 5.1 is in use, see https://blog.pecar.me/django-sqlite-dblock 'ENGINE': 'patchman.sqlite3', 'NAME': '/var/lib/patchman/db/patchman.db', 'OPTIONS': {