Patch install

From Studiosg
Jump to: navigation, search

Welcome to Simone Giustetti's wiki pages.


Languages: English - Italiano


Introduction

Once installed every operating system needs maintenance and updates... Linux and Slackware are no different. Over time new vulnerabilities will be discovered or new bugs will come out affecting some of the installed programs. While many errors will prove to be no more than a nuisance, security issues may expose system users to high risks like data theft, identity theft and even worse. Slackware releases updated versions of its maintained packages to easily solve every issue keeping the system in good health and users safe. Updated packages are available on-line, from the distribution web site, in the /patches directory specific for your installed release. To check for package updates please consult the Slackware Security Mailing List or examine an up to date copy of file Changelog.txt. Every entry in the mailing list includes: a brief description for the issue and it resolution and useful information about installing the specific update.

When updates are available several ways exist to apply them to a running system. Some require for a lot of work and time while others can be almost fully automated recurring to the cron daemon, the shell commands and many other tools from Your distribution of choice. Fully automating an update procedure is not considered a wise move, but some scenarios exist where such a solution presents many advantages and great savings in effort and time. Below we'll discuss some update practices.

Scenario

Our scenario concerns one or more development systems used for automated scheduled software builds. The systems will perform each action needed to compile, build then package the software. Servers will automatically run procedures meant to prepare and eventually test packages, saving build messages and errors to log files. Human interaction with the described environment is minimal: restricted to the initial configuration and to log files searching for errors. The built software will contain parts of code form external libraries and could interact with other programs. It is advisable to maintain an updated environment in order to avoid including known bugs from shared code and to test against recent releases of external programs. Build farms are an ideal scenario for a fully automated update procedure.

Installing Patches

As previously stated: many ways exist to update a Slackware Linux operating system. The easiest and more intuitive consists of downloading packages from the security advisory URLs, each advisory includes a description of the issue and download links for every actively supported Slackware release, then run the upgradepkg command. Upgradepkg is part of the pkgtools package and is meant to install a package overwriting its previously installed version. It does so installing the more recent version first then removing all files of the old version not in use by the new one. The described upgrade procedure requires a great lot of effort by the system administrator: an effort that could be greatly reduced recurring to a package manager.

slackpkg

Slackpkg is the Slackware official package manager and offers many features shared by similar tools common to other Linux distributions like yum, for Red Hat derived ones, or apt, for Debian derived ones. Slackpkg can update single packages or the entire system through the network, install or remove packages, provide information about a package and much more. To use splackpkg You need to:

  1. Install it if not already present in the system.
  2. Modify the /etc/slackpkg/slackpkg.conf configuration file according to Your needs.
  3. Enable one and only one among the mirrors listed in file /etc/slackpkg/mirrors. It is wise to chose a fast one or at least one near Your country.
  4. Execute the tool first configuration:
Run command
  slackpkg update gpg
to update the file containing the Slackware project digital signature. The signature will be used to verify the downloaded package source. Go on updating the available package list running command:
  slackpkg update
The package manager is now ready for use.

To periodically check for updates run command:

  slackpkg update

To execute a full system upgrade run command:

  slackpkg upgrade-all

slackpkg will check for availability of new package, then download them locally and run the previously mentioned upgradepkg program. The user will be asked for a confirmation as shown in the picture below.

Slackpkg upgrade all.jpeg

Press the OK button and the upgrade will go on without further delay. At upgrade completion slackpkg will show a list of newly installed configuration files. The system administrator should update them removing old ones and performing specific configuration tasks like running lilo after upgrading a kernel.

Using a Script to Upgrade

Slackpkg can be really useful for system administrators, but it is not the solution looked for because it needs human interaction to work well. The aim of this paper consists in performing a full Slackware Linux package update in a totally automated way for a build farm. Using the official documentation I evaluated the eventuality to use a shell script for periodical upgrades scheduled through the cron daemon. The required script features are listed below:

  • Should be simple.
  • Should use distribution included tools only.
  • Should produce little or no output saving as much information as possible into a log file.
  • Should filter out some packages for which human intervention is required: the kernel for one.

To check for patches the script will perform an analysis of an updated copy of the Changelog.txt file by means of rsync_slackware_patches.sh: an official script written with such a task in mind. In detail the script should:

  1. Download a recent version of rsync_slackware_patches.sh locally.
  2. Run the script in order to download updated packages from the /patches directory of the installed Slackware install tree.
  3. Choose packages in need of an upgrade.
  4. Check package signature to certify their origin.
  5. Install packages in batch stopping in case of errors only.
  6. Save a report of each executed operation in a log file for future reference.

An example draft of such a script can be downloaded from the following link.

The root user crontab should be updated to periodically schedule the script execution. Please run command:

  crontab -e

and add a line similar to

  01 00 * * * /usr/bin/bash /usr/local/bin/patch_install.sh 1> /dev/null

which will force cron to run the script once per day a minute past midnight.

Conclusions

This paper described several ways to patch a Slackware Linux system installing packages both manually or in an automated way. A script was included that, when combined with the cron daemon, can be used to periodically execute an automated upgrade of systems configured as build farms. It is not meant to be the final solution to the problem, more an outline that, with some work and testing, could adapt to Your specific needs.


For any feedback, questions, errors and such, please e-mail me at studiosg [at] giustetti [dot] net


External links





Languages: English - Italiano