One of the most difficult tasks of managing any operating system is to keep it up-to-date with the latest patches and updates. This task has become even more important due to growing security concerns and breaches. Fedora Linux makes this task much easier and manageable by providing a few tools to automate the patch management process. The following section discusses the up2date tool and the process of updating your system.
Up2date is the default update tool available on Fedora Linux. It is an update agent to update the Red Hat Linux systems, and it is the same as the Red Hat Linux 9 up2date tool. Up2date provides a complete system to update RPM packages; it is available in command line as well as graphical interfaces.
When you run up2date, it matches the RPM list installed on the system with the RPM list on the Red Hat network and updates any new packages available. It is also intelligent enough to find out any dependencies and update them as necessary. Up2date can be started with the following command:
# up2date
Caution | You should start up2date as root user ; otherwise , it will prompt for the computer s root password because up2date needs read/write access to the RPM database on the system and needs to be able to install RPM packages when requested . |
This command will start the up2date agent in GUI mode (see Figure 8-15).
You can also start up2date as a command line interface to update any new RPM packages available from the Red Hat network. To do that, execute the following command:
# up2date nox -u
The -u switch with the up2date command instructs up2date to completely update the system, and the “nox switch will instruct up2date to run all tasks on the command line interface without even trying to open the GUI. All available packages will be downloaded (and possibly installed, if you have configured Update Agent to do so) non-interactively.
Now that you have enough knowledge about the up2date agent and the update process, let s try this process out to update your system.
Start the up2date GUI interface by executing the following command as root user:
# up2date
Click the Forward button to proceed to the next level.
You will be presented with the channels available for your system (see Figure 8-16). Select or deselect the channels, as required. By default, all channels will be selected.
Note | A channel is a group that holds the details of packages for an operating system. Up2date will search a selected channel to find any updates for RPM packages. |
After you have selected the channels, click the Forward button. A few packages in the up2date configuration file should be skipped while updating the system. They are usually kernel RPM packages. If you want to check and update the kernel package updates (if available), select the packages in the next window.
Caution | Remember that updating the kernel can have some unknown effects on your system. You should update the kernel only when you are familiar with the new kernel and know how to revert back to the original kernel in case of problems. |
Click the Forward button after selecting or deselecting the required packages.
Up2date displays a list of all available updates for selection with details of each package. Select the packages to update and click the Forward button (see Figure 8-17).
Figure 8-17
The update process takes some time to retrieve the packages from the repository, depending on the number of packages and size . Once finished, it prompts you to click the Forward button to continue as follows (see Figure 8-18).
Figure 8-18
Up2date starts installing the downloaded packages and, once finished, again prompts you to click the Forward button.
At last, it displays the All Finished window to inform the user that all the selected packages have been updated successfully. The window looks like that shown in Figure 8-19.
Figure 8-19
The benefits of keeping your system up-to-date with all available patches and upgrades include the following:
Reduces the number of security attacks on the system. If your system is connected to the Internet, you will be faced with higher risks of security breaches if your system is not up-to-date with required patches.
Increases the system uptime. Every operating system comes with some bugs , which can cause system crashes or downtime. Keeping the system up-to-date with all updates reduces the chance of a system crash.
Provides new features available in new versions of applications.
Provides more supported hardware available in the new version of the applications and kernel.
Yellow Dog Updater, Modified (Yum) is an RPM package management utility to automate package management and maintenance. It provides automatic updates and package install/remove capabilities. Yum makes it easier to maintain a group of machines by automating the package management.
Yum s features include the following:
Can work with multiple repositories, from where it can check for updates and download the required updates for the system.
Uses a simple configuration file.
Can correctly calculate the dependencies and deal with them automatically while installing/removing or updating packages.
It is faster than other RPM package updates, including apt and up2date.
Provides a simple interface.
Note | A repository is a directory structure on the server side that contains RPM packages and Yum header information. A single server can host a number of Yum repositories. |
Yum can be used as a server to host multiple Yum repositories, which can provide RPM packages to the clients , or as a client to manage RPM packages on the system. The /usr/bin/yum-arch program is available to build Yum RPM repositories, and the /usr/bin/yum program is available for client site package management.
We will discuss the Yum client in this chapter. You can find more information about Yum from the following resources:
You can find more information about Yum at the following URL:
http://linux.duke.edu/projects/yum/index.ptml
Or type the following command on the command line to view the Yum manuals:
man yum man yum-arch
Yum involves a client-side configuration file, /etc/yum.conf , and a binary program, yum . All the configuration parameters are defined in this file.
The yum.conf configuration file is located in /etc/yum.conf by default. It consists of two parts :
A single Main section, which defines global configuration options
One or more Server sections, where you define the repository you are planning to use
A default yum.conf file is provided with the Yum install. We will discuss the various options available in /etc/yum.conf file here.
Following is a typical configuration file ( /etc/yum.conf ):
[main] cachedir=/var/cache/yum debuglevel=2 logfile=/var/log/yum.log pkgpolicy=newest distroverpkg=redhat-release tolerant=1 exactarch=1 retries=20 [base] name=Fedora Core $releasever - $basearch - Base baseurl=http://download.fedora.redhat.com/pub/fedora/linux/core/$releasever/$base arch/os/ [updates-released] name=Fedora Core $releasever - $basearch - Released Updates baseurl=http://download.fedora.redhat.com/pub/fedora/linux/core/updates/$releasev er/$basearch/ #[updates-testing] #name=Fedora Core $releasever - $basearch - Unreleased Updates #baseurl=http://download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/ $releasever/$basearch/ #[development] #name=Fedora Core $releasever - Development Tree #baseurl=http://download.fedora.redhat.com/pub/fedora/linux/core/development/$bas earch/
The main section of the yum.conf configuration file must exist, and the details of the configuration options follow. All options are in the format of option=value.
cachedir defines the directory where Yum should store its cache and db files. It is /var/cache/yum in our case.
cachedir
debuglevel defines the level of the logs. The valid levels are 0-10. In our case it is 2.
debuglevel
logfile denies the location of the Yum log file. In our case it is /var/log/yum.log" .
logfile
pkgpolicy defines the package sorting order. The valid values are newest or last . The default value is newest, meaning when a package is available from multiple repository, Yum will install the most recent version of package found.
pkgpolicy
The default value is redhat-release and it is used to determine the version of the distribution.
distroverpkg
The default value is 1 , which instructs Yum to be tolerant of the errors that arise while installing packages.
tolerant
exactarch default value is 1, which instructs Yum to update only the architecture of packages that you have installed.
exactarch
Apart from the main section, the Yum configuration file also contains the server sections. Each server section defines the repository detail that you want Yum to use.
The default server sections for Fedora look like the following:
[base] name=Fedora Core $releasever - $basearch - Base baseurl=http://download.fedora.redhat.com/pub/fedora/linux/core/$releasever/$base arch/os/ [updates-released] name=Fedora Core $releasever - $basearch - Released Updates baseurl=http://download.fedora.redhat.com/pub/fedora/linux/core/updates/$releasev er/$basearch/
The first line of the server section of yum.conf defines the unique name of the repository by which it will be known. It must be a single word to identify the section. It should be in the form of [base], where base can be any single word.
The second line defines the descriptive name of the repository. It is in the form of name=value, where value can be any descriptive name by which the repository will be known.
The third line defines the location of the repository. It can contain any number of locations. It is in the form baseurl=location, where location is the actual URL of the repository.
For more information on Yum configuration, go to the Yum manual page by executing the following command on the command line:
man yum.conf
Or you can also find more information from the following URL:
www.phy.duke.edu/~rgb/General/yum_HOWTO/yum_HOWTO/index.html
After you have set up the Yum configuration file on your system, you are ready to start using Yum toupdate your system. The Yum client provides various options to effectively handle package management.
Let s run Yum on the command line:
# yum Usage: yum [options] <update upgrade install info remove list clean provides search check-update groupinstall groupupdate grouplist > Options: -c [config file] - specify the config file to use -e [error level] - set the error logging level -d [debug level] - set the debugging level -y answer yes to all questions -t be tolerant about errors in package commands -R [time in minutes] - set the max amount of time to randomly run in. -C run from cache only - do not update the cache --installroot=[path] - set the install root (default '/') --version - output the version of yum -h, --help this screen
As you can see, Yum shows all the available options when executing the yum command. We will discuss just often options to enable us keep our system up2date.
You can execute Yum with an update option to update everything on the system, as follows:
# yum updateGathering header information file(s) from server(s) Server: Fedora Core 2 - i386 - Base Finding updated packages Downloading needed headers Resolving dependencies Dependencies resolved I will do the following: [install: kernel 2.4.22-1.2149.nptl.i686] [update: binutils 2.14.90.0.6-4.i386] [update: nscd 2.3.2-101.4.i386] [update: xboard 4.2.7-1.i386] [update: httpd 2.0.48-1.2.i386] [update: glibc-devel 2.3.2-101.4.i386] [update: glibc-common 2.3.2-101.4.i386] [update: kernel-source 2.4.22-1.2149.nptl.i386] [update: glibc 2.3.2-101.4.i686] [update: glibc-headers 2.3.2-101.4.i386]
Is this ok [y/N]:
Yum will prompt you to verify the packages to be updated; enter Y at the prompt to process the update.
If you want to completely automate the update task, execute the Yum update command with the “y switch. Yum will assume yes to be the answer to any question asked during the update process.
# yum y updateGathering header information file(s) from server(s) Server: Fedora Core 2 - i386 - Base Finding updated packages Downloading needed headers Resolving dependencies Dependencies resolved .......Running test transaction: Test transaction complete, Success! glibc-common 100 % done 1/19 glibc 100 % done 2/19 Stopping sshd:[ OK ] Starting sshd:[ OK ] glibc-headers 100 % done 3/19 binutils 100 % done 4/19 nscd 100 % done 5/19 xboard 100 % done 6/19 httpd 100 % done 7/19 kernel 100 % done 8/19 glibc-devel 100 % done 9/19 kernel-source 100 % done 10/19 Completing update for binutils - 11/19 Completing update for nscd - 12/19 Completing update for xboard - 13/19 Completing update for httpd - 14/19 Completing update for glibc-devel - 15/19 Completing update for glibc-common - 16/19 Completing update for kernel-source - 17/19 Completing update for glibc - 18/19 Completing update for glibc-headers - 19/19 Kernel Updated/Installed, checking for bootloader Grub found - making this kernel the default Installed: kernel 2.4.22-1.2149.nptl.i686 Updated: binutils 2.14.90.0.6-4.i386 nscd 2.3.2-101.4.i386 xboard 4.2.7-1.i386 httpd 2.0.48-1.2.i386 glibc-devel 2.3.2-101.4.i386 glibc-common 2.3.2-101.4.i386 kernel-source 2.4.22-1.2149.nptl.i386 glibc 2.3.2-101.4.i686 glibc-headers 2.3.2-101.4.i386 Transaction(s) Complete
The update process will finish after some time depending on the number of package updates available.
Yum also comes with a script to enable the automated update process. Once enabled, it runs the Yum automatically on a nightly basis. To enable Yum to automatically run every night, execute the following script:
# /etc/init.d/yum start Enabling nightly yum update: [ OK ]
This script also provides other options. You can get a list of all the options by executing this script on the command line:
# /etc/init.d/yum Usage: /etc/init.d/yum {startstopstatusrestartreloadforce-reloadcondrestart}
The preceding script enables the cron entry in the /etc/cron.daily/yum.cron file.
If you want to disable the cron entry for Yum, execute the following command:
# /etc/init.d/yum stop Disabling nightly yum update: [ OK ]
Note | When you run Yum options for the first time, it takes some time to download all the package headers from the repository and store them in the /var/yum/cache directory. |
APT is an Advance Package Management Tool that was originally developed for Debian Linux. It has now also been ported to Fedora.
APT comes with the following utilities to manage the packages:
apt-get is a command line tool to manage packages.
apt- cdrom is a command line tool to manage CD-ROMs that are to be used as a package source.
apt-config is an APT configuration query program.
apt-cache is a program that performs a variety of operations on APT package cache.
You can get more information about the APT by typing the following command on the command line:
man apt-getman apt-cdromman apt-configman apt-cache
The apt-get utility must be executed as root user; otherwise, you will be prompted for the root password because it needs root access to access the RPM db and to install the RPMs on the system.
In the following section, we will try some of the apt-get commands that are useful in managing the packages.
# ant-get -help apt 0.5.15cnc6 for linux i386 compiled on Apr 9 2004 10:38:19 Usage: apt-get [options] command apt-get [options] installremove pkg1 [pkg2 ...] apt-get [options] source pkg1 [pkg2 ...] apt-get is a simple command line interface for downloading and installing packages. The most frequently used commands are update and install. Commands: update - Retrieve new lists of packages upgrade - Perform an upgrade install - Install new packages (pkg is libc6 not libc6.rpm) remove - Remove packages source - Download source archives build-dep - Configure build-dependencies for source packages dist-upgrade - Distribution upgrade, see apt-get(8) clean - Erase downloaded archive files autoclean - Erase old downloaded archive files check - Verify that there are no broken dependencies mirror-select - Select repositories and mirrors for use with apt Options: -h This help text. -q Loggable output - no progress indicator -qq No output except for errors -d Download only - do NOT install or unpack archives -s No-act. Perform ordering simulation -y Assume Yes to all queries and do not prompt -f Attempt to continue if the integrity check fails -m Attempt to continue if archives are unlocatable -u Show a list of upgraded packages as well -b Build the source package after fetching it -D When removing packages, remove dependencies as possible -V Show verbose version numbers -c=? Read this configuration file -o=? Set an arbitary configuration option, eg -o dir::cache=/tmp See the apt-get(8), sources.list(5) and apt.conf(5) manual pages for more information and options. This APT has Super Cow Powers.
apt-get with the “help switch displays the usage information of the apt-get utility.
The apt-get update switch is used to resynchronize the package index files from their sources, which are specified in the /etc/apt/sources.list file. You should always execute apt-get with the update switch before you actually start updating the packages on your system so that APT knows of new package availability.
# apt-get update Get:1 http://ayo.freshrpms.net fedora/linux/1/i386 release [1993B] Fetched 1993B in 0s (4426B/s) Get:1 http://ayo.freshrpms.net fedora/linux/1/i386/core pkglist [1445kB] Get:2 http://ayo.freshrpms.net fedora/linux/1/i386/core release [151B] Get:3 http://ayo.freshrpms.net fedora/linux/1/i386/updates pkglist [214kB] Get:4 http://ayo.freshrpms.net fedora/linux/1/i386/updates release [157B] Get:5 http://ayo.freshrpms.net fedora/linux/1/i386/freshrpms pkglist [142kB] Get:6 http://ayo.freshrpms.net fedora/linux/1/i386/freshrpms release [161B] Fetched 1802kB in 33s (53.3kB/s) Reading Package Lists... Done Building Dependency Tree... Done
After updating the package indexes from the sources, you can start updating the packages on your system by executing apt-get with the upgrade switch.
Execute the following command to install the newest version of all the packages currently installed on the system from the source specified in the /etc/apt/sources.list file:
# apt-get upgrade Reading Package Lists... Done Building Dependency Tree... Done The following packages will be upgraded gaim nmap nmap-frontend yum The following packages have been kept back gthumb rhythmbox 4 upgraded, 0 newly installed, 0 removed and 2 not upgraded. Need to get 3227kB of archives. After unpacking 473kB of additional disk space will be used. Do you want to continue? [Y/n] y Get:1 http://ayo.freshrpms.net fedora/linux/1/i386/freshrpms yum 2.0.4-2.fd.fr [139kB] Get:2 http://ayo.freshrpms.net fedora/linux/1/i386/freshrpms gaim 1:0.75-1.fr [2556kB] Get:3 http://ayo.freshrpms.net fedora/linux/1/i386/freshrpms nmap 2:3.48-2.fr [497kB] Get:4 http://ayo.freshrpms.net fedora/linux/1/i386/freshrpms nmap-frontend 2:3.48-2.fr [35.4kB] Fetched 3227kB in 54s (59.2kB/s) /var/cache/apt/archives/yum_2.0.4-2.fd.fr_i386.rpm: V3 DSA signature: NOKEY, key ID e42d547b Committing changes... Preparing... ########################################### [100%] 1:nmap-frontend ########################################### [ 25%] 2:yum ########################################### [ 50%] 3:gaim ########################################### [ 75%] 4:nmap ########################################### [100%] Done.
You will be prompted for the answer to continue with the download and installation of packages before you can actually download and install the packages. You can instruct APT not to ask any questions and automatically check, download, and upgrade any new versions of the packages by using the “y switch:
# apt-get y upgrade
apt-get can also be used to install individual packages from the sources specified in /etc/apt/sources.list .
# apt-get install package-name
Here, install is the option that instructs apt-get to install the packages, and package-name is the name of the package to search on the sources and install, if available.
Synaptic is a front-end GUI for APT (Advance package tool). It makes the job of updating packages even easier. Before we can discuss the functionality of Synaptic, we have to install the Synaptic package.
Let s use the apt-get command line utility to install this package, as follows:
# apt-get install synaptic Reading Package Lists... Done Building Dependency Tree... Done The following NEW packages will be installed: synaptic 0 upgraded, 1 newly installed, 0 removed and 2 not upgraded. Need to get 528kB of archives. After unpacking 1790kB of additional disk space will be used. Get:1 http://ayo.freshrpms.net fedora/linux/1/i386/freshrpms synaptic 0.45-1.fr [528kB] Fetched 528kB in 9s (56.3kB/s) Committing changes... Preparing... ########################################### [100%] 1:synaptic ########################################### [100%] Done.
Once the Synaptic application is installed, you can either start the application from Main Menu>System tools>Synaptic Package Manager or by executing /usr/sbin/synaptic from the command line (see Figure 8-20).
Synaptic is used in the same way as the apt-get command line utility.
You should update the package list from the servers by clicking the Update List button. All sources are defined in the /etc/apt/sources.list file just as with the apt-get utility.
You can view the details of all upgradable packages by selecting Upgradable for Show filter (see Figure8-21).
To update the system with all available packages, click the Upgrade all button. Upgrade all will upgrade only the packages that do not require any new package installation due to dependencies. Synaptic will save the upgrade task and will proceed with package upgrade only when you instruct it to do so by clicking the Execute button and then clicking Proceed.
To update the system with all dependencies, click the Dist Upgrade button. Dist Upgrade, in addition to performing the function of Upgrade all, automatically deals with dependencies and installs the new versions of all newly available dependencies. Dist Upgrade tasks are also saved and performed when you start the update process by clicking the Execute button and then Proceed.
Both the Yum and Apt package managers are excellent applications designed to make the task of updating systems easy and manageable. Each has its advantages and disadvantages. The following table lists all the advantages and disadvantages of Yum and Apt.
Yum | Apt |
---|---|
Advantages | Yum has a small package list and therefore it is fast. It takes less time to download the package header information from the Internet. And Yum is based on Python, which makes it easy to inherit a lot of already developed code from up2date and Anaconda. Apt provides a clear indication of update process and estimated time left. |
Disadvantages | Yum does not provide any indication about progress or estimated time left in update progress. Apt s package headers are larger than Yum s, and therefore it is slower than Yum. And Apt is based on C/C++ and cannot use up2date/Anaconda code. |