topic Re: post-install patching with Red Hat rpms in Secure OS Software for Linux

post-install patching with Red Hat rpms

Alan Kraft — Wed, 16 Jan 2002 20:20:17 GMT

Is there a more efficient way to deal with a large number of Red Hat rpms and their dependencies? After installation I checked the HP security bulletin archive to get up to date on all the security patches that HP recommends for hp-lx. Some bulletins call for retrieving HPTL* tarballs from HP. Other bulletins call for retrieving rpms from Red Hat, and then manually checking each rpm for dependencies at Red Hat's web site. Although this method is okay for individual patches, it is quite time consuming for the large number of rpms called for after an initial install. As time since the creation of the install CD passes, this problem can only get worse.

Two ideas come to mind. Can up2date or Red Hat Network be used to patch those rpms needed from Red Hat? Alternatively, can HP bundle the recommended Red Hat rpms and their dependencies at the same HP site used to retrieve the HPTL* tarballs?

Ala

Re: post-install patching with Red Hat rpms

Mark Fenton — Wed, 16 Jan 2002 22:50:20 GMT

Alan, good call.
There really isn't a good way to deal with lots of patches at once. Up2date could handle the job, but is a little slow, and there are issues when a firewall is in place bewteen you and RedHat.

I really like the idea of HP putting their recommendations into a bundle for d/l and inst.
That'd be slick.

Re: post-install patching with Red Hat rpms

Konstantin Agouros — Thu, 17 Jan 2002 09:23:38 GMT

I have written a little perl-script that can check the rpms installed on one system against a directory of update-rpms. It then tells You which ones should be updated. The dependency-check usually just fails for one or two. The nice thing is, that a system can be checked via ssh (using ssh-agent is very very strongly recommended). Using
rpm -U after an scp does the trick. But (if You for example update glibc) don't forget to update Your compartments!

Konstantin