1,423
edits
Changes
Written page about patching a Slackware Linux system
Welcome to Simone Giustetti's wiki pages.
Languages: '''English''' - [http://www.giustetti.net/wiki/index.php?title=installare_patch Italiano]
----
== Introduction ==
Once installed every operating system needs maintenance and updates... Linux and Slackware are no different. Over time '''new vulnerabilities will be discovered''' or new bugs will come out affecting some of the installed programs. While many errors will prove to be no more than a nuisance, security issues may expose system users to high risks like data theft, identity theft and even worse. '''Slackware releases updated versions of its maintained packages''' to easily solve every issue '''keeping the system in good health and users safe'''. Updated packages are available on-line, from the distribution web site, in the '''/patches directory specific for your installed release'''. To check for package updates please consult the Slackware [http://www.slackware.com/security/ Security Mailing List] or examine an up to date copy of file Changelog.txt. Every entry in the mailing list includes: a brief description for the issue and it resolution and useful information about installing the specific update.
When updates are available several ways exist to apply them to a running system. Some require for a lot of work and time while others can be almost fully automated recurring to the '''cron''' daemon, the '''shell''' commands and many other tools from Your distribution of choice. Fully automating an update procedure is not considered a wise move, but some scenarios exist where such a solution presents many advantages and great savings in effort and time. Below we'll discuss some update practices.
== Scenario ==
Our scenario concerns one or more development systems used for '''automated scheduled software builds'''. The systems will perform each action needed to compile, build then package the software. Servers will automatically run procedures meant to prepare and eventually test packages, saving build messages and errors to log files. '''Human interaction with the described environment is minimal''': restricted to the initial configuration and to log files searching for errors. The built software will contain parts of code form external libraries and could interact with other programs. It is advisable to maintain an updated environment in order to '''avoid including known bugs''' from shared code and to '''test against recent releases of external programs'''. Build farms are an ideal scenario for a fully automated update procedure.
== Installing Patches ==
As previously stated: many ways exist to update a Slackware Linux operating system. The easiest and more intuitive consists of downloading packages from the security advisory URLs, each advisory includes a description of the issue and download links for every actively supported Slackware release, then run the '''upgradepkg''' command. Upgradepkg is part of the '''pkgtools''' package and is meant to install a package overwriting its previously installed version. It does so installing the more recent version first then removing all files of the old version not in use by the new one. The described upgrade procedure requires a great lot of effort by the system administrator: an effort that could be greatly reduced recurring to a package manager.
== slackpkg ==
'''Slackpkg''' is the Slackware official package manager and offers many features shared by similar tools common to other Linux distributions like '''yum''', for '''Red Hat''' derived ones, or '''apt''', for Debian derived ones. Slackpkg can update single packages or the entire system '''through the network''', install or remove packages, provide information about a package and much more. To use splackpkg You need to:
# Install it if not already present in the system.
# Modify the '''/etc/slackpkg/slackpkg.conf''' configuration file according to Your needs.
# Enable '''one and only one''' among the mirrors listed in file '''/etc/slackpkg/mirrors'''. It is wise to chose a fast one or at least one near Your country.
# Execute the tool first configuration:
: Run command
'''slackpkg''' update gpg
: to update the file containing the Slackware project digital signature. '''The signature will be used to verify the downloaded package source'''. Go on updating the available package list running command:
'''slackpkg''' update
: The package manager is now ready for use.
To periodically check for updates run command:
'''slackpkg''' update
To execute a full system upgrade run command:
'''slackpkg''' upgrade-all
slackpkg will check for availability of new package, then download them locally and run the previously mentioned '''upgradepkg''' program. The user will be asked for a confirmation as shown in the picture below.
[[File:slackpkg_upgrade_all.jpeg]]
Press the OK button and the upgrade will go on without further delay. At upgrade completion '''slackpkg will show a list of newly installed configuration files'''. The system administrator should update them removing old ones and performing specific configuration tasks like '''running lilo after upgrading a kernel'''.
== Using a Script to Upgrade ==
Slackpkg can be really useful for system administrators, but it is not the solution looked for because it needs human interaction to work well. The aim of this paper consists in '''performing a full Slackware Linux package update in a totally automated way''' for a build farm. Using the [http://docs.slackware.com/slackware:beginners_guide official documentation] I evaluated the eventuality to use a shell script for periodical upgrades scheduled through the '''cron''' daemon. The required script features are listed below:
* Should be simple.
* Should use distribution included tools only.
* Should produce little or no output saving as much information as possible into a log file.
* Should filter out some packages for which human intervention is required: the kernel for one.
To check for patches the script will perform an analysis of an updated copy of the Changelog.txt file by means of '''rsync_slackware_patches.sh''': an official script written with such a task in mind. In detail the script should:
# Download a recent version of rsync_slackware_patches.sh locally.
# Run the script in order to download updated packages from the '''/patches''' directory of the installed Slackware install tree.
# Choose packages in need of an upgrade.
# Check package signature to certify their origin.
# Install packages in batch stopping in case of errors only.
# Save a report of each executed operation in a log file for future reference.
An example draft of such a script can be downloaded from the following [http://www.giustetti.net/resource/script/tde/patch_install.sh link].
The '''root user crontab should be updated''' to periodically schedule the script execution. Please run command:
'''crontab''' ''-e''
and add a line similar to
01 00 * * * /usr/bin/bash /usr/local/bin/patch_install.sh 1> /dev/null
which will force cron to '''run the script once per day a minute past midnight'''.
== Conclusions ==
This paper described several ways to patch a Slackware Linux system installing packages both manually or in an automated way. A script was included that, when combined with the '''cron''' daemon, can be used to periodically execute an automated upgrade of systems configured as build farms. It is not meant to be the final solution to the problem, more an outline that, with some work and testing, could adapt to Your specific needs.
For any feedback, questions, errors and such, please e-mail me at ''studiosg [at] giustetti [dot] net''
External links
----
* [http://www.slackware.com Slackware home page]
* [http://docs.slackware.com/slackware:beginners_guide Slackware Documentation Project]
* [http://www.slackware.com/security/ Slackware security mailing list]
----
Languages: '''English''' - [http://www.giustetti.net/wiki/index.php?title=installare_patch Italiano]
Languages: '''English''' - [http://www.giustetti.net/wiki/index.php?title=installare_patch Italiano]
----
== Introduction ==
Once installed every operating system needs maintenance and updates... Linux and Slackware are no different. Over time '''new vulnerabilities will be discovered''' or new bugs will come out affecting some of the installed programs. While many errors will prove to be no more than a nuisance, security issues may expose system users to high risks like data theft, identity theft and even worse. '''Slackware releases updated versions of its maintained packages''' to easily solve every issue '''keeping the system in good health and users safe'''. Updated packages are available on-line, from the distribution web site, in the '''/patches directory specific for your installed release'''. To check for package updates please consult the Slackware [http://www.slackware.com/security/ Security Mailing List] or examine an up to date copy of file Changelog.txt. Every entry in the mailing list includes: a brief description for the issue and it resolution and useful information about installing the specific update.
When updates are available several ways exist to apply them to a running system. Some require for a lot of work and time while others can be almost fully automated recurring to the '''cron''' daemon, the '''shell''' commands and many other tools from Your distribution of choice. Fully automating an update procedure is not considered a wise move, but some scenarios exist where such a solution presents many advantages and great savings in effort and time. Below we'll discuss some update practices.
== Scenario ==
Our scenario concerns one or more development systems used for '''automated scheduled software builds'''. The systems will perform each action needed to compile, build then package the software. Servers will automatically run procedures meant to prepare and eventually test packages, saving build messages and errors to log files. '''Human interaction with the described environment is minimal''': restricted to the initial configuration and to log files searching for errors. The built software will contain parts of code form external libraries and could interact with other programs. It is advisable to maintain an updated environment in order to '''avoid including known bugs''' from shared code and to '''test against recent releases of external programs'''. Build farms are an ideal scenario for a fully automated update procedure.
== Installing Patches ==
As previously stated: many ways exist to update a Slackware Linux operating system. The easiest and more intuitive consists of downloading packages from the security advisory URLs, each advisory includes a description of the issue and download links for every actively supported Slackware release, then run the '''upgradepkg''' command. Upgradepkg is part of the '''pkgtools''' package and is meant to install a package overwriting its previously installed version. It does so installing the more recent version first then removing all files of the old version not in use by the new one. The described upgrade procedure requires a great lot of effort by the system administrator: an effort that could be greatly reduced recurring to a package manager.
== slackpkg ==
'''Slackpkg''' is the Slackware official package manager and offers many features shared by similar tools common to other Linux distributions like '''yum''', for '''Red Hat''' derived ones, or '''apt''', for Debian derived ones. Slackpkg can update single packages or the entire system '''through the network''', install or remove packages, provide information about a package and much more. To use splackpkg You need to:
# Install it if not already present in the system.
# Modify the '''/etc/slackpkg/slackpkg.conf''' configuration file according to Your needs.
# Enable '''one and only one''' among the mirrors listed in file '''/etc/slackpkg/mirrors'''. It is wise to chose a fast one or at least one near Your country.
# Execute the tool first configuration:
: Run command
'''slackpkg''' update gpg
: to update the file containing the Slackware project digital signature. '''The signature will be used to verify the downloaded package source'''. Go on updating the available package list running command:
'''slackpkg''' update
: The package manager is now ready for use.
To periodically check for updates run command:
'''slackpkg''' update
To execute a full system upgrade run command:
'''slackpkg''' upgrade-all
slackpkg will check for availability of new package, then download them locally and run the previously mentioned '''upgradepkg''' program. The user will be asked for a confirmation as shown in the picture below.
[[File:slackpkg_upgrade_all.jpeg]]
Press the OK button and the upgrade will go on without further delay. At upgrade completion '''slackpkg will show a list of newly installed configuration files'''. The system administrator should update them removing old ones and performing specific configuration tasks like '''running lilo after upgrading a kernel'''.
== Using a Script to Upgrade ==
Slackpkg can be really useful for system administrators, but it is not the solution looked for because it needs human interaction to work well. The aim of this paper consists in '''performing a full Slackware Linux package update in a totally automated way''' for a build farm. Using the [http://docs.slackware.com/slackware:beginners_guide official documentation] I evaluated the eventuality to use a shell script for periodical upgrades scheduled through the '''cron''' daemon. The required script features are listed below:
* Should be simple.
* Should use distribution included tools only.
* Should produce little or no output saving as much information as possible into a log file.
* Should filter out some packages for which human intervention is required: the kernel for one.
To check for patches the script will perform an analysis of an updated copy of the Changelog.txt file by means of '''rsync_slackware_patches.sh''': an official script written with such a task in mind. In detail the script should:
# Download a recent version of rsync_slackware_patches.sh locally.
# Run the script in order to download updated packages from the '''/patches''' directory of the installed Slackware install tree.
# Choose packages in need of an upgrade.
# Check package signature to certify their origin.
# Install packages in batch stopping in case of errors only.
# Save a report of each executed operation in a log file for future reference.
An example draft of such a script can be downloaded from the following [http://www.giustetti.net/resource/script/tde/patch_install.sh link].
The '''root user crontab should be updated''' to periodically schedule the script execution. Please run command:
'''crontab''' ''-e''
and add a line similar to
01 00 * * * /usr/bin/bash /usr/local/bin/patch_install.sh 1> /dev/null
which will force cron to '''run the script once per day a minute past midnight'''.
== Conclusions ==
This paper described several ways to patch a Slackware Linux system installing packages both manually or in an automated way. A script was included that, when combined with the '''cron''' daemon, can be used to periodically execute an automated upgrade of systems configured as build farms. It is not meant to be the final solution to the problem, more an outline that, with some work and testing, could adapt to Your specific needs.
For any feedback, questions, errors and such, please e-mail me at ''studiosg [at] giustetti [dot] net''
External links
----
* [http://www.slackware.com Slackware home page]
* [http://docs.slackware.com/slackware:beginners_guide Slackware Documentation Project]
* [http://www.slackware.com/security/ Slackware security mailing list]
----
Languages: '''English''' - [http://www.giustetti.net/wiki/index.php?title=installare_patch Italiano]