NEW-PATCHES(LOCAL) NEW-PATCHES(LOCAL)
NAME
new-patches - Find Appropriate Patches for RedHat Linux
SYNOPSIS
new-patches [-v #.#] [-m] [-i] [-o] [-e] [-p] [-b] [-u] [-d] [-h] PATH
DESCRIPTION
new-patches is a shell script which simplifies the task of finding and
installing updates (patches). Failure to make the effort to find and
install updates is a frequent cause of breakins. Hopefully this script
will greatly decrease the effort required. (See also yum for a more
automated option.)
With various arguments, described below, new-patches can also tell you
which updates you have already applied or which installed packages you
will be replacing (so you can revert if necessary).
With no arguments, new-patches figures out which version of RedHat
linux you are running, which packages you have installed, and emits to
standard output the URLs of any updates it finds to those packages.
You could, in theory, (and the author has) just run:
rpm -Fvh `new-patches`
and be updated in one fell swoop but there are good reasons you may
wish to split the task into a few steps. For instance, you may wish to
first document what you are replacing (in case you need to revert¿see
-i below) or you may wish to first copy the new packages to local disk
before installing them¿such as with get-patches as below.
Sometimes updates require additional packages (such as crypto
libraries) which you may not have installed. To test for this case,
you can run:
rpm -Fvh --test `new-patches`
If there are "failed dependencies:", you must first find (see -u below)
and then install the needed packages (using rpm -Uvh), or else manually
remove (from the output of new-patches) the URLs for those patches
which have unsatisfied dependencies. Similarly, edit out any other
patches you're not ready to install (such as a new kernel¿see warning
below), before feeding the list to rpm:
new-patches > tmpfile
edit tmpfile
rpm `cat tmpfile`
If you're on a slow network, or if you prefer to have a copy of all the
RPMs you're going to install before installing them, you can use a com-
panion script: get-patches to download the RPMs to your current direc-
tory and then install them:
get-patches `new-patches`
rpm -Fvh *.rpm
You can override the default URL new-patches uses as a source of
updates either on the command line by specifying a PATH argument or
with the $REDHAT_UPDATES environment variable. Both can be either a
ftp:// URL or a path to a local directory (anything you can list with
ls). See also BUGS below for why you may need to do so.
The following command-line switches are implemented:
-v #.# If you don't specify PATH or $REDHAT_UPDATES, and you just want
to change the OS version number in the default URL for updates,
-v will do that. Useful, for example, on a 6.1 system to see
which 6.2 updates may be available. (Because, alas, RedHat
doesn't always put them in both places).
-m Use the main (often overloaded) sites instead of a mirror. By
default, new-patches now uses a mirror site, partly in hopes it
is faster and partly because the main sites only offer updates
via HTTP (not FTP). HTTP support in new-patches requires lynx
which may not be installed on some systems.
-i Print the installed packages which need replacing instead of the
replacements. If you save this list, you will know what pack-
ages to revert to if you are unhappy with the upgrade.
-o Reverses the "newness" test. If you give a PATH or URL to the
RPMs which comprise the stock RedHat release of your OS version,
this will tell you which RPMs are older there. If used with -i
above, shows what is installed replacing what was older there.
-e Replaces the "newness" test with an equality test. Normally,
newness is determined by comparing components of package names.
Much effort was spent trying to get this right but it can happen
that a new package has a name so dissimilar from the old that
the test fails. -e will cause new-patches to output any package
which is a different version. The user must then determine
which are actually newer.
-p Toggle ftp's passive mode. URLs beginning with ftp:// are
listed with your system's ftp. The invocation of ftp should
cause it to use "passive mode" (which is desirable for those
behind firewalls). If you have trouble with passive mode, you
can try toggling it on/off with -p).
-b Print bare package names (do not prepend the PATH or URL).
-u List packages at path (or URL) NOT installed on your system.
This may be useful for seeing what else is available on your
distribution CD or finding URLs for additional packages which
may be required by updates to existing packages. You can even
use:
rpm -qp --filesbypkg `new-patches -u` | grep /foo/bar
to search for file /foo/bar in the uninstalled packages, if it
isn't clear from the package names which package contains a file
you need.
-d This flag turns on debugging output for the newness comparison.
-h Prints the usage instructions from the beginning of the script.
WARNINGS
BEFORE YOU UPGRADE YOUR KERNEL, BE SURE YOU HAVE A CURRENT BOOT FLOPPY!
You can make one with mkbootdisk. The time I updated 87 packages
(including a 2.2.16 kernel) on a fresh 6.2 system in one fell swoop I
was glad I made a boot floppy first because I had to boot the floppy
and run lilo manually before the system would come back up properly.
WHEN INSTALLING NEW KERNELS, IT IS SMARTER TO INSTALL A NEW ONE WITH
rpm -i AND LATER DELETE THE OLD ONE WITH rpm -e RATHER THAN DO BOTH AT
ONCE WITH rpm -F).
I've noticed that sometimes patches intended for both 6.2 and 6.1
aren't copied into the redhat 6.1 updates directory. If you're running
6.1, you may still need to run this against the 6.2 updates directory
and manually see what may-or-may-not be relevant (try -v 6.2).
Packages are sometimes renamed, so you may not notice that a new pack-
age is relevant to your installation. In these cases, it is left to
you to discover that these new packages exist. One place to keep up-
to-date on such things is http://www.redhat.com/errata
BUGS
Times change. Redhat is no longer providing updates for some of their
older (but still viable and widely used) releases. For a while, those
will be supported by the "Fedora Legacy Project" so, new-patches will
now, by default, look there for updates to those versions.
Because both Fedora and Fedora Legacy are currently only offering
updates via HTTP, new-patches now also speaks HTTP, however that sup-
port is built on lynx, which must now also be installed if those sites
are used. That's one reason that, by default, new-patches now uses FTP
mirror sites (unless the -m flag is used).
AUTHOR
Corey Satten, corey @ cac.washington.edu, 02/02/01
See http://staff.washington.edu/corey/tools.html for the latest ver-
sion.
SEE ALSO
rpm(8), get-patches(local), mkbootdisk(8), yum(8)
http://fedora.redhat.com/download/mirrors.html
http://fedoralegacy.org/download/fedoralegacy-mirrors.php
NEW-PATCHES(LOCAL)