NEW-PATCHES(LOCAL) NEW-PATCHES(LOCAL) NAME new-patches - Find Appropriate Patches for RedHat Linux SYNOPSIS new-patches [-v #.#] [-m] [-i] [-o] [-e] [-p] [-b] [-u] [-d] [-h] PATH DESCRIPTION new-patches is a shell script which simplifies the task of finding and installing updates (patches). Failure to make the effort to find and install updates is a frequent cause of breakins. Hopefully this script will greatly decrease the effort required. (See also yum for a more automated option.) With various arguments, described below, new-patches can also tell you which updates you have already applied or which installed packages you will be replacing (so you can revert if necessary). With no arguments, new-patches figures out which version of RedHat linux you are running, which packages you have installed, and emits to standard output the URLs of any updates it finds to those packages. You could, in theory, (and the author has) just run: rpm -Fvh `new-patches` and be updated in one fell swoop but there are good reasons you may wish to split the task into a few steps. For instance, you may wish to first document what you are replacing (in case you need to revert--see -i below) or you may wish to first copy the new packages to local disk before installing them--such as with get-patches as below. Sometimes updates require additional packages (such as crypto libraries) which you may not have installed. To test for this case, you can run: rpm -Fvh --test `new-patches` If there are "failed dependencies:", you must first find (see -u below) and then install the needed packages (using rpm -Uvh), or else manually remove (from the output of new-patches) the URLs for those patches which have unsatisfied dependencies. Similarly, edit out any other patches you're not ready to install (such as a new kernel--see warning below), before feeding the list to rpm: new-patches > tmpfile edit tmpfile rpm `cat tmpfile` If you're on a slow network, or if you prefer to have a copy of all the RPMs you're going to install before installing them, you can use a com- panion script: get-patches to download the RPMs to your current direc- tory and then install them: get-patches `new-patches` rpm -Fvh *.rpm You can override the default URL new-patches uses as a source of updates either on the command line by specifying a PATH argument or with the $REDHAT_UPDATES environment variable. Both can be either a ftp:// URL or a path to a local directory (anything you can list with ls). See also BUGS below for why you may need to do so. The following command-line switches are implemented: -v #.# If you don't specify PATH or $REDHAT_UPDATES, and you just want to change the OS version number in the default URL for updates, -v will do that. Useful, for example, on a 6.1 system to see which 6.2 updates may be available. (Because, alas, RedHat doesn't always put them in both places). -m Use the main (often overloaded) sites instead of a mirror. By default, new-patches now uses a mirror site, partly in hopes it is faster and partly because the main sites only offer updates via HTTP (not FTP). HTTP support in new-patches requires lynx which may not be installed on some systems. -i Print the installed packages which need replacing instead of the replacements. If you save this list, you will know what pack- ages to revert to if you are unhappy with the upgrade. -o Reverses the "newness" test. If you give a PATH or URL to the RPMs which comprise the stock RedHat release of your OS version, this will tell you which RPMs are older there. If used with -i above, shows what is installed replacing what was older there. -e Replaces the "newness" test with an equality test. Normally, newness is determined by comparing components of package names. Much effort was spent trying to get this right but it can happen that a new package has a name so dissimilar from the old that the test fails. -e will cause new-patches to output any package which is a different version. The user must then determine which are actually newer. -p Toggle ftp's passive mode. URLs beginning with ftp:// are listed with your system's ftp. The invocation of ftp should cause it to use "passive mode" (which is desirable for those behind firewalls). If you have trouble with passive mode, you can try toggling it on/off with -p). -b Print bare package names (do not prepend the PATH or URL). -u List packages at path (or URL) NOT installed on your system. This may be useful for seeing what else is available on your distribution CD or finding URLs for additional packages which may be required by updates to existing packages. You can even use: rpm -qp --filesbypkg `new-patches -u` | grep /foo/bar to search for file /foo/bar in the uninstalled packages, if it isn't clear from the package names which package contains a file you need. -d This flag turns on debugging output for the newness comparison. -h Prints the usage instructions from the beginning of the script. WARNINGS BEFORE YOU UPGRADE YOUR KERNEL, BE SURE YOU HAVE A CURRENT BOOT FLOPPY! You can make one with mkbootdisk. The time I updated 87 packages (including a 2.2.16 kernel) on a fresh 6.2 system in one fell swoop I was glad I made a boot floppy first because I had to boot the floppy and run lilo manually before the system would come back up properly. WHEN INSTALLING NEW KERNELS, IT IS SMARTER TO INSTALL A NEW ONE WITH rpm -i AND LATER DELETE THE OLD ONE WITH rpm -e RATHER THAN DO BOTH AT ONCE WITH rpm -F). I've noticed that sometimes patches intended for both 6.2 and 6.1 aren't copied into the redhat 6.1 updates directory. If you're running 6.1, you may still need to run this against the 6.2 updates directory and manually see what may-or-may-not be relevant (try -v 6.2). Packages are sometimes renamed, so you may not notice that a new pack- age is relevant to your installation. In these cases, it is left to you to discover that these new packages exist. One place to keep up- to-date on such things is http://www.redhat.com/errata BUGS Times change. Redhat is no longer providing updates for some of their older (but still viable and widely used) releases. For a while, those will be supported by the "Fedora Legacy Project" so, new-patches will now, by default, look there for updates to those versions. Because both Fedora and Fedora Legacy are currently only offering updates via HTTP, new-patches now also speaks HTTP, however that sup- port is built on lynx, which must now also be installed if those sites are used. That's one reason that, by default, new-patches now uses FTP mirror sites (unless the -m flag is used). AUTHOR Corey Satten, corey @ cac.washington.edu, 02/02/01 See http://staff.washington.edu/corey/tools.html for the latest ver- sion. SEE ALSO rpm(8), get-patches(local), mkbootdisk(8), yum(8) http://fedora.redhat.com/download/mirrors.html http://fedoralegacy.org/download/fedoralegacy-mirrors.php NEW-PATCHES(LOCAL)