Loading
Paranoid Penguin - Using Yum for RPM Updates
You can eliminate most known security risks by removing unused software and keeping your system up to date. Here's how to do it with the new tool chosen by three of the most popular Linux distributions.
where http://your.distro.homepage/GPGsignature should be replaced with a real URL.
This may seem like a hassle, but it's worth it. Several intrusions on Linux distributors' sites over the years have resulted in trojaned or otherwise compromised software packages being downloaded by unsuspecting users. Taking advantage of RPM's support for GnuPG signatures is the best defense against such skulduggery.
The other notable change in Listing 2 is that I've specified failovermethod=priority, which tells Yum to try the URLs on this list in order, starting with the one at the top. The default behavior, failovermethod=roundrobin, is for Yum to choose one of the listed URLs at random. Personally, I prefer the priority method because it lets me prioritize faster, closer mirrors over my distribution's primary site.
Now we come to the easy part, using the yum command. There are two ways to run Yum, manually from a command prompt or automatically by way of the /etc/init.d/yum startup script. If enabled, which you must do manually by issuing a chkconfig --add yum command, this script simply touches a runfile, /var/lock/subsys/yum, which the cron.daily job yum.cron checks for. If the script is enabled, that is, if the runfile exists, this cron job runs the Yum command first to check for and install an updated Yum package and then to check for and install updates for all other system packages. In so doing, Yum automatically and transparently resolves any relevant dependencies. If an updated package depends on another package, even if it didn't previously, Yum retrieves and installs the other package.
For most users, this script is powerful and useful stuff. If your environment demands meticulous change-control procedures, however, and you don't want any new software installed automatically, you should run Yum manually.
To see a list of available updates without installing anything, use yum check-update (Listing 3).
To install a single update, plus any other updates necessary to resolve dependencies, use yum update packagename, for example: yum update yum.
This example actually updates Yum itself. If indeed an updated version of the package Yum is available, you are prompted to go ahead and install it. If you're invoking Yum from a script and you want all such prompts to be answered y automatically, use the -y option:
yum -y update yum
The check-update command, the Yum command that is, isn't mandatory before installing updates. If you prefer, you can use yum update directly—it performs the same checks as yum check-update.
In the last sample command, we specified a single package to update, yum. To initiate a complete update session for all installed packages on your system, you simply can omit the last argument, the package specification: yum update.
After Yum checks for all available updates and calculates dependencies, it presents you with a list of all updates it intends to download. Unless you used the -y option, it asks you whether to download and install each of them.
For the sake of completeness here's a bonus tip: you also can install new packages with Yum—you probably figured that out already. For any package contained in the sources you've defined in /etc/yum.conf, you can use the command yum install packagename to install the latest version of that package, plus anything it depends on. For example, to install the FTP server package vsftpd, you'd issue this command: yum install vsftpd.
______________________
Webcast
How to Build an Optimal Hadoop Cluster to Store and Maintain Unlimited Amounts of Data Using Microservers
Realizing the promise of Apache® Hadoop® requires the effective deployment of compute, memory, storage and networking to achieve optimal results. With its flexibility and multitude of options, it is easy to over or under provision the server infrastructure, resulting in poor performance and high TCO. Join us for an in depth, technical discussion with industry experts from leading Hadoop and server companies who will provide insights into the key considerations for designing and deploying an optimal Hadoop cluster.
Sponsored by AMD
White Paper
Red Hat White Paper: Using an Open Source Framework to Catch the Bad Guy
Built-in forensics, incident response, and security with Red Hat Enterprise Linux 6
Every security policy provides guidance and requirements for ensuring adequate protection of information and data, as well as high-level technical and administrative security requirements for a system in a given environment. Traditionally, providing security for a system focuses on the confidentiality of the information on it. However, protecting the data integrity and system and data availability is just as important. For example, when processing United States intelligence information, there are three attributes that require protection: confidentiality, integrity, and availability.
Learn more about catching the bad guy in this free white paper.
Sponsored by DLT Solutions
- RSS Feeds
- Making Linux and Android Get Along (It's Not as Hard as It Sounds)
- Using Salt Stack and Vagrant for Drupal Development
- Dynamic DNS—an Object Lesson in Problem Solving
- New Products
- Validate an E-Mail Address with PHP, the Right Way
- Drupal Is a Framework: Why Everyone Needs to Understand This
- A Topic for Discussion - Open Source Feature-Richness?
- Download the Free Red Hat White Paper "Using an Open Source Framework to Catch the Bad Guy"
- Tech Tip: Really Simple HTTP Server with Python
- Roll your own dynamic dns
3 hours 45 min ago - Please correct the URL for Salt Stack's web site
6 hours 56 min ago - Android is Linux -- why no better inter-operation
9 hours 12 min ago - Connecting Android device to desktop Linux via USB
9 hours 40 min ago - Find new cell phone and tablet pc
10 hours 38 min ago - Epistle
12 hours 7 min ago - Automatically updating Guest Additions
13 hours 16 min ago - I like your topic on android
14 hours 2 min ago - This is the easiest tutorial
20 hours 38 min ago - Ahh, the Koolaid.
1 day 2 hours ago
Free Webinar: Hadoop
How to Build an Optimal Hadoop Cluster to Store and Maintain Unlimited Amounts of Data Using Microservers
Realizing the promise of Apache® Hadoop® requires the effective deployment of compute, memory, storage and networking to achieve optimal results. With its flexibility and multitude of options, it is easy to over or under provision the server infrastructure, resulting in poor performance and high TCO. Join us for an in depth, technical discussion with industry experts from leading Hadoop and server companies who will provide insights into the key considerations for designing and deploying an optimal Hadoop cluster.
Some of key questions to be discussed are:
- What is the “typical” Hadoop cluster and what should be installed on the different machine types?
- Why should you consider the typical workload patterns when making your hardware decisions?
- Are all microservers created equal for Hadoop deployments?
- How do I plan for expansion if I require more compute, memory, storage or networking?
Comments
The comment "Garrick, use rea
The comment "Garrick, use really small font in Listing 1 (or make wider than one column) to keep the lines from breaking"
Appears above the listing at the begining of the article, and there are a few times where there are font and other editing/publishing instructions for 'garrick' to follow. Thiis is an old article, but I figure I should make note of it so if anyone monitors this still they can correct it.
Re: Paranoid Penguin: Using Yum for RPM Updates
Thanks I have just started using Yellow Dog Linux this aricle couldn't have been better timed than if you wrote it just for me.