Paranoid Penguin - Using Yum for RPM Updates
where http://your.distro.homepage/GPGsignature should be replaced with a real URL.
This may seem like a hassle, but it's worth it. Several intrusions on Linux distributors' sites over the years have resulted in trojaned or otherwise compromised software packages being downloaded by unsuspecting users. Taking advantage of RPM's support for GnuPG signatures is the best defense against such skulduggery.
The other notable change in Listing 2 is that I've specified failovermethod=priority, which tells Yum to try the URLs on this list in order, starting with the one at the top. The default behavior, failovermethod=roundrobin, is for Yum to choose one of the listed URLs at random. Personally, I prefer the priority method because it lets me prioritize faster, closer mirrors over my distribution's primary site.
Now we come to the easy part, using the yum command. There are two ways to run Yum, manually from a command prompt or automatically by way of the /etc/init.d/yum startup script. If enabled, which you must do manually by issuing a chkconfig --add yum command, this script simply touches a runfile, /var/lock/subsys/yum, which the cron.daily job yum.cron checks for. If the script is enabled, that is, if the runfile exists, this cron job runs the Yum command first to check for and install an updated Yum package and then to check for and install updates for all other system packages. In so doing, Yum automatically and transparently resolves any relevant dependencies. If an updated package depends on another package, even if it didn't previously, Yum retrieves and installs the other package.
For most users, this script is powerful and useful stuff. If your environment demands meticulous change-control procedures, however, and you don't want any new software installed automatically, you should run Yum manually.
To see a list of available updates without installing anything, use yum check-update (Listing 3).
Listing 3. Checking for updates (output slightly reformatted and truncated for readability).
[root@iwazaru-fedora etc]# yum check-update Gathering header information file(s) from server(s) Server: Fedora Core 1 - i386 - Base Server: Fedora Core 1 - i386 - Released Updates Finding updated packages Downloading needed headers getting /var/cache/yum/updates-released/headers/ ↪coreutils-0-5.0-34.1.i386.hdr coreutils-0-5.0-34.1.i386 100% |=================| ↪13 kB 00:01 Name Arch Version Repo ----------------------------------------------------- XFree86 i386 4.3.0-55 updates-released XFree86-100dpi-fonts i386 4.3.0-55 updates-released XFree86-75dpi-fonts i386 4.3.0-55 updates-released XFree86-Mesa-libGL i386 4.3.0-55 updates-released
To install a single update, plus any other updates necessary to resolve dependencies, use yum update packagename, for example: yum update yum.
This example actually updates Yum itself. If indeed an updated version of the package Yum is available, you are prompted to go ahead and install it. If you're invoking Yum from a script and you want all such prompts to be answered y automatically, use the -y option:
yum -y update yum
The check-update command, the Yum command that is, isn't mandatory before installing updates. If you prefer, you can use yum update directly—it performs the same checks as yum check-update.
In the last sample command, we specified a single package to update, yum. To initiate a complete update session for all installed packages on your system, you simply can omit the last argument, the package specification: yum update.
After Yum checks for all available updates and calculates dependencies, it presents you with a list of all updates it intends to download. Unless you used the -y option, it asks you whether to download and install each of them.
For the sake of completeness here's a bonus tip: you also can install new packages with Yum—you probably figured that out already. For any package contained in the sources you've defined in /etc/yum.conf, you can use the command yum install packagename to install the latest version of that package, plus anything it depends on. For example, to install the FTP server package vsftpd, you'd issue this command: yum install vsftpd.
Practical Task Scheduling Deployment
One of the best things about the UNIX environment (aside from being stable and efficient) is the vast array of software tools available to help you do your job. Traditionally, a UNIX tool does only one thing, but does that one thing very well. For example, grep is very easy to use and can search vast amounts of data quickly. The find tool can find a particular file or files based on all kinds of criteria. It's pretty easy to string these tools together to build even more powerful tools, such as a tool that finds all of the .log files in the /home directory and searches each one for a particular entry. This erector-set mentality allows UNIX system administrators to seem to always have the right tool for the job.
Cron traditionally has been considered another such a tool for job scheduling, but is it enough? This webinar considers that very question. The first part builds on a previous Geek Guide, Beyond Cron, and briefly describes how to know when it might be time to consider upgrading your job scheduling infrastructure. The second part presents an actual planning and implementation framework.
Join Linux Journal's Mike Diehl and Pat Cameron of Help Systems.
Free to Linux Journal readers.View Now!
|The Firebird Project's Firebird Relational Database||Jul 29, 2016|
|Stunnel Security for Oracle||Jul 28, 2016|
|SUSE LLC's SUSE Manager||Jul 21, 2016|
|My +1 Sword of Productivity||Jul 20, 2016|
|Non-Linux FOSS: Caffeine!||Jul 19, 2016|
|Murat Yener and Onur Dundar's Expert Android Studio (Wrox)||Jul 18, 2016|
- The Firebird Project's Firebird Relational Database
- Stunnel Security for Oracle
- My +1 Sword of Productivity
- SUSE LLC's SUSE Manager
- Non-Linux FOSS: Caffeine!
- Managing Linux Using Puppet
- Murat Yener and Onur Dundar's Expert Android Studio (Wrox)
- Parsing an RSS News Feed with a Bash Script
- Google's SwiftShader Released
- Doing for User Space What We Did for Kernel Space