Difference between revisions of "Patching"

From Hackepedia
Jump to navigationJump to search
m (Reverted edits by QkeZ75 (Talk); changed back to last version by Hawson)
 
(24 intermediate revisions by 6 users not shown)
Line 1: Line 1:
There are very few Operating Systems that have an adequate patching process for applications. The only two I recommend to someone who is too busy to track all of their installed applications is [[FreeBSD]] and [http://www.debian.org Debian GNU/Linux]. Apparently you can do this with [[RedhatDependencies|RedHat]] and its offspring, but I've heard about a lot of issues with "dependancy hell."
+
There are very few Operating Systems that have an adequate patching process for applications. The only two [[UBO]]s we recommend to someone who is too busy to track all of their installed applications is [[FreeBSD]] and [http://www.debian.org Debian GNU/Linux]. Apparently you can do this with [[RedhatDependencies|RedHat]] and its offspring, but I've heard about a lot of issues with "dependancy hell."
  
It should be noted that this is usually because the SysAdmin has installed packages from different distributions.  For example, installing SuSE packages on a RedHat system is <i>asking</i> for trouble.  Packages built for a specific RedHat version almost always work, as do packages rebuilt from .src.rpm files. (RedHat is quite a bit nicer, once you learn to build your own .rpm files)
+
It should be noted that "dependancy hell" is usually because the SysAdmin has installed packages from different distributions.  For example, installing SuSE packages on a RedHat system is <i>asking</i> for trouble.  Packages built for a specific RedHat version almost always work, as do packages rebuilt from .src.rpm files. (RedHat and other RPM-based systems are quite a bit nicer once you learn to roll your own RPM .spec files)
  
  
== OS Specific ==
+
== [[Debian]] ==
  
In [[Windows]], use internet explorer to[http://update.microsoft.com. update your computer]. Let it scan your computer and install all of the high-priority/recommended updates.  
+
Using [[Debian]] [[GNU]]/[[Linux]] or any of the [[ubuntu]] variants, it's as simple as
 +
apt-get update
 +
apt-get dist-upgrade
 +
and all of your installed applications will now be up to date. You can modify where you get your updates from the /etc/apt/sources.list file.
  
Using Debian GNU/[[Linux]] it's as simple as "apt-get install update && apt-get install upgrade" and all of your installed applications will now be up to date!
+
== [[FreeBSD]] ==
 
+
I've created two shell scripts which I've named update, and upgrade.
With [[FreeBSD]] it's a little more complex. I've created two shell scripts which I've named update, and upgrade.
 
 
You will need [http://www.freshports.org/sysutils/portsnap portsnap], [http://www.freshports.org/security/portaudit portaudit] and [http://www.freshports.org/sysutils/portupgrade portupgrade] installed to use these:
 
You will need [http://www.freshports.org/sysutils/portsnap portsnap], [http://www.freshports.org/security/portaudit portaudit] and [http://www.freshports.org/sysutils/portupgrade portupgrade] installed to use these:
  
<nowiki>#!/bin/sh</nowiki>
+
  #!/bin/sh
 
+
  # update
<nowiki># update</nowiki>
+
  /usr/local/sbin/portsnap fetch && /usr/local/sbin/portsnap update && pkg_version  -v -l < #EOF
 
+
 
<nowiki>/usr/local/sbin/portsnap fetch && /usr/local/sbin/portsnap update && pkg_version  -v -l "<"</nowiki>
+
 
 
+
  #!/bin/sh
<nowiki>#EOF</nowiki>
+
  # upgrade
 
+
  portaudit -F && portaudit
 
+
  portupgrade -a
 
+
  #EOF
  
  
 +
== [[OpenBSD]] ==
  
<nowiki>#!/bin/sh</nowiki>
+
In OpenBSD patching the operating system can be done in a few
 +
different ways.  1. OpenBSD offers a CVS tree that allows updating at any time to any revision including the latest changes made up to the minute.  2.  OpenBSD allows snapshot updates which are install packages and can be installed with the install floppy or CD.  3.  The OpenBSD ports can be updated with the pkg_add -u option.
  
<nowiki># upgrade</nowiki>
+
* With CVS you'd set the CVSROOT and CVS_RSH environment variable, go to the /usr/src tree and type cvs update -PAd (and -r for any revisions other than HEAD), then 'make build' to create userland and then cd /usr/src/arch/{ARCHITECTURE}/config and configure the kernel (GENERIC), then cd ../compile/GENERIC and make dep && make and after that cp /bsd /bsd.old; cp bsd /bsd and reboot.  Userland and kernel "must" be built together as changes to structures can 'desync' programs that read out of kernel memory (various stats, vmstat, pstat, iostat, top)
  
<nowiki>portaudit -F && portaudit</nowiki>
+
* With snapshot updates I usually download the entire architectures that I require and burn them to CD with mkisofs and cdrecord, the el-torito bootsector is written with the "CD" image found.  When including multiple-boot platforms such as macppc I use mkhybrid instead of mkisofs.  Once the CD is completed one can always restore binaries from it at any time.  Anyhow one then boots the CD and when the OpenBSD installer boots it offers you 3 choices at the beginning:  (I)nstall, (U)pgrade and (S)hell.  I chose 'U' for upgrade and the process is straight forward and usually just a bunch of 'yes' answers for questions asked by the installer.  After that reboot into the updated/patched operating system (after removing the CD).  It's always wise to have made a 'final' backup of the previous system before (just plain common sense).
  
<nowiki>portupgrade -a</nowiki>
+
* Updating packages with pkg_add(1) seems to work alright for me I set my PKG_PATH environment variable to the place (ftp server) where the packages are held and cd /var/db/pkg and then type pkg_add -u *, this seemed to work almost flawless last time I did this.  It's good to also set PKG_CACHE to /usr/ports/packages/{ARCHITECTURE}/all, that way all the packages that are pulled from somewhere remote get copied there as well.  Alternativly you can also cvs update the ports tree and build the new port yourself, make it a package and then use pkg_add -u to install the new package.
  
<nowiki>#EOF</nowiki>
+
== [[Windows]] ==
 +
Use internet explorer to go to  [http://update.microsoft.com. Microsoft update]. Let it scan your computer and install all of the high-priority/recommended updates. If you have an issue installing a patch, say for example KB913580, take a look for the log file in C:\Windows for patchname.log. i.e.
  
 +
C:\WINDOWS\KB913580.log
  
Rumour has it that [[OpenBSD]] is building a portupgrade tool, and I will surely switch to them at that point, based on their security history.
+
open the file in notepad.exe, at the bottom of the file you will hopefully find a searchable error message or error code.

Latest revision as of 06:55, 16 July 2007

There are very few Operating Systems that have an adequate patching process for applications. The only two UBOs we recommend to someone who is too busy to track all of their installed applications is FreeBSD and Debian GNU/Linux. Apparently you can do this with RedHat and its offspring, but I've heard about a lot of issues with "dependancy hell."

It should be noted that "dependancy hell" is usually because the SysAdmin has installed packages from different distributions. For example, installing SuSE packages on a RedHat system is asking for trouble. Packages built for a specific RedHat version almost always work, as do packages rebuilt from .src.rpm files. (RedHat and other RPM-based systems are quite a bit nicer once you learn to roll your own RPM .spec files)


Debian

Using Debian GNU/Linux or any of the ubuntu variants, it's as simple as

apt-get update
apt-get dist-upgrade

and all of your installed applications will now be up to date. You can modify where you get your updates from the /etc/apt/sources.list file.

FreeBSD

I've created two shell scripts which I've named update, and upgrade. You will need portsnap, portaudit and portupgrade installed to use these:

 #!/bin/sh
 # update
 /usr/local/sbin/portsnap fetch && /usr/local/sbin/portsnap update && pkg_version  -v -l < #EOF
 
 
 #!/bin/sh
 # upgrade
 portaudit -F && portaudit
 portupgrade -a
 #EOF


OpenBSD

In OpenBSD patching the operating system can be done in a few different ways. 1. OpenBSD offers a CVS tree that allows updating at any time to any revision including the latest changes made up to the minute. 2. OpenBSD allows snapshot updates which are install packages and can be installed with the install floppy or CD. 3. The OpenBSD ports can be updated with the pkg_add -u option.

  • With CVS you'd set the CVSROOT and CVS_RSH environment variable, go to the /usr/src tree and type cvs update -PAd (and -r for any revisions other than HEAD), then 'make build' to create userland and then cd /usr/src/arch/{ARCHITECTURE}/config and configure the kernel (GENERIC), then cd ../compile/GENERIC and make dep && make and after that cp /bsd /bsd.old; cp bsd /bsd and reboot. Userland and kernel "must" be built together as changes to structures can 'desync' programs that read out of kernel memory (various stats, vmstat, pstat, iostat, top)
  • With snapshot updates I usually download the entire architectures that I require and burn them to CD with mkisofs and cdrecord, the el-torito bootsector is written with the "CD" image found. When including multiple-boot platforms such as macppc I use mkhybrid instead of mkisofs. Once the CD is completed one can always restore binaries from it at any time. Anyhow one then boots the CD and when the OpenBSD installer boots it offers you 3 choices at the beginning: (I)nstall, (U)pgrade and (S)hell. I chose 'U' for upgrade and the process is straight forward and usually just a bunch of 'yes' answers for questions asked by the installer. After that reboot into the updated/patched operating system (after removing the CD). It's always wise to have made a 'final' backup of the previous system before (just plain common sense).
  • Updating packages with pkg_add(1) seems to work alright for me I set my PKG_PATH environment variable to the place (ftp server) where the packages are held and cd /var/db/pkg and then type pkg_add -u *, this seemed to work almost flawless last time I did this. It's good to also set PKG_CACHE to /usr/ports/packages/{ARCHITECTURE}/all, that way all the packages that are pulled from somewhere remote get copied there as well. Alternativly you can also cvs update the ports tree and build the new port yourself, make it a package and then use pkg_add -u to install the new package.

Windows

Use internet explorer to go to Microsoft update. Let it scan your computer and install all of the high-priority/recommended updates. If you have an issue installing a patch, say for example KB913580, take a look for the log file in C:\Windows for patchname.log. i.e.

C:\WINDOWS\KB913580.log

open the file in notepad.exe, at the bottom of the file you will hopefully find a searchable error message or error code.