[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] updated version of check-rpms



Topic
=====
new check-rpms script appended

I have added a command-line option "-rpm" to the check-rpms shell script
that lists rpms that should be upgraded. If "-rpm" is specified, the
script will output a list of new rpms that should be installed. The default
is still to list the installed packages that should be upgraded.

This, I think, is as far as I go towards "automatic upgrades":
if you want you can now easily add an option and a few more lines to the
script so that it does a "rpm -Fvh <output of `check-rpms -rpm`>".
A word of caution though: check-rpms still outputs a warning, if you have
multiple versions of the same package installed. That error message will
thouroughly confuse rpm, when you do a "rpm -Fvh `check-rpms -rpm`".
This is probably a good thing, since you don't want to do an automatic
upgrade in these cases. Also if the kernel is listed as a package that
should be upgraded, you should do a "rpm -ivh <kernel-rpm>", not a "-Fvh".
I strongly advise to do a kernel upgrade manually anyway - you probably
can modify the script such that it excludes kernel upgrade in "automatic
upgrades".

Furthermore, check-rpms still does not check whether the new rpm out of
the updated RedHat distribution is actually of a newer version than the
one you have installed - if you do a "rpm -Fvh ..." that shouldn't be
a problem, but you never know.

Anyway, if you want do have your system updated automatically from, e.g.,
a cron job, it shouldn't be too hard to modify check-rpms to do the job.

As you may have noticed by now: I am not a friend of automatic upgrades
and will not implement those modifications myself.

Cheers,
Martin

===<cut here: check-rpms>==============================================
#!/bin/sh
REDHATDIR=/mnt/redhat/RedHat/RPMS
list_rpm=
cd $REDHATDIR
if [ $# -gt 1 ]; then
   echo "usage $0 [-rpm]"
   exit
elif [ $# -eq 1 ]; then
   if [ "$1" = "-rpm" ]; then
      list_rpm=yes
      shift
   else
      echo "usage $0 [-rpm]"
      exit
   fi
fi 
for package in `rpm -qa`; do
    obsolete=`ls "$package"* 2>&1 | grep 'No such file'`
    if [ -n "$obsolete" ]; then
       packagename=`echo $package | awk -F "-[0-9]" '{print $1}'`
       defaultpackage=`ls "$packagename"* 2>&1 | grep 'No such file'`
       if [ -z "$defaultpackage" ]; then
          num=`rpm -q $packagename | wc -l | sed -e 's/ //g'`
          if [ $num -gt 1 ]; then
            if [ -n "$list_rpm" ]; then
               echo "`ls $packagename-[0-9]*` ; warning: multiple ($num) packages installed."
            else
               echo "$package ; warning: multiple ($num) packages installed."
            fi
          else
            if [ -n "$list_rpm" ]; then
              ls $packagename-[0-9]*
            else
              echo $package
            fi
          fi
       fi
    fi
done