[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[linux-security] check for rpms that should be upgraded
- To: linux-security
- Subject: [linux-security] check for rpms that should be upgraded
- From: Martin Siegert <siegert@sfu.ca>
- Date: Fri, 20 Jul 2001 11:05:28 -0700
- User-Agent: Mutt/1.2.5i
I was ask the question, whether there is a script/command available
that would list those rpms/packages on a system that should be upgraded.
1) For Debian there is the "apt-get" command, e.g.,
# apt-get update
would upgrade all of your packages to the latest version.
# apt-get update -d
would only download the new versions of the packages that need upgrading.
You then can decide yourself which packages you want to upgrade (using the
dpkg command).
[please don't ask me too many questions about apt-get - I am just reporting
here what others told me]
2) For RedHat there is the up2date package. I have not tried it - on my
system it requires so many other packages that I choose not to install
up2date.
If there is somebody on the list who has used up2date, feel free to
report your experience to the list.
3) For those of you who use SFU's patched RedHat distribution on sphinx
there is a third option: I wrote a little script that compares the
packages installed on your box with the packages of the patched distribution.
This script isn't perfect. First of all it is not lighning fast. Secondly
it only checks whether your installed version is different from the
version of the distribution, i.e., it does not check whether your
version is actually older, e.g., on my 6.2 box the script lists
modutils-2.4.2-2 (which I downloaded from the web in order to use a
2.4 kernel). Since this is a very rare case I believe this isn't really
a problem.
The script prints a warning, if you have several versions of the same
package installed. In most cases this is a mistake coming from the
use of "rpm -i ..." instead of "rpm -F ..." or "rpm -U ...". There is
only one kind of packages for which you should use "rpm -i ...": kernel
packages; everything else should be installed using -F or -U.
You may want to uninstall (rpm -e ...) all packages that are listed by the
script with this kind of warning.
In order to use the script you must edit the REDHATDIR variable and set it
to the directory where you mounted the distribution (more precisely the
directory that contains the rpms of the mounted distribution). The script
works for the 6.2 and the 7.1 distribution.
I hope this is useful - comments are welcome.
Martin
=========<check-rpms>===================================================
#!/bin/sh
REDHATDIR=/mnt/redhat/RedHat/RPMS
cd $REDHATDIR
for package in `rpm -qa`; do
obsolete=`ls "$package"* 2>&1 | grep 'No such file'`
if [ -n "$obsolete" ]; then
packagename=`echo $package | awk -F "-[0-9]" '{print $1}'`
defaultpackage=`ls "$packagename"* 2>&1 | grep 'No such file'`
if [ -z "$defaultpackage" ]; then
num=`rpm -q $packagename | wc -l | sed -e 's/ //g'`
if [ $num -gt 1 ]; then
echo "$package ; warning: multiple ($num) packages installed."
else
echo $package
fi
fi
fi
done