Patching

From Hackepedia
Revision as of 14:36, 27 April 2007 by Franks (talk | contribs) (Undo revision 3603 by Special:Contributions/IdzC4q (User talk:IdzC4q))
Jump to navigationJump to search

There are very few Operating Systems that have an adequate patching process for applications. The only two UBOs we recommend to someone who is too busy to track all of their installed applications is FreeBSD and Debian GNU/Linux. Apparently you can do this with RedHat and its offspring, but I've heard about a lot of issues with "dependancy hell."

It should be noted that "dependancy hell" is usually because the SysAdmin has installed packages from different distributions. For example, installing SuSE packages on a RedHat system is asking for trouble. Packages built for a specific RedHat version almost always work, as do packages rebuilt from .src.rpm files. (RedHat and other RPM-based systems are quite a bit nicer once you learn to roll your own RPM .spec files)


Debian

Using Debian GNU/Linux it's as simple as

apt-get update
apt-get dist-upgrade

and all of your installed applications will now be up to date. You can modify where you get your updates from the /etc/apt/sources.list file.

FreeBSD

I've created two shell scripts which I've named update, and upgrade. You will need portsnap, portaudit and portupgrade installed to use these:

 #!/bin/sh
 # update
 /usr/local/sbin/portsnap fetch && /usr/local/sbin/portsnap update && pkg_version  -v -l < #EOF
 
 
 #!/bin/sh
 # upgrade
 portaudit -F && portaudit
 portupgrade -a
 #EOF


OpenBSD

In OpenBSD patching the operating system can be done in a few different ways. 1. OpenBSD offers a CVS tree that allows updating at any time to any revision including the latest changes made up to the minute. 2. OpenBSD allows snapshot updates which are install packages and can be installed with the install floppy or CD. 3. The OpenBSD ports can be updated with the pkg_add -u option.

  • With CVS you'd set the CVSROOT and CVS_RSH environment variable, go to the /usr/src tree and type cvs update -PAd (and -r for any revisions other than HEAD), then 'make build' to create userland and then cd /usr/src/arch/{ARCHITECTURE}/config and configure the kernel (GENERIC), then cd ../compile/GENERIC and make dep && make and after that cp /bsd /bsd.old; cp bsd /bsd and reboot. Userland and kernel "must" be built together as changes to structures can 'desync' programs that read out of kernel memory (various stats, vmstat, pstat, iostat, top)
  • With snapshot updates I usually download the entire architectures that I require and burn them to CD with mkisofs and cdrecord, the el-torito bootsector is written with the "CD" image found. When including multiple-boot platforms such as macppc I use mkhybrid instead of mkisofs. Once the CD is completed one can always restore binaries from it at any time. Anyhow one then boots the CD and when the OpenBSD installer boots it offers you 3 choices at the beginning: (I)nstall, (U)pgrade and (S)hell. I chose 'U' for upgrade and the process is straight forward and usually just a bunch of 'yes' answers for questions asked by the installer. After that reboot into the updated/patched operating system (after removing the CD). It's always wise to have made a 'final' backup of the previous system before (just plain common sense).
  • Updating packages with pkg_add(1) seems to work alright for me I set my PKG_PATH environment variable to the place (ftp server) where the packages are held and cd /var/db/pkg and then type pkg_add -u *, this seemed to work almost flawless last time I did this. It's good to also set PKG_CACHE to /usr/ports/packages/{ARCHITECTURE}/all, that way all the packages that are pulled from somewhere remote get copied there as well. Alternativly you can also cvs update the ports tree and build the new port yourself, make it a package and then use pkg_add -u to install the new package.

Windows

Use internet explorer to go to Microsoft update. Let it scan your computer and install all of the high-priority/recommended updates. If you have an issue installing a patch, say for example KB913580, take a look for the log file in C:\Windows for patchname.log. i.e.

C:\WINDOWS\KB913580.log

open the file in notepad.exe, at the bottom of the file you will hopefully find a searchable error message or error code.