[LON-CAPA-users] RPM update

Lars Jensen lon-capa-users@mail.lon-capa.org
Thu, 30 May 2002 21:03:16 -0700 (PDT) 

Martin,

Excuse my ignorance about updating a RedHat system - I'm used to
debian (which is much easier). I did the 
check-rpms -v -r --update -ftp rufus.w3.org/linux/redhat/updates/6.2/en/os
and it seems that what this command did was to copy all the rpm's that
needs updating to the directory /mnt/redhat/RedHat/RPMS - it did not
actually do the update, did it? was it supposed to? If not, is this what
I need to do (as root):

cd /mnt/redhat/RedHat/RPMS
rpm -hUv *

If not, what should I do next to accomplish the update?

Regarding error messages from the check-rpms -v -r --update -ftp, this
is what I got - the main messags seems to be that there are two newer 
versions available of the libpcap, ncftpget, and tcpdump packages.
Should I erase the older one from /mnt/redhat/RedHat/RPMS ?

Thanks again,
Lars.

The ftp server provides multiple versions of the libpcap package.
Downloading libpcap-0.6.2-10.6x.i386.rpm and
libpcap-0.6.2-11.6.2.0.i386.rpm in order to find out which is newer.
/mnt/redhat/RedHat/RPMS/libpcap-0.6.2-10.6x.i386.rpm:  287.28 kB   27.98
kB/s
ncftpget: file retrieval error: local file appears to be the same as the
remote file, no transfer necessary.
** ncftpget failed with status 3.
** The server provides two versions of the same package:
** libpcap-0.6.2-10.6x.i386.rpm and libpcap-0.6.2-11.6.2.0.i386.rpm.
** It appears that libpcap-0.6.2-11.6.2.0.i386.rpm is newer.
The ftp server provides multiple versions of the tcpdump package.
Downloading tcpdump-3.6.2-10.6x.i386.rpm and
tcpdump-3.6.2-11.6.2.0.i386.rpm in order to find out which is newer.
/mnt/redhat/RedHat/RPMS/tcpdump-3.6.2-10.6x.i386.rpm:  253.80 kB   12.63
kB/s
ncftpget: file retrieval error: local file appears to be the same as the
remote file, no transfer necessary.
** ncftpget failed with status 3.
** The server provides two versions of the same package:
** tcpdump-3.6.2-10.6x.i386.rpm and tcpdump-3.6.2-11.6.2.0.i386.rpm.
** It appears that tcpdump-3.6.2-11.6.2.0.i386.rpm is newer.
Multiple versions of the same package were found on the server.
However, due to ftp download problems it could not be verified
which of the packages are the most recent ones.
If the choices specified above appear to be correct, rerun check-rpms
without the -lq (or --list-questionable) option. Otherwise, fix the
download
problems or install those packages separately first.


Lars.




On Thu, 30 May 2002, Martin Siegert wrote:

> Hi Lars,
> 
> On Thu, May 30, 2002 at 12:30:24AM -0700, Lars Jensen wrote:
> > When I do a CHECKRPMS, I get a message that I need to install at least
> > 75 RPM's. Some of these seem to me not to matter that much,
> 
> I believe they do matter. Note that check-rpms does not list packages
> that should be installed but packages that need to be upgraded.
>                ---------                              --------
> I.e., all the packages that were listed by check-rpms are already
> installed on your system! Check-rpms lists them because there is a
> newer version available. At this point you have serveral choices:
> 1) uninstall the old version of the packages, if you do not need it.
> 2) upgrade the packages (e.g., check-rpms -v -r --update ...)
> 3) do nothing. Note, however, that most updates released by RedHat are
>    security updates. Thus, by doing nothing you leave a package installed
>    on your system that has a security hole. When choosing 3) you must be
>    able to decide whether you are vulnereable to that security hole or not.
> 
> My advice is: choose 1), if possible, otherwise choose 2). I recommend
> to run check-rpms -v at least once a week.
> 
> > but I was
> > wondering if I should do the kernel upgrade from the present 2.2.14 to
> > the recommended 2.2.19 ?
> 
> You should. All kernels before that 2.2.19-6.2.16 release are vulnerable to
> a (local) root exploit that is trivial to exploit (scripts are published
> on mailing lists).
> 
> > Should I anticipate any problems with the
> > upgrade? Do I need to restart anything after the kernel upgrade? How
> > about dependencies? Will they be satisfied if I just upgrade these
> > files:
> > 
> > (1) kernel-2.2.19-6.2.16.i686.rpm
> > (2) kernel-headers-2.2.19-6.2.16.i386.rpm
> > (3) kernel-pcmcia-cs-2.2.19-6.2.16.i386.rpm
> > (4) kernel-smp-2.2.19-6.2.16.i686.rpm
> > (5) kernel-utils-2.2.19-6.2.16.i386.rpm
> > 
> > I'm upgrading out Dell dual processormachine, so I assume that I don't
> > need (3) and only one of (1) and (4) (in our case it would be (4)). Is
> > this correct?
> 
> Correct: you do not need (1) nor (3). Thus, you should unistall (rpm -e ...)
> (1) and (3) first.
> 
> With respect to dependencies:
> run "check-rpms -v -r --update ..." first. check-rpms updates all packages
> at once (with the exception of the kernel). By doing so all dependencies
> should be resolved. The assumption is that the old packages that are
> installed on your system have the same dependencies as the new packages.
> This would be true, if updates of packages do not introduce dependencies
> that did not exist between the old packages. This is the sane way of doing
> things and almost always correct. Unfortunately RedHat has introduced
> a few "insane" updates that do introduce dependencies that did not exist
> before. Sigh. If there are such packages with new dependencies that cannot be
> resolved within the packages that check-rpms lists for upgrading, then
> check-rpms will fail (without doing any damage). In those cases you have
> to do the upgrades that involve those packages by hand. It would be nice,
> if check-rpms could handle those cases as well and I spent quite a bit
> of time investigating this problem before I discarded it as beeing not
> feasible. It basically cannot be done without downloading the whole
> update directory tree to your machine.
> 
> Thus: try "check-rpms -v -r --update ..." if it does not fail - fine.
> If it does, send me an email with the output of check-rpms and I'll try to
> help you to figure out what's wrong. 
> 
> Now the kernel upgrade: check-rpms refuses to do kernel upgrades. This
> is something you always have to do by hand. A kernel upgrade under RH6.2
> includes modifying /etc/lilo.conf and a reboot. If you have not done
> a kernel upgrade before: There are an few pointers in the corresponding
> message from my linux-security mailing list at
> 
> http://www.sfu.ca/~siegert/linux-security/msg00078.html
> 
> Otherwise detailed explanations can be found at
> 
> http://www.redhat.com/support/docs/howto/kernel-upgrade/kernel-upgrade.html
> 
> I hope this helps.
> 
> Cheers,
> Martin
> 
> ========================================================================
> Dr. Martin Siegert
> Academic Computing Services                        phone: (604) 291-4691
> Simon Fraser University                            fax:   (604) 291-4242
> Burnaby, British Columbia                          email: siegert@sfu.ca
> Canada  V5A 1S6
> ========================================================================
> _______________________________________________
> LON-CAPA-users mailing list
> LON-CAPA-users@mail.lon-capa.org
> http://mail.lon-capa.org/mailman/listinfo/lon-capa-users
> 

--
Lars Jensen, TMCC/Vista B200, 7000 Dandini Blvd, Reno NV 89512-3999. 
Internet: <jensen@physics.unr.edu>, http://www.scsr.nevada.edu/~jensen
Tel: 775.673.7113  FAX: 775.674.7592