AutoUpdate

Main features/drawbacks:

In contradistinction to up2date, it can be used to upgrade both rpms from RedHat and third party rpms. In addition, only the server will download new rpms, the clients get them from the server (saves bandwidth).
In contradistinction to autorpm, it will try to handle dependencies (see below) and choose the right architecture (if more than one is available). Moreover, it will only download rpms for which an older version is present.
Version comparison is only done by looking at the file name and not by looking at the entire rpm header.

It is designed to run from a cron job and to keep the output to a minimum (so that your root email is not cluttered up with useless information). In particular, there is no interactive mode or any kind of GUI.

1. Getting AutoUpdate

   The current version autoupdate-3.1.5-1 can be downloaded from

   ftp://ftp.mat.univie.ac.at/pub/teschl/autoupdate/

   There are tar.gz, noarch.rpm versions available. In addition, some ftp configuration files are available as rpms as well: cfg-redhat, cfg-caldera, cfg-mandrake, cfg-suse, cfg-autoupdate. Note: These configuration files are just here to get you started. Please edit them to meet your needs, in particular, replace the ftp server by a mirror close to you!

   All rpms are signed with my DSS key.

2. Installation

   AutoUpdate requires that you have Perl installed on your computer. In addition it needs the Net::FTP module, which is part of the perl-libnet package (available in RedHat PowerTools) and the DB_File module, which is usually part of perl (Mandrake users need to install perl-DB_File). In addition, it doesn't make much sense without RPM. I recommend installing the rpm. Otherwise, you might want to move autoupdate to a directory in your search PATH (e.g., mv autoupdate /usr/local/sbin/), the configuration to /etc/ (e.g., mv autoupdate.d/ /etc/), and the manual page to its proper location (mv autoupdate.8.gz /usr/local/man/man8/). Then create the proper links: for name in auto{dld,get,upd,ins,mrg,prg}; do ln -s autoupdate /usr/local/sbin/$name; done.

3. Modes

   There are five independent modes, download, get, update/install, merge, and purge. The mode will be determined by the invocation name and or command line options.

   • Download mode:

     The download mode will connect to a given remote site (currently ftp, http, and file (for local directories) are supported) and compare all rpms found to either your rpm directory or, if no rpm directory is set, to the installed rpms. Then all updated versions of rpms you already have will be downloaded. The remote site can be given on the command line or in a configuration file (see below).

   • Get mode:

     The get mode is similar to the download mode, except that rpm names (without version) can be given on the command line and those rpms will then be searched for on the remote sites.

   • Update/install mode:

     The update/install mode will compare rpms given on the command line or in the update directory to the installed ones. In update mode only new rpms for which an older version is installed will be upgraded. Install mode is similar but will also install rpms for which no old version was previously installed.

     First all rpms (except kernel packages) will be upgraded. If there are unresolved dependencies, it will check if any other rpms in the update or rpm directory can be used to satisfy them and add all necessary ones.

     Then it will install new kernel rpms (unless disabled) and, at your request, add the images to the boot manager.

   • Merge mode:

     This mode is used to merge new rpms from the update directory into the rpm directory (removing the old ones).

   • Purge mode:

     This mode is used to purge old rpms from the update directory.

4. Dependency resolution

   AutoUpdate will try to resolve dependencies as well. There should be no problems unless upgrading an rpm requires to install new rpms (for which no older version is installed). Moreover, it will even try to handle such situations if Resolve=1 is used. However, this will only work if all necessary rpms are in the updates or rpm directory. The download part will try to ensure this, but it will only succeed if it can be read off from the file name that a new rpm is needed or if the information is in its provides data base (see below). In particular, it might not realize that libcrypto.so is provided by openssl. Hence Autoupdate will fail in such a case and you have two options. Either download the necessary rpms by hand or use DldAll=1 (at least for the RedHat updates).

   As already noted, dependency resolution is only possible if AutoUpdate knows which rpm provides what capabilities. For this it maintains its own provides database autoprovides.db which can be in the updates directory or in the configuration directory. If this data base does not exist, it will be created automatically by querying the rpms in the updates and rpm directory. Moreover, whenever an rpm is downloaded, it will be added as well. You can even add additional rpms using the --addtodb option. So for example, you could add the information from all rpms on your installation CDs (autoprovides_rh7.1.db which contains this information for RedHat 7.1 (including PowerTools) is available). So even if the rpms are not available to AutoUpdate, it might at least be able to tell you what rpms are needed.

5. Kernel upgrades

   AutoUpdate will also try to update your kernel for you if DoUpdateKernel=1. In fact, this will only install new kernel rpms (without touching your existing kernels or altering your boot manager configuration). Hence this feature should be pretty safe. However, it can even reconfigure your boot manager if used with DoBoot=1. Currently lilo and grub are supported. Since this option might hose your entire system it is off by default and you should only turn it on if you are willing to take this risk! Moreover, it will probably only work if you are using a RedHat style system. In particular, the boot image (and the corresponding initrd - if any) needs to contain the full rpm version string. Please use --test and inspect the test configuration file to make sure it works. Use at your own risk! You have been warned! If it breaks your system, don't blame me.

6. Basic usage

   On a single machine I recommend the following config files

   # /etc/autoupdate.d/autoupdate.conf
   Verbose=1
   Quiet=0
   Warnings=1
   RPMNameWarnings=1
   DoUpdate=1
   DoInstall=0
   DoKernel=0
   DoInitRD=1
   DoBoot=1
   DoDld=1
   DoMerge=0
   DoPurge=0
   CleanUp=1
   CleanUpKernel=1
   #BootManager=lilo
   BootAddAsNew=0
   KernelExt=smp,enterprise,BOOT
   CheckSig=0
   CheckGPG=0
   Resolve=1
   BestMatch=1
   RemoveBad=1
   Recurse=0
   DoLog=1
   #LogFile=
   #PostUpdateScript=/sbin/SuSEconfig
   #PostDldScript=
   DefaultUser=anonymous
   DefaultPass=`echo autoupdate@`hostname -f``
   DistVersion=`/etc/autoupdate.d/distversion.sh`
   ShellEscapes=0
   UpdateDir=/var/spool/autoupdate
   RPMDir=
   DldMatch=0
   MergeMatch=0
   #Exclude=^k_
   #Include=
   

   and

   # /etc/autoupdate.d/redhat.dld
   Host=ftp.redhat.com
   DldAll=1
   FTPRetry=2
   FTPWait=10
   DldRecurse=0
   Passive=1
   Dir=/pub/redhat/linux/updates/#DistVersion#/en/os/
   

   Just type autodld. This will download all new updates from ftp.redhat.com and upgrade your system. The slash at the end of the ftp directory will make AutoUpdate check all sub directories corresponding to architectures suitable for your system (e.g., noarch, i386, i586 on a Pentium PC). Moreover, linking autodld to /etc/cron.daily will check for updates every day and you (root) will get a list of all rpms which have been upgraded via email.

   Some remarks: CleanUp=1 will remove all rpms which have been upgraded. If you set it to CleanUp=0 and DoPurge=1 the latest version of each rpm will be kept. MatchBest=1 will ensure that only the rpm which matches your system best is fetched, that is, if you run it on an i686 it will only download the i686 kernel and not the i386 one. RemoveBad=1 will remove bad rpms (e.g., those from an incomplete download) before downloading any new ones. In addition, you can also use Exclude, Include patterns to control which packages should be considered during upgrade. Kernel packages will be handled separately, in particular, no exclude patterns are needed. Note, however, that excluded packages will still be downloaded (unless you use DldMatch=1), such that you know they are there. (Of course you can also set up patterns for each ftp site.)

   Alternatively, if you already have the rpms (say on CD), you can use

   autoupd /mnt/cdrom/*.rpm
   

   to upgrade your system. If you use autoins instead, all rpms will be installed even if no older versions are present. This is similar to rpm -F and rpm -U with the two differences that AutoUpdate will select the right rpm (architecture, latest version) and it will try to resolve dependencies.

   Moreover, the command

   autoget --url ftp://ftp.redhat.com/pub/redhat/linux/7.1/en/os/i386/RedHat/RPMS zip
   

   will search the given url for an rpm named zip. If found, the rpm will be downloaded and installed. Of course, you can setup *.get config files for all sites you want to search.

   In addition, it can be used to keep an entire site up to date. Here is my setup. I have a (customized) RedHat distributions on my server in /usr/src/redhat-7.{0,1} and I keep the updates in /usr/src/redhat-7.{0,1}/updates. Hence my configuration file looks like

   # /etc/autoupdate.d/autoupdate.conf
   Verbose=0
   Quiet=0
   Warnings=1
   DoUpdate=0
   DoInstall=0
   DoKernel=0
   DoInitRD=1
   DoBoot=1
   DoDld=1
   DoMerge=0
   DoPurge=0
   CleanUp=0
   CleanUpKernel=1
   BootAddAsNew=0
   KernelExt=smp,enterprise
   CheckSig=1
   CheckGPG=0
   Resolve=1
   BestMatch=0
   RemoveBad=1
   Recurse=0
   #PostUpdateScript=
   #PostDldScript=
   DefaultUser=anonymous
   DefaultPass=`echo autoupdate@`hostname -f``
   DistVersion=`cut -d" " -f5 /etc/redhat-release`
   ShellEscapes=0
   UpdateDir=/usr/src/redhat-#DistVersion#/updates
   InstallDir=/usr/src/redhat-#DistVersion#/newrpms
   RPMDir=/usr/src/redhat-#DistVersion#/RedHat/RPMS
   DldMatch=0
   MergeMatch=0
   

   In addition, I use DldAll=1 for the RedHat updates and DldAll=0 for all others (e.g, PowerTools).

   From /etc/cron.daily I run

   #!/bin/sh
   autodld --noverbose --distversion 7.0
   autodld --noverbose --distversion 7.1
   

   on the server and

   #!/bin/sh
   # Sleep some random time between 0 and 2 hours
   sleep $((RANDOM % 7200))
   export HOME=/root
   RHDIR=/auto.mnt/redhat
   
   # Upgrade rpms 
   autoupd --noverbose --kernel --updatedir $RHDIR/updates --rpmdir $RHDIR/RedHat/RPMS
   
   # Install new rpms
   autoins --noverbose --updatedir $RHDIR/newrpms --rpmdir $RHDIR/RedHat/RPMS
   

   on the clients, where /auto.mnt/redhat is the /usr/src/redhat-7.{0,1} directory (auto)mounted via nfs from the server. New rpms can be installed on all clients by copying them to the newrpms directory.

   Finally, you can use the --merge option to replace all rpms in your distribution with the updated ones. Similarly, --purge will remove old versions from the updates directory.

   For more information see autoupdate --help or man autoupdate.

7. Security

   Since AutoUpdate allows shell escapes in its configuration file, it must not be writable by others (AutoUpdate will refuse to run in this case)! The same applies to the configuration directory and to the ftp configuration files. If you do not want this feature at all, you can set the variable ShellEscapes to 0 in the main script. If you set it to 0 in the configuration file, it will be at least off for all dld configuration files.

   Moreover, note that any other application/package can place an dld configuration file into the config dir. By default it will be included unless you explicitly specify the ftp configuration files to be included in the main configuration file. And don't forget to remove read permissions from all dld configuration files which store pass words.

   Finally, installing packages implies that you trust the ftp site from which you download them. In addition, you can set CheckGPG to 1 in order to enforce a valid gpg signature on each package. This of course requires that the public key of the signer must be added to root's key ring first. Every package which is not signed will be rejected during upgrade in this case.

8. License

   Copyright (C) 2000 Gerald Teschl

   This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

   This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

   Please see the included file LICENSE for a copy of the GNU General Public License. If this file is missing, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.

9. Credits

   I'd like to thank the following people for suggestions/bug reports/patches: Flemming Christensen, Jonathan Hunter, Pekka Savola, Andrey Sukhorukov, Brendan Byrd/SineSwiper, Torsten Lehmann, Wil Reilly Cooley, Adam (StatiC) Gibson, Stefan Furtmayr, Dag Wieers, Allan Frank, Dave Alden, Richard Bos, JP Vossen, Jim Wray, Omer van der Horst Jansen, Graeme Wilford, Bertil Askelid, Harry F Phillips.