[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] Slightly off Topic- PKG files

Subject: RE: [cobalt-security] Slightly off Topic- PKG files
From: Jeff Lovell <jlovell@xxxxxxx>
Date: 04 Sep 2001 09:32:50 -0700
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

On Mon, 2001-09-03 at 14:16, Peter Baldwin wrote:
> 
> Yup... we're definitely from the school of "if it ain't broke, don't fix it"
> :-)  One of the things that we would like to see is a clean "backout"
> procedure for Cobalt patches.  If something goes wrong, it's should be easy
> to go back to where you started

I agree.  There should be a way to cleanly backout patches.  But this
can pose another problem to users as well, such as disk space allocated
for only RPMs.  This partition would have to be rather large.  It is a
problem we are aware of and working on clean solution for it.

> - All original config files should go in a backup directory

The configs before the upgrade are stored in filename.pkgsave.  These
are the backups.  And on most systems (prior to qube3), there is usually
a filename.master which corresponds to the original config file.

> - The original RPMS should be *easily* available for a quick restore

You should be able to get all the original RPMs from:

ftp://ftp.cobaltnet.com/pub/products/<product>/RPMS/

If there is something missing, please let me know and I will make
sure it gets put there.

> As it stands now, we only feel comfortable delivering software updates to
> /home/packages/ on our auto-managed Cobalts.  We would like to graduate to
> an auto-patching solution ... at least for the serious security threats.

I personally use the cobalt_upgrade command-line program.  You
can get more verbose output on warnings and fatal errors from there.

As for an auto-patching solution that is a difficult question as well.
In our newer products we have BlueLinQ which notifies you of updates. It
also does all the package management for you.  But it will not
auto-patch your system.  Needless to say that could be dangerous, it is
not possible to assume a user wants an FTP server upgrade if they have
been rolling their own FTP server.  I think BlueLinQ is a step in the
right direction.

Jeff
-- 
Jeff Lovell
Sun Microsystems Inc.

Follow-Ups:
- RE: [cobalt-security] Slightly off Topic- PKG files
  - From: Carrie Bartkowiak

References:
- RE: [cobalt-security] Slightly off Topic- PKG files
  - From: Peter Baldwin

Prev by Date: Re: [cobalt-security] Security issue regarding Sites Backups
Next by Date: [cobalt-security] Software update for those who aren't receiving from the list
Previous by thread: RE: [cobalt-security] Slightly off Topic- PKG files
Next by thread: RE: [cobalt-security] Slightly off Topic- PKG files

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index