[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Best way to patch restored raq4r?

Se answers below each question.

man, 2002-12-16 kl. 11:30 skrev Herby K:
> ----- Original Message -----
> From: "Michael Stauber" <cobalt@xxxxxxxxxxxxxx>
> > Go to ...
> http://cobalt-aid2.lindist.dk/modules.php?op=modload&name=Downloads&file=ind
> ex&req=viewdownload&cid=4
(shortened for legibility)
> >
> > ... and download the file Updater.tgz. Extract it and edit the unpacked
> > Updater file in an editor to change the email address in it. Then run the
> > file "Updater" as user root from the command line.
> >
> > It will then detect the archictecture (RaQ, Qube, XTR, whatever) and will
> > download and install all missing patches.
> 
> sounds well :)
> 
> I´ve downloaded the package but have some questions before.
> 
> If I change
> serverpath="http://ftp.cobalt.com/pub/packages/$DIR/$LANG/";
> to local
> /home/packages/
> to save time - I´ve downloaded the packages for installation already.
> 
> How will the script now (will it ?) in which order to install the patches?
The script would still know the order to install in, but in the current version 
it would try to lynx the files down, leaving you at 0 byte, most likely.

I have changed the Up2date.sh backend to check for local files in
$LOCALDIR (set to /home/packages, if nothing else is specified), so from
now on, it should be possible...

> If I also want to integrate some custom packages in the script.
> 
> php from pkgmaster, ssh, cmu, qpopper update, mysql, webalizer2
> 
> - will it work ?
Yes, it will.
> - what is the right syntax to add them?
The typical usage is:

extrapackages="URL1 URL2 URL3..."

With the latest changes, local files in $LOCALDIR should work, too.

I usually make a list on a central server and then do this:

extrapackages=$(lynx -source http://servername/confdir/include.$DIR
2>/dev/null) # Extra packages.

$DIR would resolve to 'raq4', 'raq3', 'raq550', etc... depending on
type.

The file above would then have absolute URL's to the files you want to
install. extrapackages are installed after all Cobalt Updates.

> 
> Finally
> GLOBAL_IGNORE="http://cobalt-aid2.lindist.dk/ignore";
> - How can I see which packages are ignored by this list?

The GLOBAL_IGNORE variale in this case would check the contents of, e.g.
http://cobalt-aid2.lindist.dk/ignore/RaQ4 and ignore everything that
matches. Currently that would be:

RaQ4-All-Security-2.0.1-14039.pkg
PHP

You can add local ignores to /etc/cobalt/ignore in the same way. 

> - What is the correct Syntax to add SHP and SHP_REM to ignorelist (if it
> isn´t already included in the cobalt-aid2 list)
The SHP package should be off the list for good, but you can do two
things:

1) Add them by name (e.g. RaQ4-blabla-SHP.pkg)
2) Add them by keyword (e.g. SHP) - This would eliminate ANY SHP
package, based on both filename and title. (You can always install it
manually yourself if you wish).

It has many potential uses, just remember that it may exclude packages
required by other packages. In this case (if the package never should be
installed), you need to do something like 'touch
/var/lib/cobalt/package-name.md5lst' (see the package requiring said
package for what name to use).

I hope this covers most of what you asked about.
I was on vacation last week so I didn't see your message before today.

If you want something explained further, don't hesitate to ask.

> rgds
> Herby
> 
> PS: Sorry for Crossposting but I think it shouldn´t be discussed further on
> security list...
> 
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
-- 

Martin Moeller
Liga LinDist ApS.
Faelledvej 16D
DK-2200  Copenhagen N
Tel: +45 35 36 95 05
Fax: +45 35 36 92 05

http://www.liga.dk
mailto: martin@xxxxxxx