Re: apt-get upgrade (security packages)
When you patch a package locally, I'd recommend updating the package version at the same time by eg adding or incrementing an epoch (in 1:2.3-4, the epoch is the 1) This will mean your local package version will be higher than any package update to the stable repositories. Note however it would be worth checking what was updated when ever such packages are updated, as the changes may be useful or important to you (to backport to your local package) -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/a8476bdf-7836-4ece-82b6-c27c45782...@debian.org
Re: apt-get upgrade (security packages)
Le 14.10.2013 22:11, Pol Hallen a écrit : I can't everytime do updates from main repository because many packages of this server are patched. Using pinning for all of your packages is a solution, but I would not call it the easiest one. Why not simply freezing them in aptitude/apt-*/dpkg? For aptitude, I use it with the ncurse interface, so I do not know how to do that in command line. You will use the '=' key to freeze the package you currently have selected. For apt-*, use apt-mark hold. For dpkg... well, man dpkg :p (man apt-mark says that itself is a wrapper on dpkg, so you can find how to do what you need with few searches) -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/babcac55ba2571f5dc32f4c9a5f72...@neutralite.org
Re: apt-get upgrade (security packages)
On Tue, 15 Oct 2013 14:14:38 +0200 berenger.mo...@neutralite.org wrote: Le 14.10.2013 22:11, Pol Hallen a écrit : I can't everytime do updates from main repository because many packages of this server are patched. Using pinning for all of your packages is a solution, but I would not call it the easiest one. Why not simply freezing them in aptitude/apt-*/dpkg? For aptitude, I use it with the ncurse interface, so I do not know how to do that in command line. You will use the '=' key to freeze the package you currently have selected. aptitude hold package, aptitude unhold package -- Joe -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131015191212.13b80...@jretrading.com
Re: apt-get upgrade (security packages)
Pol Hallen wrote: I can't everytime do updates from main repository because many packages of this server are patched. How did you patch those? Did you rebuild the package with a local version string and your changes? Or did you simply wack the files on the disk? In any case you should definitely hold those packages. apt-mark hold foo I think simply holding them is much simpler than pinning. I personally would build a package with a local version string slightly later than the current production version. Also hold it. Then when it is held back for an upgrade I know that I must jump on it and apply the upstream security patch to my patched copy and rebuild it. I would use the upstream to notify me of security changes that way. The hold would prevent the upgrade in any case. But then of course reacting to security issues is the local admin job. Bob signature.asc Description: Digital signature
apt-get upgrade (security packages)
Howdy :-) I've a production server particularly patched. I prefer install only security packages but keep others packages to same version. Should I've some problems if keep only: deb http://security.debian.org/ stable/updates main contrib non-free to /etc/apt/sources.list or better pin every packages? What's the best way to do this? thanks! Pol -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/525c4945.1000...@fuckaround.org
Re: apt-get upgrade (security packages)
On 10/14/2013 09:43 PM, Pol Hallen wrote: Howdy :-) I've a production server particularly patched. I prefer install only security packages but keep others packages to same version. Should I've some problems if keep only: deb http://security.debian.org/ stable/updates main contrib non-free to /etc/apt/sources.list or better pin every packages? What's the best way to do this? thanks! Pol I think the best way to do this is using a normal Debian stable. There are only few updates to stable which add features which means that every update is a security update. HTH Linux-Fan -- http://masysma.ohost.de/ signature.asc Description: OpenPGP digital signature
Re: apt-get upgrade (security packages)
I think the best way to do this is using a normal Debian stable. There are only few updates to stable which add features which means that update is a security update. Huh? I use debian 7 stable, but now the upgrade show me 4 security updates and MANY MANY updates from debian mirros (not from security repository). I can't everytime do updates from main repository because many packages of this server are patched. thanks apt-get upgrade -d [...] Get:3 http://security.debian.org/ wheezy/updates/main libxml2 i386 2.8.0+dfsg1-7+nmu2 [892 kB] Get:22 http://security.debian.org/ wheezy/updates/main libsystemd-login0 i386 44-11+deb7u4 [29.9 kB] Get:23 http://security.debian.org/ wheezy/updates/main gpgv i386 1.4.12-7+deb7u2 [220 kB] Get:24 http://security.debian.org/ wheezy/updates/main gnupg i386 1.4.12-7+deb7u2 [1,936 kB] Get:1 http://mi.mirror.garr.it/mirrors/debian/ wheezy/main base-files i386 7.1wheezy2 [66.9 kB] Get:2 http://mi.mirror.garr.it/mirrors/debian/ wheezy/main perl i386 5.14.2-21+deb7u1 [3,701 kB] Get:4 http://mi.mirror.garr.it/mirrors/debian/ wheezy/main libperl5.14 i386 5.14.2-21+deb7u1 [732 kB] Get:5 http://mi.mirror.garr.it/mirrors/debian/ wheezy/main perl-base i386 5.14.2-21+deb7u1 [1,495 kB] Get:6 http://mi.mirror.garr.it/mirrors/debian/ wheezy/main perl-modules all 5.14.2-21+deb7u1 [3,440 kB] Get:7 http://mi.mirror.garr.it/mirrors/debian/ wheezy/main sysvinit i386 2.88dsf-41+deb7u1 [131 kB] Get:8 http://mi.mirror.garr.it/mirrors/debian/ wheezy/main sysvinit-utils i386 2.88dsf-41+deb7u1 [98.0 kB] Get:9 http://mi.mirror.garr.it/mirrors/debian/ wheezy/main imagemagick-common all 8:6.7.7.10-5+deb7u2 [128 kB] Get:10 http://mi.mirror.garr.it/mirrors/debian/ wheezy/main libcupsimage2 i386 1.5.3-5+deb7u1 [139 kB] Get:11 http://mi.mirror.garr.it/mirrors/debian/ wheezy/main libcups2 i386 1.5.3-5+deb7u1 [256 kB] Get:12 http://mi.mirror.garr.it/mirrors/debian/ wheezy/main curl i386 7.26.0-1+wheezy4 [270 kB] Get:13 http://mi.mirror.garr.it/mirrors/debian/ wheezy/main libcurl3 i386 7.26.0-1+wheezy4 [336 kB] Get:14 http://mi.mirror.garr.it/mirrors/debian/ wheezy/main libcurl3-gnutls i386 7.26.0-1+wheezy4 [328 kB] Get:15 http://mi.mirror.garr.it/mirrors/debian/ wheezy/main dmsetup i386 2:1.02.74-8 [68.2 kB] Get:16 http://mi.mirror.garr.it/mirrors/debian/ wheezy/main libdevmapper1.02.1 i386 2:1.02.74-8 [125 kB] Get:17 http://mi.mirror.garr.it/mirrors/debian/ wheezy/main libmagickwand5 i386 8:6.7.7.10-5+deb7u2 [418 kB] Get:18 http://mi.mirror.garr.it/mirrors/debian/ wheezy/main libmagickcore5-extra i386 8:6.7.7.10-5+deb7u2 [162 kB] Get:19 http://mi.mirror.garr.it/mirrors/debian/ wheezy/main libmagickcore5 i386 8:6.7.7.10-5+deb7u2 [2,002 kB] Get:20 http://mi.mirror.garr.it/mirrors/debian/ wheezy/main libsensors4 i386 1:3.3.2-2+deb7u1 [53.9 kB] Get:21 http://mi.mirror.garr.it/mirrors/debian/ wheezy/main linux-image-3.2.0-4-686-pae i386 3.2.51-1 [22.9 MB] Get:25 http://mi.mirror.garr.it/mirrors/debian/ wheezy/main php5-cli i386 5.4.4-14+deb7u5 [2,600 kB] Get:26 http://mi.mirror.garr.it/mirrors/debian/ wheezy/main php5-cgi i386 5.4.4-14+deb7u5 [5,182 kB] Get:27 http://mi.mirror.garr.it/mirrors/debian/ wheezy/main libapache2-mod-php5 i386 5.4.4-14+deb7u5 [2,623 kB] Get:28 http://mi.mirror.garr.it/mirrors/debian/ wheezy/main php5-mysql i386 5.4.4-14+deb7u5 [76.9 kB] Get:29 http://mi.mirror.garr.it/mirrors/debian/ wheezy/main php5-mcrypt i386 5.4.4-14+deb7u5 [15.6 kB] Get:30 http://mi.mirror.garr.it/mirrors/debian/ wheezy/main php5-gd i386 5.4.4-14+deb7u5 [34.4 kB] Get:31 http://mi.mirror.garr.it/mirrors/debian/ wheezy/main php5-curl i386 5.4.4-14+deb7u5 [29.4 kB] Get:32 http://mi.mirror.garr.it/mirrors/debian/ wheezy/main php5-common i386 5.4.4-14+deb7u5 [587 kB] Get:33 http://mi.mirror.garr.it/mirrors/debian/ wheezy/main sysv-rc all 2.88dsf-41+deb7u1 [81.8 kB] Get:34 http://mi.mirror.garr.it/mirrors/debian/ wheezy/main initscripts i386 2.88dsf-41+deb7u1 [92.0 kB] Get:35 http://mi.mirror.garr.it/mirrors/debian/ wheezy/main mutt i386 1.5.21-6.2+deb7u1 [1,375 kB] Get:36 http://mi.mirror.garr.it/mirrors/debian/ wheezy/main python all 2.7.3-4+deb7u1 [181 kB] Get:37 http://mi.mirror.garr.it/mirrors/debian/ wheezy/main python-minimal all 2.7.3-4+deb7u1 [42.8 kB] Get:38 http://mi.mirror.garr.it/mirrors/debian/ wheezy/main dpkg-dev all 1.16.12 [1,349 kB] Get:39 http://mi.mirror.garr.it/mirrors/debian/ wheezy/main libdpkg-perl all 1.16.12 [951 kB] Get:40 http://mi.mirror.garr.it/mirrors/debian/ wheezy/main devscripts i386 2.12.6+deb7u1 [867 kB] Get:41 http://mi.mirror.garr.it/mirrors/debian/ wheezy/main ghostscript i386 9.05~dfsg-6.3+deb7u1 [80.0 kB] Get:42 http://mi.mirror.garr.it/mirrors/debian/ wheezy/main libgs9 i386 9.05~dfsg-6.3+deb7u1 [1,854 kB] Get:43 http://mi.mirror.garr.it/mirrors/debian/ wheezy/main libgs9-common all 9.05~dfsg-6.3+deb7u1 [1,980 kB] Get:44 http://mi.mirror.garr.it/mirrors/debian/ wheezy/main grub-pc i386 1.99-27+deb7u2 [170 kB] Get:45 http://mi.mirror.garr.it/mirrors/debian/ wheezy/main
Re: apt-get upgrade (security packages)
Debian point-release was issued over the weekend: Understood! Thanks Steve :-) Pol -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/525c51c0.4050...@fuckaround.org
Re: apt-get upgrade (security packages)
On 10/14/2013 10:11 PM, Pol Hallen wrote: I think the best way to do this is using a normal Debian stable. There are only few updates to stable which add features which means that update is a security update. Huh? I use debian 7 stable, but now the upgrade show me 4 security updates and MANY MANY updates from debian mirros (not from security repository). These mainly add[s] corrections for security problems [...] along with a few adjustments for serious problems. (http://www.debian.org/News/2013/20131012). I can't everytime do updates from main repository because many packages of this server are patched. Then you can either * pin all packages affected by patches which might cause some security problems to remain because the packages are not updated or probably better * try to compile all patches in a safe testing environment before performing the upgrade. As there are mostly security patches this should (ideally) not cause too many failures. I'd try the second although that might be too much trouble depending on how many patches and what kind of patches were applied to the packages. Linux-Fan -- http://masysma.ohost.de/ signature.asc Description: OpenPGP digital signature
