This document is written to help users running RedHat 4.x or 5.x apply patches to their systems. Due to frequent releases of security updates which are found through out the open source software used in the redhat linux distribution, its important that users apply patches as soon as then are made available by RedHat.
The Brookhaven Physics Department maintains an official RedHat mirror site so that anyone on site can easily apply official redhat release patches. At this point, this is done in two steps. First you need to nfs mount the mirror disk which has the patches and second you need to apply the patches using the rpm command. The rest of this text will describe in detail how to proceed. This procedure of patch application currently is rather crude, but functional. At a later time, more sophisticated methods of patch management will be available. Either from of an automatic patch application script running on the users system or via a web based system where one selects patches to be installed by clicking on icons in a web page. But for now, the following method will work and will continue to work in the long term.
Step 1: Setting up the NFS mount.
To nfs mount the mirror directory type the following commands as root
mkdir /phypproNote: The disk is exported read only to the internet. If you get an error message saying that permission has been denied to mount the disk, please send me e-mail.
mount phyppro1.phy.bnl.gov:/local.ftp/ftp/pub/mirror /phyppro
Step 2: Applying the patches.
The general procedure for patch application is to "cd" to the directory
which contains the patches and then apply them by issuing the rpm command.
At this point, you need to be careful since applying a kernel patch could
render your system unbootable. Applying any other patch can be done without
being concerned about rendering your system unbootable. There is a section
at the end of this web page which deals with applying kernel patches. So,
I have devised two different methods to apply patches which should help
you step around installing kernel patches unless you want to do so explicitly.
Also, please note that the first step which is to "cd" to the nfs mounted
directory which contains the .rpm updates depends on which RedHat distribution
you have installed on your machine. The following examaples apply to RedHat
5.2 systems. Replace the string 5.2 in the directory string to which ever
version of the RedHat distribution you have installed. XFree86 patches are
tricky. Please read the XFree86 patch application note at the end.
Patch application, Method 1, the tedious way)Special Step 3: You should not be doing this unless there is a kernel security hole which needs to be patched up. Or unless you are a linux diehard and insist on screwing up your system.... The following is a cut and past out of the redhat kernel update patch. Note that it uses the command "rpm -ivh" instead of the "rpm -Uvh".
cd to /phyppro/redhat-main/redhat/updates/5.2/i383cd /phyppro/redhat-main/redhat/updates/5.2/i386get a listing of all the files in this directoryls *.rpmFor each .rpm file, issue an rpm command. For example
kernel-2.0.36-1.i386.rpm samba-1.9.18p10-5.i386.rpm
kernel-headers-2.0.36-1.i386.rpm svgalib-1.3.0-3.i386.rpm
kernel-ibcs-2.0.36-1.i386.rpm svgalib-devel-1.3.0-3.i386.rpm
kernel-pcmcia-cs-2.0.36-1.i386.rpm sysklogd-1.3-26.i386.rpm
kernel-source-2.0.36-1.i386.rpm zgv-3.0-6.i386.rpm
libc-5.3.12-28.i386.rpmrpm -Uvh libc-5.3.12-28.i386.rpmPatch application, Method 2, the disk intensive method)
rpm -Uvh samba-1.9.18p10-5.i386.rpm
rpm -Uvh svgalib-1.3.0-3.i386.rpm
rpm -Uvh svgalib-devel-1.3.0-3.i386.rpm
rpm -Uvh sysklogd-1.3-26.i386.rpm
rpm -Uvh zgv-3.0-6.i386.rpm
cd to /phyppro/redhat-main/redhat/updates/5.2/i386cd /phyppro/redhat-main/redhat/updates/5.2/i386Copy all the files to the /tmp directory on your machine, but first make sure that your /tmp directory does not have any stale .rpm filesrm -f /tmp/*.rpmNext, delete all kernel rpm files.
cp *.rpm /tmprpm /tmp/*kernel*.rpmFinally apply the patches.rpm -Uvh /tmp/*.rpm
To avoid dependency problems and package conflicts, it is necessary to list all the packages to be upgraded on the command line with rpm at once. The simplest way to do this is to download all the packages to a temporary directory, /tmp/upgrades and then upgrade from there with
rpm -ivh /tmp/upgrades/*.rpm.
If your machine requires a initrd, as in SCSI disks or ethernet cards, your will need to make a new initrd image. Do this by running mkinitrd as:
mkinitrd /boot/initrd-2.0.35-2.img 2.0.35-2Once the new packages have been installed, you need to edit your /etc/lilo.conf file. You will need to change the name of the kernel image listed to point to the new 2.0.35-2 kernel. You will also need to update your initrd line if you made a new initrd in the previous step. After changing these entries, you must rerun lilo as /sbin/lilo before the new changes will take effect.
At this point, you can make a new boot disk for your system with the new kernel and initrd image. Do this as:
mkbootdisk --device /dev/fd0 2.0.35-2
The application of XFree86 patches is very tricky. The problem is that redhat has built in some very strange cicular dependancies which I don't know how to get around. The best way for you to apply XFree86 patches, is to get a list of what you have by typing.
rpm -qa | grep -i xfree86And for those xfree86 packages you have installed, apply rpm updates. The very messy way I apply the xfree86 patches, which I don't recomend, but seems to work ok for me is to blindly apply them all using the --force qualifiery like this
rpm -Uvh --force XFree86*.rpmYou end up by installing all the servers, all the fonts, all of everything XFree86. It uses up more disk space, but I don't worry about those things. Also, if you use the XIG (www.xig.com) X11 server, you will need to type
to get it going again.cd /usr/X11R6/bin
ln -s Xaccel X