Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
I have the responsibility to maintain the software for several Linux machines at my place of work. The machines are all running Fedora Core, some Core 3, all destined to be upgraded to Core 5.
I know how to maintain the software (updates/patches/etc.) over the internet using yum. Unfortunately, none of the target machines can be connected to the internet for security reasons.
What I need is a step-by-step procedure for updating my Fedora software for machines that cannot connect to the internet. I do have access to a Windows (yecch!) machine or a Macintosh at home from which I can download the update .rpm files, but have not yet solved the sequence of steps to get the updates installed on the target machines. None of the "Linux experts" at my place of work have ever attempted to update their software. Updating/patching software, however, has become a hot issue of late so we cannot remain ignorant much longer.
What you will need to do is mirror the Fedora repositories - probably to an external USB 2.0 / IEEE1394 hard drive would be the best option. The best protocol to use for this is rsync. Check the mirrors list for an rsync mirror near you.
If you have an internal web or ftp server that you can use, you can serve the mirrored repositories on the external hard drive through that. Otherwise, you can connect the hard drive to the individual systems for updating. You will need to update the 'baseurl=' statements in the '/etc/yum.conf' or '/etc/yum.repos.d/*' configurations to point to your local repository mirrors. Check 'man yum.conf' for the proper URL syntax for the location you will be using (http://,ftp://, file://).
That is reasonably tough. If I were in that situation, I would do something like this.
I would build an identical box at home, on old hardware, mainly to keep track of what updates are released. Whatever is installed on the machines at work, I'd install on the home one. Then once a week or so, I'd do yum update/upgrade. See exactly what the connected machine downloads. I don't use FC, but in Debian, all the downloaded .deb files are kept in /var/cache/apt/archives. There is probably a similiar place that Fedora keeps the .rpm files it downloads for yum. Copy the files it just downloaded and installed to a usb stick, or burn them to a CD, which ever you like.
Take the stick/cd to work, mount it on the server, then go through and install the .rpm files. The hardest part will be the initial one, as there may well be a great number of dependencies that need to be worked out.
At the same time, if these boxes aren't on the net, and there is no critical patches released for the key software, it is questionable if they need to be upgraded. A system that doesn't connect to the net is of course more secure than the most firewalled/hardened machine that has connection. Same principal of the safest driver being the man without a car.