LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 05-26-2006, 08:11 AM   #1
Siiiiiii
LQ Newbie
 
Registered: May 2006
Location: Sweden
Distribution: Vector Linux
Posts: 28

Rep: Reputation: 15
Installing/upgrading to 10.2


I have got Slackware 10.1.0 and have not been able to install any security updates whatsoever.

So I wonder if:
1. all updates are included in 10.2.
2. there is any way of updating to 10.2 without starting form scratch with a new installation cdrom (or downloading all of the updates to 10.1 automatically, without upgrading).

Last edited by Siiiiiii; 05-26-2006 at 08:12 AM.
 
Old 05-26-2006, 08:50 AM   #2
Alien Bob
Slackware Contributor
 
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 5,270

Rep: Reputation: Disabled
Security updates for any Slackware release can be found in the /patches subdirectory of the release tree. You can find these patches on every Slackware mirror, like this one: http://slackware.mirrors.tds.net/pub...-10.1/patches/ but you will have to download them yourselves.
After downloading alll patches, you can verify the correctness of the packages by checking the gpg signature (the *.asc files) that come with the packages. Like this for instance:

Get the Slackware GPG key and import that into your keyring:
Code:
wget http://slackware.mirrors.tds.net/pub/slackware/slackware-10.1/GPG-KEY
gpg --import GPG-KEY
and then proceed to verifying the packages' integrity:
Code:
cd <patches_download_directory>
for i in `ls *.tgz` ; do gpg --verify $i.asc ; done
You can upgrade your existing installation by preferably dropping to single-user mode. This is safest but not an absolute requirement - in single use mode, only a reduced number of programs are active and especially, the network is down so no-one can hack you while you0re vulnerable in the middle of upgrading:
Code:
telinit S
cd <patches_download_directory>
upgradepkg *.tgz
And then rebooting or going back to your original runlevel by running
Code:
telinit 3
Your previuos runlevel might have been "4" if you boot directly into the KDM graphical login manager, in that case change the "3" in the above telinit command to "4".
A good way to find out your previous runlevel is to run the command
Code:
runlevel
It will show you two numbers, the previous runlevel followed by the current runlevel.

The same procedure is valid for Slackware 10.2, since there have been many security updates to that as well. It is wise to follow the updates to a release closely by subscribing to the Slackware security mailing list.

Upgrading to a new release does mean downloading all of the new release. There is no other way to go from Slackware 10.1 to 10.2 because by installing security updates you only keep your currently installed Slackware safe. Read the Slackware 10.2 UPGRADE.TXT, like here: http://slackware.mirrors.tds.net/pub....2/UPGRADE.TXT if you want to learn more about the upgrade process. Also, this link is a good read if you want to upgrade.

Eric
 
Old 05-26-2006, 09:37 AM   #3
Siiiiiii
LQ Newbie
 
Registered: May 2006
Location: Sweden
Distribution: Vector Linux
Posts: 28

Original Poster
Rep: Reputation: 15
Thank you.
I'm sorry if this is a stupid question (I'm new to Linux, so I'm not really used to it and its commands yet): I only have to download the tarballs and the .asc-files from the ./packages directory, right?
 
Old 05-26-2006, 11:10 AM   #4
Alien Bob
Slackware Contributor
 
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 5,270

Rep: Reputation: Disabled
Quote:
Originally Posted by Siiiiiii
I only have to download the tarballs and the .asc-files from the ./packages directory, right?
Correct. The .tgz files are the actual packages you install, the .asc files contain a signature for the corresponding package (so that you can check using gpg that the package is unaltered since it was signed by Slackware). You do not need anything more if you just want to keep your computer up to date.

The /patches/source/ directory and all it contains is only relevant if you intend to re-compile packages and need the sources for that.

Eric
 
Old 05-26-2006, 12:29 PM   #5
Siiiiiii
LQ Newbie
 
Registered: May 2006
Location: Sweden
Distribution: Vector Linux
Posts: 28

Original Poster
Rep: Reputation: 15
I did as you said, but when I tried to check them with gpg, it gave me a couple of hundred of these (one per .tzg, I suppose):
gpg: Signature made Wed 10 May 2006 10:23:15 PM CEST using DSA key ID 40102233
gpg: Good signature from "Slackware Linux Project <security@slackware.com>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: EC56 49DA 401E 22AB FA67 36EF 6A44 63C0 4010 2233

First it says that it is a good signature, then the opposite. Is this how it should be?
 
Old 05-26-2006, 01:22 PM   #6
Alien Bob
Slackware Contributor
 
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 5,270

Rep: Reputation: Disabled
Quote:
Originally Posted by Siiiiiii
gpg: Good signature from "Slackware Linux Project <security@slackware.com>"
This means that the package was signed with the GPG-KEY that you imported, and that the package content has not been changed since signing it (which means no evil 3rd parties have been trying to smuggle bad code into the package). This is the message you're really interested in.
Then:
Quote:
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
This means that, although the key you imported was used to sign the package, you still don't know whether that key really belongs to Slackware, Inc. If you are sure, for instance by comparing the key to other copies of the Slackware GPG key that you will find on the Internet, you can become fairly certain that the key is indeed the Slackware key, and thus certain of the fact that Pat Volkerding did indeed sign the package. If you're that certain of this key, you can sign it with your own key and raise the trust level of the Slackware key in your own private keychain. After you've done so, all that you will see in future is the "gpg: Good signature from "Slackware Linux Project" message and the "gpg: WARNING: This key is not certified ..." messages will stay away. I have a little more to say about gpg keys in this Wiki article.

Eric
 
Old 05-26-2006, 03:27 PM   #7
cwwilson721
Senior Member
 
Registered: Dec 2004
Location: In my house.
Distribution: Ubuntu 10.10 64bit, Slackware 13.1 64-bit
Posts: 2,649
Blog Entries: 1

Rep: Reputation: 65
Quote:
Originally Posted by Alien Bob
Your previuos runlevel might have been "4" if you boot directly into the KDM graphical login manager, in that case change the "3" in the above telinit command to "4".
A good way to find out your previous runlevel is to run the command
Code:

runlevel

It will show you two numbers, the previous runlevel followed by the current runlevel.
Well, dang it Eric!

You did it again.

Made me learn a GOLDEN NUGGET of wisdom while perusing what I thought was a normal question.

We ought to gang up on you, make you stop stuffing our heads with GREAT ADVICE!!!
 
Old 05-26-2006, 04:58 PM   #8
Alien Bob
Slackware Contributor
 
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 5,270

Rep: Reputation: Disabled
Quote:
Originally Posted by cwwilson721
Well, dang it Eric!

You did it again.

Made me learn a GOLDEN NUGGET of wisdom while perusing what I thought was a normal question.

We ought to gang up on you, make you stop stuffing our heads with GREAT ADVICE!!!
Well it is kind of fun adding little snippets of knowledge throughout my forum posts, looking at who picks them up :-) And rewarding too, thanks for the feather!

Cheers, Eric
 
  


Reply

Tags
security


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Installing/Upgrading MySQL Raggit Linux - Software 1 04-30-2005 01:22 PM
Installing/upgrading from source? rustynailz Linux - Software 0 09-09-2004 01:20 PM
installing/upgrading??? hasan Debian 1 01-07-2004 08:31 AM
RPM installing and upgrading GraemeK Linux - Software 9 12-22-2003 01:45 PM
Need help installing/upgrading Mozilla jrdioko Linux - Newbie 2 12-31-2002 12:40 PM


All times are GMT -5. The time now is 05:40 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration