LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices



Reply
 
Search this Thread
Old 01-19-2008, 04:27 PM   #1
Bash Rules
LQ Newbie
 
Registered: Jan 2008
Location: Whereever sunshine is.
Distribution: Slackware 12 and FreeBSD 4.11
Posts: 4

Rep: Reputation: 0
Keeping Slackware Up-to-date


Hi there,

I've installed Slackware and wonder about how to install software and keep it up to date.

1. The Slackware base system contains a lot of software, but it's definately not enough.

I found some websites wich offer Slackware Packages like You cannot post URLs to other sites until you have made at least 1 other post, but how can I trust them? I mean, by installing third parity software for Windows, I get Trojan Horses, Viruses and so forth.


2. How do I keep my sofware base up to date?

2a Apparently, I need to subscribe to slackware-security and whenever a security advisor comes out, I need to download it and install it. Hmmm, that's not very convinient. I try to automate it with this script

cd /usr/src/slackware/patches
wget -nd -N -c You cannot post URLs to other sites until you have made at least 1 other post
upgradepkg *.tgz

Whenever this script has proven to be usable, I'll run it as a daily cron job.

Good idea?


2b How can I keep my third parity packages up to date?

I can't, can I?


3. Ugrading to Slackware 13.

Whenever slackware 13 comes out, I can upgrade it according the some documentation I found on the ftp server.

How do I upgrade third parity packages, then? I need to figure out which of the installed packages are third parity packages and then I need to download them all by hand?


Bash
 
Old 01-19-2008, 04:28 PM   #2
Bash Rules
LQ Newbie
 
Registered: Jan 2008
Location: Whereever sunshine is.
Distribution: Slackware 12 and FreeBSD 4.11
Posts: 4

Original Poster
Rep: Reputation: 0
Appendix:

First Link: http://www.linuxpackages.net/
Second Link: ftp://ftp.slackware.com/pub/slackwar...packages/*.tgz
 
Old 01-19-2008, 04:38 PM   #3
Alien Bob
Slackware Contributor
 
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 5,384

Rep: Reputation: Disabled
Quote:
Originally Posted by Bash Rules View Post
1. The Slackware base system contains a lot of software, but it's definately not enough.

I found some websites wich offer Slackware Packages like http://www.linuxpackages.net/, but how can I trust them? I mean, by installing third parity software for Windows, I get Trojan Horses, Viruses and so forth.
This forum and the slackware related channels on IRC will help you finding out which package repositories are trustworthy. It will not be easy to find Slackware package repositories with malicious software in them - I have not yet seen such packages. But you can pay safe by using SlackBuild scripts that allow you to easlily build a Slackware package out of a program's source code - you are in full control of building the package.
The http://slackbuilds.org web site hosts a fairly big repository of such SlackBuild scripts.

Eric
 
Old 01-19-2008, 04:51 PM   #4
Alien_Hominid
Senior Member
 
Registered: Oct 2005
Location: Lithuania
Distribution: Hybrid
Posts: 2,247

Rep: Reputation: 53
Yeah, I would like to hear of malicious Slackware package. It might come with unlisted dependencies and so forth but malicious... I don't think so. Such package would be immediately removed from all the repos where it is kept.


About third party apps. Do all third party apps in Windows update themselves when new version comes. No. Linux development cycle is very different than it is in Windows. You can always access cvs/svn/others repositories to get the bleeding edge source code (that means you could go and update your apps even every day).


Some 3-rd party apps might break and you'll need to recompile them again.

Last edited by Alien_Hominid; 01-19-2008 at 04:57 PM.
 
Old 01-19-2008, 04:54 PM   #5
ice_nine
Member
 
Registered: Sep 2007
Posts: 41

Rep: Reputation: 15
2. How do I keep my sofware base up to date?

Swaret (http://swaret.sourceforge.net/) works well for this. To get it started:
  • 'cp /etc/swaret.conf.new /etc/swaret.conf' to get a basic config file
  • edit the version line to be 12.0
  • 'swaret --update' to get the up-to-date file lists
  • 'swaret --upgrade' to upgrade your packages to there most recent versions (ie the .../patches/packages directory on an official mirror)

Minor warning: I think 'swaret --upgrade' may install an updated package even if you don't have the original package installed, but I'm not sure about this (as I have everything installed)

The default swaret.conf file only makes use of official mirros, but you can easily add any repository you want - which swaret can acquire packages from and keep them up to date for you. The two I know of are: http://www.linuxpackages.net/ , http://www.slacky.eu/ . I've never had any problem with packages from any of these sites, and they have enough users that if someone manages to upload a bad package it will most likely be discovered fairly quickly.

Last edited by ice_nine; 01-19-2008 at 05:01 PM.
 
Old 01-19-2008, 06:52 PM   #6
Bash Rules
LQ Newbie
 
Registered: Jan 2008
Location: Whereever sunshine is.
Distribution: Slackware 12 and FreeBSD 4.11
Posts: 4

Original Poster
Rep: Reputation: 0
Hi friends,

As much as I like the simplicity of Slackware and the filesystem organisation, I have some concerns about the lack of packages and how this is handled with third party sites.


Quote:
Yeah, I would like to hear of malicious Slackware package. It might come with unlisted dependencies and so forth but malicious... I don't think so. Such package would be immediately removed from all the repos where it is kept.

I trust the major Unix distributors, may it be Slackware, the three major BSD distributions or others. They vouch with their name for the whole distribution.

The problem I see so far with Slackware is that I rely on packages created by people I do not know. That's of no concern for you guys?


Quote:
Swaret (http://swaret.sourceforge.net/) works well for this.

I was on the swaret site. This project seems neither alive nor dead. The documentation is sparse - not sure what it really has to offer. The problem with my script (see above) is that it doesn't take care of third party software. Due to lack of alternatives, I will probably have to install and use swaret, anyway.


Quote:
About third party apps. Do all third party apps in Windows update themselves when new version comes.
I mean, whenever a new Slackware version comes out, I want to have software packages compiled for this new version of Slackware. This is not how it works on Windows, but this is how it works on most unix distributions.


Actually, this raises another question:

The day Slackware 13 comes out, will there be any third party slackware packages for this new version? I assume it will take some days, weeks or months. Hence, I should wait some time for upgrading to Slackware 13. This looks suboptimal.


Another question:

Are these third parity sites bringing out new packages for newly discovered security holes, or will I be on my own?


Bash
 
Old 01-19-2008, 07:08 PM   #7
Alien Bob
Slackware Contributor
 
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 5,384

Rep: Reputation: Disabled
Quote:
The problem I see so far with Slackware is that I rely on packages created by people I do not know. That's of no concern for you guys?
No, it is of no concern to us that you do not know these people. Use the Slackware forum and visit Slackware channels on IRC if you need confirmation. And as I said before, you can build the packages yourself. This is Slackware. You are in control. You do not have to rely on other people to compile your software.

My guess is, you may need to have to go back to Windows to find reassurance. Or better, find the answers to these basic questions of yours first - and then come back for the real questions.

Eric
 
Old 01-19-2008, 07:42 PM   #8
Bash Rules
LQ Newbie
 
Registered: Jan 2008
Location: Whereever sunshine is.
Distribution: Slackware 12 and FreeBSD 4.11
Posts: 4

Original Poster
Rep: Reputation: 0
Hello Eric,

Quote:
Originally Posted by Alien Bob View Post
come back for the real questions.
These have been my real questions ;(

Bash
 
Old 01-19-2008, 09:09 PM   #9
Alien Bob
Slackware Contributor
 
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 5,384

Rep: Reputation: Disabled
Bottomline is, if you install 3rd party applications on your machine, then you are solely responsible for keeping them up to date.
You come from the Windows world where 3rd party apps may contain trojans and other vile stuff, and I suppose that you should not recklessly install software on a Linux machine either. But IMO the risk is not at all as big as it is in Windows.

Inform yourself about the sites / package builders that can be trusted and where you can obtain good quality packages. If you decide none of them can be trusted, compile your own packages from source. A SlackBuild script is an easy way to build a package (if you trust the writer of the script of course...)

Eric
 
Old 01-19-2008, 10:43 PM   #10
ice_nine
Member
 
Registered: Sep 2007
Posts: 41

Rep: Reputation: 15
Yeah, swaret hasn't been updated in awhile, but it still works perfectly fine.

A few good places to with info on package management:

- http://www.slackersbible.org/?q=node/46
- http://www.slackbasics.org/html/chap-pkgmgmt.html
- The sig of the post above this
 
Old 01-19-2008, 10:46 PM   #11
fcaraballo
Member
 
Registered: Feb 2004
Location: WA
Distribution: Slackware
Posts: 230

Rep: Reputation: 31
1. The best way to add 3rd party packages, IMO, is to use slackbuilds and compile the programs yourself. That way you know exactly what your getting. Most of the time, you will be able to find a slackbuild for the program your looking for on SlackBuilds.org.

2a. Automation is not always the best way to do something.

2b. When a new version of a program comes out, you normally only need to change the version number in the SBo slackbuild in order to recompile it (if more is needed, an update to the script is usually already on its way). After that, a simple upgradepkg an your up-to-date.

3. Recompile your programs against the new version of Slack using the slackbuilds.

MagicMan

P.S. If you would rather have someone else do the work for you, it can be difficult as a new Slack user to know what packages can be trusted. I for one only use packages built by either Eric or Rob when I'm to busy to build them for myself (these guys help maintain Slack and know the ins and outs of package recreation quite well). Going this route, however, puts you at the mercy of the packager. You will have to wait until they decide to update a package.
 
Old 01-19-2008, 10:50 PM   #12
acummings
Member
 
Registered: Jul 2004
Distribution: Slackware
Posts: 615

Rep: Reputation: 49
http://www.linuxquestions.org/questi...pdates-607701/

http://www.linuxquestions.org/questi...st-way-613588/

http://www.linuxquestions.org/questi...atches-611567/

http://www.linuxquestions.org/questi...log...-607869/

1st 3 are on topic and within the very first 5 pages of the archives of this very forum. IOW I didn't use the search, I instead just thumbed quickly through pages 1 through 5 (found near the bottom of this forum's web page) that took me two and a half minutes.

4th link above eventually wanders into off topic to do with Perl programming (I know, I participated. BTW I will finish the Perl and post it too).

I've not ever had a prob with any Slack 3rd party pkg, linuxpackages or otherwise.

This is Slackware.

Linux is it's own world.

Slackware tends, somewhat, to be it's own (well, Slack is a distro).

I think that you're unfairly comparing something else from a different world and attempting to compare that something to the goings on that take place in the Slackware world.

Not all things in other worlds even apply to the Slackware world. (not that it can't -- but some things have just not been a prob in Slack).

If you're paranoid, any Slackware package, you can peek inside it and totally inspect its contents prior to installing. I rarely do this sometimes just to see how a package is built -- I've never done it due to mistrust that perhaps the pkg is loaded with Trojan, etc.

Anyways, like, where's your sys and your data backups at anyways just in case of huge power flicker or big surge that severely corrupts data on your hard drive. Lightning storm, etc.

Such backups *also* may be used in the case of breakin and/or trojan, etc.

--
Alan.
 
Old 01-19-2008, 10:58 PM   #13
cwwilson721
Senior Member
 
Registered: Dec 2004
Location: In my house.
Distribution: Ubuntu 10.10 64bit, Slackware 13.1 64-bit
Posts: 2,649
Blog Entries: 1

Rep: Reputation: 66
Quote:
Originally Posted by Alien Bob View Post
...
You come from the Windows world where 3rd party apps may contain trojans and other vile stuff, and I suppose that you should not recklessly install software on a Linux machine either. But IMO the risk is not at all as big as it is in Windows....
The main issue with installing willy-nilly is conflicting libs , etc. You might want one module to load, but get another, and so on. (Happens to me rather often. qemu helps a whole bunch. But that's a whole other ball o' wax)

You have choices, Bash Rules
  1. Don't get ANY 3rd party software. (Personally, I think this is unreasonable)
  2. Research whatever packages that you are interested in on irc, or some other discussion area. See how often they are updated. Write scripts, etc.
  3. Compile/package the thing yourself (My personal favorite). "Use the source, Luke!" used to be a big saying in Linux.
As far as using any "auto-magic-update" program to update your Slackware base install, first do a quick search of this forum for "break" and "update"
Code:
break+update
Amazing how many times that swaret or its cousins are involved. BUT, having said that, it's your system. Use what you wish. I just have a queezy feeling anytime I let my system out of my hands.

And that is the REAL bottom line. It's your system, use it, update it, change it, break it even, any way you wish. It's yours. There's no Bill Gates sitting here saying "YOU CAN'T DO THAT!!!". As a matter of fact, the Slackware community says "You CAN do that. "
 
Old 01-19-2008, 10:58 PM   #14
hitest
Senior Member
 
Registered: Mar 2004
Location: Prince Rupert, B.C., Canada
Distribution: Slackware, OpenBSD
Posts: 4,278

Rep: Reputation: 587Reputation: 587Reputation: 587Reputation: 587Reputation: 587Reputation: 587
I have complete confidence in the packages that Eric and Robby make for us; I trust them.
Slackware is a success because we have developers who are dedicated to their work. I greatly appreciate their work:-) Thanks, guys!
 
Old 01-19-2008, 11:06 PM   #15
acummings
Member
 
Registered: Jul 2004
Distribution: Slackware
Posts: 615

Rep: Reputation: 49
Quote:
any Slackware package, you can peek inside it and totally inspect its contents prior to installing.
I guess I'd better cop to the making of a mistake here.

I suppose binary components could be inside such pkg whereby could not see inside such components (cannot *totally* inspect).

Well, if you're really paranoid then just build all of your own 3rd party pkgs it's easy to do so on Slack (I build most of mine). ***Source code cannot contain anything hidden***

Compile your own binarys -- you are totally in control -- *you* *know* what got put into those binaries.

--
Alan.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Keeping my server up 2 date vanderkerkoff Linux - Server 2 03-14-2011 08:15 AM
keeping slackware 11 up-to date ronty Slackware 6 01-20-2007 09:14 AM
Keeping my system up to date with yum bkeating Fedora 3 03-25-2006 10:01 AM
Keeping Slackware Up-To-Date introuble Slackware 4 03-21-2006 09:08 AM
Keeping OpenBSD up to date Gsee *BSD 6 12-03-2004 12:58 PM


All times are GMT -5. The time now is 08:16 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration