NAME

RPM::Update - compare installed rpms with up-to-date distribution

SYNOPSIS

 use RPM::Update;

 RPM::Update::execute('-ftp',
               'mirror.pa.msu.edu/linux/redhat/linux/updates/7.2/en/os/',
               '-d','check','-dl');

README

RPM::Update compares installed RPM packages (listed by the command "rpm -qa") on a Linux system with an up-to-date distribution. That distribution may either reside in a local directory (possibly NFS mounted) or on a ftp server.

DESCRIPTION

Based on Martin Siegert's check-rpms at http://www.sfu.ca/acs/security/linux/check-rpms.html.

Options are to be specified as a list of arguments to RPM::Update::execute.

RPM::Update compares installed RPM packages (listed by the command "rpm -qa") on a Linux system with an up-to-date distribution. That distribution may either reside in a local directory (possibly NFS mounted) or on a ftp server. If the -ftp option is specified, RPM::Update retrieves directory listings from the ftpserver's directory/<arch> directories, where <arch> is set to noarch, i386, i586, i686, and athlon consecutively. If ftpserver/directory is not specified, $FTPSERVER/$FTPUPDATES is used. The $FTPSERVER and $FTPUPDATES variables can be set in the configuration file. If either of the two is not set, the default server "updates.redhat.com" and the default directory "$RHversion/en/os" is used, where $RHversion is obtained from the /etc/redhat-release file. If run with the -ftp option, all rpm packages that need to be downloaded (see the --download, --recheck, and --update options) will be downloaded into the directory specified by the -d directory option. If that option is omitted the $RPMDIR directory is used. The $RPMDIR variable that can be set in the configuration file. If $RPMDIR variable is not set either, the default directory "/mnt/redhat/RedHat/RPMS" is used.

If the -ftp is omitted, it is assumed that -d directory specifies a local directory that contains up-to-date rpm packages. If -d directory is omitted as well, the $RPMDIR directory is used. If $RPMDIR is not set, the default directory "/mnt/redhat/Red- Hat/RPMS" is used.

RPM::Update uses a lexical sort on the version string and the release string of the package in order to decide whether the installed package or the package form the distribution is newer. RPM::Update lists packages of the distribution that are found to be newer than the installed packages or, if --update is specified, will update the packages using the "rpm -Fvh <list of packages>" command. In the latter case RPM::Update must be run as root. Fur- thermore, the $RPMUSER variable should be set to a non-root user- name (see the -c option below). RPM::Update will switch to that user and run most of the script under that user id.Only the final "rpm -Fvh ..." command will be run as root. If $RPMUSER is not set, the "nobody" user id will be used. It is recommended to set $RPMUSER to an ordinary username (such as yourself). Further- more, if a ftp server is used, create the download directory (which is specified in the -d directory option or in the $RPMDIR variable), change the owner ship of that directory to that user, and set the permissions to 700 before running RPM::Update with the --update option. Note, that --update implies the --no-kernel option, i.e., RPM::Update refuses to update the kernel directly.

OPTIONS

-v --verbose

verbose mode: prints additional progress information on standard output

-ftp [ftpserver/directory]

compare the installed packages with the rpm packages found on the ftp server ftpserver in the directories directory/<arch>, where arch is set to noarch, i386, i586, i686, and athlon consecutively. If ftpserver/directory is not specified, the $FTPSERVER and $FTPUPDATES variables are checked. These variables can be set in the configuration file (see the -c option below). If those variables are not set either, the default server "updates.redhat.com" and the default directory "$RHversion/en/os" is used, where $RHversion is obtained from the /etc/redhat-release file.

-noftp

use a local directory as the source for new rpm packages even if the $FTP veriable is set to 1 in the configuration file.

-d directory --rpm-directory directory

if -ftp is specified download all rpm packages that need to be downloaded into directory. If -ftp is not specified, regard the rpm packages found in directory as an up-to-date distribution against which the installed packages are compared to.

-lm --list-missing

list installed packages that do not have an equivalent in the up-to-date distribution. This will generate lots of output when the comparison is made with the updates directory of a ftp server.

-lq --list-questionable

list packages for which the lexical sort algorithm does not give a conclusive result on whether the installed package is older than the package in the distribution. These are packages that have version and/or release strings that contain letters. For example, it is not absolutely clear whether the version 1.2.3b is actually newer or older than 1.2.3. The lexical sort would classify 1.2.3b to be newer than 1.2.3; with -lq specified the package would be listed in any case. See also --recheck below.

-dl --download

download packages from the remote ftp server that are found to be newer than installed packages into the directory that is specified in the -d directory option or in the $RPMDIR variable or, if neither of the two are specified, into "/mnt/redhat/RedHat/RPMS". If the download directory does not exist, check-rpms will create it.

-r --recheck

Use the "rpm -Uvh --test --nodeps <package>" command to check all packages that have letters in their version and/or release string; --recheck implies --list-questionable (see above). At the time of writing (Feb. 2002) there is one known case for which the lexical sort algorithm fails to detect a new package: mutt-1.2.5.1 was released to replace mutt-1.2.5i, however, the lexical sort algorithm incorrectly classifies mutt-1.2.5i to be newer than mutt-1.2.5.1. In this case using the --recheck option is essential. In all other cases it is not. It is nevertheless probably a good idea to use --recheck at least once in a while. --recheck can increase the run-time of check-rpms substantially, particularly if a ftp server is used. In that case the questionable packages must be downloaded from the server into a directory directory (as specified in the -d option or the $RPMDIR variable) which will be created, if it does not exist.

-nk --no-kernel

do not list kernel packages. That is, kernel, kernel-smp, kernel-enterprise, kernel-BOOT, and kernel-debug will not be checked and listed. However, kernel-headers and kernel-source will be checked. The --update option (see below) implies --no-kernel.

--update

update all packages that were found to have newer versions. For this to work check-rpms must be run as root and a suitable $RPMUSER must exist (see DESCRIPTION above). It is strongly advisable to do a dry run check-rpms -v -lq before running check-rpms --update.

-c configurationfile

The optional configuration file to use. This file can be used to specify the $RPMDIR variable, the $FTP, $FTPSERVER, and $FTPUPDATES, variables, and the $RPMUSER variable. An example configuration file is given below. If the -c option is omitted, check-rpms will use the default configuration file /usr/local/etc/check-rpms.conf, if it exists.

EXAMPLES

check-rpms

will 1) check whether /usr/local/etc/check-rpms.conf exists; 2) if it does it will read the variables specified in that file, if it doesn't exist, $RPMDIR is set to /mnt/redhat/RedHat/RPMS; 3) if $RPMDIR is set, this directory will be regarded as the source of the up-to-date distribution, unless $FTP is set to 1. In that latter case the $FTPSERVER and $FTPUPDATES are used, if those variables are set. Otherwise "updates.redhat.com" and "<RHversion>/en/os" will be used; 4) the installed packages are compared

check-rpms -v -lq -d /mnt/redhat/7.1/RedHat/RPMS

will use the distribution in the directory /mnt/redhat/7.1/RedHat/RPMS for comparison with the installed packages. The command will give more detailed information on its progress and will list the packages that need upgrading and in another section it will list packages they may need to be upgraded.

check-rpms -v -lq -ftp updates.redhat.com/7.1/en/os

same as above, but the directories 7.1/en/os/noarch, 7.1/en/os/i386, 7.1/en/os/i586, 7.1/en/os/i686, and 7.1/en/os/athlon on updates.redhat.com will be searched for new packages.

check-rpms -v -r --updates

will use the default location for updated packages (determined as indicated in the first example); if a ftp server is used, it will download all newer and all packages with letters in the version and/or release strings (i.e., "questionable" packages) from that ftp server, recheck the questionable packages, and finally update all packages that need to be updated.

The Configuration File

All variables must be defined using perl syntax, i.e., in the form

$variable = value;

(do not forget the semicolon at the end of a line). Comments start with "#" and blank lines may be included as well.

Example configuration file:

 # check-rpms configuration file

 # $RPMDIR is the directory where up-to-date RPMs can be found and/or
 # rpm packages are downloaded into.
 $RPMDIR = "/mnt/redhat/RedHat/RPMS";

 # $RPMUSER is the user name that check-rpms switches to for most of
 # the script when run as root
 $RPMUSER = "joe";

 # $FTPSERVER and $FTPUPDATES are the hostname of a ftp server and the
 # directory where RPM updates can be found without the <arch> directory.
 # I.e., $FTPUPDATES should be set to something like pub/7.2, if the RPMs
 # are located in pub/7.2/i386, pub/7.2/i686, etc.
 # $FTPSERVER and $FTPUPDATES are used if -ftp is specified or if the following
 # line is uncommented.
 # $FTP = 1;
 $FTPSERVER = "updates.redhat.com";
 $FTPUPDATES = "7.2/en/os";

SEE ALSO

rpm(8), ncftpls(1), ncftpget(1)

AUTHOR

Author of the "check-rpms" script on which this module is strongly based is Martin Siegert, Simon Fraser University, siegert@sfu.ca

The module packager is Scott Harrison, Michigan State University, sharrison@users.sourceforge.net

LICENSE

check-rpms.pl is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

check-rpms.pl is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details: http://www.gnu.org/licenses/gpl.html