Running rpm-update
Chris Brenton
cbrenton at chrisbrenton.org
Thu Apr 24 21:31:55 EDT 2003
Greetings all,
I received a couple of off-line queries about rpm-update, so I thought I
would just do a global response to the group.
rpm-update is designed to work with RPM's, but it's not a Red Hat thing.
Rather it is GPL software maintained by Robert Kleemann. The software
can be found here:
http://www.kleemann.org/rpm-update/
The best place to start is the excellent Quick Start listed on the above
homepage.
I run a couple of minor tweaks off of the default config. On the box I
use as my RPM depository, my default file looks like this:
host = some.ftp.mirror.from.mirror.txt
local-base-dir=/var/ftp/pub/linux
The reason for changing the default local directory is so internal
systems can easily retrieve RPM's via anonymous FTP. Their default file
looks like this:
host = 192.168.1.10
remote-dirs=/pub/linux/7.3/
single
obviously 'remote-dirs' will vary depending on which version is running
on the client.
Remote users work a little different as there is no direct access to
this box from the Internet. For them I use a script that initiates an
SSH session using public/private keys to a different internal box. They
then run rsync over a tunnel to pull down the required RPM's. A great
write up on doing this kind of thing has been created by a local Linux
demi-god named Bill Stearns. Info is here:
http://www.stearns.org/doc/ssh-techniques-two.current.html
http://www.stearns.org/rsync-backup/
BTW, Bill has some *awesome* SSH info and tools on his site if you do
some poking around. Of particular interest are ssh-keyinstall (push your
public key out to a system and perform any required conversions) and
fanout (send commands to multiple systems via SSH though a single
interface).
Note that using rsync is kind of inefficient as it pulls down all new
RPM's, regardless of whether they are actually needed on the system or
not (for example rpm-update is smart enough to only pull down the
Sendmail RPM if Sendmail is actually running and is out of date on the
local system. rsync is brain dead in this area and will pull it down
regardless). I've realized that doing a
rpm-update -d --protocol http
while setting up the RPM repository to also run an HTTP server rooted in
the above directory would probably work far better and could easily be
tunneled over SSH as well. It also opens the possibility of using SSL. I
have not had time to play with this however.
BTW, for remote users you could just as easily point them at any FTP
server listed in the mirror.txt file and avoid the whole SSH tunnel
thing. I just do it to try and play nice.
HTH,
C
More information about the gnhlug-discuss
mailing list