View previous topic :: View next topic |
Author |
Message |
sepp Guru
Joined: 11 Jul 2002 Posts: 330
|
Posted: Sat Aug 12, 2006 8:54 pm Post subject: installing gentoo as an server - only want security updates |
|
|
I'm planing to install gentoo on a new server. I've already done that in the past but keeping the server up to date was always a pain (that's easier on rpm based distros). so how should I configure gentoo, so emerge world only pulls security updates? I don't need any fancy glibc / udev / gcc updates. I might want to get a new version of samba or hylafax from time to time, but thats all. so how do I acomplish this? |
|
Back to top |
|
|
uweklosa Tux's lil' helper
Joined: 18 Feb 2005 Posts: 105
|
Posted: Sat Aug 12, 2006 9:08 pm Post subject: |
|
|
You could do
Code: |
emerge --sync
glsa-check -tv all
|
And if there are any fixes you could use
Or you could run a script like
Code: |
buffer = `glsa-check --test all 2>&1 |grep '^[0-9]'`
for glsa in $buffer
do
glsa-check --print $glsa 2>/dev/null|head -n2
glsa-check --pretend $glsa 2>/dev/null|egrep '^The following| '
echo
done
|
|
|
Back to top |
|
|
sepp Guru
Joined: 11 Jul 2002 Posts: 330
|
Posted: Sat Aug 12, 2006 9:37 pm Post subject: |
|
|
but how can I prevent the system from even thinking about pulling new versions? are there any server keywords you can you use so you mask system libs & programs? |
|
Back to top |
|
|
cyrillic Watchman
Joined: 19 Feb 2003 Posts: 7313 Location: Groton, Massachusetts USA
|
Posted: Sat Aug 12, 2006 9:57 pm Post subject: |
|
|
sepp wrote: | but how can I prevent the system from even thinking about pulling new versions? |
Most of the time, security fixes are not backported.
The most common way to fix security problems is to update to the current version of whatever package is affected, and doing this may pull in updated dependencies too. |
|
Back to top |
|
|
|