| View previous topic :: View next topic |
| Author |
Message |
sepp
Guru
Joined: 11 Jul 2002
Posts: 330
|
 Posted: Sat Aug 12, 2006 8:54 pm Post subject: installing gentoo as an server - only want security updates |
 |
|
| I'm planing to install gentoo on a new server. I've already done that in the past but keeping the server up to date was always a pain (that's easier on rpm based distros). so how should I configure gentoo, so emerge world only pulls security updates? I don't need any fancy glibc / udev / gcc updates. I might want to get a new version of samba or hylafax from time to time, but thats all. so how do I acomplish this? |
|
| Back to top |
|
 |
uweklosa
Tux's lil' helper
Joined: 18 Feb 2005
Posts: 105
|
| Posted: Sat Aug 12, 2006 9:08 pm Post subject: |
|
|
You could do
| Code: |
emerge --sync
glsa-check -tv all
|
And if there are any fixes you could use
Or you could run a script like
| Code: |
buffer = `glsa-check --test all 2>&1 |grep '^[0-9]'`
for glsa in $buffer
do
glsa-check --print $glsa 2>/dev/null|head -n2
glsa-check --pretend $glsa 2>/dev/null|egrep '^The following| '
echo
done
|
|
|
| Back to top |
|
|
sepp
Guru
Joined: 11 Jul 2002
Posts: 330
|
| Posted: Sat Aug 12, 2006 9:37 pm Post subject: |
|
|
| but how can I prevent the system from even thinking about pulling new versions? are there any server keywords you can you use so you mask system libs & programs? |
|
| Back to top |
|
|
cyrillic
Watchman
Joined: 19 Feb 2003
Posts: 7313
Location: Groton, Massachusetts USA
|
| Posted: Sat Aug 12, 2006 9:57 pm Post subject: |
|
|
| sepp wrote: | | but how can I prevent the system from even thinking about pulling new versions? |
Most of the time, security fixes are not backported.
The most common way to fix security problems is to update to the current version of whatever package is affected, and doing this may pull in updated dependencies too. |
|
| Back to top |
|
|
|
Installing Gentoo
