|
Tips on using yum to keep your system updated |
These all apply to Fedora/CentOS |
|
Yum stands for Yellowdog Update Manager. It was written and is maintained by the folks at Duke University. Yum is a way to automatically (or manually) update the operating system and software installed on your computer. Yum will compare what's installed to what's available and make a determination if anything needs to be updated. It's best to run yum at least once per week to take care of bug fixes, patches and security holes that are occasionally found in software.
|
|
|
Most Fedora Linux software is available in packages. In Fedora, the packages are called rpm's, which stands for RedHat Package Manager. The rpm system is a way to easily install, update, remove and keep track of the software that's installed on a computer. There are several components to an rpm file that all have significant meanings. For example, consider a typical kernel rpm:
|
|
package name - this is the name of the package, program or project major version # - the main version of the software minor version # - a sub-version of the software patch level # - another sub-version that indicates the latest patches that have been applied extraversion # - though not completely necessary, some software has this extra delineation of the version platform - indicates which architecture this package is intended for (e.g. - i686 would be for an Intel Pentium architecture, whereas sparc would be for a Sun Sparc system, etc.)
|
|
Each time software is updated, the extraversion and patch level numbers are changed. For example, the previous kernel was 2.6.11-1.14_FC3. When more significant modifications are made, the patch version number will change (the last kernel before 2.6.11 was 2.6.9). And, when even more important modifications are done, the major version will change (the last kernel before 2.6 was 2.4). Usually, if a complete rewrite is done to the entire package, it will be given a new major version number.
|
|
|
After installing an operating system on a computer for the 1st time, the computer should initially be connected to the Internet from behind a firewall. Since the software on an installation disk is usually outdated, it may have significant security holes that, if exposed to the Internet, would allow the computer to be hacked almost immediately. Connecting from behind a good firewall will help reduce the risks associated with putting an unpatched system on the Internet for the 1st time.
IGO runs yum on every pre-built system we sell before it's shipped to you. We also configure yum to run as a daemon, which means it will automatically check for updates every night.
|
|
To run yum manually, type (as root, in a terminal window):
|
|
$ yum update
|
|
Depending on the speed of your Internet connection and the number of packages that need to be updated, it may take anywhere from a few minutes to several hours for yum to download and install all updates.
|
|
|
If you connect to the Internet with a dialup or some other low-bandwidth method, then updating with yum may not be practical. It could take days to download some of the larger software packages over a dialup. If this is your situation, you should put your system behind a firewall. Word of a new security flaw does not take long to circulate throughout the hacker communities. Leaving an unpatched system directly connected to the Internet (not behind a firewall) is a serious risk and is not recommended.
|
|
Remember, the integrity of your system is up to you. And it could be quite expensive and time-consuming to repair a compromised system.
|
|
|
If yum detects that a new kernel is available, it will install (instead of update) it. This way you can boot to the new kernel and determine if it will work ok (the computer boots up and functions normally). If it doesn't boot up (you get a kernel panic or it locks up), you can always boot back to the older kernel. IGO recommends keeping at least 2 versions of the kernel installed at all times.
After a new kernel is installed, you'll need to restart your computer to boot to the new kernel. When the GRUB screen appears, you should notice the new kernel at the top.
After yum installs a new kernel a few times, you'll have more than 2 kernels installed. To delete an old kernel, open a terminal window, su to root and type:
|
|
$ yum remove packagename-X.Y.Z-abc_def
|
|
where X, Y and Z correspond to the package's major version, minor version and patch levels, and abc_def corresponds to the package's extraversion (if necessary). You don't need to include the platform architecture or anything after it.
Before removing a kernel, be sure to double check your version and patch numbers!
|
|
Use rpm to find out what kernel versions are currently installed:
|
|
$ rpm -q kernel
|
|
And use uname to find out what kernel you're currently booted to:
|
|
$ uname -a
|
|
|
|
