Debian Security Updates

m4ri00sh

Verified User
Joined
May 20, 2007
Messages
215
Can someone tell me how to update everything in Debian so..... the programs which DA setup installs or any DA programs installed were not touched/broken/or whatever..... safely....

what needs to be done.... removed/added/used....?

thank you very much for answer...
 
apt-get update
apt-get upgrade

so what NOT update with apt-get, is apache, mysql, php, proftpd and exim

Use customapache update and other things with comes DA.
 
My concern was.... It is all about dependencies of some programs.... hopefully apt-get will not screw that up for me ... in relation to DA and custombuild script....... I would hate that...:D

thank you for answer.....
 
My concern was.... It is all about dependencies of some programs.... hopefully apt-get will not screw that up for me ... in relation to DA and custombuild script....... I would hate that...:D

thank you for answer.....

DA software are compiled always from sources, if get something broke, just build again DA software (apache,php, exim, ...)
 
If you search these forums you'll find the list of yum excludes. The same list should be set up as excludes for apt-get. It won't hurt if some of what you list as an exclude isn't already installed, so just use the whole list for safety.

The biggest issue you may have is with the kernel. If you haven't built a custom kernel you probably won't have any problems, but if you have, then you should exclude kernel updates, but whenever they're available check to see if you have to create a new kernel.

Note that apt-get and yum, both, by default, can be set to install a new kernel, but the kernel won't be used until you reboot the server.

Jeff
 
Ok, the thread was not finished so ..... Found some info:


1) You simply need to place those package(s) on hold. The easiest method is to install the wajig program and issue the appropriate command. Review the example below:

# apt-get install wajig
# wajig hold <package_name>

Here's the full Wajig Overview

2) http://www.debian.org/doc/manuals/apt-howto/ch-apt-get.en.html#s-pin

3)
Apt, Aptitude and Dpkg are Debian package managing tools. Let's see a small reference about them:

#apt-get install foo .......................Installs foo package
#apt-get remove foo ........................Removes foo package
#apt-get remove --purge foo ................Removes foo package and its configuration files.
#apt-get update ............................Updates package database.
#apt-get -f install.........................Installs and removes packages in order to fix dependency problems.
#apt-get clean .............................Deletes all .deb packages from local repository.
#apt-get upgrade ...........................Upgrades all packages to its newer versions.
#apt-get dist-upgrade ......................Upgrades packages but also deals with dependency problems caused by new packages.
$apt-get source foo ........................Downloads foo package source files.

$apt-cache show foo ........................Gives a long info description about foo package.
$apt-cache search foo ......................Searchs for packages that match "foo" pattern.

#apt-file update ...........................Resynchronize the package contents from their sources (/etc/apt/sources.list)
$apt-file search foo .......................Lists all packages containing files that match foo pattern. Searchs also in not installed packages.

#aptitude install foo ......................Installs foo package
#aptitude remove foo .......................Removes foo package
#aptitude remove --purge foo ...............Removes foo package and its configuration files.
$aptitude search foo .......................Searchs for packages that match "foo" pattern
#aptitude update ...........................Updates package database.
#aptitude upgrade ..........................Upgrades packages to its newer versions.
#aptitude safe-upgrade .....................Same as aptitude upgrade.
#aptitude full-upgrade .....................Upgrades packages to its newer versions, taking care about dependencies. Sames as dist-upgrade.
#aptitude hold foo .........................Marks foo package so it will not be removed or upgraded when executing safe-upgrade or full-upgrade
#aptitude unhold foo .......................Turn off the hold on foo package.
$aptitude show foo .........................Gives a long info description about foo package.
#aptitude clean ............................Removes all previously downloaded .deb files from the package cache directory.

#dpkg -i foo ...............................Installs foo package
#dpkg -i --force-depends foo ...............Converts all dependency errors into warnings and installs foo package.
#dpkg -r foo ...............................Removes foo package
#dpkg --purge foo ..........................Removes foo package and its configuration files too.
$dpkg -l *foo* .............................Lists packages containing "foo" pattern.
$dpkg -L foo ...............................Lists files pertaining to foo package.
#dpkg-reconfigure -plow foo ................Reconfigures previously installed "foo" package, asking all configuration questions.
#dpkg --configure -a ...........................Configures all packages that have been unpacked but not yet configured.
$dpkg --search foo .........................Lists packages containing files matching foo pattern. Only searchs on installed packages.

4) from HERE

Someone, sorry I forget who, on this list posted the a few years ago.
It's what I use.

~# less bin/dhold
---------------
#! /bin/sh

PRG=`basename $0`

if [ `id -u` != 0 ] ; then
echo "you're not root, go away."
exit 1
elif [ $# != 1 ] ; then
echo "Usage: $PRG "
exit 1
else
echo $1 hold | dpkg --set-selections
fi
-----------------------

So in your case, as root:

~# dhold apt-howto


5) and see attachment.....
 

Attachments

  • howto_debian_server.pdf
    150.9 KB · Views: 37,160
Last edited:
Back
Top