View previous topic :: View next topic |
Author |
Message |
ReD-BaRoN Apprentice
Joined: 06 Feb 2004 Posts: 208
|
Posted: Sat Aug 07, 2010 12:57 am Post subject: Automatic updates? |
|
|
I did a search on this, but most of the posts I find on this topic are really outdated. What's the best way about emerging automatically every few days?
Thanks! |
|
Back to top |
|
|
John R. Graham Administrator
Joined: 08 Mar 2005 Posts: 10590 Location: Somewhere over Atlanta, Georgia
|
Posted: Sat Aug 07, 2010 1:00 am Post subject: |
|
|
Read up on cron. The man page is a good place to start.
- John _________________ I can confirm that I have received between 0 and 499 National Security Letters. |
|
Back to top |
|
|
ReD-BaRoN Apprentice
Joined: 06 Feb 2004 Posts: 208
|
Posted: Sat Aug 07, 2010 1:07 am Post subject: |
|
|
I'm up on cron. I just know this has to have been done before, and there's likely a proven method. GLCU looks like the right place to start, but is no longer maintained. |
|
Back to top |
|
|
cach0rr0 Bodhisattva
Joined: 13 Nov 2008 Posts: 4123 Location: Houston, Republic of Texas
|
Posted: Sat Aug 07, 2010 1:34 am Post subject: |
|
|
glsa-check -f affected
should be no need to update every package on the system. I only ever update to address specific bugs (in which case i want to choose the packages, not automate), or because of a security issue. _________________ Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash |
|
Back to top |
|
|
ReD-BaRoN Apprentice
Joined: 06 Feb 2004 Posts: 208
|
Posted: Sat Aug 07, 2010 2:11 am Post subject: |
|
|
Now this is interesting.
I just completed a emerge --sync and then emerge -uDavN --with-bdeps=y world.
Then I ran the command you listed glsa-check -f affected and it beings:
>>> merging net-libs/gnutls-2.8.6
Was wasn't gnutls updated when I updated world? |
|
Back to top |
|
|
John R. Graham Administrator
Joined: 08 Mar 2005 Posts: 10590 Location: Somewhere over Atlanta, Georgia
|
Posted: Sat Aug 07, 2010 2:28 am Post subject: |
|
|
ReD-BaRoN wrote: | I'm up on cron. I just know this has to have been done before, and there's likely a proven method. GLCU looks like the right place to start, but is no longer maintained. | No need for anything external. You can launch an emerge command directly from the crontab. I don't do automatic updates, but I do perform an automatic --sync. Perhaps these'll get you started: John's /etc/crontab: | # for vixie cron
# $Header: /var/cvsroot/gentoo-x86/sys-process/vixie-cron/files/crontab-3.0.1-r4,v 1.2 2009/05/12 09:13:46 bangert Exp $
# Global variables
SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root
HOME=/
# John's Cheat Sheet
#
# field allowed values
# ----- --------------
# minute 0-59
# hour 0-23
# day of month 1-31
# month 0-12 (or names, see below)
# day of week 0-7 (0 or 7 is Sun, or use names)
# check scripts in cron.hourly, cron.daily, cron.weekly and cron.monthly
59 * * * * root rm -f /var/spool/cron/lastrun/cron.hourly
9 3 * * * root rm -f /var/spool/cron/lastrun/cron.daily
19 4 * * 6 root rm -f /var/spool/cron/lastrun/cron.weekly
29 5 1 * * root rm -f /var/spool/cron/lastrun/cron.monthly
*/10 * * * * root test -x /usr/sbin/run-crons && /usr/sbin/run-crons
30 1 * * * root /root/scripts/nightly_emerge
0 0-23/2 * * * root /root/scripts/raid_check_daemon |
nightly_emerge: | #!bin/bash
if emerge --sync --nospinner --color=n --quiet; then
logger -t portage "Nightly emerge --sync completed successfully."
else
logger -t portage "Nightly emerge --sync failed. See /var/log/emerge.log for details."
(echo "Subject: `hostname`: Nightly emerge --sync failed." &&\
echo "Emerge failed to sync." &&\
tail /var/log/emerge.log \
) | sendmail john_r_graham@mindspring.com
fi
if layman --sync ALL; then
logger -t portage "Nightly layman --sync completed successfully."
else
logger -t portage "Nightly layman --sync failed."
fi | - John _________________ I can confirm that I have received between 0 and 499 National Security Letters. |
|
Back to top |
|
|
Amity88 Apprentice
Joined: 03 Jul 2010 Posts: 260 Location: Third planet from the Sun
|
Posted: Sat Aug 07, 2010 11:32 am Post subject: |
|
|
I wonder if full automation is possible, I follow the guide I found here. Some amount of user intervention seems necessary in between the steps, so I haven't been able to automate the whole process.
I have one doubt though. Is it ok if I leave the etc-update bit for the last, after I'm done with both system and world updates? |
|
Back to top |
|
|
John R. Graham Administrator
Joined: 08 Mar 2005 Posts: 10590 Location: Somewhere over Atlanta, Georgia
|
Posted: Sat Aug 07, 2010 1:49 pm Post subject: |
|
|
Full automation isn't possible. If it were, then emerge would never fail.
It's okay to leave the etc-update until after.
- John _________________ I can confirm that I have received between 0 and 499 National Security Letters. |
|
Back to top |
|
|
HeXiLeD Veteran
Joined: 20 Aug 2005 Posts: 1159 Location: Online
|
Posted: Sat Aug 07, 2010 1:55 pm Post subject: |
|
|
Something like this ?
Code: | emerge --sync && emerge -DNu world && revdep-rebuild && emerge --depclean && dispatch-conf && glsa-check -f all ; update-ca-certificates ; update-env ; update-etc ; update-modules ; update-pciids ; source /etc/profile |
This is what i do when i want a full update.
You can make an executable with it (lets say: update.sh) and then cron it.
Open your favourite text editor (nano/vim/joe/pico .. other). Create a text file named update.sh; Insert the above text inside, save and exit.
Code: | $ chmod +x update.sh |
Manually run:
Cron:
Move the executable to /etc/cron.daily/
Done. _________________ Do you hear the sound of inevitability?
With age, comes great grumpiness and that, was 20 years ago...
CertFP: becbbd161d5a5c31de3c45171b77bf710911db29 / d985d21f89fe2977b593c4d381a1a86802e62990d9328d893db76d59f9935244 |
|
Back to top |
|
|
phajdan.jr Retired Dev
Joined: 23 Mar 2006 Posts: 1777 Location: Poland
|
Posted: Sat Aug 07, 2010 3:09 pm Post subject: Re: Automatic updates? |
|
|
ReD-BaRoN wrote: | I did a search on this, but most of the posts I find on this topic are really outdated. What's the best way about emerging automatically every few days? |
It's one of the easiest ways to hose your system. I suggest starting with just automating emerge --sync, and maybe preparing binary packages for what's possible, but not merging anything to the live file system automatically. _________________ http://phajdan-jr.blogspot.com/ |
|
Back to top |
|
|
Hu Administrator
Joined: 06 Mar 2007 Posts: 21708
|
Posted: Sat Aug 07, 2010 5:53 pm Post subject: |
|
|
HeXiLeD wrote: | Code: | emerge --sync && emerge -DNu world && revdep-rebuild && emerge --depclean && dispatch-conf && glsa-check -f all ; update-ca-certificates ; update-env ; update-etc ; update-modules ; update-pciids ; source /etc/profile |
|
emerge --depclean wrote: | * Depclean may break link level dependencies. Thus, it is
* recommended to use a tool such as `revdep-rebuild` (from
* app-portage/gentoolkit) in order to detect such breakage. |
Also, running automatic merges of configuration files is just asking for trouble. |
|
Back to top |
|
|
RedSquirrel Guru
Joined: 22 Apr 2008 Posts: 336
|
Posted: Sat Aug 07, 2010 6:24 pm Post subject: |
|
|
It is essential to read Portage output as well (especially post-merge output). In addition, some updates bring USE flag changes which may require you to make adjustments if you want to preserve certain types of functionality.
On the topic of glsa-check, personally I would not trust it too much at this point. GLSA are not being cranked out at this point in time. Many packages are being updated/patched accordingly, but no announcements are produced for them. The last time I read anything about it, the devs are working on tools to make the generation of GLSA easier and more automated. (And the team is short-staffed.) |
|
Back to top |
|
|
Amity88 Apprentice
Joined: 03 Jul 2010 Posts: 260 Location: Third planet from the Sun
|
Posted: Sun Aug 08, 2010 7:26 am Post subject: |
|
|
@john R. Graham,
Thanks, I'm glad that I got that cleared up I've noticed that user intervention is proportional to how outdated the system is. So I guess I'll check and clear out any problems first and let everything run overnight, if everything goes well I'll update the configuration files in the morning. Else I'll just fix the problem and continue.
The first couple of times(installations) I messed up by rushing through the update and updating all configuration files in one go
Also, is there a way to prevent a particular package from updating while I update everything else? |
|
Back to top |
|
|
Amity88 Apprentice
Joined: 03 Jul 2010 Posts: 260 Location: Third planet from the Sun
|
Posted: Tue Aug 10, 2010 3:57 am Post subject: |
|
|
Check out this script :
Code: |
# This script autmates some parts of the tedious updates, synch and verification has to be done before running
# any kernel upgrades will have to be performed manually before a world update and this script can't be used
#!/bin/bash
emerge -e system | grep '*' > SysMsg.txt
date >> status.txt
echo ':' >> status.txt
grep 'error' SysMsg.txt
if [ $? = 1 ]
then
echo 'System update failure' >> status.txt
else
echo 'System update success' >> status.txt
emerge -fuND world
emerge -uND world | grep '*' > WldMsg.txt
echo '\n' >> status.txt
date >> status.txt
grep 'error' WldMsg.txt
if [ $? = 1 ]
then
echo 'World update failure' >>status.txt
else
echo 'World update success' >>status.txt
fi
fi
|
It doesn't automate everything, the sync, and pretend-problem-correction bits have to be done first. But it takes care of the time consuming and mechanical parts. I just leave it running in the night and I just have only a few quick manipulations left
It records the status in status.txt. System and World messages in SysMsg.txt and WldMsg.txt.
revdep-rebuild --library ~~~~~ has to be done once the script is done with its job. _________________
Ant P. wrote: | The enterprise distros sell their binaries. Canonical sells their users. |
Also... Be ignorant... Be happy! |
|
Back to top |
|
|
|