Home About Mailing Lists Meetings Newsletter FTP Locate File

Update Your Fedora Linux Core Installation

This information is almost certainly obsolete and of historical significance only.

By Gilbert Detillieux, January 2004. Updated 8 June 2004, for Fedora Linux Core 2.

By now, most of you have probably heard of The Fedora Project, and the public release in early November 2003 of Fedora Linux Core 1. What may be news to you is that a second public release, Fedora Linux Core 2, was made available on 18 May 2004. Some of you may have already downloaded it, either from the Fedora site, or a convenient mirror site, such as MUUG's FTP server, or may have gotten a copy on CD-ROM.

Some of you have perhaps even been organised enough to have read the release notes, available on the CD-ROM or online, before attempting the install. (If you haven't, you might want to read them now, since they might help explain some of the strange issues you've encountered during the installation or afterwards.)

But, are you keeping your Fedora installation up to date? Since its release, there have been dozens of updates issued. Many of these are fixes for security vulnerabilities, so if your Fedora system is accessible via the Internet, it's important to install these update packages promptly.

Updates are announced on the fedora-announce-list mailing list, so you should start by subscribing to that list, and reading the message archive, so you'll know when updates are available, and what they fix. You should then be sure to install those updates as soon as possible. Fortunately, that's now a much simpler task than it used to be.

Up2date and RHN-Applet

In the early days of Red Hat Linux, updates had to be installed manually. Then Red Hat introduced up2date and the RHN Panel Applet, which would notify you of available updates, and make it easy to install them, including finding and installing any other packages needed to satisfy dependencies. Unfortunately, you had to register to use RHN, the Red Hat Network, and there was a fee associated with that after an initial free trial period.

With Fedora, you still can take advantage of these tools, but without having to register to use RHN. The tools have been enhanced to also support a new update service, called YUM (Yellowdog Updater, Modified), which can get all the update information and packages via HTTP or FTP, from any Fedora mirror site.

This last point in important, since the RHN servers can often get bogged down, resulting in slow connections or no response at all. By making a simple change to the /etc/sysconfig/rhn/sources file, you can instead point to your favourite mirror site, such as MUUG's Fedora mirror.

Patch to /etc/sysconfig/rhn/sources file:

--- /etc/sysconfig/rhn/sources.FC2	2004-05-11 15:14:59.000000000 -0500
+++ /etc/sysconfig/rhn/sources	2004-05-19 11:47:09.193300000 -0500
@@ -27,8 +27,8 @@
 ### format:
 ### type  channel-label     url 
-yum fedora-core-2 http://download.fedora.redhat.com/pub/fedora/linux/core/2/$ARCH/os/ 
-yum updates-released-fc2 http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/$ARCH/
+yum fedora-core-2 http://www.muug.mb.ca/pub/fedora/linux/core/2/$ARCH/os/ 
+yum updates-released-fc2 http://www.muug.mb.ca/pub/fedora/linux/core/updates/2/$ARCH/
 yum-mirror fedora-core-2 http://fedora.redhat.com/download/up2date-mirrors/fedora-core-2
 yum-mirror updates-released-fc2 http://fedora.redhat.com/download/up2date-mirrors/updates-released-fc2

(Patch to /etc/sysconfig/rhn/sources file for Fedora Linux Core 1)

Note that the patch uses HTTP to connect to MUUG's Fedora mirror, rather than FTP. FTP might work for you, but the yum support code only uses active mode, which may not work if you're behind a firewall or NAT router. Passive-mode FTP transfers would be a better option, but there's currently no way to configure that.

Automatic Updates via YUM

Using up2date and the RHN Panel Applet certainly makes the update process much easier than in the past, but you still have to take action manually to get the updates installed. That's OK for a desktop system you use regularly, but not for a server system you want to run with as little manual intervention as possible.

Fortunately, there's also a yum command, which you can not only run manually, but automatically via a cron script (by enabling the yum service). This command uses its own configuration file, /etc/yum.conf, which can also be simply changed to point to another mirror site.

Patch to /etc/yum.conf file:

--- /etc/yum.conf.FC2	2004-05-11 15:24:48.000000000 -0500
+++ /etc/yum.conf	2004-05-19 12:07:28.250975344 -0500
@@ -10,11 +10,11 @@
 name=Fedora Core $releasever - $basearch - Base
 name=Fedora Core $releasever - $basearch - Released Updates
 #name=Fedora Core $releasever - $basearch - Unreleased Updates

(Patch to /etc/yum.conf file for Fedora Linux Core 1)

To enable automatic updates via yum, you'll need to run the following commands:

	chkconfig yum on
	service yum start
After that, yum will run nightly via a cron script. Update packages should be automatically downloaded and installed. With certain updates, such as kernels, you'll want to reboot afterwards, for the updated code to take effect. Also, new kernels are installed with the equivalent of "rpm -i", rather than "rpm -F" or "rpm -U", so the old kernel packages will remain. You can safely remove those after you've rebooted the new kernel, and are sure everything works fine.

To save disk space, you might also want to periodically run the "yum clean" command, to purge old header information and downloaded RPM packages from the cache.

A Note About Package Signatures

Most RPM packages that you will install from the standard Fedora repositories have been signed with a GnuPG key, to guard against their content being tampered, either by a malicious third-party or through more benign causes. If up2date or yum complain and won't load a package because they can't verify the signature, it may be due to a missing GPG key. For packages in the Fedora base and updates-release repositories, you can install the appropriate GPG keys with the following commands:
	rpm --import /usr/share/rhn/RPM-GPG-KEY
	rpm --import /usr/share/rhn/RPM-GPG-KEY-fedora

Out of Sight, Not Out of Mind

Once you've set this up, you may think that you no longer have to think about updates, since they're automatically installed. However, it's important to still keep on top of things yourself, in case there is a problem. By all means, continue to review update announcements, and make sure you understand the implications of installing the updated package. Also, it might be a good idea to test things out after packages are updated, to make sure the affected programs still work as they should.

If packages are being updated that you didn't even realise were installed, or that you decide you don't need, it might be a good idea to remove them, or at least make sure than any network service they provide is disabled. For services you do want, you might want to configure them, or your firewall rules, to make sure they're only available locally, unless you're sure it's a service you want to offer to the world.

Remember the old adage that "an ounce of prevention is worth a pound of cure." By taking a bit of time now to keep your system up to date, you can save yourself a lot of headaches down the road.

This article first appeared in the February 2004 MUUG Lines. The current version can be found online here: https://muug.ca/tutorials/fedora-updates.html

This article is copyrighted by MUUG and the specific author(s). You are granted permission to duplicate it for non-commercial purposes only, provided it is not modified and includes this copyright notice as well as all author credits and attributions.

If you found this useful, you might also be interested in other MUUG tutorial articles. Or, why not find out more about MUUG? If you live in or near the Winnipeg area, why not check out one of our monthly meetings?

Home About Mailing Lists Meetings Newsletter FTP Locate File