SUSE Conversations

Forensic analysis of patchlevel in a supportconfig


By: ataschner

February 18, 2014 10:44 am





Download oscc-0.1-0.11.noarch

Do you ever get exposed to supportconfig files from servers that do not have access to update repositories ? Or do you find it difficult to relate to patch numbers of updates (not) installed in updates.txt of a supportconfig?

If so, how do you easily find out if there are pending updates available from SUSE/Novell to be installed on the system to make it up to date?
Exactly – you don’t.

Until now…

Install the oscc (for Offline SupportConfig Checker) package on a system with acess to either the online update repositories at Novell Customer Center (NCC) or a local mirror on e.g. a Subscription Management Tool (SMT) server.

This package contains a digested cache of the update repositories for the main SUSE Linux Enterprise (SLE) products along with a plain shell script.

When executed against a supportconfig archive, oscc

  • detects the SLE products installed
  • sets up and updates the “cache” for the applicable repositories
  • examines the SLE package versions installed on the system
  • checks if each of the packages is up to date
  • displays the results to the user

By default, the script uses the NCC update repositories when determining the currently available packages. Accessing the NCC repositories requires authentication, so the user will be prompted for the mirror credentials of his/her account in NCC. These credentials should match the username and password obtained from My Products|Mirror Credentials in the Novell Customer Center.

Getting prompted for this username/password every time you run oscc may become rather annoying. So this interaction can be eliminated by storing the credentials in the configuration file /etc/opt/oscc/oscc.conf (yes, unsafe, I know).

Also configurable in the config file is the URL to the update repositories. In addition to the NCC servers they could be accessible via http, https, nfs or local storage.

Currently the script supports the x86_64 and i586 architectures of:

  • SUSE Linux Enterprise Server 10 SP{1,2,3,4}, 11 SP{1,2,3}
  • SUSE Linux Enterprise Software Development Kit 10 SP4, 11 SP{1,2,3}
  • SUSE Linux Enterprise High Availability Extension 11 SP{1,2,3}
  • Subscription Management Tool 11 SP{1,2,3}

SLE 11 without service packs is not supported, since it is not available under the Long Term Service Pack Support (LTSS) program. See the Long Term Service Pack Support page for details on that.

Below is an example of how an execution of the script looks.

After determining products installed on the system and setting up the repositories, it cycles through each package:


The tool checks for available updates for the repositories applicable to the supportconfig, it is executed against.

In the example above, new versions of some packages have become available since the update “database” was last updated.

When the analysis is completed, a summary like this is displayed:


Download the RPM and try it out.

Since version string comparison turned out to be a somewhat complicated matter, the script is rather long and may seem chaotic. But it does the job.

And if it does not, please feel free to leave a comment here.

Feedback is welcome.

VN:F [1.9.22_1171]
Rating: 5.0/5 (4 votes cast)
Forensic analysis of patchlevel in a supportconfig, 5.0 out of 5 based on 4 ratings

Tags: , , , ,
Categories: Free Tools, SUSE Linux Enterprise Server, Technical Solutions


  1. By:ataschner

    New version uploaded :
    - Added support for SLES11-SP2-LTSS
    - Check for missing database files
    - Fixed more bugs in update_repo_cache

  2. By:ataschner

    This version also creates a report file with the findings.

  3. By:ataschner

    Range error fixed, so that the tool also works with ssh connections from Windows putty and in Mac OS X Terminal