SUSE Conversations


SLE 11: Software Updating; Categories and Exclusions

cseader

By: cseader

February 25, 2010 5:35 pm

Reads:569

Comments:4

Rating:0

Application:

If you have a need in your environment to apply updates without having a new Kernel being applied, or apply updates that are deemed security only then the following should help you accomplish this goal.

Explanation:

The following scripts use zypper the command line tool of choice for updating in the SUSE Linux Enterprise 11 platform, with the idea of using the patch method instead of the update method for fully updating a system with the latest patches. All scripts will first check for any available software management patches and apply those first before proceeding with any other patches. This method insures that any pre or post patch scripts get executed and applied to the system and that the patching process is being executed optimally.

zypper_up_everything.sh Script:

This script will update everything.

Copy the text below into a file preferably named zypper_up_everything.sh or download it here.

#!/bin/bash

zypperbin=`which zypper`
softmgmt=`$zypperbin lp | awk '{ print $3 }' | grep softwaremgmt`
patches=`$zypperbin lp` 

if [ -e $zypperbin ]; then
# Just in case there are more than one software management patch in a row
# i use a while loop to check until there are none

while [[ $softmgmt == *softwaremgmt* ]]
do
        $zypperbin -n up -t patch
done
# Execute zypper up -t patch again to execute after all
# software management patches have been applied

if [[ $patches != *"No updates found."* ]]; then
$zypperbin up -t patch
else
echo "No Updates Available."
fi
fi

zypper_up_nokernel.sh Script:

This script will update everything except the kernel.

Copy the text below into a file preferably named zypper_up_nokernel.sh or download it here.

#!/bin/bash

zypperbin=`which zypper`
softmgmt=`$zypperbin lp | awk '{ print $3 }' | grep softwaremgmt`
patches=`$zypperbin lp | awk '!/kernel/'`

if [ -e $zypperbin ]; then
# Just in case there are more than one software management patch in a row
# i use a while loop to check until there are none

while [[ $softmgmt == *softwaremgmt* ]]
do
        $zypperbin -n up -t patch
done
# Execute zypper up -t patch again to execute after all
# software management patches have been applied, and in this instance
# we will look for all categories of patches and exclude the kernel and only apply those.

if [ "$patches" != "" ]; then
$zypperbin lp | awk '!/kernel/ {print "zypper -n in -t patch "$3}' | sh +x
else
echo "No Updates Available."
fi
fi

zypper_up_security.sh Script:

This script will apply security patches only.

Copy the text below into a file preferably named zypper_up_security.sh or download it here.

#!/bin/bash

zypperbin=`which zypper`
softmgmt=`$zypperbin lp | awk '{ print $3 }' | grep softwaremgmt`
patches=`$zypperbin lp | awk '$7=="security"'`

if [ -e $zypperbin ]; then
# Just in case there are more than one software management patch in a row
# i use a while loop to check until there are none

while [[ $softmgmt == *softwaremgmt* ]]
do
        $zypperbin -n up -t patch
done
# Execute zypper up -t patch again to execute after all
# software management patches have been applied, and in this instance
# we will look for all security patches and only apply those.
if [ "$patches" != "" ]; then
$zypperbin lp | awk '$7=="security" {print "zypper -n in -t patch "$3}' | sh +x
else
echo "No Updates Available."
fi
fi

zypper_up_security_nokernel.sh Script:

This script will apply security patches with no kernel.

Copy the text below into a file preferably named zypper_up_security_nokernel.sh or download it here.

#!/bin/bash

zypperbin=`which zypper`
softmgmt=`$zypperbin lp | awk '{ print $3 }' | grep softwaremgmt`
patches=`$zypperbin lp | awk '!/kernel/ && $7=="security"'`

if [ -e $zypperbin ]; then
# Just in case there are more than one software management patch in a row
# i use a while loop to check until there are none

while [[ $softmgmt == *softwaremgmt* ]]
do
        $zypperbin -n up -t patch
done
# Execute zypper up -t patch again to execute after all
# software management patches have been applied, and in this instance
# we will look for all security patches and exclude the kernel and only apply those.

if [ "$patches" != "" ]; then
$zypperbin lp | awk '!/kernel/ && $7=="security" {print "zypper -n in -t patch "$3}' | sh +x
else
echo "No Updates Available."
fi
fi

Once you have these scripts created you can save them in /root/bin or something with the chmod 755 permissions on it. Now you are ready to set it up to run as a Cron Job or use it as you desire. You may want to add some logging to the script and have its output get logged to a separate file in /var/log.

Enjoy!!

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Tags:
Categories: SUSE Linux Enterprise Server, Technical Solutions

Disclaimer: As with everything else at SUSE Conversations, this content is definitely not supported by SUSE (so don't even think of calling Support if you try something and it blows up).  It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.

4 Comments

  1. By:asafmagen

    how can i install security updates by severity ( Critical, Moderate … ) if its even possible?

    in redhat ther is this command that lets you install security update by severity ( example: yum update –security –sec-severity=Critical
    )

    any chance SUSE has this too?

  2. By:cseader

    Ah ok, your right. Yes that is not a functionality of zypper currently. I will put in a feature enhancement for this. We usually operate on the knowledge that everything with security is critical in nature.

Comment

RSS