Hi2all, Is it possible to give some details about the new Yast Online Update for suse 7.1? Quoting suse online zine: "For this purpose, suse makes all relevant patches and extensions available ..." - "relevant" regarding what is installed on the system, or general relevant for most users? how will this YOU works? "during the installation, the user selects one of tree security levels" - what are the features/diferences in those 3 levels? Right now I dont have ftp access to check the suse ftp site for this, so if there are documentation about this, people can tell me RTFM, but pease also point me the link for it, for I can check l8r =;o) [ ]'s bacano ----------------------------------- Mensagem enviada atraves do WebPOP. http://www.vianetworks.pt/email
Hi, bacano@esoterica.pt wrote:
Is it possible to give some details about the new Yast Online Update for suse 7.1? Quoting suse online zine: "For this purpose, suse makes all relevant patches and extensions available ..." - "relevant" regarding what is installed on the system, or general relevant for most users? how will this YOU works? If I understand it correctly it simply checks the FTP-Server on ${ftp.suse.com/pub/suse}/${platform}/update/${version} ^^^ or mirror? ^^^ i386 ^^^- 7.1
If you look at ftp://ftp.suse.com/pub/suse/i386/update/7.1/ there is a file called ./patches/ftp-1 which seems to describe updates: Shortdescription.german : Willkommen zum SuSE Patch Update Longdescription.english: Welcome to SuSE Patch Update. This is only an info patch which shows the functionality of the patch update. Well, it doesn't seem to be in use presently ;-) Moreover you can find now the ${package-name}_{de,en}.info files all over the place which contain some information (packagename, file, version, size, date, source, security update: Yes/no, update/change description). BTW: Why is there no _{en/de}.info file for xemacs in update/7.1/e2/ ?
"during the installation, the user selects one of tree security levels" - what are the features/diferences in those 3 levels? I think this is the same as in YaST 1 and uses /etc/permissions.easy /etc/permissions.secure /etc/permissions.paranoid Those presently set the rights of several files (suid bits, /dev/ rights, mount user or nouser etc.) I don't think that that changed much.
Right now I dont have ftp access to check the suse ftp site for this, so if there are documentation about this, people can tell me RTFM, but pease also point me the link for it, for I can check l8r =;o) Well you probably have to buy SuSE 7.1 (or wait until it gets leased as FTP version) until you see it. The latter doesn't look that new (I don't know 7.0's YaST2, but YaST1 has it). The former seems to make it easier (with GnuPG signed RPMs :-) than browsing around with yast (I never did before I simply used wget and rpm ;-). There is also autorpm which automates it even more (if you think rpm{new/saved} is no harm ;-)
Tobias
hi2all
From: "Tobias Burnus"
If I understand it correctly it simply checks the FTP-Server on ${ftp.suse.com/pub/suse}/${platform}/update/${version} ^^^ or mirror? ^^^ i386 ^^^- 7.1
If you look at ftp://ftp.suse.com/pub/suse/i386/update/7.1/ there is a file called ./patches/ftp-1 which seems to describe updates: Shortdescription.german : Willkommen zum SuSE Patch Update Longdescription.english: Welcome to SuSE Patch Update. This is only an info patch which shows the functionality of the patch update.
hhmmm ... seems that I'ill keep the old fashion way =)
Moreover you can find now the ${package-name}_{de,en}.info files all over the place which contain some information (packagename, file, version, size, date, source, security update: Yes/no, update/change description).
yeah, that is good.
BTW: Why is there no _{en/de}.info file for xemacs in update/7.1/e2/ ?
Now there is, check again =) /pub/suse/i386/update/7.1/e2/xemacs-21.1.14-0.i386_en.info /pub/suse/i386/update/7.1/e2/xemacs-el-21.1.14-0.i386_en.info (and _de files too)
I think this is the same as in YaST 1 and uses /etc/permissions.easy /etc/permissions.secure /etc/permissions.paranoid Those presently set the rights of several files (suid bits, /dev/ rights, mount user or nouser etc.) I don't think that that changed much.
ok, i'll keep it on paranoid, then i'll change it to /etc/permissions.sick eheh
Well you probably have to buy SuSE 7.1 (or wait until it gets leased as FTP version) until you see it. The latter doesn't look that new (I don't know 7.0's YaST2, but YaST1 has it).
I'll buy it ... by the way, since I mailed the support (info@suse.com ?) and had no reply, let me ask here, will my usb cd writer (hp8210e/USB) work with kernel 2.4?
The former seems to make it easier (with GnuPG signed RPMs :-) than browsing around with yast (I never did before I simply used wget and rpm ;-). There is also autorpm which automates it even more (if you think rpm{new/saved} is no harm ;-)
until now I also just used rpm (ok, some times kpackage too i confess eheh) Thanks for the tips [ ]'s bacano
HiHO...
Is it possible to give some details about the new Yast Online Update for suse 7.1? Quoting suse online zine: "For this purpose, suse makes all relevant patches and extensions available ..." - "relevant" regarding what is installed on the system, or general relevant for most users? how will this YOU works?
There is a new directory in the update area called "patches". There will be descriptions of every update, including the names of the relevant rpm-files (e.g. for libc there are more than one rpm you need to fix the problem), some flags and a short description. Then you can use the YaST2 frontend to connect to the ftp-server. It will fetch the "patch-files" and show you the description. Then you can let YaST2 install the update. Or you can choose the automated way and YaST2 will do everything without asking for any decisions. I think this is not too usefull for the most reading the list. (I think everybody here is able to use rpm and it's more important for the most on this list to get the information that there is a new update, than a solution to update your files easier. Autorpm is a nice solution to get informations about new files on the ftp-server, most times a bit earlier than the announcement). But it's a really good thing for all the newbies, who are used to click buttons :-) stephan -- t="\$_='for(\$i=-2;\$_=substr(\"2720ab25409d2500f82310a6272\",\$i+=2,3);) .~. /V\ [ s.martin@odn.de GnuPG: 0x7E30CD6D ] /( )\ ^ ~ ^ {\$_=\$i++%2?hex:oct;\$_=chr(\$_%(2**2*22));\$_=\$i?lc:{};print; }';s/\( +\)|[.\/V~^\\\]+| {2,}|\\[\s+.+\s+\\]//g;eval \$_;"&&echo $t|perl
* Stephan Martin wrote on Sun, Feb 11, 2001 at 15:45 +0100:
HiHO...
Is it possible to give some details about the new Yast Online Update for suse 7.1?
Then you can use the YaST2 frontend to connect to the ftp-server. It will fetch the "patch-files" and show you the description. Then you can let YaST2 install the update. Or you can choose the automated way and YaST2 will do everything without asking for any decisions.
Are the packages signed? Otherwise this looks like a nice security hole here, since some DNS Spoofing or similar would allow an attacker to send trojaned RPMs.
But it's a really good thing for all the newbies, who are used to click buttons :-)
I'm afraid this could cause a wrong feeling of security. Automatic updates are a problem at all, I had troubles with a lot of SuSEs RPMs, I believe that around 50% of the updates needed manual actions. SuSE would need to test the RPMs contents as much as possible, otherwise you get that windows behaivior: installing a ServicePack, and some things will not work and so on, and nobody knows why. As long as there are problems with the RPMs as currently I would not use that automatic thing at all. I have to test any RPM before installing in production. oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.
Hi, On Sun, Feb 11, Steffen Dettmer wrote:
Are the packages signed? Otherwise this looks like a nice security hole here, since some DNS Spoofing or similar would allow an attacker to send trojaned RPMs.
Yes, the RPMs are signed and YaST2 will verify the signature. Bye, LenZ -- ------------------------------------------------------------------ Lenz Grimmer SuSE GmbH mailto:grimmer@suse.de Schanzaeckerstr. 10 http://www.suse.de/~grimmer/ 90443 Nuernberg, Germany Yeah, but what's the speed of DARK?
* Lenz Grimmer wrote on Sun, Feb 11, 2001 at 21:30 +0100:
On Sun, Feb 11, Steffen Dettmer wrote:
Are the packages signed? Otherwise this looks like a nice security hole here, since some DNS Spoofing or similar would allow an attacker to send trojaned RPMs.
Yes, the RPMs are signed and YaST2 will verify the signature.
Oh, that's great. Are other update packages signed too? By GPG? I have to get the key, I assume it's avaiable via HTTPS? oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.
Yes, the RPMs are signed and YaST2 will verify the signature.
Oh, that's great. Are other update packages signed too? By GPG? I have to get the key, I assume it's avaiable via HTTPS?
Not yet. They (SuSE-6.3 and newer) will be, as far as rpm can do with them. I'm about to build a package which will install the key. There's just a bunch of ssh and kernel updates in the queue now.
oki,
Steffen
Thanks,
Roman.
--
- -
| Roman Drahtmüller
participants (7)
-
bacano -
bacano@esoterica.pt
-
Lenz Grimmer -
Roman Drahtmueller -
Steffen Dettmer -
Stephan Martin -
Tobias Burnus