Jump to content

To update or not to update, that is the question....


wa4chq

Recommended Posts

Good morning all...... I've been wondering about this for some time now. My phone updates, my laptop that isn't connected to the internet is reminding be I have 2 zillion things that need updating..... updates! but my Slack doesn't say a word....

 

I'm running Slackware 14.1 (applause) and did the full install a few years ago. Over the years I've been a Slackman I've never updated anything. Like I said, I usually do the full install but then I will gradually add things not included on the discs I get from the Slackware store (like to show my support) (more applause). I'll go to the Slackbuilds.org site and get the extras from there. I'm just a normal Linux user. Don't use the computer for work etc...just like Linux as my OS.

 

Let's say I didn't add anything else, what trouble can I get myself into if I don't do updates? Will the trouble begin when I start adding the extras? You're probably saying to yourself... "This dude must be having some issues because he's asking this question..." well sorta....not anything to stop me from happily booting up every morning but I do see some error messages when I shutdown. I'm not going to post the error messages because that isn't why I'm posting this question but I will say I started noticing them after I reinstalled Seamonkey....this btw wasn't a Slackbuild. And I seem to get them if I use GIMP during that session.....

 

So is it bad practice not to perform updates if you do a complete install and don't add anything else?

 

Thanks. Hope you all have a nice day.

 

Neil

Link to comment
Share on other sites

securitybreach

You should always update if there are updates available. How else would you get security fixes and such? Without updates, you will eventually become vulnerable to an attack.

  • Like 2
Link to comment
Share on other sites

You should always update if there are updates available. How else would you get security fixes and such? Without updates, you will eventually become vulnerable to an attack.

Hi SB....thanks for the reply.

 

I guess I'll have to research it more. I don't really understand how that will happen. I just boot up, go online, mess around with digital photos, read the news, play cards, youtube..... so I see the path an attack would take (being online) but does that mean that if 'geeqie' is out of date an attack could wind it's way through it?

confused.....

Link to comment
Share on other sites

OK, I just found this......I've seen it before but have never really stopped to read it.

Configure a Package Manager

 

 

Now that you have Slackware running, you should consider spending a bit of time caring for your computer's good health. The software which was installed as part of the Slackware release you are running, may develop vulnerabilities over time. When those vulnerabilities are critical to the health of your computer, then Slackware will usually publish a patched version of the software package. These patched packages are made available online (in the /patches directory of the release) and announced on the Slackware Security mailing list.

You have various options in order to keep your Slackware installation up-to-date. It's not advised to make the process of applying security updates fully automatic, but it is possible to do so using a cron job.

Link to comment
Share on other sites

securitybreach

You should always update if there are updates available. How else would you get security fixes and such? Without updates, you will eventually become vulnerable to an attack.

Hi SB....thanks for the reply.

 

I guess I'll have to research it more. I don't really understand how that will happen. I just boot up, go online, mess around with digital photos, read the news, play cards, youtube..... so I see the path an attack would take (being online) but does that mean that if 'geeqie' is out of date an attack could wind it's way through it?

confused.....

 

I am referring to the updates for things like ssl and such. Remember over the last few months where there were vulnerabilities for ssl, SambaCry, and others that were found and fixed right away? Well without the updates, you are still vulnerable to them.

  • Like 1
Link to comment
Share on other sites

V.T. Eric Layton

Neil...

 

Slackware doesn't "auto-update" like all those pansy-arse Linuxes out there. You have to be pro-active with Slackware. I subscribe to the Slackware Security Updates mailing list, so I get notifications via email whenever there are new updates available. However, those are only security updates. You should always run:

 

#slackpkg update

 

#slackpkg upgrade-all

 

at least once a month. I usually do it weekly (on Sundays) when I do my rsync backups.

 

(IMPORTANT) NOTE! Go to /etc/slackpkg/blacklist and make sure your kernel packages are blacklisted. You should never upgrade kernels via slackpkg. You should always download the kernel packages and upgrade them manually via #upgradepkg kernel*. The * is where you need to fill in the rest of the package version data.

 

Here's what a blacklist looks like:

 

# This is a blacklist file. Any packages listed here won't be
# upgraded, removed, or installed by slackpkg.
#
# The correct syntax is:
#
# To blacklist the package xorg-server-1.6.3-x86_64-1 the line will be:
# xorg-server
#
# DON'T put any space(s) before or after the package name or regexp.
# If you do this, the blacklist will NOT work.

#
# Automated upgrade of kernel packages aren't a good idea (and you need to
# run "lilo" after upgrade). If you think the same, uncomment the lines
# below
#

kernel-firmware
kernel-generic
kernel-generic-smp
kernel-headers
kernel-huge
kernel-huge-smp
kernel-modules
kernel-modules-smp
kernel-source

#
# aaa_elflibs can't be updated.
#
aaa_elflibs

# You can blacklist using regular expressions.
#
# Don't use *full* regex here, because all of the following
# will be checked for the regex: series, name, version, arch,
# build and fullname.
#
# This one will blacklist all SBo packages:
#[0-9]+_SBo
#
# This will blacklist opensource nouveau drivers - running Nvidia proprietary

nouveau

# This will blacklist HP drivers - running directly downloaded version from HP

hplip

 

Note: I'm blacklisting nouveau (video drivers) because I'm running Nvidia proprietary drivers on this system. Also, I'm blacklisting hplip because I'm running Hewlett Packard proprietary drivers.

 

Don't forget to edit your /etc/slackpkg/mirrors text file to remove (un-comment) the # from in front of your choice of servers for slackpkg to use when downloading updates.

 

Here is the link for the Slackware mailing lists...

 

http://www.slackware.com/lists/

 

There you go. Clear as chocolate pudding, huh? ;)

  • Like 2
Link to comment
Share on other sites

You should always update if there are updates available. How else would you get security fixes and such? Without updates, you will eventually become vulnerable to an attack.

Hi SB....thanks for the reply.

 

I guess I'll have to research it more. I don't really understand how that will happen. I just boot up, go online, mess around with digital photos, read the news, play cards, youtube..... so I see the path an attack would take (being online) but does that mean that if 'geeqie' is out of date an attack could wind it's way through it?

confused.....

 

I am referring to the updates for things like ssl and such. Remember over the last few months where there were vulnerabilities for ssl, SambaCry, and others that were found and fixed right away? Well without the updates, you are still vulnerable to them.

 

Thanks for the info SB.....I really don't follow news about hacking although I do hear about when something happens but I see what you are saying.

  • Like 1
Link to comment
Share on other sites

Slackware doesn't "auto-update" like all those pansy-arse Linuxes out there.

No unattended-upgrades with Debian Sid either. Not when you're livin' on the fault line.

 

faultline.jpg

  • Like 2
Link to comment
Share on other sites

Tnx Eric. Slack Racks! ... I mean Rocks! OK, I just subscribed to the Security Updates.... and understand that is all they are. But what can I expect to happen when I run:

#slackpkg update

 

#slackpkg upgrade-all

?

I am not online 24-7 and since I've never updated since installing 14.1 will it be something that takes several hours? Also, when I do have access to internet do I have to remain locked to the screen because during the update it may ask for confirmation on something?

 

Would it be wise to make a list of pkgs I have installed and delete items that I know I'm not using first? then make up the blacklist?

 

This is all new to me, thanks for the info.....

 

Neil

Link to comment
Share on other sites

V.T. Eric Layton

Well, there have been quite a few updates since 14.1 was first release; most of them are repeated updates of the same app/software, so you won't get them all when you update. You'll just get the most recent. After you've edited your /etc/slackpkg/mirrors to choose a mirror site to download from, the slackpkg command will access the server and download the filelist. After that is completed, you run slackpkg upgrade-all and an ncurses window comes up in the terminal that allows you to see all the software that's going to get upgraded. You can choose to not upgrade some or all of those packages by de-selecting them.

 

#slackpkg update will look like this:

 

root@ericsbane07/home/vtel57:# slackpkg update

Updating the package lists...
Downloading...
Downloading ftp://ftp.osuosl.org/.2/slackware/slackware64-14.1/ChangeLog.txt...
--2017-07-26 13:09:19-- ftp://ftp.osuosl.org/.2/slackware/slackware64-14.1/ChangeLog.txt
	 => '/tmp/slackpkg.qHI6Ny/ChangeLog.txt'
Resolving ftp.osuosl.org (ftp.osuosl.org)... 140.211.166.134
Connecting to ftp.osuosl.org (ftp.osuosl.org)|140.211.166.134|:21... connected.
Logging in as anonymous ... Logged in!
==> SYST ... done. ==> PWD ... done.
==> TYPE I ... done. ==> CWD (1) /.2/slackware/slackware64-14.1 ... done.
==> SIZE ChangeLog.txt ... 411826
==> PASV ... done. ==> RETR ChangeLog.txt ... done.
Length: 411826 (402K) (unauthoritative)

ChangeLog.txt	 100%[===================>] 402.17K 224KB/s in 1.8s

-
-
-
Resolving ftp.osuosl.org (ftp.osuosl.org)... 140.211.166.134
Connecting to ftp.osuosl.org (ftp.osuosl.org)|140.211.166.134|:21... connected.
Logging in as anonymous ... Logged in!
==> SYST ... done. ==> PWD ... done.
==> TYPE I ... done. ==> CWD (1) /.2/slackware/slackware64-14.1/testing ... done.
==> SIZE PACKAGES.TXT ... 845
==> PASV ... done. ==> RETR PACKAGES.TXT ... done.
Length: 845 (unauthoritative)

PACKAGES.TXT	 100%[===================>]	 845 --.-KB/s in 0s	

2017-07-26 13:11:29 (139 MB/s) - '/tmp/slackpkg.qHI6Ny/testing-PACKAGES.TXT' saved [845]

Formatting lists to slackpkg style...
Package List: using CHECKSUMS.md5 as source
Package descriptions

 

When you run slackpkg upgrade-all, it'll look like this in your terminal:

 

Lb7qM7M.png

 

To select your choice of mirrors in /etc/slackpkg/mirrors, you just un-comment (remove the #) the line that has the server you choose to use. Like this...

 

# UNITED STATES (US)
# ftp://carroll.aset.psu.edu/pub/linux/distributions/slackware/slackware64-14.1/
# http://carroll.aset.psu.edu/pub/linux/distributions/slackware/slackware64-14.1/
# ftp://ftp.gtlib.gatech.edu/nv/ao2/lxmirror/ftp.slackware.com/slackware64-14.1/
ftp://ftp.osuosl.org/.2/slackware/slackware64-14.1/
# http://ftp.osuosl.org/.2/slackware/slackware64-14.1/
# ftp://hpc-mirror.usc.edu/pub/linux/distributions/slackware/slackware64-14.1/
# http://hpc-mirror.usc.edu/pub/linux/distributions/slackware/slackware64-14.1/
# ftp://marmot.tn.utexas.edu/pub/slackware/slackware64-14.1/

 

You can see above where I have ftp://ftp.osuosl.org un-commented.

 

As far as blacklisting goes, about the only thing most people will need to blacklist are the kernel packages for reasons mentioned in the above post. MAKE SURE you blacklist the kernel packages as I've shown above BEFORE you run slackpkg update/upgrade-all. If you don't, then slackpkg will update your kernels. There have been at least two kernel patches issued for 14.1, that I can remember. You don't want slackpkg doing the updating. It's proper Slackware procedure to upgrade them manually by downloading them from here:

 

http://www.slackware...security.696048

 

You should check /boot to see which and what type of kernel you're currently running:

 

vtel57@ericsbane07~:$ ls -al /boot
total 14848
drwxr-xr-x 3 root root 4096 Jul 13 13:12 ./
drwxr-xr-x 22 root root 4096 Jul 26 13:14 ../
lrwxrwxrwx 1 root root	 38 Jul 3 19:57 README.initrd -> /usr/doc/mkinitrd-1.4.10/README.initrd
lrwxrwxrwx 1 root root	 24 Jul 13 13:04 System.map -> System.map-huge-3.10.107
-rw-r--r-- 1 root root 3400556 Jun 28 15:34 System.map-huge-3.10.107
-rw-r--r-- 1 root root	 512 Dec 1 2016 boot.0800
-rw-r--r-- 1 root root	 209 Dec 1 2016 boot_message.txt
lrwxrwxrwx 1 root root	 20 Jul 13 13:04 config -> config-huge-3.10.107
-rw-r--r-- 1 root root 137889 Jun 28 15:34 config-huge-3.10.107
-rwxr-xr-x 1 root root 217646 Jan 10 2011 elilo-ia32.efi*
-rwxr-xr-x 1 root root 250510 Jan 10 2011 elilo-x86_64.efi*
drwxr-xr-x 14 root root 4096 Jul 13 13:12 initrd-tree/
-rw-r--r-- 1 root root 4506071 Jul 13 13:12 initrd.gz
-rw-r--r-- 1 root root 22578 Oct 27 2013 inside.bmp
-rw------- 1 root root 98304 Jul 13 13:12 map
-rw-r--r-- 1 root root 6878 Oct 27 2013 onlyblue.bmp
-rw-r--r-- 1 root root 15634 Mar 27 2011 slack.bmp
-rw-r--r-- 1 root root 33192 Oct 27 2013 tuxlogo.bmp
lrwxrwxrwx 1 root root	 21 Jul 13 13:04 vmlinuz -> vmlinuz-huge-3.10.107
-rw-r--r-- 1 root root 6470320 Jun 28 15:34 vmlinuz-huge-3.10.107

 

In my case above, you can see the lines:

 

rwxrwxrwx 1 root root 24 Jul 13 13:04 System.map -> System.map-huge-3.10.107

lrwxrwxrwx 1 root root 20 Jul 13 13:04 config -> config-huge-3.10.107

lrwxrwxrwx 1 root root 21 Jul 13 13:04 vmlinuz -> vmlinuz-huge-3.10.107

 

These are symbolic links (shortcuts) to the kernel I'm using --> huge-3.10.107, so that tells us that I'm running the huge kernel on my system. That's the kernel with everything included (kitchen sink and all). It's big, but if you have the drive space, it doesn't hurt to run the huge kernel.

 

I'm also running and initrd (initial ramdisk). You can read more about that here:

 

https://mirrors.slac...t/README.initrd

 

You probably won't need and initrd on your system. If you don't see the lines in ls -a /boot above that say:

 

drwxr-xr-x 14 root root 4096 Jul 13 13:12 initrd-tree/

-rw-r--r-- 1 root root 4506071 Jul 13 13:12 initrd.gz

 

then you're not running one.

 

Anyway, you can go to a mirror site in your browser to download the kernel patches... or, if you're real techie like Josh, you can use wget in the command line. ;)

 

Here's a link to one of the mirrors I use:

 

ftp://slackware.oregonstate.edu/pub/slackware/slackware64-14.1/patches/packages/linux-3.10.107/

 

All the kernel patch packages are there for you. Download the .txz package for your choice of kernel (generic or huge). Download the .txz packages for "modules" and "headers" also. With your terminal open, navigate to where you downloaded those packages and run:

 

#upgradepkg kernel*

 

This command will upgrade your existing kernel to the patched kernel, modules, and headers that you just downloaded. After you've done all this and the patching is complete (assuming you're not running an initrd), you'll need to run LILO to update your LILO boot-loader:

 

#lilo

 

That's it. You're all done. You can reboot now and watch the sparks fly. Once your system reboots, you can run:

 

#uname -a

 

and this will show you that you're running the newer version kernel that you just upgraded to.

 

Weeeeeeeeee! Fun, huh? ;)

 

Oh, if you're booting your Slackware with Arch's GRUB, you won't have to run lilo in Slackware because you're not using the LILO boot-loader on your system.

  • Like 1
Link to comment
Share on other sites

V.T. Eric Layton

You and your Draft Saving.... ;)

 

I had to go out for a smoke. I was jonesing after such a long post. :yes:

  • Like 2
Link to comment
Share on other sites

Eric...thanks for the info. Lot's of good info there. It seems like it's not going to be that big of an issue. My concern was time. As mentioned I'm not in an area where I have internet 24-7. I rely on public libraries mostly and I'd hate starting the updates only to find that it's going to take 10 hours....but I guess as you mention I can chose to upgrade a few here, a few there....which really isn't a bad thing. If I only start with a few I would certainly see the progress/issues etc. and get a feel of the process. I won't mess with upgrading the kernel.... cool..... this is why I like linux. IT'S FUN!!!

  • Like 2
Link to comment
Share on other sites

V.T. Eric Layton

I installed Slack 14.1 on a laptop just a month or so ago. It only took about 20 minutes to download and install all the updates for it, but I have a fast FIOS connection, so it's hard for me to judge. But yes, you can update in chunks at your convenience.

 

Keep in mind though, those kernel patches that have been issued are NOT updates to newer versions of the kernel necessarily. They are SECURITY fixes for issues with the older versions of the kernel, so it might behoove you to attempt the patch for the newest kernel available for 14.1 that way you can be sure that the kernel is secure at that point.

 

The odds of you experiencing a breach because of one those kernel security issues is probably pretty slim, though.

 

Good luck with it all! Scream if you need some help. I enjoyed this thread. It's not everyday that someone pops into Scot's with Slackware questions. ;)

  • Like 1
Link to comment
Share on other sites

Thanks again. I'm not really too concerned about the kernel security issues.

 

I like this thread too. Not only am I learning more about my behooved Slack, my vocabulary is improving too..... "behoove" is a word I've never used before in a sentence up until now. I looked it up and saw it has nothing to do with horses. :)

  • Like 1
Link to comment
Share on other sites

securitybreach

Thanks again. I'm not really too concerned about the kernel security issues.

 

Ummm, what? You do realize that the kernel is the main part of the OS?

  • Like 2
Link to comment
Share on other sites

Hi SB.....

Thanks again. I'm not really too concerned about the kernel security issues.

I meant to say it wasn't a concern at the moment. :)

Link to comment
Share on other sites

securitybreach

Hi SB.....

Thanks again. I'm not really too concerned about the kernel security issues.

I meant to say it wasn't a concern at the moment. :)

 

Ah ok. :)

Link to comment
Share on other sites

Wow, doing the package udates was pretty painless. I made sure to blacklist the kernel first. But what surprised me was what package were being upgraded. It may have been about 25 or so...not as many as I thought. When I look at all the packages I have installed and only had 25 or so to upgrade.....

 

I don't know if it did anything to solve the issue with the error message I get when I shutdown....

Link to comment
Share on other sites

You and your Draft Saving.... ;)

 

I had to go out for a smoke. I was jonesing after such a long post. :yes:

I owe you a carton of smokes...

  • Like 1
Link to comment
Share on other sites

V.T. Eric Layton

HAHA! A carton of smokes cost way more these days than my going price for free help. Funny, though... on my bench at one of the shops (electronics) where I worked (many moons ago), I had a sign that showed the profile of a long-haired bearded guy smoking a cig. The sign said, "Will work for cigarettes." ;)

  • Like 2
Link to comment
Share on other sites

Eric....received a personal email direct posthaste from Slackware-Security early this morning informing me that new gnupg packages were available for Slackware 14.1..... well, I wasn't sceered and with confident fingers went ahead and issued:

#slackpkg update

#slackpkg upgrade-all

Executing install script for gnupg-1.4.22-x86_64-1_slack14.1.txz.

Package gnupg-1.4.22-x86_64-1_slack14.1.txz installed.

Package gnupg-1.4.21-x86_64-1_slack14.1 upgraded with new package ./gnupg-1.4.22-x86_64-1_slack14.1.txz

 

I'm gonna take the rest of the day off..... :)

  • Like 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...