5.5. Automating Updates
One of the main reasons that packages are updated is to correct newly discovered security vulnerabilities. It's important to keep a system up-to-date so that these security vulnerabilities are eliminated as soon as fixes are made available.
Automating system updates makes this easy. Fedora is configured to perform updates automatically; all you need to do is turn this feature on.
5.5.1. How Do I Do That?
[main] # how often to check for new updates (in seconds) run_interval = 3600 # how often to allow checking on request (in seconds) updaterefresh = 600 # how to send notifications (valid: dbus, email, syslog) emit_via = dbus # automatically install updates do_update = no # automatically download updates do_download = no # automatically download deps of updates do_download_deps = no
Change the do_update line to enable the automatic installation of updates:
do_update = yes
# service yum-updatesd reload Stopping yum-updatesd: [ OK ] Starting yum-updatesd: [ OK ]
5.5.2. How Does It Work?
The yum-updatesd service polls your configured repositories at regular intervals to determine if updates are available for any of your installed packages. By altering the configuration file, you instruct yum-updatesd to install the updated packages that it finds (effectively performing a yum -y update at regular intervals).
5.5.3. What About...
188.8.131.52. ...downloading but not installing updates?
By enabling the do_download and do_download_deps options, you can configure yum-updatesd to download available updates and related dependencies without installing them. This enables you to review the list of updates using Pup and then install selected updates without further download delay.
# automatically install updates do_update = no # automatically download updates do_download = yes # automatically download deps of updates do_download_deps = yes
184.108.40.206. ...updating a machine when it's booted?
The yum-updateonboot package can be used to update a machine whenever it is turned on. This ensures that security patches are automatically applied before the system is used. yum-updateonboot can be activated in addition to the automatic 4 a.m. update.
You can install and configure yum-updateonboot with these commands:
# yum install yum-updateonboot Setting up Install Process ...(Lines snipped)... ======================================================================== Package Arch Version Repository Size ======================================================================== Installing: yum-updateonboot noarch 0.3.1-1.fc4 extras 5.1 k Transaction Summary ======================================================================== Install 1 Package(s) Update 0 Package(s) Remove 0 Package(s) Total download size: 5.1 k Is this ok [y/N]: y ...(Lines snipped)... Installed: yum-updateonboot.noarch 0:0.3.1-1.fc4 Complete! # chkconfig --add yum-updateonboot # chkconfig --level 2345 yum-updateonboot on
You can configure yum-updateonboot to reboot the system if any of the updates involve the kernel. Edit /etc/sysconfig/yum-updateonboot and activate the line highlighted here by removing the pound sign (#) at the start of the line:
# IF any of these rpms are updated, the yum-updateonboot init script will # reboot immediately after the yum update. To keep yum-updateonboot from # rebooting the system, comment this line out. REBOOT_RPMS="kernel kernel-smp" # A list of groups that should be updated at boot. For each group mentioned # yum-updateonboot will call 'yum -y groupupdate' Since group names tend to # have spaces in them, used a semi-colon to separate the group names #GROUPLIST="My Group;MyOtherGroup;Some_Group;My Group 4"
5.5.4. Where Can I Learn More?