Chapter 1. Package Update Tools (SLE and RHEL)

Contents

1.1. Updating Packages on SLErfc
1.2. Updating Packages on RHEL 5
1.3. Red Hat Update Agent (RHEL 4)debranded

On the supported client systems various software management and package update tools are in use—not only GUI programs and desktop applets, but also command-line tools.

[Warning]Updating SUSE Manager

For updating SUSE Manager server, additional steps might be required. Refer to Section “Updating SUSE Manager” (↑Installation Guide) for detailed instructions.

1.1. Updating Packages on SLE

YaST Online Update (yast2 online_update) is the desktop update application for SUSE Linux Enterprise. Using this tool, you can update packages and read details on the updated packages, such as bug fix information, security alerts, enhancements, and more. For more information, refer to Section 1.1.1, “Using YaST Online Update”.

Use zypper, if you want to manage software updates with command line tools. For more information, refer to Section 1.1.2, “Updating Packages from the Command Line with Zypper”.

For background information, see the SUSE Linux Enterprise Deployment Guide, Chapter 9.0 Installing or Removing Software (using desktop applets). SUSE Linux Enterprise Administration Guide, Chapter 1.0 YaST Online Update, and Chapter 4.0 Managing Software with Command Line Tools (zypper).

If you enable the Auto Patch Update, installing updates will take place automatically, pushed from SUSE Manager. For more information about this feature, refer to Auto Patch Update.

1.1.1. Using YaST Online Update

Novell offers a continuous stream of software security updates for your product. By default the update applet is used to keep your system up-to-date. This section covers the tool for updating software packages: YaST Online Update.

Figure 1.1. YaST Software Repositories

YaST Software Repositories

After activating the SUSE Linux Enterprise Server client system, SUSE Manager channels are available as a spacewalk repository service (see Figure 1.1, “YaST Software Repositories”) and you can use YaST to install software updates on the client system. For more information about client activation, refer to Section “Client Setup” (, ↑Quick Start) and Section 3.4.6, “Activation Keys — [Mgmt]”.

Novell provides updates with different relevance levels. Security updates fix severe security hazards and should definitely be installed. Recommended updates fix issues that could compromise your computer, whereas Optional updates fix non-security relevant issues or provide enhancements.

Procedure 1.1. Installing Patches with YaST Online Update

  1. Run Software+Online Update in YaST

  2. All new patches (except the optional ones) that are currently available for your system are already marked for installation. Click Accept or Apply to automatically install them.

  3. Confirm with Finish after the installation has completed. Your system is now up-to-date.

1.1.1.1. Installing Patches Manually Using the Qt Interface

The Online Update window consists of four sections. The list of all patches available is on the left. Find the description of the selected patch displayed below the list of patches. The right column lists the packages included in the selected patch (a patch can consist of several packages) and below, a detailed description of the selected package.

Figure 1.2. YaST Online Update

YaST Online Update

The patch display lists the available patches for the client system. The patches are sorted by security relevance (security, recommended, and optional). There are three different views on patches. Use Show Patch Category to toggle the views:

Needed Patches (default view)

Non-installed patches that apply to packages installed on your system.

Unneeded Patches

Patches that either apply to packages not installed on your system, or patches that have requirements which have already have been fulfilled (because the relevant packages have already been updated from another source).

All Patches

All patches available for the client system.

A list entry consists of a symbol and the patch name. For a list of possible symbols, press Shift+F1. Actions required by Security and Recommended patches are automatically preset. These actions are Autoinstall, Autoupdate and Autodelete. Actions for Optional patches are not preset—right-click on a patch and choose an action from the list.

If you install an up-to-date package from a repository other than the update repository, the requirements of a patch for this package may be fulfilled with this installation. In this case a check mark is displayed in front of the patch summary. The patch will be visible in the list until you mark it for installation. This will in fact not install the patch (because the package already is up-to-date), but mark the patch as having been installed.

Most patches include updates for several packages. If you want to change actions for single packages, right-click on a package in the package window and choose an action. Once you have marked all patches and packages as desired, proceed with Accept.

1.1.1.2. Installing Patches Manually Using the GTK Interface

The Online Update window consists of two main sections. The left pane lists all patches and provides different filters for the patch list. See the right pane for a list of changes that will carried out once you Apply them.

Figure 1.3. YaST Online Update

YaST Online Update

Patch List Filters

Available

Non-installed patches that apply to packages installed on your system.

Installed

Patches that are already installed.

All

Patches that are either already installed or available.

Severity

Only show Optional, Recommended, or Security patches. By default, All patches are shown.

Repositories

This filter lets you display the patches per repository.

Packages Listing

Apply your custom filter here.

Click on a patch entry to open a row with detailed information about the patch in the bottom of the window. Here you can see a detailed patch description as well as the versions available. You can also choose to Install optional patches—security and recommended patches are already preselected for installation.

1.1.1.3. Automatic Online Update

YaST also offers the possibility to set up an automatic update. Open Software+Online Update Configuration. Check Automatic Online Update and choose whether to update Daily, Weekly, or Monthly. Some patches, such as kernel updates, require user interaction, which would cause the automatic update procedure to stop. Therefore you should check Skip Interactive Patches if you want the update procedure to proceed fully automatically. Having done so, you should run a manual Online Update from time to time in order to install patches that require interaction.

1.1.2. Updating Packages from the Command Line with Zypper

Zypper is a command line package manager for installing, updating and removing packages as well as for managing repositories. It is especially useful for accomplishing remote software management tasks or managing software from shell scripts.

For more information on managing software from the command line, enter zypper help or zypper help command or see the zypper(8) manpage. .

1.1.2.1. General Usage

The general syntax of Zypper is:

zypper [global-options] command [command-options] [arguments] ...

The components enclosed in brackets are not required. The simplest way to execute Zypper is to type its name, followed by a command. For example, to apply all needed patches to the system type:

zypper patch

Additionally, you can choose from one or more global options by typing them just before the command. For example, --non-interactive means running the command without asking anything (automatically applying the default answers):

zypper --non-interactive patch

To use the options specific to a particular command, type them right after the command. For example, --auto-agree-with-licenses means applying all needed patches to the system without asking to confirm any licenses (they will automatically be accepted):

zypper patch --auto-agree-with-licenses

Some commands require one or more arguments. When using the install command, for example, you need to specify which package(s) to install:

zypper install mplayer

Some options also require an argument. The following command will list all known patterns:

zypper search -t pattern

You can combine all of the above. For example, the following command will install mplayer and amarok packages using the factory repository only, and be verbose:

zypper -v install --repo factory mplayer amarok

Most Zypper commands have a dry-run option that does a simulation of the given command. It can be used for test purposes.

zypper remove --dry-run MozillaFirefox

1.1.2.2. Installing and Removing Software with Zypper

To install or remove packages use the following commands:

zypper install package
zypper remove package

Zypper knows various ways to address packages for the install and remove commands:

by the exact package name
zypper in MozillaFirefox
by repository alias and package name
zypper in mozilla:MozillaFirefox

Where mozilla is the alias of the repository from which to install.

by package name using wildcards

The following command will install all packages that have names starting with Moz. Use with care, especially when removing packages.

zypper in Moz*
by capability

If you, for example, would like to install a perl module without knowing the name of the package, capabilities come in handy:

zypper in 'perl(Time::ParseDate)'
by capability and/or architecture and/or version

Together with a capability you can specify an architecture (such as i586 or x86_64) and/or a version. The version must be preceded by an operator: < (lesser than), <= (lesser than or equal), = (equal>, >= (greater than or equal), > (greater than).

zypper in 'firefox.x86_64'
zypper in 'firefox>=3.5.3'
zypper in 'firefox.x86_64>=3.5.3'
by path

You can also specify a local or remote path to a package:

zypper in /tmp/install/MozillaFirefox.rpm
zypper in http://download.opensuse.org/repositories/mozilla/SUSE_Factory/x86_64/MozillaFirefox-3.5.3-1.3.x86_64.rpm

To install and remove packages simultaneously use the +/- modifiers. To install emacs and remove vim simultaneously, use:

zypper install emacs -vim

To remove emacs and install vim simultaneously, use:

zypper remove emacs +vim

To prevent the package name starting with the - being interpreted as a command option, always use it as the second argument. If this is not possible, precede it with --:

zypper install -emacs +vim       # Wrong
zypper install vim -emacs        # Correct
zypper install -- -emacs +vim    # same as above
zypper remove emacs +vim         # same as above

By default, Zypper asks for a confirmation before installing or removing a selected package, or when a problem occurs. You can override this behavior using the --non-interactive option. This option must be given before the actual command (install, remove, and patch) as in the following:

zypper --non-interactive install package_name

This option allows the use of Zypper in scripts and cron jobs.

[Warning]Do not Remove Mandatory System Packages

Do not remove packages such as glibc, zypper, kernel, or similar packages. These packages are mandatory for the system and, if removed, may cause the system to become unstable or stop working altogether.

1.1.2.2.1. Installing Source Packages

If you want to install the corresponding source package of a package, use:

zypper source-install package_name
   

That command will also install the build dependencies of the specified package. If you do not want this, add the switch -D. To install only the build dependencies use -d.

zypper source-install -D package_name # source package only
zypper source-install -d package_name # build dependencies only

Of course, this will only work if you have the repository with the source packages enabled in your repository list (it is added by default, but not enabled). See Section 1.1.2.4, “Managing Repositories with Zypper” for details on repository management.

A list of all source packages available in your repositories can be obtained with:

zypper search -t srcpackage
1.1.2.2.2. Utilities

To verify whether all dependencies are still fulfilled and to repair missing dependencies, use:

zypper verify

In addition to dependencies that must be fulfilled, some packages recommend other packages. These recommended packages are only installed if actually available. In case recommended packages were made available after the recommending package has been installed (by adding additional packages), use the following command:

zypper install-new-recommends

1.1.2.3. Updating Software with Zypper

There are three different ways to update software using Zypper: by installing patches, by installing a new version of a package or by updating the entire distribution. The latter is achieved with the zypper dist-upgrade command.

1.1.2.3.1. Installing Patches

To install all officially released patches applying to your system, just run:

zypper patch

In this case, all patches available in your repositories are checked for relevance and installed, if necessary. After registering your SUSE Manager installation, an official update repository containing such patches will be added to your system. The above command is all you must enter in order to apply them when needed.

Zypper knows three different commands to query for the availability of patches:

zypper patch-check

Lists the number of needed patches (patches, that apply to your system but are not yet installed)

~ # zypper patch-check
Loading repository data...
Reading installed packages...
5 patches needed (1 security patch)
zypper list-patches

Lists all needed patches (patches, that apply to your system but are not yet installed)

~ # zypper list-updates
Loading repository data...
Reading installed packages...
S | Repository | Name                          | Current | Available  | Arch
--+------------+-------------------------------+---------+------------+-------
v | Updates    | update-test-interactive       | 0-2.35  | 0-9999.1.2 | noarch
v | Updates    | update-test-optional          | 0-2.35  | 0-9999.1.2 | noarch
v | Updates    | update-test-reboot-needed     | 0-2.35  | 0-9999.1.2 | noarch
v | Updates    | update-test-relogin-suggested | 0-2.35  | 0-9999.1.2 | noarch
v | Updates    | update-test-security          | 0-2.35  | 0-9999.1.2 | noarch
zypper patches

Lists all patches available for SUSE Manager, regardless of whether they are already installed or apply to your installation.

It is also possible to list and install patches relevant to specific issues. To list specific patches, use the zypper list-patches command with the following options:

-b

Lists all needed patches for Bugzilla issues.

--bugzilla[=number]

Lists needed patches for the Bugzilla issue with the specified number.

To install a patch for a specific issue, use command:

zypper patch --bugzilla=number
  
1.1.2.3.2. Installing Updates

If a repository contains only new packages, but does not provide patches, zypper patch does not show any effect. To update all installed packages with newer available versions, use:

zypper update

To update individual packages, specify the package with either the update or install command:

zypper update package
zypper install package

A list of all new packages available can be obtained with the command:

zypper list-updates
[Note]Differences between zypper update and zypper dist-upgrade

Choose zypper update to update packages to newer versions available for your product version while maintaining system integrity. zypper update will honor the following rules:

no vendor changes
no architecture changes
no downgrades
keep installed packages

To upgrade your installation to a new product version use zypper dist-upgrade with the required repositories (see Section 1.1.2.4, “Managing Repositories with Zypper” for details). This command ensures that all packages will be installed from the repositories currently enabled. This rule is enforced, so packages might change vendor or architecture or even might get downgraded. All packages that have unfulfilled dependencies after the upgrade will be uninstalled.

1.1.2.4. Managing Repositories with Zypper

All installation or patch commands of Zypper rely on a list of known repositories. To list all repositories known to the system, use the command:

zypper repos

The result will look similar to the following output:


# | Alias                             | Name                              | Enabled | Refresh
--+-----------------------------------+-----------------------------------+---------+--------
1 | SUSE-Linux-Enterprise-Server 11-0 | SUSE-Linux-Enterprise-Server 11-0 | Yes     | No
2 | SLES-11-Updates                   | SLES 11 Online Updates            | Yes     | Yes
3 | broadcomdrv                       | Broadcom Drivers                  | Yes     | No      

When specifying repositories in various commands, an alias, URI or repository number from the zypper repos command output can be used. Note however that the numbers can change after modifying the list of repositories. The alias will never change by itself.

By default, details as the URI or the priority of the repository is not displayed. Use the following command to list all details:

1.1.2.4.1. Adding Repositories

To add a repository, run

zypper addrepo URI Alias

URI can either be an Internet repository, a network resource, a directory or a CD or DVD (see http://en.opensuse.org/Libzypp/URI for details). The Alias is a shorthand and unique identifier of the repository. You can freely choose it, with the only exception that is has to be unique. Zypper will issue a warning if you specify an alias that is already in use. To make working with repositories more convenient, use short and easy-to-remember aliases.

1.1.2.4.2. Removing Repositories

If you want to remove a repository from the list, use the command zypper removerepo together with the alias or number of the repository you want to delete. To remove the 3rd entry from the example, use the following command:

zypper removerepo 3
1.1.2.4.3. Modifying Repositories

Enable or disable repositories with zypper modifyrepo. You can also alter the repository's properties (such as refreshing behavior, name or priority) with this command. The following command will enable the repository name updates, turn on auto-refresh and set it's priority to 20:

zypper mr -er -p 20 'updates'

Modifying repositories is not limited to a single repository—you can also operate on groups:

-a: all repositories
-l: local repositories
-t: remote repositories
-m TYPE: repositories of a certain type (TYPE can be one of the following: http, https, ftp, cd, dvd, dir, file, cifs, smb, nfs, hd, iso)

To rename a repository alias, use the renamerepo command. The following example changes the alias from Mozilla Firefox to just firefox:

zypper renamerepo 'Mozilla Firefox' firefox

1.1.2.5. Querying Repositories and Packages with Zypper

Zypper offers various methods to query repositories or packages. To get lists of all products, patterns, packages or patches available, use the following commands:

zypper products
zypper patterns
zypper packages
zypper patches

To query all repositories for certain packages, use search. It works on package names, capabilities or, optionally, on package summaries and descriptions. Using the wildcards * and ? with the search term is allowed. By default, the search is not case-sensitive.

zypper se firefox       # simple search for "firefox"
zypper se *fire*        # using wildcards
zypper se -d fire       # also search in package descriptions and summaries
zypper se -u firefix    # only display packages not already installed

To search for packages which provide a special capability, use the command what-provides. If you, for example, would like to know which package provides the perl Module SVN::Core, use the following command:

zypper what-provides 'perl(SVN::Core)'

To query single packages, use info with an exact package name as an argument. It displays detailed information about a package. Use the options --requires and --recommends to also show what is required/recommended by the package:

zypper info --requires MozillaFirefox

The what-provides package is similar to rpm -q --whatprovides package, but rpm is only able to query the RPM database (that is the database of all installed packages). Zypper, on the other hand, will tell you about providers of the capability from any repository, not only those that are installed.

1.2. Updating Packages on RHEL 5

Depending on your version of Red Hat Enterprise Linux, systems registered with SUSE Manager can update client systems directly using various tools and applications installed on the system. For Red Hat Enterprise Linux 5, you can use the Package Updater (or pup) to keep systems updated.

The Package Updater (pup) is the desktop update application for Red Hat Enterprise Linux 5. Using this tool, you can update packages and read details on the updated packages, such as bug fix information, security alerts, enhancements, and more.

1.2.1. Using the Package Updater

To start the Package Updater from the desktop, open Applications (the main menu on the panel), then click System ToolsPackage Updater.

If you are at a shell prompt window, type pup to open the Package Updater.

Figure 1.4. Package Updater Interface

Package Updater Interface

If there are multiple package updates, they will be listed with checkmarks next to them so that you can choose which files to update. Some packages (for example, kernel packages) may have a circular arrow icon next to them, indicating that you are required to reboot your system after updating the package.

To view the update details of any package, highlight the package and click the arrow next to Update Details.

When you are ready to update the packages, click Apply updates. The Updater will resolve any dependencies, and notify you when a package must be installed to meet a dependency for an updated package.

Figure 1.5. Package Dependency

Package Dependency

Click Continue to accept the dependency and resume the update.

If this is the first time using the Package Updater, the program will prompt you to imort the Red Hat GPG security key that verifies that a package has been signed and is certified for Red Hat Enterprise Linux.

Click Import Key to accept the Key and continue with the update.

When the update completes, you may be prompted to reboot your system for the changes to take effect.

Figure 1.6. Reboot Prompt

Reboot Prompt

You can choose to reboot now or later, but it is recommended to click Reboot Now to start using the updated packages.

1.2.2. The Package Updater Applet

Red Hat Enterprise Linux 5 also features a a running program on the graphical desktop panel that periodically checks for updates from the SUSE Manager server and will alert users when a new update is available.

Figure 1.7. Package Updater Applet

Package Updater Applet

The Package Updater Applet stays in the notification tray of the desktop panel and checks for new updates periodically. The applet also allows you to perform a few package maintenance tasks from the applet by clicking the notification icon and choosing from the following actions:

  • Refresh — Check SUSE Manager for new updates

  • View Updates — launches the Package Updater application so that you can see any available updates in more detail and configure the updates to your specifications

  • Apply Updates — Download and Install all updated packages.

  • Quit — close the applet

1.2.3. Updating Packages from the Command Line with yum

The foundation of the Package Updater is the Yum package manager, developed by Duke University to improve the installation of RPMs. yum searches supported repositories for packages and their dependencies so they may be installed together in an effort to alleviate dependency issues. Red Hat Enterprise Linux 5 uses yum to fetch packages and install packages.

up2date is not available on Red Hat Enterprise Linux 5, which uses Yum (Yellowdog Updater Modified). The entire stack of tools that installs and updates software in Red Hat Enterprise Linux 5 is now based on Yum. This includes everything from the initial installation via Anaconda installation program to host software management tools like pirut.

1.2.3.1. yum Commands

yum commands are typically typed as the following:

yum command [package_name]

By default, Yum will automatically attempt to check all configured repositories to resolve all package dependencies during an installation or upgrade. The following is a list of the most commonly-used yum commands. For a complete list of available yum commands, refer to man yum.

yum install package_name

Used to install the latest version of a package or group of packages. If no package matches the specified package name(s), they are assumed to be a shell wildcard, and any matches are then installed.

yum update package_name

Used to update the specified packages to the latest available version. If no packages are specified, then yum will attempt to update all installed packages.

If the --obsoletes option is used (i.e. yum --obsoletes package_name), yum will process obsolete packages. As such, packages that are obsoleted across updates will be removed and replaced accordingly.

yum check-update

This command allows you to determine whether any updates are available for your installed packages. yum returns a list of all package updates from all repositories if any are available.

yum remove package_name

Used to remove specified packages, along with any other packages dependent on the packages being removed.

yum provides package_name

Used to determine which packages provide a specific file or feature.

yum search keyword

This command is used to find any packages containing the specified keyword in the description, summary, packager and package name fields of RPMs in all supported repositories.

yum localinstall absolute path to filename

Used when using yum to install a package located locally in the machine.

1.3. Red Hat Update Agent (RHEL 4)

The Red Hat Update Agent is your connection to SUSE Manager on Red Hat Enterprise Linux 4. It enables you to register your systems, create System Profiles, and alter the settings by which your organization and SUSE Manager interact. Once registered, your systems can use the Red Hat Update Agent to retrieve the latest software packages. This tool allows you to always have the most up-to-date Red Hat Enterprise Linux systems with all security updates, bug fixes, and software package enhancements.

Remember, this tool must be run on the system you wish to update. You cannot use the Red Hat Update Agent on the system if it is not entitled to an SUSE Manager service offering.

[Warning]

Customers with Expanded Support using SUSE Manager must be entitled to retrieve updates to their Red Hat Enterprise Linux system via Novell Customer Center. Installing the Red Hat GPG key is also required. For more information, refer to Section 1.3.3.1, “Installing the Red Hat GPG key”.

1.3.1. Starting the Red Hat Update Agent

If you are not running the X Window System or prefer the command line version of the Red Hat Update Agent, skip to Section 1.3.3, “Command Line Version”.

You must be root to run the Red Hat Update Agent. If started as a standard user, Red Hat Update Agent prompts you to enter the root password before proceeding. The Red Hat Update Agent can be started as follows:

  • For Red Hat Enterprise Linux 5: At a shell prompt (for example, an xterm or gnome-terminal), type the command system-config-packages.

  • For Red Hat Enterprise Linux 4: At a shell prompt (for example, an xterm or gnome-terminal), type the command up2date.

If you start the application from a shell prompt, you can specify the options in Table 1.1, “Graphical Update Agent Options”. To view these options, type the command up2date --help. For example, use the following command to specify the directory in which to download the updated packages (temporarily overriding your saved configuration):

up2date --tmpdir=/tmp/up2date/

Table 1.1. Graphical Update Agent Options

OptionDescription
--configure Configure Red Hat Update Agent options. Refer to Section 1.3.4, “Configuration” for detailed instructions.
-d, --download Download packages only; do not install them. This argument temporarily overrides the configuration option Do not install packages after retrieval. Use this option if you prefer to install the packages manually.
-f, --force Force package installation. This option temporarily overrides the file, package, and configuration skip lists.
-i, --install Install packages after they are downloaded. This argument temporarily overrides the configuration option Do not install packages after retrieval.
-k, --packagedir Specify a colon separated path of directories in which to look for packages before trying to download them.
--nosig Do not use GPG to check package signatures. This option temporarily overrides the saved configuration option.
--tmpdir=directory Temporarily override the configured package directory. The default location is /var/spool/up2date. This option is useful if you do not have enough space in the configured location.
--dbpath=dir Specify an alternate RPM database to use temporarily.

The first time you run the Red Hat Update Agent, two dialog boxes appear that you will not see in subsequent startups: Configure Proxy Server and Install GPG Key.

The first dialog box to appear prompts you for HTTP Proxy Server information. This is useful if your network connection requires you to use a proxy server to make HTTP connections. To use this feature, select the Enable HTTP Proxy checkbox and type your proxy server in the text field with the format HOST:PORT, such as squid.mysite.org:3128. Additionally, if your proxy server requires a username and password, select the Use Authentication checkbox and enter your username and password in the respective text fields.

An HTTP Proxy Server is not required by SUSE Manager. If you do not want to use this feature, click the OK button without making any selections.

The second dialog box to appear prompts you to install the Red Hat GPG key. This key is used to verify the packages you download for security purposes. Click Yes to install the key, and you will not see this message again.

1.3.2. Registration

Before you begin using SUSE Manager, you must create a username, password, and System Profile. Upon launch, the Red Hat Update Agent senses whether these tasks have been accomplished. If not, it guides you through the registration process.

If you ever need to force the Red Hat Update Agent into registration mode, such as to re-register an existing system, you may do so by issuing the following command at a shell prompt:

up2date --register 
[Important]

If your username is part of a larger organizational account, you should take caution when registering systems. By default, all systems registered with the Red Hat Update Agent end up in the Ungrouped section of systems visible only to SUSE Manager Administrators. To ensure you retain management of these systems, your organization is recommended to create an activation key associated with a specific system group and grant you permissions to that group. You may then register your systems using that activation key and find those System Profiles within SUSE Manager immediately. Refer to Section 1.3.5, “Registering with Activation Keys” for instructions.

After installing the Red Hat GPG Key, the Welcome screen appears. It appears each time you start the Red Hat Update Agent. Click Forward to continue.

1.3.2.1. Channels

Red Hat Update Agent next displays all package channels to which you have access. The channels you select from this screen must match the base operating system of the system you are registering. if any child channels are available, you may select them as well. Additional information regarding the selected channel is displayed in the Channel Information pane. When finished, click Forward to continue.

Red Hat Update Agent now compares the packages in your RPM database with those available from the Channel you selected. The progress bar is displayed during this process.

1.3.2.2. Packages Flagged to be Skipped

The next step in the initial update is the selection of files to be skipped. Any packages checked here will not be downloaded and updated by the Red Hat Update Agent. This screen is displayed whenever packages are available that are currently selected to be ignored.

Make your selections and click Forward to continue.

1.3.2.3. Available Package Updates

The Red Hat Update Agent next displays all available updates except those you chose to skip in the previous screen. Select those you wish to download and click Forward to continue. To view the complete Patch (Errata) Advisory text for an update, highlight the relevant package and click the View Advisory button. When finished, click OK.

Select those you wish to download and click Forward to continue.

Figure 1.8. Available Package Updates

Available Package Updates

1.3.2.4. Retrieving Packages

The Red Hat Update Agent tests the packages you selected to be certain that the requirements of each RPM are met. If any additional packages are required, Red Hat Update Agent displays an error message. Click OK to continue.

Once all dependencies are met, Red Hat Update Agent retrieves the packages from SUSE Manager. As the packages are downloaded, they are temporarily stored in /var/spool/up2date/.

When all packages have been downloaded, click Forward to continue.

1.3.2.5. Installing Packages

The packages must be installed after downloading them via the Red Hat Update Agent. If you chose not to install the packages via the Red Hat Update Agent, skip to Section 1.3.3.2, “Manual Package Installation” for further instructions. If you configured the Red Hat Update Agent to install the packages (the default setting), the installation process begins. The progress of installing each package, as well as the total progress, is displayed. When the packages have been installed, click Forward to continue.

Click Finish to exit the Red Hat Update Agent.

1.3.3. Command Line Version

If you are not running X, you can still run the Red Hat Update Agent from a virtual console or remote terminal. If you are running X but want to use the command line version, you can force it not to display the graphical interface with the following command:

up2date --nox

The command line version of the Red Hat Update Agent allows you to perform advanced functions or to perform actions with little or no interaction. For example, the following command updates your system with no interaction. It downloads the newer packages and installs them if you configured it to do so.

up2date -u

The command line version of the Red Hat Update Agent accepts the following arguments:

Table 1.2. Update Agent Command Line Arguments

OptionDescription
-?, --usage Briefly describe the available options.
-h, --help List the available options and exit.
--arch=architecture Force up2date to install this architecture of the package. Not valid with --update, --list, or --dry-run.
--channel=channel Specify from which channels to update using channel labels.
--configure Configure Red Hat Update Agent options. Refer to Section 1.3.4, “Configuration” for detailed instructions.
-d, --download Download packages only; do not install them. This argument temporarily overrides the configuration option Do not install packages after retrieval. Use this option if you prefer to install the packages manually.
--dbpath=dir Specify an alternate RPM database to use temporarily.
--dry-run Do everything but download and install packages. This is useful in checking dependencies and other requirements prior to actual installation.
-f, --force Force package installation. This option temporarily overrides the file, package, and configuration skip lists.
--firstboot Pop up in the center of the screen for Firstboot.
--get Fetch the package specified without resolving dependencies.
--get-source Fetch the source package specified without resolving dependencies.
--gpg-flags Show the flags with which GPG is invoked, such as the keyring.
--hardware Update this system's hardware profile on SUSE Manager.
-i, --install Install packages after they are downloaded. This argument temporarily overrides the configuration option Do not install packages after retrieval.
--installall=<channel-label> Install all available packages from a given channel
--justdb Only add packages to the database and do not install them.
-k, --packagedir Specify a colon-separated path of directories in which to look for packages before trying to download them.
-l, --list List packages relevant to the system.
--list-rollbacks Show the package rollbacks available.
--nodownload Do not download packages at all. This is useful in testing.
--nosig Do not use GPG to check package signatures. This option temporarily overrides the saved configuration option.
--nosrc Do not download source packages (SRPMs).
--nox Do not attempt to run in X. This launches the command line version of the Red Hat Update Agent.
-p, --packages Update packages associated with this System Profile.
--proxy=proxy URL Specify an HTTP proxy to use.
--proxyPassword=proxy password Specify a password to use with an authenticated HTTP proxy.
--proxyUser=proxy user ID Specify a username to use with an authenticated HTTP proxy.
--register Register (or re-register) this system with SUSE Manager. Refer to Section 1.3.2, “Registration” for detailed instructions.
--serverUrl=server URL Specify an alternate server from which to retrieve packages.
--showall List all packages available for download.
--show-available List all packages available that are not currently installed.
--show-channels Show the channel name associated with each package.
--show-orphans List all packages currently installed that are not in channels to which the system is subscribed.
--show-package-dialog Show the package installation dialog in GUI mode.
--solvedeps=dependencies Find, download, and install the packages necessary to resolve dependencies.
--src Download source packages, as well as binary RPMs.
--tmpdir=directory Temporarily override the configured package directory. The default location is /var/spool/up2date. This option is useful if you do not have enough space in the configured location.
-u, --update Update system with all relevant packages.
--undo Reverse the last package set update.
--upgrade-to-release=release version Upgrade to the channel specified.
--uuid=uuid Pass in a Unique User ID generated by the Alert Notification tool.
-v, --verbose Show additional output while updating.
--version Show up2date version information.
--whatprovides=dependencies Show the packages that resolve the comma-separated list of dependencies.

[Note]

The --solvedeps and --whatprovides options can be used to solve the dependencies for an RPM regardless even if your system does not currently have access to a channel that contains that package.

1.3.3.1. Installing the Red Hat GPG key

The first time you run the graphical version of the Red Hat Update Agent, it prompts you to install the Red Hat GPG key. This key is required to authenticate the packages downloaded from Red Hat Network. If you run the command line version the first time you start Red Hat Update Agent, you must install the Red Hat GPG key manually. If you do not have it installed, you will see the following message:

Your GPG keyring does not contain the Red Hat, Inc. public key.
Without it, you will be unable to verify that packages Update Agent downloads
are securely signed by Red Hat.

[...]
[Note]

GPG keys must be installed for each user. To install the key to use with SUSE Manager, import the key while logged in as root.

Issue the following command at a shell prompt as root:

rpm --import /usr/share/rhn/RPM-GPG-KEY

1.3.3.2. Manual Package Installation

If you chose to download, but not install, the software updates with the Red Hat Update Agent, you must install them manually using RPM.

To install them, change to the directory that contains the downloaded packages. The default directory is /var/spool/up2date. Type the command rpm -Uvh *.rpm. When the packages finish installing, you can delete them if you wish. You do not need them anymore.

After installing the packages, you must update your System Profile so that you are not prompted to download them again. Refer to Section 1.3.3.3, “Synchronizing Your System Profile” for details.

1.3.3.3. Synchronizing Your System Profile

If you configured the Red Hat Update Agent to install the latest packages, the System Profile stored by SUSE Manager is updated after the packages are installed. However, if you only download the latest RPM packages using the Red Hat Update Agent, download the RPM packages from the website, or upgrade/install/remove RPM packages yourself, your System Profile is not updated automatically. You must send your updated System Profile to the SUSE Manager server.

To synchronize the RPM package list on your local Red Hat Enterprise Linux 5 system and on Red Hat Network, run the command:

rhn-profile-sync

After running this command, your SUSE Manager System Profile reflects the latest software versions installed on your system.

For Red Hat Enterprise Linux 4 systems, use the following command to update the package list, run the command:

up2date -p

1.3.3.4. Log File

The Red Hat Update Agent keeps a log of all the actions that it performs on your system in the file /var/log/up2date. It uses the standard rotating log method. Thus, older logs are in /var/log/up2date.1, /var/log/up2date.2, and /var/log/up2date.3. The log files store actions performed by the Red Hat Update Agent such as when your RPM database is opened, when it connects to SUSE Manager to retrieve information from your System Profile, which packages are downloaded, which packages are installed using the Red Hat Update Agent, and which packages are deleted from your system after installation. If you choose to install and delete packages yourself, it is not logged in this file. It is recommended that you keep a log of actions not performed with the Red Hat Update Agent.

1.3.4. Configuration

The Red Hat Update Agent offers various options to configure its settings.

If you are not running the X Window System or prefer the command line version, skip to Section 1.3.4.2, “Command Line Version”.

1.3.4.1. Using the Red Hat Update Agent Configuration Tool

You must be root to run the Red Hat Update Agent Configuration Tool. If started by a user other than root, the Red Hat Update Agent prompts you for the root password. The Red Hat Update Agent Configuration Tool can be started by typing the command up2date --config at a shell prompt (for example, an xterm or a gnome-terminal).

1.3.4.1.1. General Settings

The General tab allows you to enable an HTTP Proxy Server. If your network connection requires you to use an HTTP Proxy Server to make HTTP connections, select the Enable HTTP Proxy option and type your proxy server in the text field with the format http://HOST:PORT. For example, to use the proxy server squid.mysite.org on port 3128, you would enter squid.mysite.org:3128 in the text field. Additionally, if your proxy server requires a username and password, select the Use Authentication option and enter your username and password in the respective text fields.

1.3.4.1.2. Retrieval/Installation Settings

The Retrieval/Installation tab allows you to customize your software package retrieval and package installation preferences.

Figure 1.9. Retrieval/Installation Settings

Retrieval/Installation Settings

The following package retrieval options can be selected (see Figure 1.9, “Retrieval/Installation Settings”):

  • Do not install packages after retrieval — download selected RPM packages to the desired directory and ignore the installation preferences

  • Do not upgrade packages when local configuration file has been modified — if the configuration file has been modified for a package such as apache or squid, do not attempt to upgrade it. This option is useful if you are installing custom RPMs on your system and you do not want them updated or reverted to the default Red Hat Enterprise Linux packages.

  • Retrieve source RPM along with binary package — download both the source (*.src.rpm) and the binary (*.[architecture].rpm) files

The following installation options are configurable (see Figure 1.9, “Retrieval/Installation Settings”):

  • Use GPG to verify package integrity — before installing packages, verify Red Hat's GPG signature (highly recommended for security reasons)

  • After installation, keep binary packages on disk — save binary packages in the desired directory instead of deleting them after installation

The following additional options are configurable from this tab:

  • Override version stored in System Profile — override the Red Hat Linux version in your System Profile

  • Package storage directory — change the directory where packages are downloaded; the default location is /var/spool/up2date/

1.3.4.1.3. Package Exceptions Settings

The Package Exceptions tab allows you to define which packages to exclude from the list of updated RPM packages according to the package name or file name (see Figure 1.10, “Package Exceptions Settings”).

To define a set of packages to be excluded according to the package name, enter a character string including wild cards (*) in the Add new text field under in the Package Names to Skip section heading. A wild card at the end of the character string indicates that all packages beginning with the character string are excluded from the list. A wild card at the beginning of the character string indicates that any packages that end with the character string are excluded from the list.

For example, if the string kernel* is in the Package Names to Skip section, the Red Hat Update Agent will not display any packages beginning with kernel.

To exclude packages by file name, apply the same rules to the field below File Names to Skip section heading.

Figure 1.10. Package Exceptions Settings

Package Exceptions Settings

1.3.4.2. Command Line Version

The command line version of this tool performs the same function as the graphical version. It allows you to configure the settings used by the Red Hat Update Agent and store them in the configuration file /etc/sysconfig/rhn/up2date.

To run the command line version of the Red Hat Update Agent Configuration Tool, use the following command:

up2date --nox --configure

You are presented with a list of options and their current values:

0.  adminAddress       ['root@localhost'] 
1.  debug              No 
2.  disallowConfChange ['noReboot', 'sslCACert', 'useNoSSLForPackages',
3.  enableProxy        No 
4.  enableProxyAuth    No 
5.  enableRollbacks    No 
6.  fileSkipList       [] 
7.  forceInstall       No 
8.  gpgKeyRing         /etc/sysconfig/rhn/up2date-keyring.gpg 
9.  headerCacheSize    40 
10. headerFetchCount   10 
11. httpProxy 
12. isatty             Yes 
13. keepAfterInstall   No 
14. networkRetries     5 
15. noBootLoader       No 
16. noReboot           No 
17. noReplaceConfig    Yes 
18. noSSLServerURL     http://xmlrpc.rhn.redhat.com/XMLRPC 
19. pkgSkipList        ['kernel*'] 
20. pkgsToInstallNotUp ['kernel', 'kernel-modules', 'kernel-devel'] 
21. proxyPassword 
22. proxyUser 
23. removeSkipList     ['kernel*'] 
24. retrieveOnly       No 
25. retrieveSource     No 
26. rhnuuid            a8aea05c-f174-11df-af94-55bad1b1e05f 
27. serverURL          http://ix64ph001.example.com/XMLRPC 
28. showAvailablePacka No 
29. sslCACert          /usr/share/rhn/RHNS-CA-CERT 
30. storageDir         /var/spool/up2date 
31. systemIdPath       /etc/sysconfig/rhn/systemid 
32. updateUp2date      Yes 
33. useGPG             Yes 
34. useNoSSLForPackage No 
35. useRhn             Yes 
36. versionOverride 

Enter number of item to edit <return to exit, q to quit without saving>:

Enter the number of the item to modify and enter a new value for the option. When you finish changing your configuration, press Enter to save your changes and exit. Press q and then Enter to quit without saving your changes.

[Important]

Although this is not configurable, users should still make note that the port used by the Red Hat Update Agent is 443 for SSL (HTTPS) and 80 for non-SSL (HTTP). By default, up2date uses SSL only. For this reason, users should ensure that their firewalls allow connections over port 443. To bypass SSL, change the protocol for serverURL from https to http in the /etc/sysconfig/rhn/up2date configuration file.

1.3.5. Registering with Activation Keys

In addition to the standard Red Hat Update Agent interface, up2date offers a utility aimed at batch processing system registrations: activation keys. Each unique key can be used to register Red Hat Enterprise Linux systems, entitle them to a SUSE Manager service level, and subscribe them to specific channels and system groups, all in one action.

Alternatively, both the Red Hat Network Registration Client and Red Hat Update Agent offer the activation keys utility rhnreg_ks as part of their packages.

Before using an activation key you must first generate one through the SUSE Manager website. Refer to Section 3.4.6, “Activation Keys — [Mgmt]” for precise steps.

To use an activation key, run the following command as root from a shell prompt on the system to be registered:

rhnreg_ks --activationkey=7202f3b7d218cf59b764f9f6e9fa281b

The precise value of the activation key varies.

In addition, Provisioning-entitled systems may use multiple activation keys at once, either at the command line or within kickstart profiles. This allows Administrators to include a variety of values without creating a special key for the desired results. To do this, specify the keys separated by commas, like this:

rhnreg_ks --activationkey=7202f3b7d218cf59b764f9f6e9fa281b,\
39f41081f0329c20798876f37cb9p6a3
[Note]

The trailing backslash (\) in this command example is a continuation character; it may safely be omitted, if you write all keys in one line.

Refer to Section 3.4.6.2, “Using Multiple Activation Keys at Once — [Prov]” to understand how differences in activation keys are handled.

The above command performs all the actions of the Registration Client and the registration function of the Red Hat Update Agent. Do not run either of these applications for registration after running rhnreg_ks.

A System Profile, including software and hardware information, is created for the system and sent to the SUSE Manager server along with the unique activation key. The system is registered with SUSE Manager under the account used to generate the key, entitled to an SUSE Manager service offering, and subscribed to the Novell channels and system groups selected during key generation. The system is not subscribed to channels that contain packages unsuitable for the system. For example, a Red Hat Enterprise Linux 4 system cannot be subscribed to the Red Hat Enterprise Linux 5 channel.

The unique Digital Certificate for the system is generated on the system in the file /etc/sysconfig/rhn/systemid.

When using activation keys to assign channels, consider these rules:

  • A key may specify either zero or one base channel. If specified, it must be a custom base channel. If not, the base channel corresponding to the system's Red Hat distribution is chosen. For instance, you may not subscribe a Red Hat Enterprise Linux 4 system to the Red Hat Enterprise Linux 5 channel.

  • A key may specify any number of child channels. For each child channel, subscription is attempted. If the child channel matches the system's base channel, subscription succeeds. If it does not, the subscription fails silently. Refer to Section 3.6, “Channels” for more information.

  • Keys may be modified by any user with the role of Activation Key Administrator or SUSE Manager Administrator (or both). These permissions are set through the Users tab of the SUSE Manager website. Refer to Section 3.9, “Users — [Mgmt]” for details.

  • Systems registered with activation keys are tied to the organization account in which the key was created, not the key itself. After registration, a key can be deleted safely without any effect on the systems it was used to register.

1.3.6. Registering a System to an Organization

SUSE Manager supports the Organizations feature, which allows administrators to appropriate software and system entitlements across various organizations, as well as control an organization's access to systems management. Systems can now be registered directly with an organization.

To register a system with an organization on a SUSE Manager server, you can use the username and password of an account that is created within that organization. For example, if there is an organization called Sales Team, with a username salesadmin and password abc123, using these credentials assures that a system is registered with the proper organization.

For example:

rhnreg_ks --user=salesadmin --password=abc123
[Important]

The --orgid option (for RHEL 4 and 5) and the --orgpassword option (in RHEL 4) in the rhnreg_ks command are not related to the Organizations feature and should not be used in the context of registering systems with organizations.

For more information about the Organizations feature, refer to Section 3.11.1, “Admin+Organizations.