Issue #17 March 2006

Book review:
Linux Patch Management

by Brock Organ


It is hard to imagine life on Linux systems without some sort of package management infrastructure. From humble beginnings, tools like RPM and apt have evolved into a stack of applications including text and graphical mode front-ends to package managers, repository creation and administration software and supporting tools. Yet the resulting infrastructure can be complicated and difficult to understand and administer, requiring much time and effort on the part of system administrators.

From the Bruce Perens' Open Source Series, Linux Patch Management is designed to provide a beginning to end guide for administrators seeking to keep large numbers of Linux systems current. The book actively covers distributions by Red Hat, SUSE, Debian, Fedora and others. It focuses on the subset of package management & repository tools with the most market share and mind share, including Red Hat Network, YaST Online Update, apt, yum and other supporting tools. Additionally, efforts are made to focus on the planning, layout and topology required to maintain update repositories, with strategies designed to minimize network bandwidth required and other resources. Users with a beginning to moderate understanding of these topics will find the book most helpful, while more experienced administrators will benefit from the breadth of coverage. The author, in my opinion, found a nice balance between ease of use and depth of coverage.

The title was initially somewhat misleading, as I expected the topics to be devoted to source code control/change set theory with the Linux kernel being the repository of focus, but in fact the book is about creating and managing package repositories; it could have easily been titled Linux Package Management. Initially, the author provides some background behind the repository and update strategies, including the need to update for security fixes, new features and bug fixes; also surveyed are the sources for updated packages, and the processes for testing and promoting updates in production environments. The connections between various repository types (RHN, SLES, etc.) and clients used (up2date, YOU, etc.) were explored in a satisfying manner, with discussions of several Linux distributions included. Importantly, the author took time to include planning concerns for local networks, allowing a reader to find a fit with their current systems layout.

Though later to the scene than older, more established tools like apt, the first case study in the book created a Fedora Linux repository using Red Hat Network's up2date client and proxy server to provide and cache updates. An application of the repository structure and directory tree planning is used to show how one could provide a Red Hat® Enterprise Linux® rebuild repository. A high point in the book occurs in the section that spends a considerable amount of time and effort in the details of configuring the Red Hat Network proxy server. This is a topic I've not often seen addressed in other open source package management documentation. Additionally, time is spent with the details of system and channel registration, provisioning, certificate key management and other areas of interest in Red Hat Network. Also not neglected are the details behind SUSE & Novell's update systems including YaST, YOU and ZLM, with discussion of installation sources and step by step LAN configuration.

The book makes good faith efforts to introduce and competently explore the features of apt, the package management tool from Debian. In addition to the basic apt system, the text introduces aptitude (a text mode front end for apt) and synaptic (a graphical front end). Whether configuring and selecting repositories, creating a Debian mirror, or downloading and synchronizing with a mirror, the text spends time showing how each of the tools can be used. Additionally, time is spent showing how apt can be used on RPM based distributions, with historical information that explains the approach, and how Conectiva (now Mandriva) has driven much of the development in this area. The text explores the details of configuring apt for rpm, and applies it by using apt with Fedora Linux, including using synaptic with Fedora repositories. Additionally the same details are covered in configuring apt and using synaptic for SUSE Linux.

Finally, the book focuses on yum, its history, and how it is used currently by major projects like Fedora Linux and is usable on Red Hat Enterprise Linux. Examples using the tool, including creating yum caches and using the up2date front end client are outlined. The application is setting up a Fedora & Red Hat Enterprise Linux repository on a Red Hat Enterprise Linux based system, and includes planning guidelines for network constrained repositories. Consideration is given to automated updates, using the yum extender (a graphical front end), and configuring a yum server.

About the author

Brock Organ is an engineer at Red Hat.