SLE 11: Software Updating; Categories and Exclusions
Application:
If you have a need in your environment to apply updates without having a new Kernel being applied, or apply updates that are deemed security only then the following should help you accomplish this goal.
Explanation:
The following scripts use zypper the command line tool of choice for updating in the SUSE Linux Enterprise 11 platform, with the idea of using the patch method instead of the update method for fully updating a system with the latest patches. All scripts will first check for any available software management patches and apply those first before proceeding with any other patches. This method insures that any pre or post patch scripts get executed and applied to the system and that the patching process is being executed optimally.
zypper_up_everything.sh Script:
This script will update everything.
Copy the text below into a file preferably named zypper_up_everything.sh or download it here.
#!/bin/bash
zypperbin=`which zypper`
softmgmt=`$zypperbin lp | awk '{ print $3 }' | grep softwaremgmt`
patches=`$zypperbin lp`
if [ -e $zypperbin ]; then
# Just in case there are more than one software management patch in a row
# i use a while loop to check until there are none
while [[ $softmgmt == *softwaremgmt* ]]
do
$zypperbin -n up -t patch
done
# Execute zypper up -t patch again to execute after all
# software management patches have been applied
if [[ $patches != *"No updates found."* ]]; then
$zypperbin up -t patch
else
echo "No Updates Available."
fi
fi
zypper_up_nokernel.sh Script:
This script will update everything except the kernel.
Copy the text below into a file preferably named zypper_up_nokernel.sh or download it here.
#!/bin/bash
zypperbin=`which zypper`
softmgmt=`$zypperbin lp | awk '{ print $3 }' | grep softwaremgmt`
patches=`$zypperbin lp | awk '!/kernel/'`
if [ -e $zypperbin ]; then
# Just in case there are more than one software management patch in a row
# i use a while loop to check until there are none
while [[ $softmgmt == *softwaremgmt* ]]
do
$zypperbin -n up -t patch
done
# Execute zypper up -t patch again to execute after all
# software management patches have been applied, and in this instance
# we will look for all categories of patches and exclude the kernel and only apply those.
if [ "$patches" != "" ]; then
$zypperbin lp | awk '!/kernel/ {print "zypper -n in -t patch "$3}' | sh +x
else
echo "No Updates Available."
fi
fi
zypper_up_security.sh Script:
This script will apply security patches only.
Copy the text below into a file preferably named zypper_up_security.sh or download it here.
#!/bin/bash
zypperbin=`which zypper`
softmgmt=`$zypperbin lp | awk '{ print $3 }' | grep softwaremgmt`
patches=`$zypperbin lp | awk '$7=="security"'`
if [ -e $zypperbin ]; then
# Just in case there are more than one software management patch in a row
# i use a while loop to check until there are none
while [[ $softmgmt == *softwaremgmt* ]]
do
$zypperbin -n up -t patch
done
# Execute zypper up -t patch again to execute after all
# software management patches have been applied, and in this instance
# we will look for all security patches and only apply those.
if [ "$patches" != "" ]; then
$zypperbin lp | awk '$7=="security" {print "zypper -n in -t patch "$3}' | sh +x
else
echo "No Updates Available."
fi
fi
zypper_up_security_nokernel.sh Script:
This script will apply security patches with no kernel.
Copy the text below into a file preferably named zypper_up_security_nokernel.sh or download it here.
#!/bin/bash
zypperbin=`which zypper`
softmgmt=`$zypperbin lp | awk '{ print $3 }' | grep softwaremgmt`
patches=`$zypperbin lp | awk '!/kernel/ && $7=="security"'`
if [ -e $zypperbin ]; then
# Just in case there are more than one software management patch in a row
# i use a while loop to check until there are none
while [[ $softmgmt == *softwaremgmt* ]]
do
$zypperbin -n up -t patch
done
# Execute zypper up -t patch again to execute after all
# software management patches have been applied, and in this instance
# we will look for all security patches and exclude the kernel and only apply those.
if [ "$patches" != "" ]; then
$zypperbin lp | awk '!/kernel/ && $7=="security" {print "zypper -n in -t patch "$3}' | sh +x
else
echo "No Updates Available."
fi
fi
Once you have these scripts created you can save them in /root/bin or something with the chmod 755 permissions on it. Now you are ready to set it up to run as a Cron Job or use it as you desire. You may want to add some logging to the script and have its output get logged to a separate file in /var/log.
Enjoy!!
Related Articles
Jul 11th, 2024
Embrace Linux Diversity: Simplified Multi-Distro Management
Comments
how can i install security updates by severity ( Critical, Moderate … ) if its even possible?
in redhat ther is this command that lets you install security update by severity ( example: yum update –security –sec-severity=Critical
)
any chance SUSE has this too?
You absolutely can.
Check out zypper patch –help for the category option.
categories would be security, optional, recommended.
thank BUT i think you misunderstood me.
security, optional, recommended are categorize for for general updates.
i need the categorize for security “Severity”.
which are :
• Critical
• Moderate
• Important
• Low
take a look on this site: https://www.suse.com/support/update/
Ah ok, your right. Yes that is not a functionality of zypper currently. I will put in a feature enhancement for this. We usually operate on the knowledge that everything with security is critical in nature.
$7 is no longer the delimiter for SLES 12. Additionally, your script will try to install the leading output of zypper lp, which isn’t ideal.
An overall cleaner solution is to lock the RPMs, however, if that’s not the approach one wants to take, it’s best to grep for Updates (which for now is common across the standard SCC/NCC repository names).
SLES 12 will require some adjustments. Good Feedback.