seligman at nevis.columbia.edu seligman at nevis.columbia.edu
Thu Jul 28 07:02:03 EDT 2005

I've changed the way that Linux patches are applied on the Nevis Linux

Previously, I accumulated patches from a variety of repositories using
a tool called autorpm <http://www.autorpm.org/>.  I applied these
patches manually, usually when a significant security issue had been
reported by Redhat.

In order to accommodate the increasing number of Fedora Core patches,
and to reduce our exposure to a "zero day" security issue (usually not
much of a risk on Linux systems), I've automated the patch procedure.

New Linux patches are downloaded nightly to our central administrative
server, hypatia, from a Linux repository set up for the physical
sciences <http://dl.atrpms.net/>.  The systems on the Nevis Linux
cluster use a tool called yum <http://linux.duke.edu/projects/yum/> to
apply these patches from the central server.  The updates take place
between 2AM and 4AM, so they should have little impact on your work.

Kernel patches are _not_ included in this procedure.  I'll still apply
those manually, if needed.

This procedure is closely modeled on the upgrade system normally used
by the Redhat/Fedora distributions, and by the Fermilab and CERN
Scientific Linux distributions.

If you have any comments or questions, please contact Bill Seligman.

More information about the Nevis-linux mailing list