CentOS 6 本地更新存储库和安全更新

CentOS 6 本地更新存储库和安全更新

我知道官方的 CentOS 6(甚至 7)更新存储库不提供安全信息。结果是yum-plugin-security插件和yum check-update --security命令没有列出任何更新,如 onRHELOELdistros。

有一个很好的剧本生成更新信息它能够将缺失的安全信息注入本地yum存储库。该插件甚至可以在 CentOS 上运行。

不幸的是,我遇到了一个小问题。我不确定问题出在脚本上还是工作方式上yum

如何重现该问题(在 CentOS 6.8、x86_64 上测试,但在我看来,以前/较新的版本也存在同样的问题):

  1. 首先,让我们清理一切,从干净的桌子开始
yum clean all
  1. 看看有哪些可用的安全更新(系统不是最新的)
yum check-update --security
...
56 package(s) needed for security, out of 28 available

kernel.x86_64                                 2.6.32-642.15.1.el6                         local-centos-6-x86_64-updates
kernel-devel.x86_64                           2.6.32-642.15.1.el6                         local-centos-6-x86_64-updates
kernel-firmware.noarch                        2.6.32-642.15.1.el6                         local-centos-6-x86_64-updates
kernel-headers.x86_64                         2.6.32-642.15.1.el6                         local-centos-6-x86_64-updates
libtiff.x86_64                                3.9.4-21.el6_8                              local-centos-6-x86_64-updates
openssl.x86_64                                1.0.1e-48.el6_8.4                           local-centos-6-x86_64-updates
sudo.x86_64                                   1.8.6p3-25.el6_8                            local-centos-6-x86_64-updates
  1. 现在,让我们安装 egsquid
yum install -y squid 
...
Resolving Dependencies
--> Running transaction check
---> Package squid.x86_64 7:3.1.23-16.el6_8.6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

====================================================================================================================
 Package           Arch               Version                          Repository                              Size
====================================================================================================================
Installing:
 squid             x86_64             7:3.1.23-16.el6_8.6              lp-centos-6-x86_64-updates             1.8 M

Transaction Summary
====================================================================================================================
Install       1 Package(s)

Total download size: 1.8 M
Installed size: 6.3 M
Downloading Packages:
squid-3.1.23-16.el6_8.6.x86_64.rpm                                                           | 1.8 MB     00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Warning: RPMDB altered outside of yum.
  Installing : 7:squid-3.1.23-16.el6_8.6.x86_64                                                                 1/1
  Verifying  : 7:squid-3.1.23-16.el6_8.6.x86_64                                                                 1/1

Installed:
  squid.x86_64 7:3.1.23-16.el6_8.6

Complete!
  1. 我想测试软件包的更新,因此我们先尝试降级它
yum downgrade -y squid
...
Resolving Dependencies
--> Running transaction check
---> Package squid.x86_64 7:3.1.23-16.el6_8.5 will be a downgrade
---> Package squid.x86_64 7:3.1.23-16.el6_8.6 will be erased
--> Finished Dependency Resolution

Dependencies Resolved

====================================================================================================================
 Package           Arch               Version                          Repository                              Size
====================================================================================================================
Downgrading:
 squid             x86_64             7:3.1.23-16.el6_8.5              lp-centos-6-x86_64-updates             1.8 M

Transaction Summary
====================================================================================================================
Downgrade     1 Package(s)

Total download size: 1.8 M
Downloading Packages:
squid-3.1.23-16.el6_8.5.x86_64.rpm                                                           | 1.8 MB     00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : 7:squid-3.1.23-16.el6_8.5.x86_64                                                                 1/2
  Cleanup    : 7:squid-3.1.23-16.el6_8.6.x86_64                                                                 2/2
  Verifying  : 7:squid-3.1.23-16.el6_8.5.x86_64                                                                 1/2
  Verifying  : 7:squid-3.1.23-16.el6_8.6.x86_64                                                                 2/2

Removed:
  squid.x86_64 7:3.1.23-16.el6_8.6

Installed:
  squid.x86_64 7:3.1.23-16.el6_8.5

Complete!
  1. 我们最好再检查一下它安装了什么
rpm -qa | grep -i squid
squid-3.1.23-16.el6_8.5.x86_64
  1. 目前,我预计当我再次检查安全更新时,该squid软件包应该会被重新列出,但事实并非如此
yum check-update --security
...
56 package(s) needed for security, out of 28 available

kernel.x86_64                                 2.6.32-642.15.1.el6                         local-centos-6-x86_64-updates
kernel-devel.x86_64                           2.6.32-642.15.1.el6                         local-centos-6-x86_64-updates
kernel-firmware.noarch                        2.6.32-642.15.1.el6                         local-centos-6-x86_64-updates
kernel-headers.x86_64                         2.6.32-642.15.1.el6                         local-centos-6-x86_64-updates
libtiff.x86_64                                3.9.4-21.el6_8                              local-centos-6-x86_64-updates
openssl.x86_64                                1.0.1e-48.el6_8.4                           local-centos-6-x86_64-updates
sudo.x86_64                                   1.8.6p3-25.el6_8                            local-centos-6-x86_64-updates
  1. 让我们看看系统上安装了哪些 squid 勘误表。这有点奇怪。从上面,我可以看到 squid 被降级为squid-3.1.23-16.el6_8.5.x86_64( CEBA_2016__1412 bugfix),但squid-3.1.23-16.el6_8.6.x86_64( CESA_2016__1573) 似乎仍被标记为已安装
yum updateinfo list all | grep squid-3

i CESA_2011__1791 Moderate/Sec.  squid-3.1.10-1.el6_2.1.x86_64
i CEBA_2012__0122 bugfix         squid-3.1.10-1.el6_2.2.x86_64
i CEBA_2012__0470 bugfix         squid-3.1.10-1.el6_2.3.x86_64
i CEBA_2012__0557 bugfix         squid-3.1.10-1.el6_2.4.x86_64
i CEBA_2012__1290 bugfix         squid-3.1.10-9.el6_3.x86_64
i CESA_2013__0505 Moderate/Sec.  squid-3.1.10-16.el6.x86_64
i CEBA_2013__0985 bugfix         squid-3.1.10-18.el6_4.x86_64
i CEBA_2013__1396 bugfix         squid-3.1.10-19.el6_4.x86_64
i CEBA_2014__0048 bugfix         squid-3.1.10-20.el6_5.x86_64
i CESA_2014__0597 Moderate/Sec.  squid-3.1.10-20.el6_5.3.x86_64
i CESA_2014__1148 Important/Sec. squid-3.1.10-22.el6_5.x86_64
i CEBA_2014__1446 bugfix         squid-3.1.10-29.el6.x86_64
i CEBA_2015__1314 bugfix         squid-3.1.23-9.el6.x86_64
i CEBA_2016__0896 bugfix         squid-3.1.23-16.el6.x86_64
i CESA_2016__1138 Moderate/Sec.  squid-3.1.23-16.el6_8.4.x86_64
i CEBA_2016__1412 bugfix         squid-3.1.23-16.el6_8.5.x86_64
i CESA_2016__1573 Moderate/Sec.  squid-3.1.23-16.el6_8.6.x86_64
  1. 当我尝试获取有关该勘误表的信息时,什么也没有
yum update info CESA_2016__1573
--- NOTHING NOTHING NOTHING ---
  1. 当我尝试列出所有勘误表但 grep 那个时我可以看到它
yum updateinfo info all | grep CESA_2016__1573 -B3 -A8
===============================================================================
  Moderate CentOS squid Security Update
===============================================================================
  Update ID : CESA_2016__1573
    Release : CentOS 6
       Type : security
     Status : stable
     Issued : 2016-08-04 12:51:39
Description : Moderate CentOS squid Security Update
   Severity : Moderate
  Installed : true

我想指出的是,我在 RHEL6 上测试了这种情况(降级/升级),并且它有效。我也尝试squid直接安装旧版本的软件包以避免降级/升级顺序,但结果也是一样的。而且问题不仅仅与软件包有关squid。基本上,我可以用任何软件包重现这个问题。我还尝试yum在软件包降级后清理缓存,但没有帮助。

知道哪里出了问题吗?!为什么它被标记为已安装,但实际上并未安装?!在 RHEL6 上测试时,我发现它未安装,然后它被包含在要更新的软件包列表中。

谢谢您的回答。

相关内容