As you'll probably learn from reading this blog, I don't use commercial Linux distributions like RedHat or Suse. About 4-5 years ago, I ran accross Linux From Scratch, and have been doing it that way ever since. The drawback to using LFS is it follows the few standards Linux has such as the Linux Standard Base and the
Filesystem Hierarchy Standard. Now, some distros follow this, and some don't. Some follow it a little, some follow it a little less. Thus, my problem: I never know where anything is! On top of that, these standards are pretty limited once you've gone past the basic level that you get once you've finished a LFS distro. Where does your distro store Apache's httpd.conf? Look at 10 different distros, I'm sure you'll get 10 different answers.
Anyway, this isn't a bash against the big boys, this is a solution to one problem LFS does suffer from: package management. When there's a security problem with zlib, for example, how do you know to upgrade it? With the big boys, they usually have some kind of auto-update feature, but LFS does not. You've compiled it all from scratch, how do you keep track of these packages?
Well, firstly, I use Checkinstall firstly for maintaining some level of control over packages. Checkinstall basically watches when I run the final "make install" from my source-tarball-based installation. It gives me a nice report, and I can use that to delete entire packages if I need to. Very useful.
But, how to keep up with packages that need updating? Simple, when you add it, subscribe to it at Freshmeat! With Freshmeat's subscription feature, you can get alerts when packages are updated. Just go in, subscribe to all of the base packages from LFS, and then just subscribe to all those you add afterwards. You can even setup categories to organize them a little better (although, FM's catagory management for endusers is kinda limited). I have an "LFS" category for the base packages, a "MyLFS" category for all of the packages that I install regardless of what else is going on the machine (IPTables, XFS tools, SSH, syslog-ng, etc), a BLFS category for the BLFS book. I also have one for each purpose, for example, I have a "Multimedia" category to keep track of the stuff for my MythTV machine, and a Firewall category for things like ulogd which replaces syslogd on the firewalls. Now, all I need to do is check my mail each day, which I'm kinda in the habit of doing already, and if there's an update, I'll know about it!
Yes, FM is usually updated a little behind for relying on it for security, but I can live with this solution.
No comments:
Post a Comment