|
Search |
Release Patches are bash scripts that are downloaded and executed on a dedicated server. To make update see: SshOnDedicated Advantages of patches :
Attention! Do not apply patches if your server is personalised on the level of configuration, that is mysql, apache, php. All the options of compilation will be lost. Attention! Some releases are security patches, if you don't install them you risk that your server will be hacked . Vocabulary Release or patch : a script downloaded to and executed on a dedicated server. E.g.: wget ftp://ftp.ovh.net/made-in-ovh/release/patch-1.38-1.39.sh -O patch-1.38-1.39.sh; sh patch-1.38-1.39.sh When the script is downloaded, it verifies whether it's an appropriate version before the actual execution of it. It prevents doing release 1.38 before 1.34. The releases should be applied in order. The first one is 1.04. If you try to apply them chaotically, they won't work. Philosophy For the proper functioning of releases, there is a system of blocking which only allows executing script in order. There is a file /etc/ovhrelease where the present release version is remembered. The new release verifies if the one stored in the file is his predecessor. root@ns30096 root# cat /etc/ovhrelease 1.37 After every release, the /etc/issue is updated, which allows checking the release version during the connection to the server: Red Hat Linux release 7.2 (Enigma) Linux ns30096.ovh.net 2.4.19 #2 SMP mer nov 20 17:40:06 CET 2002 i686 unknown machine : 2344 release : 1.37 ip : 213.186.42.25 hostname : ns30096.ovh.net root@ns30096 root# You may check the release version and the IP of server using your screen and keyboard. It saves your time because there's no need to connect to the server. Changelog Changelog is available at this link: ftp://ftp.ovh.net/made-in-ovh/release/CHANGELOG.release Applying release after release In order to apply a release, you need to connect via SSH and copy the command: root@ns30096 root# wget ftp://ftp.ovh.net/made-in-ovh/release/patch-1.37-1.38.sh -O patch-1.37-1.38.sh; sh patch-1.37-1.38.sh [...] The installation will be launched. It may take several minutes. [...] Arrêt de sshd : OK Démarrage de sshd : OK OpenSSH_3.7.1p2, SSH protocols 1.5/2.0, OpenSSL 0.9.6i engine Feb 19 2003 root@ns30096 root# cat /etc/issue Red Hat Linux release 7.2 (Enigma) Linux ns30096.ovh.net 2.4.19 #2 SMP mer nov 20 17:40:06 CET 2002 i686 unknown machine : 2344 release : 1.38 ip : 213.186.42.25 hostname : ns30096.ovh.net We've just passed from a release 1.37 to 1.38 and a sshd server has been updated. Applying all releases To avoid verification of every patch, you may execute patch-all.sh. It installs patches in the correct order. root@ns30096 root# wget ftp://ftp.ovh.net/made-in-ovh/release/patch-all.sh -O patch-all.sh; sh patch-all.sh [...] patch-all.sh -it launches the system verification and installs necessary elements. Red Hat Linux release 7.2 (Enigma) Linux ns30096.ovh.net 2.4.19 #2 SMP mer nov 20 17:40:06 CET 2002 i686 unknown machine : 2344 release : 1.39 ip : 213.186.42.25 hostname : ns30096.ovh.net [...] This is 1.39 version. Other functions Patch-all.sh -it also sets the correct time on your server. First, the clock skew is counted, then clockspeed, installed on your server, synchronizes periodically the time using the clock skew value. Do not synchronize time too often, only rare synchronizations are fully reliable. Without release Server which wasn't updated with a release, may be updated with patches. Patches are automatized scripts, tested on various platforms and able to identify them. As every server is different, there is a possibility to download, edit, modify and install the patches. If a compilation problem appears, look for help on one of our mailing lists, such as ad@ml.ovh.net. Please do not direct your questions to our technical support. Patches are on ftp://ftp.ovh.net/made-in-ovh/patch . There are:
-rwxr-xr-x 3517 jui 7 2002 apache_1.3.26+mod_ssl-2.8.10+php_4.2.1.sh -rwxr-xr-x 3517 jui 22 2002 apache_1.3.26+mod_ssl-2.8.10+php_4.2.2.sh -rwxr-xr-x 3517 sep 11 2002 apache_1.3.26+mod_ssl-2.8.10+php_4.2.3.sh -rwxr-xr-x 3656 oct 4 2002 apache_1.3.27+mod_ssl-2.8.11+php_4.2.3.sh -rwxr-xr-x 4567 jun 20 2003 apache_1.3.27+mod_ssl-2.8.14+php_4.3.2.sh -rwxr-xr-x 4567 aou 31 2003 apache_1.3.28+mod_ssl-2.8.15+php_4.3.3.sh -rwxr-xr-x 4601 déc 4 21:44 apache_1.3.29+mod_ssl-2.8.16+php_4.3.4.sh
-rwxr-xr-x 825 jui 7 2002 named_8.3.3.sh -rwxr-xr-x 2320 jui 22 15:55 named_9.2.1-noshell.sh -rwxr-xr-x 2407 jui 8 2002 named_9.2.1.sh
-rw-r--r-- 2481 sep 29 02:23 rebuild-ssh-auto.sh -rw-r--r-- 2188 mar 24 2003 rebuild-ssh-downgrad.sh -rw-r--r-- 2564 sep 28 20:10 rebuild-ssh.sh
-rw-r--r-- 1086 mar 24 2003 rebuild-ssl-downgrad.sh -rw-r--r-- 1079 mar 23 2003 rebuild-ssl.sh
-rw-r--r-- 1234 jun 17 12:25 patch_reboot.sh -rw-r--r-- 403 mar 4 2002 patch_resolv.sh -rwxr-xr-x 627 jun 2 14:28 check_reboot.sh -rw-r--r-- 634 jui 10 2002 a_l_heure.sh -rwxr-xr-x 2230 aou 22 2002 rc.sysinit.patch.sh Examples without release This is a server with older ssh and openssl: # ssh -V OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x0090600f
First the compilation of openssl is required as it's used by other applications, such as apache, ssh, qmail etc 5 minutes later # openssl version OpenSSL 0.9.6l engine 04 Nov 2003 We have an appropriate version of openssl. Now it's time for ssh: # wget ftp://ftp.ovh.net/made-in-ovh/patch/rebuild-ssh.sh -O rebuild-ssh.sh
Update: # uname -a Linux ns3060.ovh.net 2.4.16 #1 lun déc 17 15:22:27 CET 2001 i686 unknown
$ ssh xxxxxx
Apache compilation: # wget ftp://ftp.ovh.net/made-in-ovh/patch/apache_1.3.29+mod_ssl-2.8.16+php_4.3.4.sh
cat: /etc/ovhrelease: Żaden plik ani katalog tego typu release tego systemu to IMPORTANT: verification of available version openssl: OpenSSL 0.9.6l engine 04 Nov 2003 OpenSSL 0.9.6d 9 May 2002 Incorrect. It means there is a version compiled manually: # rm -rf /usr/local/ssl From the beginning: # cd
cat: /etc/ovhrelease: No file or repertory of this type the release of the system is IMPORTANT verification of available version openssl OpenSSL 0.9.6l engine 04 Nov 2003 [...] 15 minutes later: make1: Quitte le répertoire `/home/ovh/src/apache_1.3.29' src If the compilation wasn't successful, you may install the working version using the commands : cd /home/ovh/src/apache_1.3.29 make install /etc/rc.d/init.d/httpd restart Then check what version is the latest /usr/local/apache/bin/httpd -v /usr/local/bin/php -v
Starting httpd: Syntax error on line 191 of /usr/local/apache/conf/httpd.conf: Missing, invalid, or non-numeric port FAILED
Starting httpd: OK
Server built: Nov 12 2003 20:31:33
The Zend Engine API version 20021010 which is installed, is newer. Contact Zend Technologies at http://www.zend.com/ for a later version of Zend Optimizer. PHP 4.3.4 (cgi) (built: Nov 12 2003 20:30:11) Copyright (c) 1997-2003 The PHP Group Zend Engine v1.3.0, Copyright (c) 1998-2003 Zend Technologies |
