Manually getting security updates
Hi,
I work in a secure environment where outbound HTTP access isn't permitted
from the servers in our infrastructure that are running Debian. We still
want to keep them up to date with security updates, and I'm currently
writing a procedure to this.
Within our NOC segment we have an apt-proxy, and partial local mirror.
The procedure I've come with is basically:
run an "apt-get update" against the apt-proxy on a server in the NOC
copy /var/lib/apt/lists/* to the servers in the infrastructure
run "apt-get -s dist-upgrade", observe the security updates that would be
applied
acquire the packages manually back in the NOC [1]
transfer the .debs to the server that it has been determined requires them
manually install them with dpkg
[1] it's the manual acquisition back in the NOC that has me a bit stumped
as how to achieve. I want to use our apt-proxy and I would have thought
that apt-get would be the way to go, however if you try to do an "apt-get
-d package" on a package that's already up to date locally (and you don't
already have the .deb in /var/cache/apt/archives) there's no way to get
apt-get to just download it.
debget seems to not be what I want, it doesn't appear to consult a local
Packages file, it wants to pop off and check out an FTP site, which isn't
feasible from our NOC. I really want something APT aware.
I've sent an email to apt@packages.debian.org already, but I haven't heard
anything back yet.
Andrew
Reply to: