[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Manually getting security updates


I work in a secure environment where outbound HTTP access isn't permitted 
from the servers in our infrastructure that are running Debian. We still 
want to keep them up to date with security updates, and I'm currently 
writing a procedure to this.

Within our NOC segment we have an apt-proxy, and partial local mirror.

The procedure I've come with is basically:

run an "apt-get update" against the apt-proxy on a server in the NOC 
copy /var/lib/apt/lists/* to the servers in the infrastructure 
run "apt-get -s dist-upgrade", observe the security updates that would be 
acquire the packages manually back in the NOC [1]
transfer the .debs to the server that it has been determined requires them
manually install them with dpkg

[1] it's the manual acquisition back in the NOC that has me a bit stumped 
as how to achieve. I want to use our apt-proxy and I would have thought 
that apt-get would be the way to go, however if you try to do an "apt-get 
-d package" on a package that's already up to date locally (and you don't 
already have the .deb in /var/cache/apt/archives) there's no way to get 
apt-get to just download it.

debget seems to not be what I want, it doesn't appear to consult a local 
Packages file, it wants to pop off and check out an FTP site, which isn't 
feasible from our NOC. I really want something APT aware.

I've sent an email to apt@packages.debian.org already, but I haven't heard 
anything back yet.


Reply to: