Why can't up2date update itself?

I'm sitting here at home, sick. I've had some non-specific flu like thing since I woke up Sunday morning. High temp (104.something at one point), shakes, sweats. Lots of aches and pains. Joy. So I decided to do something besides veg out in front of a video game: I'll patch all my machines. Red Hat has a program called up2date which (normally) makes this easy. It's like Windows Update: you run it, it connects up to special servers on its own network and finds out what your machine needs. Then it downloads and installs whatever it found missing.

While attempting to get everything current on one of my Linux boxes, I ran into an error:

[wee@localhost tmp]$ sudo up2date --nox -u There was an SSL error: [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')]

After digging around a bit, I found out why. This is, literally, lame. Simply put, the tool used on Red Hat systems to update software packages can't be updated by itself. It needs a new certificate so that it can continue to use SSL, but it can't seem to get that new cert (and whatever else it may need) like it gets any other piece of software. I mean, up2date will even get a new kernel, but it can't get an SSL cert? Something's not right. I think someone somewhere screwed up. I suspect that this is the only time people will need to update up2date manually.

As for the fix: You need to install all the up2date packages manually. You just download them and then run RPM manually. I first have to find out what I have on my system so I know what packages to get from Red Hat:

[wee@localhost tmp]$ rpm -qa | grep up2date up2date-gnome-3.1.23.1-5 up2date-3.1.23.1-5

'up2date-3.1.23.1-5' is the actual installer tool's package, 'up2date-gnome-3.1.23.1-5' is a package with some gui stuff for the up2date program. I need both, so I'll go get the URL of the main up2date package from redhat.com and install it.

[wee@localhost tmp]$ sudo rpm -Uvh http://updates.redhat.com/9/en/os/i386/up2date-3.1.23.2-1.i386.rpm Retrieving http://updates.redhat.com/9/en/os/i386/up2date-3.1.23.2-1.i386.rpm error: Failed dependencies: up2date = 3.1.23.1 is needed by (installed) up2date-gnome-3.1.23.1-5

Well, this mostly sucks. The old up2date-gnome package says that it needs the old up2date package, and won't let me install. Ok. I'll install the new up2date-gnome package then...

[wee@localhost tmp]$ sudo rpm -Uvh http://updates.redhat.com/9/en/os/i386/up2date-gnome-3.1.23.2-1.i386.rpm Retrieving http://updates.redhat.com/9/en/os/i386/up2date-gnome-3.1.23.2-1.i386.rpm error: Failed dependencies: up2date = 3.1.23.2 is needed by up2date-gnome-3.1.23.2-1

I had a feeling this would happen. The new up2date-gnome package needs the new up2date package and it won't let me install. So I have to tell up2date to ignore any dependencies, which is not normally a good thing and should never required. You can get your system into a real mess with unmatched dependencies.

[wee@localhost tmp]$ sudo rpm --nodeps -Uvh http://updates.redhat.com/9/en/os/i386/up2date-3.1.23.2-1.i386.rpm Retrieving http://updates.redhat.com/9/en/os/i386/up2date-3.1.23.2-1.i386.rpm Preparing... ########################################### [100%] 1:up2date ########################################### [100%]

Gee, it worked.

[wee@localhost tmp]$ sudo rpm --nodeps -Uvh http://updates.redhat.com/9/en/os/i386/up2date-gnome-3.1.23.2-1.i386.rpm Retrieving http://updates.redhat.com/9/en/os/i386/up2date-gnome-3.1.23.2-1.i386.rpm Preparing... ########################################### [100%] 1:up2date-gnome ########################################### [100%]

So up2date is ready to patch my machine. Why did it have to be this hard though? For what it's worth, there's a way to avoid this dependency issue, but it's not normally the way I do it.

When I get packages over the network (eg, ones I don't want to actually download and save someplace locally), I let RPM get them. That's what I did above. If you give the rpm command an initial list of packages as arguments it's (usually) smart enough to figure out that it should ignore any deps between the ones it's been given. But I don't usually paste big long URLs when I want to give it multiple RPM packages to install. I tend to just grab them all and save them to some temp directory and use a wildcard. Like so:

[wee@rh8 tmp]$ sudo rpm -Uvh up2date-* Preparing... ########################################### [100%] 1:up2date ########################################### [ 50%] 2:up2date-gnome ########################################### [100%]

No errors (even though there were "internally").

Why'd I post all this? Because RPM is in many ways broken. Because I've had to focus my dayquil-addled mind to run through all these arcane commands on every single Linux box I own. Because there's a workaround of sorts for dependency errors. And to put in a new plug for apt for rpm, which I will be using instead of up2date in a few short months. I used to think that upcoming switch wasn't going to be by choice, but I'm reconsidering that status more and more lately.

Comments for: Why can't up2date update itself?

Proof Linux is user friendly.

Posted by gjb at September 3, 2003 9:56 AM

It's just picky about who its friends are. :-)

If I only had limited exposure to Linux, I'd have been at a loss. I mean, I probably could have googled the solution, but likely I'd just give up. Makes you wonder how many unpatched Red hat boxes that are going to be out there over time.

The up2date error messages come over the network from the up2date servers. At very least, they should make the error message a little more useable, maybe with a URL pointing to a how-to page or something.

Posted by wee at September 3, 2003 10:12 AM

Actually, I'd say Greg's correct here. I mean, even cluefull unix folks have issues with RPM. I can't imagine how joe bob the luddite would do with it. But then, linux nay sayers tend to get dropped intot he pro MS camp. Which isn't always accurate. Personally, the unwashed masses of linux people scare me quite a bit, all that pent up aggression? SCO is on hefty crack trying to take that on....

But I digress...RPM sucks donkey balls. 'Nuff said.

Posted by toddler at September 6, 2003 3:39 PM

RTFM basically

If you would have done:

'rpm -Uvh up2date-version up2date-gnome-version'

It would have neatly installed BOTH of them at the same time

Posted by Liwu at September 18, 2003 11:53 AM

kiram too kosse zane khamenei

Posted by kir at September 20, 2003 3:56 AM

Liwu:

I *did* RTFM. I even read the one that tells you how to make RPMs. It's part of my job. I appreciate your help, but I understand how RPM works.

I humbly suggest that you RTFlast-paragraph. Basically, I said that if you run 'rpm -Uvh up2date-*' it will work. I also said that even though it "works", RPM still has issues -- you just don't see them. RPM doesn't resolve circular dependencies like apt or emerge or ports or some other tool would. It simply punts if the mutually dependant items are given on the same command line. And that's lame. Shouldn't your package tool figure out dependencies for you? That was my point (well, that and the fact that up2date couldn't update itself was silly).

Oh, and kir: Just what in the heck is that nonsense you posted? No capitals, no punctuation, no friggin' clue as to what language it is. Keep to English or go find another place to post. Sheesh...

Posted by wee at September 20, 2003 4:17 AM

Thanks.....this was driving me crazy. IT WORKS!

Posted by brian at October 27, 2003 4:16 PM

Back to entry Why can't up2date update itself? | Back to Front Page

Post a comment
Name:


Email Address:


URL:


Comments:


Remember info?