JRDN
Jason Roysdon dot Net

Following Fedora Package releases for RHEL/CentOS admins

January 19th 2010 in Linux, Security

There comes times where you need a feature not yet in the version of a Package that RedHat has released yet for Enterprise Linux (RHEL, or just EL). BIND is a perfect example of this.

RedHat still ships BIND 9.3 (with back-ported bug-fixes for security), but for full DNSSEC support you want Fedora's BIND 9.6.

My goal: don't go totally off the beaten path and compile from source from the BIND upstream, don't become a package maintainer, don't trust a non-RedHat source, but still don't want to even have to think much about any of these non-Official Packages I'm using until updates come out. Fast and proven aren't always compatible, so at least "tested" from RedHat/Fedora will work for me.

My middle-ground is to use Fedora SRPMs on CentOS. I've already detailed how to do that in the last link, but now I'm going to detail how you stay abreast of specific Package updates, as the Fedora sites are not as friendly as they could be for those that don't use them daily.

Websites change, but here are the basics: Get a Fedora Project sign-on. Once you have that, use the Fedora Package Database to get notifications of updates. There are many different places to search for RPMs, even within official Fedora sites, but this is a specific site, and not koji nor bohdi.

As of now, this is done by these exact steps:

  • Visit FedoraProject.org and click on the Join Fedora link.
  • Click the either of the "set up an account using the Fedora Account System" links and sign up.
  • Visit the Fedora Package Database site (bookmark it!) and login with your new FAS account using the Login link in the top-right corner.
  • Using the Search box on the left, type in the Package you want to watch (in this case, bind).
  • Select the Package name from the search list.
  • Scroll to the bottom and click the Add myself to package button under the latest release, which in this case at this time is Fedora 12 (note: this will only appear when you are logged in with your FAS account).
  • Select the watch commits check-box, and wait to be approved.

That's it. Once your account is approved, you'll get "commit" notifications via email whenever a new Package has been committed to the Fedora release process and once it passes testing you can download the SRPM and compile on RHEL/CentOS. You can always use the bodhi search tool to find the Package info as well once you know there is an update or something you want to find (or watch status on a Package, as it goes from Testing to Pending to Stable).

Yes, there is a new BIND release (9.6.1-P3) today to address more cache security issues. It is about to come out for Fedoras 11 & 12, and I needed to find out how to update my notifications from tracking F11 commits to F12 commits. I figured I'd document this once and for all so I could find it again for when each new Fedora ships and I need to go through this again, and hopefully someone else will find it useful.

--

Update Mar 4, 2010: I have asked for a BIND 9.6 tech preview for RHEL5 in filing bugid 570611


One comment to...
“Following Fedora Package releases for RHEL/CentOS admins”
Building BIND 9.6 on RHEL5 / CentOS5 for DNSSEC NSEC3 support « ROYSDON
wrote on January 19th, 2010

[...] subscribe to Fedora bind updates so you can repeat as bug fixes are released. (I’ve written a detailed post describing how to do this). Comments [...]




required



required - won't be displayed


Your Comment:

If you were a Comcast customer from around 2006 - 2008 and used a Bittorrent client, you're entitled to $16.

Previous Entry

Using rsnapshot to create 7 daily + 4 weekly + 12 monthly + yearly backups without a large amount of storage, and allowing for manual backups with my custom script.

Next Entry

Archives
Categories
Links