On Wed, 2011-03-23 at 10:35 +0100, andreas palsson wrote: > Due to security, none of these machines have access to Internet. > > Now to the question; how to keep all those machines up to date with > the latest packages? > > First, I imagine I have to set up a complete package repository. > Using the contents of the Fedora DVD should be sufficient? Not really. The DVD only has a small amount of the packages that are available. The repos have many more packages than would fit on a DVD. And this would only be useful for an initial install, not updates. > > Next, since the server is not connected to Internet either.. > How do I keep the repository manually updated and synchronized with > the official mirrors? At least one machine, somewhere, has access to the internet, so it can get updates. If all the machines have the same packages installed, this is fairly simple (you keep it up to date, and test that it doesn't suddenly stop working, then you use its downloaded files to update the rest of your computers). If the machines have different packages, then the simple solution is to use a simple HTTP caching proxy to access just one repo mirror, and have all your machines request packages through it. Your server doesn't have to be the machine doing this. If you're isolating your network from the internet, it makes sense to have one machine that can connect to the internet, that's at arm's length from the rest of your network. Only having the minimum of possible communication between either side. > Last, how can I make a package which users can simply install to point > their machines to update from the above mentioned server only, and > remove the other install sources? I haven't kept up to date with the current systems, but the yum repo files were set up by the various *release* packages. If you make your own release package(s), which sets up the repo files with your local mirror as the YUM package installing and updating server addresses, that should configure the clients for you. Have a look at what owns the various files inside: /etc/yum.repo i.e. rpm -qf /etc/yum.repos.d/* Since you haven't defined what you mean by "due to security" you're only going to get vague advice, or a plethora of answers which you can't actually implement. Some might be concerned about your clients being able to make unauthorised connections to the internet, others about random outsiders connecting to your network, still others about problem update packages that leave a machine in a non-working state, and there's a plethora of different security concerns. You've given no clues. If you're not going to give more information, you're going to have to do more research, yourself. Look into setting up local repo mirrors. -- [tim@localhost ~]$ uname -r 2.6.27.25-78.2.56.fc9.i686 Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
