Daily (nightly) cron-driven patching does not sit well with LIDS. The only practical approach is to temporarily disable LIDS, patch and then immediately re-enable the system. The script below will does exactly this for a Debian system, but should NOT be used as is since it contains the LIDS password in plain text. Usage:
#!/bin/bash # # 1. Runs "apt-get update" and "apt-get --download-only upgrade" before # issuing "lidsadm -S -- -LIDS_GLOBAL", then "apt-get -u upgrade" and # finally "lidsadm -S -- +LIDS_GLOBAL", thus minimising the time # for which LIDS is disabled. # # 2. Creates temporary expect scripts to temporarily disable and later # enable LIDS. # # -- update : ------------------------------------------------------------------ # /usr/bin/apt-get update # ...writes to /var/cache/apt/pkgcache.bin # srcpkgcache.bin # -- download : ---------------------------------------------------------------- # /usr/bin/apt-get --download-only upgrade # ...writes to /var/cache/apt/archives/ # -- create expect script to enable LIDS : ------------------------------------- # echo "#!/usr/bin/expect" > /tmp/simonh.simonh echo " " >> /tmp/simonh.simonh echo "set timeout 5000 " >> /tmp/simonh.simonh echo " " >> /tmp/simonh.simonh echo "spawn lidsadm -S -- -LIDS_GLOBAL" >> /tmp/simonh.simonh echo "expect \"password: \"" >> /tmp/simonh.simonh echo "send \"<password>\r\"" >> /tmp/simonh.simonh echo "expect \"changed.\"" >> /tmp/simonh.simonh echo "exit" >> /tmp/simonh.simonh # -- switch to "-LIDS_GLOBAL" : ------------------------------------------------ # chmod 700 /tmp/simonh.simonh /tmp/simonh.simonh rm -f /tmp/simonh.simonh # -- install : ----------------------------------------------------------------- # /usr/bin/apt-get -y upgrade # -- create expect script to disable LIDS : ------------------------------------ # echo "#!/usr/bin/expect" > /tmp/simonh.simonh echo " " >> /tmp/simonh.simonh echo "set timeout 5000 " >> /tmp/simonh.simonh echo " " >> /tmp/simonh.simonh echo "spawn lidsadm -S -- +LIDS_GLOBAL" >> /tmp/simonh.simonh echo "expect \"password: \"" >> /tmp/simonh.simonh echo "send \"<password>\r\"" >> /tmp/simonh.simonh echo "expect \"changed.\"" >> /tmp/simonh.simonh echo "exit" >> /tmp/simonh.simonh # -- switch to "+LIDS_GLOBAL" : ------------------------------------------------ # chmod 700 /tmp/simonh.simonh /tmp/simonh.simonh rm -f /tmp/simonh.simonh
...previous | up (conts) | next... |