You are not logged in.

Pages: 1

#1 2017-08-09 13:24:16

jeffmikels
Member
Registered: 2007-04-19
Posts: 36

Using Arch as a Server (security updates and other conversations)

I've been using Arch Linux for my home server for over 10 years now. It has survived multiple hardware upgrades and even a migration from 32 bit to 64. It is by far my favorite Linux flavor.

Pacman is really the reason. I manage a number of ubuntu servers also, but apt can't hold a candle to pacman.

Still, there is one issue that bothers me when it comes to running Arch Linux as a server. Version stability.

Sometimes, I need a particular version of a package, but I want to get security updates to that version. With Arch, the version in the repo is always the latest stable version. I can tell pacman to hold a package back, but that strategy still doesn't give me security updates backported to the version I run.

Can anyone give me a suggestion for how to bridge this security gap? Or am I doing something wrong?

...using Arch as a home server since 2006.

Offline

#2 2017-08-09 13:29:21

Slithery
Administrator
From: Norfolk, UK
Registered: 2013-12-01
Posts: 5,776

Re: Using Arch as a Server (security updates and other conversations)

jeffmikels wrote:

Sometimes, I need a particular version of a package, but I want to get security updates to that version.

For what reason?

If it's to run a legacy or closed-sorce application that doesn't build/run on newer versions then the usual answer is to make use of containers, VM's, docker, etc.
There are also things like virtualenv for python depending on which packages you're talking about. Flatpaks or snaps could also be an option, although both still in their infancy.

Last edited by Slithery (2017-08-09 13:32:17)

No, it didn't "fix" anything. It just shifted the brokeness one space to the right. - jasonwryan
Closing -- for deletion; Banning -- for muppetry. - jasonwryan

aur - dotfiles

Offline

#3 2017-08-09 15:15:40

jeffmikels
Member
Registered: 2007-04-19
Posts: 36

Re: Using Arch as a Server (security updates and other conversations)

slithery wrote:
jeffmikels wrote:

Sometimes, I need a particular version of a package, but I want to get security updates to that version.

For what reason?

The problem is mostly with PHP, but it shows up with other frameworks like Node, Python, etc. When the framework introduces breaking changes (and they frequently do), Arch will happily update the framework to the latest version even though many apps are slow to update. In those cases, the framework will automatically update leaving the app in a broken state.

I like your suggestion of using docker, but that doesn't solve the problem of security updates for older versions unless I use a different distro for inside my container.

I'd love to have a pacman based Linux distro that provides BOTH a rolling release model AND the option to Hold certain packages to major versions while still receiving security updates. That's my dream.

As a consolation, I have been using Ubuntu LTS versions for all my production servers.

...using Arch as a home server since 2006.

Offline

#4 2017-08-09 15:40:01

Slithery
Administrator
From: Norfolk, UK
Registered: 2013-12-01
Posts: 5,776

Re: Using Arch as a Server (security updates and other conversations)

You can have multiple versions of PHP installed on your system. Check out the available options in the AUR, they are named phpXX - for example php56 will install 5.6.31.
As I stated above, you can use virtualenv to install different python versions for individual projects, I believe that npm will let you do the same for node.

No, it didn't "fix" anything. It just shifted the brokeness one space to the right. - jasonwryan
Closing -- for deletion; Banning -- for muppetry. - jasonwryan

aur - dotfiles

Offline

#5 2017-08-09 19:50:08

jeffmikels
Member
Registered: 2007-04-19
Posts: 36

Re: Using Arch as a Server (security updates and other conversations)

slithery wrote:

You can have multiple versions of PHP installed on your system. Check out the available options in the AUR, they are named phpXX - for example php56 will install 5.6.31.
As I stated above, you can use virtualenv to install different python versions for individual projects, I believe that npm will let you do the same for node.

Now, that might be my solution... thank you!

...using Arch as a home server since 2006.

Offline

#6 2017-08-09 21:21:04

eschwartz
Fellow
Registered: 2014-08-08
Posts: 4,097

Re: Using Arch as a Server (security updates and other conversations)

You think you want old versions of the nodejs package with backported security fixes. What you actually want is the nodejs-lts-argon or nodejs-lts-boron package. smile
Which are the official repo packages for the NodeJS upstream LTS releases for NodeJS 4 and 6.

And yes, more generally you can probably find a package for legacy versions of most things. Though I don't think you should really have problems with Python in that regard??? It's pretty stable.

Managing AUR repos The Right Way -- aurpublish (now a standalone tool)

Offline

Pages: 1

Board footer

Powered by FluxBB