aws-RunPatchBaseline doesn´t install new packages through apt-get - amazon-web-services

After running a few tests through AWS SSM Document aws-RunPatchBaseline, the content code used for Debian based OS like Ubuntu doesn´t truly install any required packages even setting this with "install" parameter and being executed. Is this something that needs to be fixed or why does this SSM document work this way without truly installing packages.
From documentation, please see below:
apt-get update downloads the package lists from the repositories and "updates" them to get information on the newest versions of packages and their dependencies. It will do this for all repositories and PPAs. From http://linux.die.net/man/8/apt-get:
Used to re-synchronize the package index files from their sources. The indexes of available packages are fetched from the location(s) specified in /etc/apt/sources.list(5). An update should always be performed before an upgrade or dist-upgrade.
apt-get upgrade will fetch new versions of packages existing on the machine if APT knows about these new versions by way of apt-get update.
From http://linux.die.net/man/8/apt-get:
Used to install the newest versions of all packages currently installed on the system from the sources enumerated in /etc/apt/sources.list(5). Packages currently installed with new versions available are retrieved and upgraded; under no circumstances are currently installed packages removed, nor are packages that are not already installed retrieved and installed. New versions of currently installed packages that cannot be upgraded without changing the install status of another package will be left at their current version. [Emphasis mine] An update must be performed first so that apt-get knows that new versions of packages are available.
Currently code content has this:
" apt-get update >/dev/null",
" fi",
"}",
¿Should I add a custom line or create a custom ssm with apt-get upgrade -y after apt-get update?, this document is supossed to work by installing packages, but so far on Ubuntu for example it just doesn´t do anything besides updating the package lists from repos (without installing any).

In my experience, on Ubuntu 20.04, it works. You can verify this by checking apt logs after you run AWS-RunPatchBaseline on such an instance. The logs are located in:
/var/log/apt/history.log
and
/var/log/apt/term.log
Since you have provided any details on what where your tests, which linux distribution did you use, nor provided any log output with possible errors of ssm agent or apt, it is difficult to speculate why it does not work for you.
The actual upgrade is performed by a python script, not the command you listed. You can inspect its code after you run AWS-RunPatchBaseline:
/var/log/amazon/ssm/patch-baseline-operations

Related

rpm glibc Centos 7

How can I install both of them on CentOS 7? They both depend on each other. The machine is not connected to the internet.
[efe#localhost Desktop]$ sudo rpm -i glibc-2.17-317.el7.x86_64.rpm
warning: glibc-2.17-317.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
error: Failed dependencies:
glibc-common = 2.17-317.el7 is needed by glibc-2.17-317.el7.x86_64
[efe#localhost Desktop]$ sudo rpm -i glibc-common-2.17-317.el7.x86_64.rpm
warning: glibc-common-2.17-317.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
error: Failed dependencies:
glibc = 2.17-317.el7 is needed by glibc-common-2.17-317.el7.x86_64
EDIT1: I have installed 2.17-292 for everything on x86_64 and it is successful. However, for i686 (yes, I need both unfortunately) I have tried to combine all packages into single command, lots of other dependencies appeared. I have tried to install 2.17-292 like I did for x86_64, this is the final output with errors. Before this last command, dependency errors appeared all the time, this is the first different error.
[efe#localhost packages]$ sudo rpm -i glibc-2.17-292.el7.i686.rpm glibc-common-2.17-292.el7.i686.rpm glibc-headers-2.17-292.el7.i686.rpm glibc-devel-2.17-292.el7.i686.rpm nss-softokn-freebl-3.44.0-8.el7_7.i686.rpm nspr-4.25.0-2.el7_9.i686.rpm nss-util-3.53.1-1.el7_9.i686.rpm libselinux-2.5-15.el7.i686.rpm libsepol-2.5-10.el7.i686.rpm pcre-8.32-17.el7.i686.rpm libgcc-4.8.5-44.el7.i686.rpm libstdc++-4.8.5-44.el7.i686.rpm
warning: glibc-2.17-292.el7.i686.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
file /usr/bin/ldd from install of glibc-common-2.17-292.el7.i686 conflicts with file from package glibc-common-2.17-292.el7.x86_64
file /usr/lib/locale/locale-archive.tmpl from install of glibc-common-2.17-292.el7.i686 conflicts with file from package glibc-common-2.17-292.el7.x86_64
file /usr/share/gcc-4.8.2/python/libstdcxx/v6/printers.pyc from install of libstdc++-4.8.5-44.el7.i686 conflicts with file from package libstdc++-4.8.5-36.el7.x86_64
file /usr/share/gcc-4.8.2/python/libstdcxx/v6/printers.pyo from install of libstdc++-4.8.5-44.el7.i686 conflicts with file from package libstdc++-4.8.5-36.el7.x86_64
EDIT2: I have entered a command as suggested by Florian Weimer.
[efe#localhost i686]$ sudo yum update *.rpm
Loaded plugins: fastestmirror, langpacks
Examining glibc-2.17-292.el7.i686.rpm: glibc-2.17-292.el7.i686
Package glibc.i686 not installed, cannot update it. Run yum install to install it instead.
Examining glibc-common-2.17-292.el7.i686.rpm: glibc-common-2.17-292.el7.i686
Package glibc-common.i686 not installed, cannot update it. Run yum install to install it instead.
Examining glibc-devel-2.17-292.el7.i686.rpm: glibc-devel-2.17-292.el7.i686
Package glibc-devel.i686 not installed, cannot update it. Run yum install to install it instead.
Examining glibc-headers-2.17-292.el7.i686.rpm: glibc-headers-2.17-292.el7.i686
Package glibc-headers.i686 not installed, cannot update it. Run yum install to install it instead.
Examining libgcc-4.8.5-44.el7.i686.rpm: libgcc-4.8.5-44.el7.i686
Marking libgcc-4.8.5-44.el7.i686.rpm as an update to libgcc-4.8.5-36.el7.x86_64
Examining libselinux-2.5-15.el7.i686.rpm: libselinux-2.5-15.el7.i686
Marking libselinux-2.5-15.el7.i686.rpm as an update to libselinux-2.5-14.1.el7.x86_64
Examining libsepol-2.5-10.el7.i686.rpm: libsepol-2.5-10.el7.i686
Package libsepol.i686 not installed, cannot update it. Run yum install to install it instead.
Examining libstdc++-4.8.5-44.el7.i686.rpm: libstdc++-4.8.5-44.el7.i686
Marking libstdc++-4.8.5-44.el7.i686.rpm as an update to libstdc++-4.8.5-36.el7.x86_64
Examining nspr-4.25.0-2.el7_9.i686.rpm: nspr-4.25.0-2.el7_9.i686
Marking nspr-4.25.0-2.el7_9.i686.rpm as an update to nspr-4.19.0-1.el7_5.x86_64
Examining nss-softokn-freebl-3.44.0-8.el7_7.i686.rpm: nss-softokn-freebl-3.44.0-8.el7_7.i686
Marking nss-softokn-freebl-3.44.0-8.el7_7.i686.rpm as an update to nss-softokn-freebl-3.36.0-5.el7_5.x86_64
Examining nss-util-3.53.1-1.el7_9.i686.rpm: nss-util-3.53.1-1.el7_9.i686
Marking nss-util-3.53.1-1.el7_9.i686.rpm as an update to nss-util-3.36.0-1.el7_5.x86_64
Examining pcre-8.32-17.el7.i686.rpm: pcre-8.32-17.el7.i686
Package pcre.i686 not installed, cannot update it. Run yum install to install it instead.
Resolving Dependencies
--> Running transaction check
---> Package libgcc.x86_64 0:4.8.5-36.el7 will be updated
--> Processing Dependency: libgcc(x86-64) for package: redhat-lsb-core-4.1-27.el7.centos.1.x86_64
Loading mirror speeds from cached hostfile
Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=os&infra=stock error was
14: curl#6 - "Could not resolve host: mirrorlist.centos.org; Unknown error"
One of the configured repositories failed (Unknown),
and yum doesn't have enough cached data to continue. At this point the only
safe thing yum can do is fail. There are a few ways to work "fix" this:
1. Contact the upstream for the repository and get them to fix the problem.
2. Reconfigure the baseurl/etc. for the repository, to point to a working
upstream. This is most often useful if you are using a newer
distribution release than is supported by the repository (and the
packages for the previous distribution release still work).
3. Run the command with the repository temporarily disabled
yum --disablerepo=<repoid> ...
4. Disable the repository permanently, so yum won't use it by default. Yum
will then just ignore the repository until you permanently enable it
again or use --enablerepo for temporary usage:
yum-config-manager --disable <repoid>
or
subscription-manager repos --disable=<repoid>
5. Configure the failing repository to be skipped, if it is unavailable.
Note that yum will try to contact the repo. when it runs most commands,
so will have to try and fail each time (and thus. yum will be be much
slower). If it is a very temporary problem though, this is often a nice
compromise:
yum-config-manager --save --setopt=<repoid>.skip_if_unavailable=true
Cannot find a valid baseurl for repo: base/7/x86_64
You can upgrade all the packages at the same time, using a command like this one:
sudo rpm -U glibc-2.17-317.el7.x86_64.rpm glibc-common-2.17-317.el7.x86_64.rpm
Or you can use yum update, like this:
sudo yum update --disablerepo="*" *.rpm
This has the advantage that packages not installed are not automatically installed by the upgrade (unless dependencies require it). --disablerepo="*" ensures that yum update does not try to download anything.
jlehtone in forums.centos.org solved my situation. I just needed to write
sudo rpm -i glibc-2.17-292.el7.i686.rpm nss-softokn-freebl-3.44.0-8.el7_7.i686.rpm nspr-4.25.0-2.el7_9.i686.rpm nss-util-3.53.1-1.el7_9.i686.rpm
Link to forums.centos.org

Getting the following error: Could not find a version that satisfies the requirement command-not-found==0.3

I am deploying a Django app using Heroku.
When I run
git push heroku master
in my terminal I get the following error:
Could not find a version that satisfies the requirement command-not-found==0.3"
When I run
sudo apt-get install command-not-found
I find that command-not-found is version 20.04.2. However, pip freeze tells me command-not-found is version 0.3.
command-not-found doesn't seem to exist on PyPI, but it is a package in Ubuntu and Debian repositories. It doesn't look like anything that your application should depend on, and it certainly doesn't belong on Heroku.
I suspect
you're trying to create your dependencies file after the fact, by simply doing pip freeze > requirements.txt, and
that you're either not working in a virtual environment or you created your virtual environment with system packages.
This is an antipattern that will cause several packages that your application doesn't actually need to be included in your requirements.txt. In this case it is even including Python packages that come from system packages and aren't meant to be installed from PyPI. Your requirements.txt should contain only your actual dependencies.
Instead of creating it with pip freeze after the fact, add things to that file before, and install them into your virtual environment with the same pip install -r requirements.txt command that you'll use in production. I also very strongly urge you to use a virtual environment.
In this case, I suggest you edit your requirements.txt and remove anything you don't actually need, commit, and redeploy.

Why is desired version of libboost-all-dev not found when building Docker container?

I'm trying to build a basic Docker container based on a tutorial. I am on Windows 10 Home version 2004, and I am using the standard command line. I've created the following Docker file to facilitate this, with the only change from the tutorial's version being my older version of gcc:
FROM gcc:6.3.0
RUN apt-get -qq update
RUN apt-get -qq upgrade
RUN apt-get -qq install cmake
RUN apt-get install libboost-all-dev=1.62.0.1
RUN apt-get -qq install build-essential libtcmalloc-minimal4 && \
ln -s /usr/lib/libtcmalloc_minimal.so.4 /usr/lib/libtcmalloc_minimal.so
Once the script gets to the step where it tries to install libboost-all-dev I get the following output:
Reading package lists...
Building dependency tree...
Reading state information...
E: Version '1.62.0.1' for 'libboost-all-dev' was not found
The command '/bin/sh -c apt-get install libboost-all-dev=1.62.0.1' returned a non-zero code: 100
and the build stops.
I've tried updating the build script to use the current version of Boost (1.74.0) as well and get the same issue. I'm not really finding any solutions in my research online and the output is not very helpful in trying to figure out what the issue is. Could anyone with more experience with installing Boost as part of the Docker process point me in the right direction?
The package manager will only be able to install versions of Boost that it knows exist, based on the enabled package manager repositories. There is typically only one version of Boost in the default repositories. In my experience, this applies to any Linux OS that supplies Boost, not only those that are run within a Docker container.
The Docker image you started with, gcc:6.3.0, appears to have only Boost version 1.55.0.2, so requesting any other version will yield the same error.
If you want a different version of Boost in your image, you can follow the typical steps for installing a different version of Boost outside a Docker container. These steps are well-documented on Stack Overflow, or you might find a repository such as this to enable in your package manager to directly install it from apt-get.

apt-get update in a dockerfile destroys app consistency?

In the dockerfiles I have seen, and the in the best practices for writing a docker file: https://docs.docker.com/engine/reference/builder/#copy, when apt-get is used to install some packages, apt-get update is always run first. I have a concern on this because the app we build in the corresponding docker container would depend on these installed packages, if there is some inconsistency in the newest version of the installed packages, the software we build will not work right any more. Why we do not specify a version of the packages, but use apt-get update instead?
From the man page for apt-get:
update is used to resynchronize the package index files from their
sources. The indexes
of available packages are fetched from the location(s) specified in
/etc/apt/sources.list. For example, when using a Debian archive, this command retrieves
and scans the Packages.gz files, so that information about new and updated packages is
available. An update should always be performed before an upgrade or dist-upgrade.
Please be aware that the overall progress meter will be incorrect as the size of the
package files cannot be known in advance.
You can try running apt-get install without running update on a docker image but you'll probably find that a lot of things will fail to install because the package indexes are out of date.
Once you update the package data, then you can specify a specific version for packages when you run install e.g.
apt update && apt install -y \
git=1:2.7.4-0ubuntu1.4
Example with docker container:
> sudo docker run -it ubuntu:16.04 /bin/bash
# root#513eb786d86d:/# apt install git
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package git
root#513eb786d86d:/# apt install git=1:2.7.4-0ubuntu1.4
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package git
root#513eb786d86d:/# apt update
...
root#513eb786d86d:/# apt install git=1:2.7.4-0ubuntu1.4
# works this time!

How to restore gsutil command?

I have updated Google Cloud SDK to the latest version 135.0.0 from
After the update , I got the following message.
WARNING: There are older versions of Google Cloud Platform tools on
your system PATH. Please remove the following to avoid accidentally
invoking these old tools:
/usr/bin/git-credential-gcloud.sh
/usr/bin/bq
/usr/bin/gcloud
/usr/bin/gsutil
So I have deleted all the above folders.
After that gsutil stopped working.
Please help me how can I resolve the issue.
The issue that it was installed via
sudo apt-get update && sudo apt-get install google-cloud-sdk
see
https://cloud.google.com/sdk/docs/#deb
and you should have used the same mechanism to upgrade.
gcloud is also kind of a package manager, and is able to upgrade itself and its depended packages. Unfortunately if you use gcloud itself to upgrade it installs it in different location. It likely does not work because new location needs to be added to your path.
You can try to reinstall googcle-cloud-sdk package via apt-get.