Red Hat Offline Updates

Posted on

Edit: nevermind, got this figured out by using a vulnerability scanner that outlines exactly what packages need updating and to what version!

Preface: I'm not very experienced in Red Hat, so bear with me if this question is incredibly silly. I've been charged with patching an offline Red Hat 7.9 system we have and am currently in the Errata section of the downloads page for RHEL Server 7.

I pick a security update at the top, for example, RHSA-2023:5622. The general description of the patch is a kernel security fix and bug fix update. Great! Let's patch this kernel. So I click on the 'updated packages' button. I see a SRPM at the top, which to my understanding, is a source code .rpm file used by developers to edit the update to apply to specialized environments?

Either way, I go down to x86_64, and there is a huuuuuge list of different .rpm files, all named different things. Stuff like kernel-abi-whitelist, bpftool, perf, kernel-tools-libs, etc.

Explaining it to me like I'm a toddler who has only ever discovered Red Hat today, how exactly should I navigate these files? I assume many of those .rpm files correlate to a package installed on the system, but running the 'rpm -qa' command outputs a metric ton of installed packages on my system. Do I have to go down the list and correlate each .rpm file to every package present on my system, and download them manually for each?

I tried installing the 'kernel-3.10.0-1160.102.1.el7.x86_64.rpm' file, thinking maybe this was the generic kernel update, but it just errors out and says 'failed dependencies bind-libs(x86_64)...etc'.

The system needing patches will never touch the outside internet, so what is my best option here?

TL

Responses