On Feb 28, 2007, at 9:48 AM, Alfred von Campe wrote:
The reasons why, your guess is as good as mine. If the machine's part of an automated provisioning system and is, at least in a network sense, exposed to untrusted users from the instant it's available perhaps he's like the box patched up ASAP?
No, it's not really for security reasons. It's for performance (or efficiency). Doing the "yum -y update" in the %post adds considerable time to the total install. I'm working on creating a CentOS VM to be used here at work, and while I'm still in the testing phase, I'd like to reduce the turnaround time. Also, I think I can reduce the VM footprint if I install the final version of all the RPMS initially, instead of installing 4.4 first and then all the updates.
this document may be of assistance:
http://tldp.org/HOWTO/RedHat-CD-HOWTO/index.html
in particular, section 5, "Including the updates", tells you about the comps.xml file, which defines the packages that make up a distribution. you'll need to move the updated packages into place, then edit comps.xml so that it knows about the updated packages, then run genhdlist to create base/hdlist and base/hdlist2.
more useful links can be found in this thread from the archives:
http://lists.centos.org/pipermail/centos/2005-July/049047.html
good luck, -steve
p.s. since you're doing this on a VM, why not save a snapshot of a pristine build and just revert to that, instead of rebuilding and rebuilding new VMs?
-- If this were played upon a stage now, I could condemn it as an improbable fiction. - Fabian, Twelfth Night, III,v