On Feb 28, 2007, at 9:48 AM, Alfred von Campe wrote: >> The reasons why, your guess is as good as mine. If the machine's part >> of an automated provisioning system and is, at least in a network >> sense, exposed to untrusted users from the instant it's available >> perhaps he's like the box patched up ASAP? > > No, it's not really for security reasons. It's for performance (or > efficiency). Doing the "yum -y update" in the %post adds > considerable time to the total install. I'm working on creating a > CentOS VM to be used here at work, and while I'm still in the > testing phase, I'd like to reduce the turnaround time. Also, I > think I can reduce the VM footprint if I install the final version > of all the RPMS initially, instead of installing 4.4 first and then > all the updates. this document may be of assistance: http://tldp.org/HOWTO/RedHat-CD-HOWTO/index.html in particular, section 5, "Including the updates", tells you about the comps.xml file, which defines the packages that make up a distribution. you'll need to move the updated packages into place, then edit comps.xml so that it knows about the updated packages, then run genhdlist to create base/hdlist and base/hdlist2. more useful links can be found in this thread from the archives: http://lists.centos.org/pipermail/centos/2005-July/049047.html good luck, -steve p.s. since you're doing this on a VM, why not save a snapshot of a pristine build and just revert to that, instead of rebuilding and rebuilding new VMs? -- If this were played upon a stage now, I could condemn it as an improbable fiction. - Fabian, Twelfth Night, III,v