Merge remote-tracking branch 'LCTT/master'

2025-03-03 01:10:13 +08:00 · 2019-09-03 09:13:15 +08:00 · 2019-09-03 09:13:15 +08:00 · 89c909d702
commit 89c909d702
parent 8efa9ed51d ff63580f0c
10 changed files with 1115 additions and 246 deletions
--- a/published/20190825
+++ b/published/20190825
@ -0,0 +1,62 @@
 [#]: collector: (lujun9972)
 [#]: translator: (Morisun029)
 [#]: reviewer: (wxy)
 [#]: publisher: (wxy)
 [#]: url: (https://linux.cn/article-11299-1.html)
 [#]: subject: (Top 5 IoT networking security mistakes)
 [#]: via: (https://www.networkworld.com/article/3433476/top-5-iot-networking-security-mistakes.html)
 [#]: author: (Fredric Paul https://www.networkworld.com/author/Fredric-Paul/)
 五大物联网网络安全错误
 ======
 > IT 供应商兄弟国际公司分享了五种最常见的物联网安全错误，这是从它们的打印机和多功能设备买家中看到的。
 ![Getty Images][1]
 尽管[兄弟国际公司][2]是许多 IT 产品的供应商，从[机床][3]到[头戴式显示器][4]再到[工业缝纫机][5]，但它最知名的产品是打印机。在当今世界，这些打印机不再是独立的设备，而是物联网的组成部分。
 这也是我为什么对罗伯特•伯内特提供的这份列表感兴趣的原因。伯内特是兄弟公司的总监，负责 B2B 产品和提供解决方案。基本上是该公司负责大客户实施的关键人物。所以他对打印机相关的物联网安全错误非常关注，并且分享了兄弟国际公司对于处理这五大错误的建议。
 ### #5：不控制访问和授权
 伯内特说：“过去，成本控制是管理谁可以使用机器、何时结束工作背后的推动力。”当然，这在今天也仍然很重要，但他指出安全性正迅速成为管理控制打印和扫描设备的关键因素。这不仅适用于大型企业，也适用于各种规模的企业。
 ### #4：无法定期更新固件
 让我们来面对这一现实，大多数 IT 专业人员都忙于保持服务器和其他网络基础设施设备的更新，确保其基础设施尽可能的安全高效。“在这日常的流程中，像打印机这样的设备经常被忽视。”但过时的固件可能会使基础设施面临新的威胁。
 ### #3：设备意识不足
 伯内特说：“正确理解谁在使用什么设备，以及整套设备中所有连接设备的功能是什么，这是至关重要的。使用端口扫描技术、协议分析和其他检测技术检查这些设备应作为你的网络基础设施整体安全审查中的一部分。 他常常提醒人们说：“处理打印设备的方法是：如果没有损坏，就不要修理！”但即使是可靠运行多年的设备也应该成为安全审查的一部分。这是因为旧设备可能无法提供更强大的安全设置，或者可能需要更新其配置才能满足当今更高的安全要求，这其中包括设备的监控/报告功能。
 ### #2：用户培训不足
 “应该把培训团队在工作过程中管理文档的最佳实践作为强有力的安全计划中的一部分。”伯内特说道，“然而，事实却是，无论你如何努力地去保护物联网设备，人为因素通常是一家企业在保护重要和敏感信息方面最薄弱的环节。像这些简单的事情，如无意中将重要文件留在打印机上供任何人查看，或者将文件扫描到错误的目的地，不仅会给企业带来经济损失和巨大的负面影响，还会影响企业的知识产权、声誉，引起合规性/监管问题。”
 ### #1：使用默认密码
 “只是因为它很方便并不意味着它不重要！”伯内特说，“保护打印机和多功能设备免受未经授权的管理员访问不仅有助于保护敏感的机器配置设置和报告信息，还可以防止访问个人信息，例如，像可能用于网络钓鱼攻击的用户名。”
 --------------------------------------------------------------------------------
 via: https://www.networkworld.com/article/3433476/top-5-iot-networking-security-mistakes.html
 作者：[Fredric Paul][a]
 选题：[lujun9972][b]
 译者：[Morisun029](https://github.com/Morisun029)
 校对：[wxy](https://github.com/wxy)
 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
 [a]: https://www.networkworld.com/author/Fredric-Paul/
 [b]: https://github.com/lujun9972
 [1]: https://images.idgesg.net/images/article/2019/02/iot_security_tablet_conference_digital-100787102-large.jpg
 [2]: https://www.brother-usa.com/business
 [3]: https://www.brother-usa.com/machinetool/default?src=default
 [4]: https://www.brother-usa.com/business/hmd#sort=%40productcatalogsku%20ascending
 [5]: https://www.brother-usa.com/business/industrial-sewing
 [6]: https://www.networkworld.com/article/2855207/internet-of-things/5-ways-to-prepare-for-internet-of-things-security-threats.html#tk.nww-infsb
 [7]: https://pluralsight.pxf.io/c/321564/424552/7490?u=https%3A%2F%2Fwww.pluralsight.com%2Fpaths%2Fcertified-information-systems-security-professional-cisspr
 [8]: https://www.facebook.com/NetworkWorld/
 [9]: https://www.linkedin.com/company/network-world
--- a/translated/tech/20190826
+++ b/translated/tech/20190826
@ -1,20 +1,22 @@
 [#]: collector: (lujun9972)
 [#]: translator: (geekpi)
-[#]: reviewer: ( )
+[#]: reviewer: (wxy)
-[#]: publisher: ( )
+[#]: publisher: (wxy)
-[#]: url: ( )
+[#]: url: (https://linux.cn/article-11300-1.html)
 [#]: subject: (How to rename a group of files on Linux)
 [#]: via: (https://www.networkworld.com/article/3433865/how-to-rename-a-group-of-files-on-linux.html)
 [#]: author: (Sandra Henry-Stocker https://www.networkworld.com/author/Sandra-Henry_Stocker/)
 如何在 Linux 上重命名一组文件
 ======
 要用单个命令重命名一组文件，请使用 rename 命令。它需要使用正则表达式，并且可以在开始前告诉你会有什么更改。
 ![Manchester City Library \(CC BY-SA 2.0\)][1]
-几十年来，Linux 用户一直使用 **mv** 命令重命名文件。它很简单，并且能做到你要做的。但有时你需要重命名一大组文件。在这种情况下，**rename** 命令可以使这个任务更容易。它只需要一些正则表达式的技巧。
+> 要用单个命令重命名一组文件，请使用 rename 命令。它需要使用正则表达式，并且可以在开始前告诉你会有什么更改。
-与 **mv** 命令不同，**rename** 不允许你简单地指定旧名称和新名称。相反，它使用类似于 Perl 中的正则表达式。在下面的例子中，“s” 指定我们将第一个字符串替换为第二个字符串（旧的），从而将 **this.new** 变为 **this.old**。
+![](https://img.linux.net.cn/data/attachment/album/201909/03/005333hfm8yf90m2gm800g.jpg)
 几十年来，Linux 用户一直使用 `mv` 命令重命名文件。它很简单，并且能做到你要做的。但有时你需要重命名一大组文件。在这种情况下，`rename` 命令可以使这个任务更容易。它只需要一些正则表达式的技巧。
 与 `mv` 命令不同，`rename` 不允许你简单地指定旧名称和新名称。相反，它使用类似于 Perl 中的正则表达式。在下面的例子中，`s` 指定我们将第一个字符串替换为第二个字符串（旧的），从而将 `this.new` 变为 `this.old`。
 ```
 $ rename 's/new/old/' this.new
@ -22,7 +24,7 @@ $ ls this*
 this.old
 ```
-使用 **mv this.new this.old** 可以更容易地进行更改，但是将字符串 “this” 变成通配符  “\*” ，用一条命令将 \*.new 重命名为 \*.old 的话：
+使用 `mv this.new this.old` 可以更容易地进行更改一个，但是将字符串 `this` 变成通配符  `*`，你可以用一条命令将所有的 `*.new` 文件重命名为 `*.old`：
 ```
 $ ls *.new
@ -32,13 +34,13 @@ $ ls *.old
 report.old  schedule.old  stats.old  this.old
 ```
-正如你所料，**rename** 命令不限于更改文件扩展名。如果你需要将名为 “report.*” 的文件更改为 “review.*”，那么可以使用以下命令进行管理：
+正如你所料，`rename` 命令不限于更改文件扩展名。如果你需要将名为 `report.*` 的文件更改为 `review.*`，那么可以使用以下命令做到：
 ```
 $ rename 's/report/review/' *
 ```
-正则表达式中的字符串可以更改文件名的任何部分 - 无论是文件名还是扩展名。
+正则表达式中的字符串可以更改文件名的任何部分，无论是文件名还是扩展名。
 ```
 $ rename 's/123/124/' *
@ -46,7 +48,7 @@ $ ls *124*
 status.124  report124.txt
 ```
-如果你在 **rename** 命令中添加 **-v** 选项，那么该命令将提供一些反馈，以便你可以看到所做的更改，或许会包含你没注意的。这让你注意到并按需还原更改。
+如果你在 `rename` 命令中添加 `-v` 选项，那么该命令将提供一些反馈，以便你可以看到所做的更改，或许会包含你没注意的。这让你注意到并按需还原更改。
 ```
 $ rename -v 's/123/124/' *
@ -54,7 +56,7 @@ status.123 renamed as status.124
 report123.txt renamed as report124.txt
 ```
-另一方面，使用 **-n**（或 **\--nono**）选项会使 **rename** 命令告诉你将要做但不会实际做的更改。这可以让你免于执行不不想要的操作，然后再还原更改。
+另一方面，使用 `-n`（或 `--nono`）选项会使 `rename` 命令告诉你将要做的但不会实际做的更改。这可以让你免于执行不不想要的操作，然后再还原更改。
 ```
 $ rename -n 's/old/save/' *
@ -68,9 +70,9 @@ rename(stats.old, stats.save)
 rename(this.old, this.save)
 ```
-如果你对这些更改满意，那么就可以运行不带 **-n** 选项的命令来更改文件名。
+如果你对这些更改满意，那么就可以运行不带 `-n` 选项的命令来更改文件名。
-但请注意，正则表达式中的 “.” 不会被视为句点，而是作为匹配任何字符的通配符。上面和下面的示例中的一些更改可能不是输入命令的人希望的。
+但请注意，正则表达式中的 `.` **不会**被视为句点，而是作为匹配任何字符的通配符。上面和下面的示例中的一些更改可能不是输入命令的人希望的。
 ```
 $ rename -n 's/.old/.save/' *
@ -82,7 +84,7 @@ rename(stats.old, stats.save)
 rename(this.old, this.save)
 ```
-为确保句点按照字面意思执行，请在它的前面加一个反斜杠。这将使其不被解释为通配符并匹配任何字符。请注意，进行此更改时，仅选择了 “.old” 文件。
+为确保句点按照字面意思执行，请在它的前面加一个反斜杠。这将使其不被解释为通配符并匹配任何字符。请注意，进行此更改时，仅选择了 `.old` 文件。
 ```
 $ rename -n 's/\.old/.save/' *
@ -92,7 +94,7 @@ rename(stats.old, stats.save)
 rename(this.old, this.save)
 ```
-下面的命令会将文件名中的所有大写字母更改为小写，除了使用 -n 选项来确保我们在命令执行之前检查将做的修改。注意在正则表达式中使用了 “y”，这是改变大小写所必需的。
+下面的命令会将文件名中的所有大写字母更改为小写，除了使用 `-n` 选项来确保我们在命令执行之前检查将做的修改。注意在正则表达式中使用了 `y`，这是改变大小写所必需的。
 ```
 $ rename -n 'y/A-Z/a-z/' W*
@ -102,21 +104,20 @@ rename(Wingding_Invites.pdf, wingding_invites.pdf)
 rename(WOW-buttons.pdf, wow-buttons.pdf)
 ```
-在上面的例子中，我们将所有大写字母更改为了小写，但这仅对以大写字母 W 开头的文件名。
+在上面的例子中，我们将所有大写字母更改为了小写，但这仅对以大写字母 `W` 开头的文件名。
 ### 总结
-当你需要重命名大量文件时，**rename** 命令非常有用。请注意不要做比预期更多的更改。请记住，**-n**（或者 **\--nono**）选项可以帮助你避免耗时的错误。
+当你需要重命名大量文件时，`rename` 命令非常有用。请注意不要做比预期更多的更改。请记住，`-n`（或者 `--nono`）选项可以帮助你避免耗时的错误。
 在 [Facebook][4] 和 [LinkedIn][5] 中加入 Network World 社区，评论热门主题。
 --------------------------------------------------------------------------------
-via: 
+via: https://www.networkworld.com/article/3433865/how-to-rename-a-group-of-files-on-linux.html
 作者：[Sandra Henry-Stocker][a]
 选题：[lujun9972][b]
 译者：[geekpi](https://github.com/geekpi)
-校对：[校对者ID](https://github.com/校对者ID)
+校对：[wxy](https://github.com/wxy)
 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
--- a/sources/talk/20190902
+++ b/sources/talk/20190902
@ -0,0 +1,76 @@
 [#]: collector: (lujun9972)
 [#]: translator: ( )
 [#]: reviewer: ( )
 [#]: publisher: ( )
 [#]: url: ( )
 [#]: subject: (Top take-aways from DevOps World 2019)
 [#]: via: (https://opensource.com/article/19/9/devops-world-2019)
 [#]: author: (Patrick Housley https://opensource.com/users/patrickhousley)
 Top take-aways from DevOps World 2019
 ======
 Some of the biggest announcements from August's major DevOps event.
 ![Globe up in the clouds][1]
 In August, I had the opportunity to join more than 2,000 people gathered in San Francisco for DevOps World 2019. Following are some of the most newsworthy announcements from the 150 breakout sessions and 16 workshops held over the four-day event.
 ### Standardizing CI/CD
 The greatest advantage and sometimes the most difficult challenge for our industry is the number of options we have for solving problems. Both are true for continuous integration and continuous development (CI/CD); it seems as though there's a new product or tool every week. This means we have amazing flexibility and control in how we implement CI/CD for our products and organizations. It also means we have a flood of opinions about how CI/CD _should_ be implemented. While there are some agreed-upon concepts (like shift-left), there is not much in the way of standards or best practices. That's not surprising. Continuously integrating features and bug fixes and continuously delivering those to a production environment for customer consumption are still fairly new.
 Our struggles have not gone unnoticed, and in March, the Linux Foundation announced the formation of the [Continuous Delivery Foundation][2]. The CD Foundation's goals are to provide a vendor-neutral home for many of the tools we rely on and to provide support to DevOps practitioners around learning and developing industry best practices. To do this, the CD Foundation is bringing together some of the most-used and fastest-growing open source projects with the companies and users using their solutions. The first projects to join the foundation include Jenkins, Jenkins X, Spinnaker, and Tekton, and its members include CapitalOne, CircleCI, CloudBees, Google, Huawei, Netflix, and many more.
 ### Creating a BOK for CI/CD
 One of the most significant contributors to the success of agile and the [theory of constraints][3] is having a body of knowledge (BOK). A BOK is a collection of industry learnings that embody the principles of a professional domain. For example, the CD Foundation's focus will not be on standardizing the tools we use for CI/CD but on standardizing the collective knowledge about how to implement those tools and CI/CD in general.
 To that end, I want to give a special shout-out to the [DevOps Institute][4], a new member of the CD Foundation. Technology tools and practices can be complex, difficult to learn, and even harder to stay up-to-date on. The DevOps Institute is trying to tackle this by providing training and learning resources to help us stay skilled-up. Even better, it is launching an [Ambassador Program][5] to help spread its reach around the world. I encourage everyone to take a look and consider signing up.
 ### Integrating DevOps metrics and reporting
 It's doubtful we will see any slowdown around the release of new CI/CD tools, and the CD Foundation's and DevOps Institute's valuable initiatives won't affect that. I am also sure we will continue to find innovative ways to move code from our developers' laptops to our production systems (hopefully with some quality checks in between). So, how can we follow the flow of that code from laptop to production? Can we follow new code from a twinkle in a customer's eye to when we release their idea (and see their jumps for joy when we do)?
 In today's DevOps, we use multiple tools to track our work. It usually starts with some type of issue tracker, like Jira or Trello. We work in a feature branch in our code repository and eventually merge to the trunk branch with a pull request. Along the way, our CI tools (like Jenkins) build, test, and scan our code to make sure we didn't fat-finger something, and eventually, our CD tooling deploys our code into pre-production and production environments.
 Even if all these tools are operating perfectly and our CI/CD implementation is the best in the world, we still have one piece missing: How can leadership, product owners, and developers take all the data these tools are generating and construct some knowledge from it? How can these individuals get a bird's-eye view of what features and bug fixes went out in the last 24 hours? How can they monitor the lead time for those changes?
 We can use something along the lines of an [ELK Stack][6] to centralize our data collection and create pretty dashboards. We could also use custom shell scripts to drive our CI/CD instead of Jenkins, but I wouldn't advocate for that. Not that there is anything wrong with ELK, but I'm not a big data engineer, and trying to find what ties the logs of two completely different tools together does not sound fun to me.
 There is a clear gap in tools that can do this off the shelf, and I hope we will see some new offerings in this area soon.
 ### Learning with new book releases
 If like me, you like to learn through reading, following are some new books I picked up at DevOps World that you may want to acquire to further your DevOps knowledge.
  * [_Epic Failures in DevSecOps: Volume 1_][7] edited by Mark Miller
  * [_Effective Feature Management_][8] by John Kodumal
  * [_The Continuous Application Security Handbook_][9] by Contrast Security
  * [_Engineering DevOps_][10] by Marc Hornbeek
  * [_The Unicorn Project_][11] by Gene Kim
 --------------------------------------------------------------------------------
 via: https://opensource.com/article/19/9/devops-world-2019
 作者：[Patrick Housley][a]
 选题：[lujun9972][b]
 译者：[译者ID](https://github.com/译者ID)
 校对：[校对者ID](https://github.com/校对者ID)
 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
 [a]: https://opensource.com/users/patrickhousley
 [b]: https://github.com/lujun9972
 [1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/cloud-globe.png?itok=_drXt4Tn (Globe up in the clouds)
 [2]: https://cd.foundation/
 [3]: https://en.wikipedia.org/wiki/Theory_of_constraints
 [4]: https://devopsinstitute.com/
 [5]: https://devopsinstitute.com/become-a-community-member/devops-institute-ambassador/
 [6]: https://www.elastic.co/what-is/elk-stack
 [7]: https://www.amazon.com/Epic-Failures-DevSecOps-Mark-Miller/dp/1728806992
 [8]: https://launchdarkly.com/effective-feature-management-ebook/
 [9]: https://www.contrastsecurity.com/continuous-app-sec-cas
 [10]: https://engineeringdevops.com/
 [11]: https://www.amazon.com/gp/product/1942788762
--- a/sources/talk/20190902
+++ b/sources/talk/20190902
@ -0,0 +1,106 @@
 [#]: collector: (lujun9972)
 [#]: translator: ( )
 [#]: reviewer: ( )
 [#]: publisher: ( )
 [#]: url: ( )
 [#]: subject: (Why I use Java)
 [#]: via: (https://opensource.com/article/19/9/why-i-use-java)
 [#]: author: (Chris Hermansen https://opensource.com/users/clhermansen)
 Why I use Java
 ======
 There are probably better languages than Java, depending on work
 requirements. But I haven't seen anything yet to pull me away.
 ![Coffee beans][1]
 I believe I started using Java in 1997, not long after [Java 1.1 saw the light of day][2]. Since that time, by and large, I've really enjoyed programming in Java; although I confess these days, I'm as likely to be found writing [Groovy][3] scripts as "serious code" in Java.
 Coming from a background in [FORTRAN][4], [PL/1][5], [Pascal][6], and finally [C][7], I found a lot of things to like about Java. Java was my first significant hands-on experience with [object-oriented programming][8]. By then, I had been programming for about 20 years, and it's probably safe to say I had some ideas about what mattered and what didn't.
 ### Debugging as a key language feature
 I really hated wasting time tracking down obscure bugs caused by my code carelessly iterating off the end of an array, especially back in the days of programming in FORTRAN on IBM mainframes. Another subtle problem that cropped up from time to time was calling a subroutine with a four-byte integer argument that was expecting two bytes; on small-endian architecture, this was often a benign bug, but on big-endian machines, the value of the top two bytes was usually, but not always, zero.
 Debugging in that batch environment was pretty awkward, too—poring through core dumps or inserting print statements, which themselves could move bugs around or even make them disappear.
 So my early experiences with Pascal, first on [MTS][9], then using the same MTS compiler on [IBM OS/VS1][10], made my life a lot easier. Pascal's [strong and static typing][11] were a big part of the win here, and every Pascal compiler I have used inserts run-time checks on array bounds and ranges, so bugs are detected at the point of occurrence. When we moved most of our work to a Unix system in the early 1980s, porting the Pascal code was a straightforward task.
 ### Finding the right amount of syntax
 But for all the things I liked about Pascal, my code was wordy, and the syntax seemed to have a tendency to slightly obscure the code; for example, using:
 ```
 `if … then begin … end else … end`
 ```
 instead of:
 ```
 `if (…) { … } else { … }`
 ```
 in C and similar languages. Also, some things were quite hard to do in Pascal and much easier to do in C. But, as I began to use C more and more, I found myself running into the same kind of errors I used to commit in FORTRAN—running off the end of arrays, for example—that were not detected at the point of the original error, but only through their adverse effects later in the program's execution. Fortunately, I was no longer living in the batch environment and had great debugging tools at hand. Still, C gave me a little too much flexibility for my own good.
 When I discovered [awk][12], I found I had a nice counterpoint to C. At that time, a lot of my work involved transforming field data and creating reports. I found I could do a surprising amount of that with awk, coupled with other Unix command-line tools like sort, sed, cut, join, paste, comm, and so on. Essentially, these tools gave me something a lot like a relational database manager for text files that had a column-oriented structure, which was the way a lot of our field data came in. Or, if not exactly in that format, most of the time the data could be unloaded from a relational database or from some kind of binary format into that column-oriented structure.
 String handling, [regular expressions][13], and [associative arrays][14] supported by awk, as well as the basic nature of awk (it's really a data-transformation pipeline), fit my needs very well. When confronted with binary data files, complicated data structuring, and absolute performance needs, I would still revert to C; but as I used awk more and more, I found C's very basic string support more and more frustrating. As time went on, more and more often I would end up using C only when I had to—and probably overusing awk the rest of the time.
 ### Java is the right level of abstraction
 And then along came Java. It looked pretty good right out of the gate—a relatively terse syntax reminiscent of C, or at least, more so than Pascal or any of those other earlier experiences. It was strongly typed, so a lot of programming errors would get caught at compile time. It didn't seem to require too much object-oriented learning to get going, which was a good thing, as I was barely familiar with [OOP design patterns][15] at the time. But even in the earliest days, I liked the ideas behind its simplified [inheritance model][16]. (Java allows for single inheritance with interfaces provided to enrich the paradigm somewhat.)
 And it seemed to come with a rich library of functionality (the concept of "batteries included") that worked at the right level to directly meet my needs. Finally, I found myself rapidly coming to like the idea of both data and behavior being grouped together in objects. This seemed like a great way to explicitly control interactions among data—much better than enormous parameter lists or uncontrolled access to global variables.
 Since then, Java has grown to be the Helvetic military knife in my programming toolbox. I will still write stuff occasionally in awk or use Linux command-line utilities like cut, sort, or sed when they're obviously and precisely the straightforward way to solve the problem at hand. I doubt if I've written 50 lines of C in the last 20 years, though; Java has completely replaced C for my needs.
 In addition, Java has been improving over time. First of all, it's become much more performant. And it's added some really useful capabilities, like [try with resources][17], which very nicely cleans up verbose and somewhat messy code dealing with error handling during file I/O, for example; or [lambdas][18], which provide the ability to declare functions and pass them as parameters, instead of the old approach, which required creating classes or interfaces to "host" those functions; or [streams][19], which encapsulate iterative behavior in functions, creating an efficient data-transformation pipeline materialized in the form of chained function calls.
 ### Java is getting better and better
 A number of language designers have looked at ways to radically improve the Java experience. For me, most of these aren't yet of great interest; again, that's more a reflection of my typical workflow and (much) less a function of the features those languages bring. But one of these evolutionary steps has become an indispensable part of my programming arsenal: [Groovy][20]. Groovy has become my go-to solution when I run into a small problem that needs a small solution. Moreover, it's highly compatible with Java. For me, Groovy fills the same niche that Python fills for a lot of other people—it's compact, DRY (don't repeat yourself), and expressive (lists and dictionaries have full language support). I also make use of [Grails][21], which uses Groovy to provide a streamlined web framework for very performant and useful Java web applications.
 ### But is Java still open source?
 Recently, growing support for [OpenJDK][22] has further improved my comfort level with Java. A number of companies are supporting OpenJDK in various ways, including [AdoptOpenJDK, Amazon, and Red Hat][23]. In one of my bigger and longer-term projects, we use AdoptOpenJDK to [generate customized runtimes on several desktop platforms][24].
 Are there better languages than Java? I'm sure there are, depending on your work needs. But I'm still a very happy Java user, and I haven't seen anything yet that threatens to pull me away.
 --------------------------------------------------------------------------------
 via: https://opensource.com/article/19/9/why-i-use-java
 作者：[Chris Hermansen][a]
 选题：[lujun9972][b]
 译者：[译者ID](https://github.com/译者ID)
 校对：[校对者ID](https://github.com/校对者ID)
 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
 [a]: https://opensource.com/users/clhermansen
 [b]: https://github.com/lujun9972
 [1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/java-coffee-beans.jpg?itok=3hkjX5We (Coffee beans)
 [2]: https://en.wikipedia.org/wiki/Java_version_history
 [3]: https://en.wikipedia.org/wiki/Apache_Groovy
 [4]: https://en.wikipedia.org/wiki/Fortran
 [5]: https://en.wikipedia.org/wiki/PL/I
 [6]: https://en.wikipedia.org/wiki/Pascal_(programming_language)
 [7]: https://en.wikipedia.org/wiki/C_(programming_language)
 [8]: https://en.wikipedia.org/wiki/Object-oriented_programming
 [9]: https://en.wikipedia.org/wiki/Michigan_Terminal_System
 [10]: https://en.wikipedia.org/wiki/OS/VS1
 [11]: https://stackoverflow.com/questions/11889602/difference-between-strong-vs-static-typing-and-weak-vs-dynamic-typing
 [12]: https://en.wikipedia.org/wiki/AWK
 [13]: https://en.wikipedia.org/wiki/Regular_expression
 [14]: https://en.wikipedia.org/wiki/Associative_array
 [15]: https://opensource.com/article/19/7/understanding-software-design-patterns
 [16]: https://www.w3schools.com/java/java_inheritance.asp
 [17]: https://www.baeldung.com/java-try-with-resources
 [18]: https://www.baeldung.com/java-8-lambda-expressions-tips
 [19]: https://www.tutorialspoint.com/java8/java8_streams
 [20]: https://groovy-lang.org/
 [21]: https://grails.org/
 [22]: https://openjdk.java.net/
 [23]: https://en.wikipedia.org/wiki/OpenJDK
 [24]: https://opensource.com/article/19/4/java-se-11-removing-jnlp
--- a/sources/tech/20190829
+++ b/sources/tech/20190829
@ -1,146 +0,0 @@
 [#]: collector: (lujun9972)
 [#]: translator: (geekpi)
 [#]: reviewer: ( )
 [#]: publisher: ( )
 [#]: url: ( )
 [#]: subject: (Three Ways to Exclude Specific/Certain Packages from Yum Update)
 [#]: via: (https://www.2daygeek.com/redhat-centos-yum-update-exclude-specific-packages/)
 [#]: author: (Magesh Maruthamuthu https://www.2daygeek.com/author/magesh/)
 Three Ways to Exclude Specific/Certain Packages from Yum Update
 ======
 As part of system update, you may need to exclude few of the packages due to application dependency in Red Hat based system.
 If yes, how to exclude, how many ways that can be done.
 Yes, it can be done in three ways, we will teach you all three methods in this article.
 A package manager is a collection of tools that allow users to easily manage packages in Linux system.
 It allows users to install, update/upgrade, remove, query, re-install, and search packages in Linux system.
 For Red Hat and it’s clone, we uses **[yum Package Manager][1]** and **[rpm Package Manager][2]** for package management.
 ### What’s yum?
 yum stands for Yellowdog Updater, Modified. Yum is an automatic updater and package installer/remover for rpm systems.
 It automatically resolve dependencies when installing a package.
 ### What’s rpm?
 rpm stands for Red Hat Package Manager is a powerful package management tool for Red Hat system.
 The name RPM refers to `.rpm` file format that containing compiled software’s and necessary libraries for the package.
 You may interested to read the following articles, which is related to this topic. If so, navigate to appropriate links.
  * **[How To Check Available Security Updates On Red Hat (RHEL) And CentOS System][3]**
  * **[Four Ways To Install Security Updates On Red Hat (RHEL) And CentOS Systems][4]**
  * **[Two Methods To Check Or List Installed Security Updates on Redhat (RHEL) And CentOS System][5]**
 ### Method-1: Exclude Packages with yum Command Manually or Temporarily
 We can use `--exclude or -x` switch with yum command to exclude specific packages from getting updated through yum command.
 I can say, this is a temporary method or On-Demand method. If you want to exclude specific package only once then we can go with this method.
 The below command will update all packages except kernel.
 To exclude single package.
 ```
 # yum update --exclude=kernel
 or
 # yum update -x 'kernel'
 ```
 To exclude multiple packages. The below command will update all packages except kernel and php.
 ```
 # yum update --exclude=kernel* --exclude=php*
 or
 # yum update --exclude httpd,php
 ```
 ### Method-2: Exclude Packages with yum Command Permanently
 This is permanent method and you can use this, if you are frequently performing the patch update.
 To do so, add the required packages in /etc/yum.conf to disable packages updates permanently.
 Once you add an entry, you don’t need to specify these package each time you run yum update command. Also, this prevent packages from any accidental update.
 ```
 # vi /etc/yum.conf
 [main]
 cachedir=/var/cache/yum/$basearch/$releasever
 keepcache=0
 debuglevel=2
 logfile=/var/log/yum.log
 exactarch=1
 obsoletes=1
 gpgcheck=1
 plugins=1
 installonly_limit=3
 exclude=kernel* php*
 ```
 ### Method-3: Exclude Packages Using Yum versionlock plugin
 This is also permanent method similar to above. Yum versionlock plugin allow users to lock specified packages from being updated through yum command.
 To do so, run the following command. The below command will exclude the freetype package from yum update.
 Alternatively, you can add the package entry directly in “/etc/yum/pluginconf.d/versionlock.list” file.
 ```
 # yum versionlock add freetype
 Loaded plugins: changelog, package_upload, product-id, search-disabled-repos, subscription-manager, verify, versionlock
 Adding versionlock on: 0:freetype-2.8-12.el7
 versionlock added: 1
 ```
 Run the following command to check the list of packages locked by versionlock plugin.
 ```
 # yum versionlock list
 Loaded plugins: changelog, package_upload, product-id, search-disabled-repos, subscription-manager, verify, versionlock
 0:freetype-2.8-12.el7.*
 versionlock list done
 ```
 Run the following command to discards the list.
 ```
 # yum versionlock clear
 ```
 --------------------------------------------------------------------------------
 via: https://www.2daygeek.com/redhat-centos-yum-update-exclude-specific-packages/
 作者：[Magesh Maruthamuthu][a]
 选题：[lujun9972][b]
 译者：[译者ID](https://github.com/译者ID)
 校对：[校对者ID](https://github.com/校对者ID)
 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
 [a]: https://www.2daygeek.com/author/magesh/
 [b]: https://github.com/lujun9972
 [1]: https://www.2daygeek.com/yum-command-examples-manage-packages-rhel-centos-systems/
 [2]: https://www.2daygeek.com/rpm-command-examples/
 [3]: https://www.2daygeek.com/check-list-view-find-available-security-updates-on-redhat-rhel-centos-system/
 [4]: https://www.2daygeek.com/install-security-updates-on-redhat-rhel-centos-system/
 [5]: https://www.2daygeek.com/check-installed-security-updates-on-redhat-rhel-and-centos-system/
--- a/sources/tech/20190901
+++ b/sources/tech/20190901
@ -0,0 +1,250 @@
 [#]: collector: (lujun9972)
 [#]: translator: ( )
 [#]: reviewer: ( )
 [#]: publisher: ( )
 [#]: url: ( )
 [#]: subject: (Different Ways to Configure Static IP Address in RHEL 8)
 [#]: via: (https://www.linuxtechi.com/configure-static-ip-address-rhel8/)
 [#]: author: (Pradeep Kumar https://www.linuxtechi.com/author/pradeep/)
 Different Ways to Configure Static IP Address in RHEL 8
 ======
 While Working on **Linux Servers**, assigning Static IP address on NIC / Ethernet cards is one of the common tasks that every Linux engineer do. If one configures the **Static IP address** correctly on a Linux server then he/she can access it remotely over network. In this article we will demonstrate what are different ways to assign Static IP address on RHEL 8 Server’s NIC.
 [![Configure-Static-IP-RHEL8][1]][2]
 Following are the ways to configure Static IP on a NIC,
  * nmcli (command line tool)
  * Network Scripts files(ifcfg-*)
  * nmtui  (text based user interface)
 ### Configure Static IP Address using nmcli command line tool
 Whenever we install RHEL 8 server then ‘**nmcli**’, a command line tool is installed automatically, nmcli is used by network manager and allows us to configure static ip address on Ethernet cards.
 Run the below ip addr command to list Ethernet cards on your RHEL 8 server
 ```
 [root@linuxtechi ~]# ip addr
 ```
 ![ip-addr-command-rhel8][1]
 As we can see in above command output, we have two NICs enp0s3 &amp; enp0s8. Currently ip address assigned to the NIC is via dhcp server.
 Let’s assume we want to assign the static IP address on first NIC (enp0s3) with the following details,
  * IP address = 192.168.1.4
  * Netmask = 255.255.255.0
  * Gateway= 192.168.1.1
  * DNS = 8.8.8.8
 Run the following nmcli commands one after the another to configure static ip,
 List currently active Ethernet cards using “**nmcli connection**” command,
 ```
 [root@linuxtechi ~]# nmcli connection
 NAME    UUID                                  TYPE      DEVICE
 enp0s3  7c1b8444-cb65-440d-9bf6-ea0ad5e60bae  ethernet  enp0s3
 virbr0  3020c41f-6b21-4d80-a1a6-7c1bd5867e6c  bridge    virbr0
 [root@linuxtechi ~]#
 ```
 Use beneath nmcli command to assign static ip on enp0s3,
 **Syntax:**
 # nmcli connection modify &lt;interface_name&gt; ipv4.address  &lt;ip/prefix&gt;
 **Note:** In short form, we usually replace connection with ‘con’ keyword and modify with ‘mod’ keyword in nmcli command.
 Assign ipv4 (192.168.1.4) to enp0s3 interface,
 ```
 [root@linuxtechi ~]# nmcli con mod enp0s3 ipv4.addresses 192.168.1.4/24
 [root@linuxtechi ~]#
 ```
 Set the gateway using below nmcli command,
 ```
 [root@linuxtechi ~]# nmcli con mod enp0s3 ipv4.gateway 192.168.1.1
 [root@linuxtechi ~]#
 ```
 Set the manual configuration (from dhcp to static),
 ```
 [root@linuxtechi ~]# nmcli con mod enp0s3 ipv4.method manual
 [root@linuxtechi ~]#
 ```
 Set DNS value as “8.8.8.8”,
 ```
 [root@linuxtechi ~]# nmcli con mod enp0s3 ipv4.dns "8.8.8.8"
 [root@linuxtechi ~]#
 ```
 To save the above changes and to reload the interface execute the beneath nmcli command,
 ```
 [root@linuxtechi ~]# nmcli con up enp0s3
 Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/4)
 [root@linuxtechi ~]#
 ```
 Above command output confirms that interface enp0s3 has been configured successfully.Whatever the changes we have made using above nmcli commands, those changes is saved permanently under the file “etc/sysconfig/network-scripts/ifcfg-enp0s3”
 ```
 [root@linuxtechi ~]# cat /etc/sysconfig/network-scripts/ifcfg-enp0s3
 ```
 ![ifcfg-enp0s3-file-rhel8][1]
 To Confirm whether IP address has been to enp0s3 interface use the below ip command,
 ```
 [root@linuxtechi ~]#ip addr show enp0s3
 ```
 ### Configure Static IP Address manually using network-scripts (ifcfg-) files
 We can configure the static ip address to an ethernet card using its network-script or ‘ifcfg-‘ files. Let’s assume we want to assign the static ip address on our second Ethernet card ‘enp0s8’.
  * IP= 192.168.1.91
  * Netmask / Prefix = 24
  * Gateway=192.168.1.1
  * DNS1=4.2.2.2
 Go to the directory “/etc/sysconfig/network-scripts” and look for the file ‘ifcfg- enp0s8’, if it does not exist then create it with following content,
 ```
 [root@linuxtechi ~]# cd /etc/sysconfig/network-scripts/
 [root@linuxtechi network-scripts]# vi ifcfg-enp0s8
 TYPE="Ethernet"
 DEVICE="enp0s8"
 BOOTPROTO="static"
 ONBOOT="yes"
 NAME="enp0s8"
 IPADDR="192.168.1.91"
 PREFIX="24"
 GATEWAY="192.168.1.1"
 DNS1="4.2.2.2"
 ```
 Save and exit the file and then restart network manager service to make above changes into effect,
 ```
 [root@linuxtechi network-scripts]# systemctl restart NetworkManager
 [root@linuxtechi network-scripts]#
 ```
 Now use below ip command to verify whether ip address is assigned to nic or not,
 ```
 [root@linuxtechi ~]# ip add show enp0s8
 3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 08:00:27:7c:bb:cb brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.91/24 brd 192.168.1.255 scope global noprefixroute enp0s8
       valid_lft forever preferred_lft forever
    inet6 fe80::a00:27ff:fe7c:bbcb/64 scope link
       valid_lft forever preferred_lft forever
 [root@linuxtechi ~]#
 ```
 Above output confirms that static ip address has been configured successfully on the NIC ‘enp0s8’
 ### Configure Static IP Address using ‘nmtui’ utility
 nmtui is a text based user interface for controlling network manager, when we execute nmtui, it will open a text base user interface through which we can add, modify and delete connections. Apart from this nmtui can also be used to set hostname of your system.
 Let’s assume we want to assign static ip address to interface enp0s3 with following details,
  * IP address = 10.20.0.72
  * Prefix = 24
  * Gateway= 10.20.0.1
  * DNS1=4.2.2.2
 Run nmtui and follow the screen instructions, example is show
 ```
 [root@linuxtechi ~]# nmtui
 ```
 [![nmtui-rhel8][1]][3]
 Select the first option ‘**Edit a connection**‘ and then choose the interface as ‘enp0s3’
 [![Choose-interface-nmtui-rhel8][1]][4]
 Choose Edit and then specify the IP address, Prefix, Gateway and DNS Server ip,
 [![set-ip-nmtui-rhel8][1]][5]
 Choose OK and hit enter. In the next window Choose ‘**Activate a connection**’
 [![Activate-option-nmtui-rhel8][1]][6]
 Select **enp0s3**,  Choose **Deactivate** &amp; hit enter
 [![Deactivate-interface-nmtui-rhel8][1]][7]
 Now choose **Activate** &amp; hit enter,
 [![Activate-interface-nmtui-rhel8][1]][8]
 Select Back and then select Quit,
 [![Quit-Option-nmtui-rhel8][1]][9]
 Use below IP command to verify whether ip address has been assigned to interface enp0s3
 ```
 [root@linuxtechi ~]# ip add show enp0s3
 2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 08:00:27:53:39:4d brd ff:ff:ff:ff:ff:ff
    inet 10.20.0.72/24 brd 10.20.0.255 scope global noprefixroute enp0s3
       valid_lft forever preferred_lft forever
    inet6 fe80::421d:5abf:58bd:c47e/64 scope link noprefixroute
       valid_lft forever preferred_lft forever
 [root@linuxtechi ~]#
 ```
 Above output confirms that we have successfully assign the static IP address to interface enp0s3 using nmtui utility.
 That’s all from this tutorial, we have covered three different ways to configure ipv4 address to an Ethernet card on RHEL 8 system. Please do not hesitate to share feedback and comments in comments section below.
 --------------------------------------------------------------------------------
 via: https://www.linuxtechi.com/configure-static-ip-address-rhel8/
 作者：[Pradeep Kumar][a]
 选题：[lujun9972][b]
 译者：[译者ID](https://github.com/译者ID)
 校对：[校对者ID](https://github.com/校对者ID)
 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
 [a]: https://www.linuxtechi.com/author/pradeep/
 [b]: https://github.com/lujun9972
 [1]: data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7
 [2]: https://www.linuxtechi.com/wp-content/uploads/2019/09/Configure-Static-IP-RHEL8.jpg
 [3]: https://www.linuxtechi.com/wp-content/uploads/2019/09/nmtui-rhel8.jpg
 [4]: https://www.linuxtechi.com/wp-content/uploads/2019/09/Choose-interface-nmtui-rhel8.jpg
 [5]: https://www.linuxtechi.com/wp-content/uploads/2019/09/set-ip-nmtui-rhel8.jpg
 [6]: https://www.linuxtechi.com/wp-content/uploads/2019/09/Activate-option-nmtui-rhel8.jpg
 [7]: https://www.linuxtechi.com/wp-content/uploads/2019/09/Deactivate-interface-nmtui-rhel8.jpg
 [8]: https://www.linuxtechi.com/wp-content/uploads/2019/09/Activate-interface-nmtui-rhel8.jpg
 [9]: https://www.linuxtechi.com/wp-content/uploads/2019/09/Quit-Option-nmtui-rhel8.jpg
--- a/sources/tech/20190902
+++ b/sources/tech/20190902
@ -0,0 +1,299 @@
 [#]: collector: (lujun9972)
 [#]: translator: ( )
 [#]: reviewer: ( )
 [#]: publisher: ( )
 [#]: url: ( )
 [#]: subject: (How RPM packages are made: the spec file)
 [#]: via: (https://fedoramagazine.org/how-rpm-packages-are-made-the-spec-file/)
 [#]: author: (Ankur Sinha "FranciscoD" https://fedoramagazine.org/author/ankursinha/)
 How RPM packages are made: the spec file
 ======
 ![][1]
 In the [previous article on RPM package building][2], you saw that source RPMS include the source code of the software, along with a “spec” file. This post digs into the spec file, which contains instructions on how to build the RPM. Again, this article uses _fpaste_ as an example.
 ### Understanding the source code
 Before you can start writing a spec file, you need to have some idea of the software that you’re looking to package. Here, you’re looking at fpaste, a very simple piece of software. It is written in Python, and is a one file script. When a new version is released, it’s provided here on Pagure: <https://pagure.io/releases/fpaste/fpaste-0.3.9.2.tar.gz>
 The current version, as the archive shows, is 0.3.9.2. Download it so you can see what’s in the archive:
 ```
 $ wget https://pagure.io/releases/fpaste/fpaste-0.3.9.2.tar.gz
 $ tar -tvf fpaste-0.3.9.2.tar.gz
 drwxrwxr-x root/root         0 2018-07-25 02:58 fpaste-0.3.9.2/
 -rw-rw-r-- root/root        25 2018-07-25 02:58 fpaste-0.3.9.2/.gitignore
 -rw-rw-r-- root/root      3672 2018-07-25 02:58 fpaste-0.3.9.2/CHANGELOG
 -rw-rw-r-- root/root     35147 2018-07-25 02:58 fpaste-0.3.9.2/COPYING
 -rw-rw-r-- root/root       444 2018-07-25 02:58 fpaste-0.3.9.2/Makefile
 -rw-rw-r-- root/root      1656 2018-07-25 02:58 fpaste-0.3.9.2/README.rst
 -rw-rw-r-- root/root       658 2018-07-25 02:58 fpaste-0.3.9.2/TODO
 drwxrwxr-x root/root         0 2018-07-25 02:58 fpaste-0.3.9.2/docs/
 drwxrwxr-x root/root         0 2018-07-25 02:58 fpaste-0.3.9.2/docs/man/
 drwxrwxr-x root/root         0 2018-07-25 02:58 fpaste-0.3.9.2/docs/man/en/
 -rw-rw-r-- root/root      3867 2018-07-25 02:58 fpaste-0.3.9.2/docs/man/en/fpaste.1
 -rwxrwxr-x root/root     24884 2018-07-25 02:58 fpaste-0.3.9.2/fpaste
 lrwxrwxrwx root/root         0 2018-07-25 02:58 fpaste-0.3.9.2/fpaste.py -> fpaste
 ```
 The files you want to install are:
  * _fpaste.py_: which should go be installed to /usr/bin/.
  * _docs/man/en/fpaste.1_: the manual, which should go to /usr/share/man/man1/.
  * _COPYING_: the license text, which should go to /usr/share/license/fpaste/.
  * _README.rst, TODO_: miscellaneous documentation that goes to /usr/share/doc/fpaste.
 Where these files are installed depends on the Filesystem Hierarchy Standard. To learn more about it, you can either read here: <http://www.pathname.com/fhs/> or look at the man page on your Fedora system:
 ```
 $ man hier
 ```
 #### Part 1: What are we building?
 Now that we know what files we have in the source, and where they are to go, let’s look at the spec file. You can see the full file here: <https://src.fedoraproject.org/rpms/fpaste/blob/master/f/fpaste.spec>
 Here is the first part of the spec file:
 ```
 Name:   fpaste
 Version:  0.3.9.2
 Release:  3%{?dist}
 Summary:  A simple tool for pasting info onto sticky notes instances
 BuildArch:  noarch
 License:  GPLv3+
 URL:    https://pagure.io/fpaste
 Source0:  https://pagure.io/releases/fpaste/fpaste-0.3.9.2.tar.gz
 Requires:    python3
 %description
 It is often useful to be able to easily paste text to the Fedora
 Pastebin at http://paste.fedoraproject.org and this simple script
 will do that and return the resulting URL so that people may
 examine the output. This can hopefully help folks who are for
 some reason stuck without X, working remotely, or any other
 reason they may be unable to paste something into the pastebin
 ```
 _Name_, _Version_, and so on are called _tags_, and are defined in RPM. This means you can’t just make up tags. RPM won’t understand them if you do! The tags to keep an eye out for are:
  * _Source0_: tells RPM where the source archive for this software is located.
  * _Requires_: lists run-time dependencies for the software. RPM can automatically detect quite a few of these, but in some cases they must be mentioned manually. A run-time dependency is a capability (often a package) that must be on the system for this package to function. This is how _[dnf][3]_ detects whether it needs to pull in other packages when you install this package.
  * _BuildRequires_: lists the build-time dependencies for this software. These must generally be determined manually and added to the spec file.
  * _BuildArch_: the computer architectures that this software is being built for. If this tag is left out, the software will be built for all supported architectures. The value _noarch_ means the software is architecture independent (like fpaste, which is written purely in Python).
 This section provides general information about fpaste: what it is, which version is being made into an RPM, its license, and so on. If you have fpaste installed, and look at its metadata, you can see this information included in the RPM:
 ```
 $ sudo dnf install fpaste
 $ rpm -qi fpaste
 Name        : fpaste
 Version     : 0.3.9.2
 Release     : 2.fc30
 ...
 ```
 RPM adds a few extra tags automatically that represent things that it knows.
 At this point, we have the general information about the software that we’re building an RPM for. Next, we start telling RPM what to do.
 #### Part 2: Preparing for the build
 The next part of the spec is the preparation section, denoted by _%prep_:
 ```
 %prep
 %autosetup
 ```
 For fpaste, the only command here is %autosetup. This simply extracts the tar archive into a new folder and keeps it ready for the next section where we build it. You can do more here, like apply patches, modify files for different purposes, and so on. If you did look at the contents of the source rpm for Python, you would have seen lots of patches there. These are all applied in this section.
 Typically anything in a spec file with the **%** prefix is a macro or label that RPM interprets in a special way. Often these will appear with curly braces, such as _%{example}_.
 #### Part 3: Building the software
 The next section is where the software is built, denoted by “%build”. Now, since fpaste is a simple, pure Python script, it doesn’t need to be built. So, here we get:
 ```
 %build
 #nothing required
 ```
 Generally, though, you’d have build commands here, like:
 ```
 configure; make
 ```
 The build section is often the hardest section of the spec, because this is where the software is being built from source. This requires you to know what build system the tool is using, which could be one of many: Autotools, CMake, Meson, Setuptools (for Python) and so on. Each has its own commands and style. You need to know these well enough to get the software to build correctly.
 #### Part 4: Installing the files
 Once the software is built, it needs to be installed in the _%install_ section:
 ```
 %install
 mkdir -p %{buildroot}%{_bindir}
 make install BINDIR=%{buildroot}%{_bindir} MANDIR=%{buildroot}%{_mandir}
 ```
 RPM doesn’t tinker with your system files when building RPMs. It’s far too risky to add, remove, or modify files to a working installation. What if something breaks? So, instead RPM creates an artificial file system and works there. This is referred to as the _buildroot_. So, here in the buildroot, we create _/usr/bin_, represented by the macro _%{_bindir}_, and then install the files to it using the provided Makefile.
 At this point, we have a built version of fpaste installed in our artificial buildroot.
 #### Part 5: Listing all files to be included in the RPM
 The last section of the spec file is the files section, _%files_. This is where we tell RPM what files to include in the archive it creates from this spec file. The fpaste file section is quite simple:
 ```
 %files
 %{_bindir}/%{name}
 %doc README.rst TODO
 %{_mandir}/man1/%{name}.1.gz
 %license COPYING
 ```
 Notice how, here, we do not specify the buildroot. All of these paths are relative to it. The _%doc_ and _%license_ commands simply do a little more—they create the required folders and remember that these files must go there.
 RPM is quite smart. If you’ve installed files in the _%install_ section, but not listed them, it’ll tell you this, for example.
 #### Part 6: Document all changes in the change log
 Fedora is a community based project. Lots of contributors maintain and co-maintain packages. So it is imperative that there’s no confusion about what changes have been made to a package. To ensure this, the spec file contains the last section, the Changelog, _%changelog_:
 ```
 %changelog
 * Thu Jul 25 2019 Fedora Release Engineering < ...> - 0.3.9.2-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
 * Thu Jan 31 2019 Fedora Release Engineering < ...> - 0.3.9.2-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
 * Tue Jul 24 2018 Ankur Sinha  - 0.3.9.2-1
 - Update to 0.3.9.2
 * Fri Jul 13 2018 Fedora Release Engineering < ...> - 0.3.9.1-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
 * Wed Feb 07 2018 Fedora Release Engineering < ..> - 0.3.9.1-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
 * Sun Sep 10 2017 Vasiliy N. Glazov < ...> - 0.3.9.1-2
 - Cleanup spec
 * Fri Sep 08 2017 Ankur Sinha  - 0.3.9.1-1
 - Update to latest release
 - fixes rhbz 1489605
 ...
 ....
 ```
 There must be a changelog entry for _every_ change to the spec file. As you see here, while I’ve updated the spec as the maintainer, others have too. Having the changes documented clearly helps everyone know what the current status of the spec is. For all packages installed on your system, you can use rpm to see their changelogs:
 ```
 $ rpm -q --changelog fpaste
 ```
 ### Building the RPM
 Now we are ready to build the RPM. If you want to follow along and run the commands below, please ensure that you followed the steps [in the previous post][2] to set your system up for building RPMs.
 We place the fpaste spec file in _~/rpmbuild/SPECS_, the source code archive in _~/rpmbuild/SOURCES/_ and can now create the source RPM:
 ```
 $ cd ~/rpmbuild/SPECS
 $ wget https://src.fedoraproject.org/rpms/fpaste/raw/master/f/fpaste.spec
 $ cd ~/rpmbuild/SOURCES
 $ wget https://pagure.io/fpaste/archive/0.3.9.2/fpaste-0.3.9.2.tar.gz
 $ cd ~/rpmbuild/SOURCES
 $ rpmbuild -bs fpaste.spec
 Wrote: /home/asinha/rpmbuild/SRPMS/fpaste-0.3.9.2-3.fc30.src.rpm
 ```
 Let’s have a look at the results:
 ```
 $ ls ~/rpmbuild/SRPMS/fpaste*
 /home/asinha/rpmbuild/SRPMS/fpaste-0.3.9.2-3.fc30.src.rpm
 $ rpm -qpl ~/rpmbuild/SRPMS/fpaste-0.3.9.2-3.fc30.src.rpm
 fpaste-0.3.9.2.tar.gz
 fpaste.spec
 ```
 There we are — the source rpm has been built. Let’s build both the source and binary rpm together:
 ```
 $ cd ~/rpmbuild/SPECS
 $ rpmbuild -ba fpaste.spec
 ..
 ..
 ..
 ```
 RPM will show you the complete build output, with details on what it is doing in each section that we saw before. This “build log” is extremely important. When builds do not go as expected, we packagers spend lots of time going through them, tracing the complete build path to see what went wrong.
 That’s it really! Your ready-to-install RPMs are where they should be:
 ```
 $ ls ~/rpmbuild/RPMS/noarch/
 fpaste-0.3.9.2-3.fc30.noarch.rpm
 ```
 ### Recap
 We’ve covered the basics of how RPMs are built from a spec file. This is by no means an exhaustive document. In fact, it isn’t documentation at all, really. It only tries to explain how things work under the hood. Here’s a short recap:
  * RPMs are of two types: _source_ and _binary_.
  * Binary RPMs contain the files to be installed to use the software.
  * Source RPMs contain the information needed to build the binary RPMs: the complete source code, and the instructions on how to build the RPM in the spec file.
  * The spec file has various sections, each with its own purpose.
 Here, we’ve built RPMs locally, on our Fedora installations. While this is the basic process, the RPMs we get from repositories are built on dedicated servers with strict configurations and methods to ensure correctness and security. This Fedora packaging pipeline will be discussed in a future post.
 Would you like to get started with building packages, and help the Fedora community maintain the massive amount of software we provide? You can [start here by joining the package collection maintainers][4].
 For any queries, post to the [Fedora developers mailing list][5]—we’re always happy to help!
 ### References
 Here are some useful references to building RPMs:
  * <https://fedoraproject.org/wiki/How_to_create_an_RPM_package>
  * <https://docs.fedoraproject.org/en-US/quick-docs/create-hello-world-rpm/>
  * <https://docs.fedoraproject.org/en-US/packaging-guidelines/>
  * <https://rpm.org/documentation.html>
 * * *
 --------------------------------------------------------------------------------
 via: https://fedoramagazine.org/how-rpm-packages-are-made-the-spec-file/
 作者：[Ankur Sinha "FranciscoD"][a]
 选题：[lujun9972][b]
 译者：[译者ID](https://github.com/译者ID)
 校对：[校对者ID](https://github.com/校对者ID)
 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
 [a]: https://fedoramagazine.org/author/ankursinha/
 [b]: https://github.com/lujun9972
 [1]: https://fedoramagazine.org/wp-content/uploads/2019/06/rpm.png-816x345.jpg
 [2]: https://fedoramagazine.org/how-rpm-packages-are-made-the-source-rpm/
 [3]: https://fedoramagazine.org/managing-packages-fedora-dnf/
 [4]: https://fedoraproject.org/wiki/Join_the_package_collection_maintainers
 [5]: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/
--- a/sources/tech/20190903
+++ b/sources/tech/20190903
@ -0,0 +1,152 @@
 [#]: collector: (lujun9972)
 [#]: translator: ( )
 [#]: reviewer: ( )
 [#]: publisher: ( )
 [#]: url: ( )
 [#]: subject: (Get a Preconfigured Tiling Window Manager on Ubuntu With Regolith)
 [#]: via: (https://itsfoss.com/regolith-linux-desktop/)
 [#]: author: (Abhishek Prakash https://itsfoss.com/author/abhishek/)
 Get a Preconfigured Tiling Window Manager on Ubuntu With Regolith
 ======
 _**Brief: Using tiling window manager in Linux can be tricky with all those configuration. Regolith gives you an out of box i3wm experience within Ubuntu.**_
 Perhaps you have come across desktop screenshot like the one below in some forums. If you haven’t, try checking this [subreddit][1]. You might have wondered how could people make their Linux desktop look so beautiful.
 ![Linux Ricing Example | Image Source][2]
 Of course, you can make your own desktop look good by changing the icon, theme and wallpaper but you might still not achieve the same result.
 In majority of cases, a tiling window manager is used instead of the regular floating window manager. Ahmm! what’s a tiling window manager? Let me quickly explain it to you.
 ### Tiling window manager
 The concept of tiling window manager is simple. Instead of stacking new program window over the other programs, it tiles the programs side by side. So the first program takes up the entire screen. The next one is tiled to its side either horizontally or vertically and so on.
 ![AwesomeWM Tiling Window Manager][3]
 Sounds good but what happens when you have tens of programs open? It will be unusable won’t it? This is where the workspaces save your day. You can switch to new workspace and open new programs here. Switching between workspaces is just one or two keystroke away.
 Tiling window manager can be overwhelming for you if you have never used it. It requires you to remember keyboard shortcuts to use it efficiently. But that’s not the end of trouble. Even if you install a tiling window manager like [i3wm][4] or [awesome][5], you won’t get a beautiful desktop out of the box. In fact, it could even look uglier than before.
 You see, all those mesmerizing desktops are result of personal customization. The [tiling window managers are highly configurable but you need to learn to customize them][6]. That’s not very comforting specially for someone who has never used a tiling window manager.
 If you are one of those people who wanted to have a good looking desktop with tiling window manager but could never configured them properly, the Linux ricing gods have heard your prayers.
 ### Regolith is dream come true for tiling window noobs
 ![Regolith Linux Desktop][7]
 [Regolith][8] is a Linux distribution that brings Ubuntu’s simplicity, GNOME’s configuration and i3wm’s tiling interface together.
 Wait! Don’t we already have enough of Ubuntu-based distributions that change nothing more than the theme and wallpaper? Regolith doesn’t want to be that kind of distribution. In fact, Regolith doesn’t pretend to be a standalone distribution.
 Its [developer experimented with i3wm][9], tweaked it to his liking but soon realized that he had to do it all over again on all the systems he used. That’s when he decided to package it so that he could use it easily on new system. And hence Regolith Linux was born as a customized version of Ubuntu.
 The developer totally understands that not everyone would be willing to replace their existing Ubuntu system just to get a tiling window manager and this is why he has made it available as a desktop as well. This means if you are already running Ubuntu, you can install Regolith desktop and use it beside your regular desktop environment.
 ### Install Regolith desktop on Ubuntu
 Regolith desktop is available through [PPA in Ubuntu][10] 18.04 and higher versions. You can install it using the following commands:
 ```
 sudo add-apt-repository -y ppa:kgilmer/regolith-stable
 sudo apt install regolith-desktop
 ```
 Once you have installed it, reboot your system. At the user login screen, click the username and you should see a gear symbol, Click on it and it would give you the option to change the desktop environment.
 ![Switch to Regolith Desktop][11]
 ### Using tiling window manager with Regolith
 When you log in to the Regolith desktop, you’ll see a plain simple screen with some keyboard shortcuts displayed on the right side, a thin bottom panel with only a few system information. You can find the keyboard shortcut information on [this page][12] as well.
 The keyboard shortcut will help you get started. You can search for an application or settings by pressing Super (Windows) and space key.
 ![Regolith App Launcher][13]
 By default, the new program windows are tiled vertically. You can toggle that with Super+Backspace key. Do note that the tiling and toggling is related to the program window in focus. If you have three program windows and you are using the first program window, the next program will be tiled (vertically or horizontally) after it, not after the third program window. It takes some time in getting used to this concept.
 ![Multiple Program Windows in Regolith Desktop][14]
 If you don’t like the layout of the windows, you can move them around using the Super+Shift+Arrow keys. You can move between the application windows using Super and Arrow keys.
 If your screen is filled with applications and you want to breath fresh, press Super key and 2 (or 3 or 4, depending upon number of workspaces in use) and start afresh with a new workspace. The new workspace has the keyboard shortcut on the display. You can toggle it with Super+Shift+? key combination.
 Regolith uses GNOME underneath so you can still use GNOME tools to change the system settings.
 Regolith comes with four different color themes with solarized dark being the default. It uses Arc icon themes. Changing the icon theme is same as Ubuntu but if you want to change the color, you need to do some minor tweaking in the configuration file. You can find the configuration information on [this page][15].
 ![Regolith Desktop With Nord Color Scheme][16]
 You can log out of Regolith using the Super+Shift+E key combination. The keyboard shortcuts displayed on the desktop is not correct for logging out.
 Since I have never used i3wm or any other tiling window manager, I find it weird that there is no shutdown option here. You’ll have to use [command line to shutdown Ubuntu here][17].
 You can find some [useful information to get started with Regolith desktop here][18].
 ### Getting rid of Regolith desktop
 I can understand if you didn’t like Regolith enough to use it as your main desktop. Tiling window manager is not everyone’s cup of tea (or coffee). The good thing is that you can go back to your regular desktop environment the same way you switch to Regolith.
 Log out of your account. Click on the username and you’ll see the gear icon. Click on it and select the desktop environment you want to use.
 Once you are back to the other desktop environment, you may even choose to remove Regolith completely. Note that you MUST be using some other desktop environment while removing Regolith.
 Open a terminal and use the following commands:
 ```
 sudo apt remove regolith-desktop
 ```
 You can [remove the PPA][19] as well:
 ```
 sudo add-apt-repository --remove ppa:kgilmer/regolith-stable
 ```
 ### To tile, or not to tile, that is the question
 ![Regolith Desktop on my Ubuntu 18.04 LTS][20]
 Personally, I am happy to have discovered Regolith desktop. I have been fascinated by the tiling window managers but I didn’t want to spend time on figuring out the configuration. Regolith gives me the comfort of using i3wm out of the box with my main distribution, Ubuntu.
 I like it more as a desktop than a distribution. It gives the opportunity to try out tiling window manager without a lot of hassle.
 Do you like the concept of Regolith desktop? Are you willing to give it a try? How’s your experience with tiling window manager (if any)? Do share your views in the comment section.
 --------------------------------------------------------------------------------
 via: https://itsfoss.com/regolith-linux-desktop/
 作者：[Abhishek Prakash][a]
 选题：[lujun9972][b]
 译者：[译者ID](https://github.com/译者ID)
 校对：[校对者ID](https://github.com/校对者ID)
 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
 [a]: https://itsfoss.com/author/abhishek/
 [b]: https://github.com/lujun9972
 [1]: https://www.reddit.com/r/unixporn/
 [2]: https://i0.wp.com/itsfoss.com/wp-content/uploads/2019/09/linux-ricing-example.jpg?ssl=1
 [3]: https://i1.wp.com/itsfoss.com/wp-content/uploads/2019/09/awesome-window-anager.jpg?resize=800%2C450&ssl=1
 [4]: https://i3wm.org/
 [5]: https://awesomewm.org/
 [6]: https://fedoramagazine.org/getting-started-i3-window-manager/
 [7]: https://i0.wp.com/itsfoss.com/wp-content/uploads/2019/09/regolith-linux-desktop-screenshot-apps.jpg?ssl=1
 [8]: https://regolith-linux.org/
 [9]: https://regolith-linux.org/motivations.html
 [10]: https://itsfoss.com/ppa-guide/
 [11]: https://i0.wp.com/itsfoss.com/wp-content/uploads/2019/09/change-to-regolith-desktop.jpg?resize=800%2C400&ssl=1
 [12]: https://regolith-linux.org/keybindings.html
 [13]: https://i0.wp.com/itsfoss.com/wp-content/uploads/2019/09/regolith-app-launcher.jpg?ssl=1
 [14]: https://i0.wp.com/itsfoss.com/wp-content/uploads/2019/09/regolith-desktop-tiled-windows.jpg?ssl=1
 [15]: https://regolith-linux.org/configuring.html
 [16]: https://i0.wp.com/itsfoss.com/wp-content/uploads/2019/09/regolith-desktop-with-nord-color-scheme.jpg?ssl=1
 [17]: https://itsfoss.com/schedule-shutdown-ubuntu/
 [18]: https://regolith-linux.org/getting_started.html
 [19]: https://itsfoss.com/how-to-remove-or-delete-ppas-quick-tip/
 [20]: https://i1.wp.com/itsfoss.com/wp-content/uploads/2019/09/regolith-desktop-screenshot.jpg?ssl=1
--- a/translated/talk/20190825
+++ b/translated/talk/20190825
@ -1,78 +0,0 @@
 [#]: collector: (lujun9972)
 [#]: translator: (Morisun029)
 [#]: reviewer: ( )
 [#]: publisher: ( )
 [#]: url: ( )
 [#]: subject: (Top 5 IoT networking security mistakes)
 [#]: via: (https://www.networkworld.com/article/3433476/top-5-iot-networking-security-mistakes.html)
 [#]: author: (Fredric Paul https://www.networkworld.com/author/Fredric-Paul/)
 五大物联网网络安全错误
 ======
 IT 供应商兄弟公司分享了其从它们的打印机和多功能设备买家中看到的五种最常见的物联网安全错误。
 ![Getty Images][1]
 尽管[兄弟公司][2]是许多 IT 产品的供应商，从[机床][3]到[头戴式显示器][4] 再到[工业缝纫机][5]，但它最知名的产品是打印机。在当今世界，这些打印机不再是独立的设备，而是物联网的组成部分。
 这也是我为什么对罗伯特•伯内特提供的这份列表感兴趣的原因。伯内特是兄弟公司的总监，负责 B2B 产品和提供解决方案。基本上是该公司大客户实施的重点人物。所以他专注于与打印机相关的物联网安全错误，并且分享兄弟公司对于处理这五大错误的建议一点也不奇怪。
 ## #5: 不控制访问和授权
 伯内特说：“ 过去，成本控制是管理谁可以使用机器，何时结束工作后面的推动力。” “当然，这在今天也仍然很重要，但安全性正迅速成为管理控制打印和扫描设备的关键因素。” 他指出，这不仅适用于大型企业，也适用于各种规模的企业。
 [业内人士：应对物联网安全威胁的5种方式][6]
 ## #4:无法定期更新固件
 让我们来面对这一现实，大多数 IT 专业人员都忙于保持服务器和其他网络基础设施设备的更新，确保其基础设施尽可能的安全高效。 “在这日复一日的过程中，像打印机这样的设备经常被忽视。” 但过时的固件可能会使基础设施面临新的威胁。
 ## #3: 设备意识不足
 伯内特说：“ 正确理解谁在使用什么设备，以及整套设备中所有连接设备的功能是什么，这是至关重要的。 检查这些设备使用的端口扫描技术，协议分析和其他检测技术应作为网络基础设施整体安全审查中的一部分。 他常常提醒人们说：“ 处理打印设备的方法是: 如果没有损坏，就不要修理！” 但即使是可靠运行多年的设备也应该成为安全审查的一部分。这是因为旧设备可能无法提供更强大的安全设置，或者可能需要更新其配置才能满足当今更高的安全要求，这其中包括设备的监控/报告功能。
 ## #2: 用户培训不足
 “ 应该把培训团队在工作过程中管理文档的最佳实践作为强有力的安全计划中的一部分。” 伯内特说道。 “ 然而，事实却是，无论你如何努力地去保护物联网设备，人为因素通常是一家企业在保护重要和敏感信息方面最薄弱的环节。像这些简单的事情，如无意中将重要文件留在打印机上供任何人查看，或者将文件扫描到错误的目的地，不仅会给企业带来经济损失和巨大的负面影响，还会影响企业的知识产权，声誉，引起合规性/监管问题。”
 ## #1: 使用默认密码
 “ 只是因为它很方便并不意味着它不重要！” 伯内特说。“ 保护打印机和多功能设备免受未经授权的管理员访问不仅有助于保护敏感的机器配置设置和报告信息，还可以防止访问个人信息，例如，像可能用于网络钓鱼攻击的用户名。”
 **[ [想通过PluralSight的综合在线课程成为认证的信息安全系统专业人员。 现在提供10天的免费试用！][7] ]**
 加入 [Facebook][8] 和 [LinkedIn][9] 的网络社区，对你最关心的话题发表评论。
 --------------------------------------------------------------------------------
 via: https://www.networkworld.com/article/3433476/top-5-iot-networking-security-mistakes.html
 作者：[Fredric Paul][a]
 选题：[lujun9972][b]
 译者：[Morisun029](https://github.com/译者ID)
 校对：[校对者ID](https://github.com/校对者ID)
 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
 [a]: https://www.networkworld.com/author/Fredric-Paul/
 [b]: https://github.com/lujun9972
 [1]: https://images.idgesg.net/images/article/2019/02/iot_security_tablet_conference_digital-100787102-large.jpg
 [2]: https://www.brother-usa.com/business
 [3]: https://www.brother-usa.com/machinetool/default?src=default
 [4]: https://www.brother-usa.com/business/hmd#sort=%40productcatalogsku%20ascending
 [5]: https://www.brother-usa.com/business/industrial-sewing
 [6]: https://www.networkworld.com/article/2855207/internet-of-things/5-ways-to-prepare-for-internet-of-things-security-threats.html#tk.nww-infsb
 [7]: https://pluralsight.pxf.io/c/321564/424552/7490?u=https%3A%2F%2Fwww.pluralsight.com%2Fpaths%2Fcertified-information-systems-security-professional-cisspr
 [8]: https://www.facebook.com/NetworkWorld/
 [9]: https://www.linkedin.com/company/network-world
--- a/translated/tech/20190829
+++ b/translated/tech/20190829
@ -0,0 +1,147 @@
 [#]: collector: (lujun9972)
 [#]: translator: (geekpi)
 [#]: reviewer: ( )
 [#]: publisher: ( )
 [#]: url: ( )
 [#]: subject: (Three Ways to Exclude Specific/Certain Packages from Yum Update)
 [#]: via: (https://www.2daygeek.com/redhat-centos-yum-update-exclude-specific-packages/)
 [#]: author: (Magesh Maruthamuthu https://www.2daygeek.com/author/magesh/)
 从 Yum 更新中排除特定/某些包的三种方法
 ======
 作为系统更新的一部分，你也许需要在基于 Red Hat 系统中由于应用依赖排除一些软件包。
 如果是，如何排除？可以采取多少种方式？
 有三种方式可以做到，我们会在本篇中教你这三种方法。
 包管理器是一组工具，它允许用户在 Linux 系统中轻松管理包。
 它能让用户在 Linux 系统中安装、更新/升级、删除、查询、重新安装和搜索软件包。
 对于基于 Red Hat 的系统，我们使用 **[yum 包管理器][1]** 和 **[rpm 包管理器][2]** 进行包管理。
 ### 什么是 yum？
 yum 代表 Yellowdog Updater，Modified。Yum 是用于 rpm 系统的自动更新程序和包安装/卸载器。
 它在安装包时自动解决依赖关系。
 ### 什么是 rpm？
 rpm 代表 Red Hat Package Manager ，它是一款用于 Red Hat 系统的功能强大的包管理工具。
 RPM 指的是 `.rpm` 文件格式，它包含已编译的软件和必要的库。
 你可能有兴趣阅读以下与本主题相关的文章。如果是的话，请进入相应的链接。
  * ** [如何检查 Red Hat（RHEL）和 CentOS 系统上的可用安全更新] [3] **
  * ** [在 Red Hat（RHEL）和 CentOS 系统上安装安全更新的四种方法] [4] **
  * ** [在 Redhat（RHEL）和 CentOS 系统上检查或列出已安装的安全更新的两种方法] [5] **
 ### 方法 1：手动或临时用 yum 命令排除包
 我们可以在 yum 中使用 `--exclude 或 -x` 开关来阻止 yum 命令获取特定包的更新。
 我可以说，这是一种临时方法或按需方法。如果你只想将特定包排除一次，那么我们可以使用此方法。
 以下命令将更新除 kernel 之外的所有软件包。
 要排除单个包。
 ```
 # yum update --exclude=kernel
 或者
 # yum update -x 'kernel'
 ```
 要排除多个包。以下命令将更新除 kernel 和 php 之外的所有软件包。
 ```
 # yum update --exclude=kernel* --exclude=php*
 或者
 # yum update --exclude httpd,php
 ```
 ### 方法 2：在 yum 命令中永久排除软件包
 这是永久性方法，如果你经常执行修补程序更新，那么可以使用此方法。
 为此，请在 /etc/yum.conf 中添加相应的软件包以永久禁用软件包更新。
 添加后，每次运行 yum update 命令时都不需要指定这些包。此外，这可以防止任何意外更新这些包。
 ```
 # vi /etc/yum.conf
 [main]
 cachedir=/var/cache/yum/$basearch/$releasever
 keepcache=0
 debuglevel=2
 logfile=/var/log/yum.log
 exactarch=1
 obsoletes=1
 gpgcheck=1
 plugins=1
 installonly_limit=3
 exclude=kernel* php*
 ```
 ### 方法 3：使用 Yum versionlock 插件排除包
 这也是与上面类似的永久方法。Yum versionlock 插件允许用户通过 yum 命令锁定指定包的更新。
 为此，请运行以下命令。以下命令将从 yum update 中排除 freetype 包。
 或者，你可以直接在 “/etc/yum/pluginconf.d/versionlock.list” 中添加条目。
 ```
 # yum versionlock add freetype
 Loaded plugins: changelog, package_upload, product-id, search-disabled-repos, subscription-manager, verify, versionlock
 Adding versionlock on: 0:freetype-2.8-12.el7
 versionlock added: 1
 ```
 运行以下命令来检查被 versionlock 插件锁定的软件包列表。
 ```
 # yum versionlock list
 Loaded plugins: changelog, package_upload, product-id, search-disabled-repos, subscription-manager, verify, versionlock
 0:freetype-2.8-12.el7.*
 versionlock list done
 ```
 运行以下命令清空该列表。
 ```
 # yum versionlock clear
 ```
 --------------------------------------------------------------------------------
 via: https://www.2daygeek.com/redhat-centos-yum-update-exclude-specific-packages/
 作者：[Magesh Maruthamuthu][a]
 选题：[lujun9972][b]
 译者：[geekpi](https://github.com/geekpi)
 校对：[校对者ID](https://github.com/校对者ID)
 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
 [a]: https://www.2daygeek.com/author/magesh/
 [b]: https://github.com/lujun9972
 [1]: https://www.2daygeek.com/yum-command-examples-manage-packages-rhel-centos-systems/
 [2]: https://www.2daygeek.com/rpm-command-examples/
 [3]: https://www.2daygeek.com/check-list-view-find-available-security-updates-on-redhat-rhel-centos-system/
 [4]: https://www.2daygeek.com/install-security-updates-on-redhat-rhel-centos-system/
 [5]: https://www.2daygeek.com/check-installed-security-updates-on-redhat-rhel-and-centos-system/