Manage package and operating system updates in AL2023 - Amazon Linux 2023
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Manage package and operating system updates in AL2023

Unlike previous versions of Amazon Linux, AL2023 AMIs are locked to a specific version of the Amazon Linux repository. To apply both security and bug fixes to an AL2023 instance, update the DNF configuration. Alternatively, launch a newer AL2023 instance.

This section describes how to manage DNF packages and repositories on a running instance. It also describes how to configure DNF from a user data script to enable the latest available Amazon Linux repository at launch time. For more information, see DNF Command Reference.

It is recommended to apply all updates available in a new AL2023 release. Picking just security updates, or only specific updates should be the exception rather than rule. For listing which Security advisories are relevant to a particular instance, see Listing applicable Advisories. For information on installing only updates relevant to a specific Advisory, see Applying security updates in-place.

Important

If you want to report a vulnerability or have a security concern regarding Amazon cloud services or open source projects, contact Amazon Security using the Vulnerability Reporting page

Checking for available package updates

You can use the dnf check-update command to check for any updates for your system. For AL2023, we recommend that you add the --releasever=version-number option to the command.

When you add this option, DNF also checks for updates for a later version of the repository. For example, after you run the dnf check-update command, use the latest returned version as the value for the version-number.

If the instance is updated to use the latest version of the repository, the output includes a list of all the packages to be updated.

Note

If you don't specify the release version with the optional flag to the dnf check-update command, only the currently configured repository version is checked. This means that packages in the later version of the repository aren't checked.

Updates in a specific version

In this example we are going to look at what updates are available in the 2023.1.20230628 release if we launched a container of the 2023.0.20230315 release.

Note

This example uses the 2023.0.20230315 and 2023.1.20230628 releases, and these are not the latest release of AL2023 See the AL2023 Release Notes for the latest releases, which contain the latest security updates.

In this example we will be starting with a container image for the 2023.0.20230315 release.

First, we fetch this container image from the container registry. The .0 at the end indicates the version of the image for a particular release; this image version is usually zero.

$ docker pull public.ecr.aws/amazonlinux/amazonlinux:2023.0.20230315.0 2023.0.20230315.0: Pulling from amazonlinux/amazonlinux b76f3b09316a: Pull complete Digest: sha256:94e7183b0739140dbd5b639fb7600f0a2299cec5df8780c26d9cb409da5315a9 Status: Downloaded newer image for public.ecr.aws/amazonlinux/amazonlinux:2023.0.20230315.0 public.ecr.aws/amazonlinux/amazonlinux:2023.0.20230315.0

We can now spawn a shell inside the container, from which we will check for updates.

$ docker run -it public.ecr.aws/amazonlinux/amazonlinux:2023.0.20230315.0 bash-5.2#

The dnf check-update command is now used to check updates available in the 2023.1.20230628 release.

Note

Applying package updates is a priviledged operation. Although elevating privileges is typically not required when running in a container, if running in a non-containerized environment such as an Amazon EC2 instance, you can check for updates without elevating privileges.

$ dnf check-update --releasever=2023.1.20230628 Amazon Linux 2023 repository 60 MB/s | 15 MB 00:00 Last metadata expiration check: 0:00:02 ago on Mon Jul 22 17:25:34 2024. amazon-linux-repo-cdn.noarch 2023.1.20230628-0.amzn2023 amazonlinux ca-certificates.noarch 2023.2.60-1.0.amzn2023.0.2 amazonlinux curl-minimal.x86_64 8.0.1-1.amzn2023 amazonlinux glib2.x86_64 2.74.7-688.amzn2023.0.1 amazonlinux glibc.x86_64 2.34-52.amzn2023.0.3 amazonlinux glibc-common.x86_64 2.34-52.amzn2023.0.3 amazonlinux glibc-minimal-langpack.x86_64 2.34-52.amzn2023.0.3 amazonlinux gnupg2-minimal.x86_64 2.3.7-1.amzn2023.0.4 amazonlinux keyutils-libs.x86_64 1.6.3-1.amzn2023 amazonlinux libcap.x86_64 2.48-2.amzn2023.0.3 amazonlinux libcurl-minimal.x86_64 8.0.1-1.amzn2023 amazonlinux libgcc.x86_64 11.3.1-4.amzn2023.0.3 amazonlinux libgomp.x86_64 11.3.1-4.amzn2023.0.3 amazonlinux libstdc++.x86_64 11.3.1-4.amzn2023.0.3 amazonlinux libxml2.x86_64 2.10.4-1.amzn2023.0.1 amazonlinux ncurses-base.noarch 6.2-4.20200222.amzn2023.0.4 amazonlinux ncurses-libs.x86_64 6.2-4.20200222.amzn2023.0.4 amazonlinux openssl-libs.x86_64 1:3.0.8-1.amzn2023.0.3 amazonlinux python3-rpm.x86_64 4.16.1.3-12.amzn2023.0.6 amazonlinux rpm.x86_64 4.16.1.3-12.amzn2023.0.6 amazonlinux rpm-build-libs.x86_64 4.16.1.3-12.amzn2023.0.6 amazonlinux rpm-libs.x86_64 4.16.1.3-12.amzn2023.0.6 amazonlinux rpm-sign-libs.x86_64 4.16.1.3-12.amzn2023.0.6 amazonlinux system-release.noarch 2023.1.20230628-0.amzn2023 amazonlinux tzdata.noarch 2023c-1.amzn2023.0.1 amazonlinux bash-5.2#

The version of the system-release package shows the release that a dnf update command would update to, which is the 2023.1.20230628 release that was requested in the dnf check-update --releasever=2023.1.20230628 command.

Updates in the latest version

In this example we are going to look at what updates are available in the latest version of AL2023 if we launched a container of the 2023.4.20240319 release. At the time of writing, the latest release is 2023.5.20240708, so the listed updates in this example will be as of that release.

Note

This example uses the 2023.4.20240319 and 2023.5.20240708 releases, the latter being the latest release at the time of writing. For more information on the latest releases, see the AL2023 Release Notes.

In this example we will be starting with a container image for the 2023.4.20240319 release.

First, we fetch this container image from the container registry. The .1 at the end indicates the version of the image for a particular release. While the image version is typically zero, this example uses a release where the image version is one.

$ docker pull public.ecr.aws/amazonlinux/amazonlinux:2023.4.20240319.1 2023.4.20240319.1: Pulling from amazonlinux/amazonlinux 6de065fda9a2: Pull complete Digest: sha256:b4838c4cc9211d966b6ea158dacc9eda7433a16ba94436508c2d9f01f7658b4e Status: Downloaded newer image for public.ecr.aws/amazonlinux/amazonlinux:2023.4.20240319.1 public.ecr.aws/amazonlinux/amazonlinux:2023.4.20240319.1

We can now spawn a shell inside the container, from which we will check for updates.

$ docker run -it public.ecr.aws/amazonlinux/amazonlinux:2023.4.20240319.1 bash-5.2#

The dnf check-update command is now used to check updates available in the latest release, which at the time of writing was 2023.5.20240708.

Note

Applying package updates is a priviledged operation. Although elevating privileges is typically not required when running in a container, if running in a non-containerized environment such as an Amazon EC2 instance, you can check for updates without elevating privileges.

$ dnf --releasever=latest check-update Amazon Linux 2023 repository 78 MB/s | 25 MB 00:00 Last metadata expiration check: 0:00:04 ago on Mon Jul 22 17:39:13 2024. amazon-linux-repo-cdn.noarch 2023.5.20240708-1.amzn2023 amazonlinux curl-minimal.x86_64 8.5.0-1.amzn2023.0.4 amazonlinux dnf.noarch 4.14.0-1.amzn2023.0.5 amazonlinux dnf-data.noarch 4.14.0-1.amzn2023.0.5 amazonlinux expat.x86_64 2.5.0-1.amzn2023.0.4 amazonlinux glibc.x86_64 2.34-52.amzn2023.0.10 amazonlinux glibc-common.x86_64 2.34-52.amzn2023.0.10 amazonlinux glibc-minimal-langpack.x86_64 2.34-52.amzn2023.0.10 amazonlinux krb5-libs.x86_64 1.21-3.amzn2023.0.4 amazonlinux libblkid.x86_64 2.37.4-1.amzn2023.0.4 amazonlinux libcurl-minimal.x86_64 8.5.0-1.amzn2023.0.4 amazonlinux libmount.x86_64 2.37.4-1.amzn2023.0.4 amazonlinux libnghttp2.x86_64 1.59.0-3.amzn2023.0.1 amazonlinux libsmartcols.x86_64 2.37.4-1.amzn2023.0.4 amazonlinux libuuid.x86_64 2.37.4-1.amzn2023.0.4 amazonlinux openssl-libs.x86_64 1:3.0.8-1.amzn2023.0.12 amazonlinux python3.x86_64 3.9.16-1.amzn2023.0.8 amazonlinux python3-dnf.noarch 4.14.0-1.amzn2023.0.5 amazonlinux python3-libs.x86_64 3.9.16-1.amzn2023.0.8 amazonlinux system-release.noarch 2023.5.20240708-1.amzn2023 amazonlinux yum.noarch 4.14.0-1.amzn2023.0.5 amazonlinux bash-5.2#

The version of the system-release package shows the release that a dnf update command would update to.

For this command, if there are newer packages available, the return code is 100. If there aren't any newer packages available, the return code is 0. In addition, the output also lists all the packages to update.

Applying security updates using DNF and repository versions

New package updates and security updates are made available to new repository versions only. For instances that you launched from earlier AL2023 AMI versions, you must update the repository version before you can install security updates. The dnf check-release-update command includes an example update command that updates all the packages that are installed on the system to versions in a newer repository.

Note

If you don't specify the release version with the optional flag to the dnf check-update command, only the currently configured repository version is checked. This means that any update to installed packages present in any later version of the repository aren't applied.

This section covers the recommended upgrade path of applying all available updates rather than picking and choosing individual updates or only ones marked as security updates. By applying all updates, existing instances are moved to the same package set as launching an updated AMI. This consistency reduces the variation of package versions across a fleet. For more information on applying specific updates, see Applying security updates in-place.

Applying updates in a specific version

In this example we are going to apply updates available in the 2023.1.20230628 release if we launched a container of the 2023.0.20230315 release.

Note

This example uses the 2023.0.20230315 and 2023.1.20230628 releases, and these are not the latest release of AL2023 See the AL2023 Release Notes for the latest releases, which contain the latest security updates.

In this example we will be starting with a container image for the 2023.0.20230315 release.

First, we fetch this container image from the container registry. The .0 at the end indicates the version of the image for a particular release; this image version is usually zero.

$ docker pull public.ecr.aws/amazonlinux/amazonlinux:2023.0.20230315.0 2023.0.20230315.0: Pulling from amazonlinux/amazonlinux b76f3b09316a: Pull complete Digest: sha256:94e7183b0739140dbd5b639fb7600f0a2299cec5df8780c26d9cb409da5315a9 Status: Downloaded newer image for public.ecr.aws/amazonlinux/amazonlinux:2023.0.20230315.0 public.ecr.aws/amazonlinux/amazonlinux:2023.0.20230315.0

We can now spawn a shell inside the container, from which we will apply updates.

$ docker run -it public.ecr.aws/amazonlinux/amazonlinux:2023.0.20230315.0 bash-5.2#

The dnf update command is now used to apply all of the updates present in the 2023.1.20230628 release.

Note

Applying package updates is a priviledged operation. Although elevating privileges is typically not required when running in a container, if running in a non-containerized environment such as an Amazon EC2 instance, you will need to run the dnf update command as the root user. This can be done using the sudo or su commands.

$ dnf update --releasever=2023.1.20230628 Amazon Linux 2023 repository 38 MB/s | 15 MB 00:00 Last metadata expiration check: 0:00:02 ago on Mon Jul 22 17:49:08 2024. Dependencies resolved. ================================================================================= Package Arch Version Repository Size ================================================================================= Upgrading: amazon-linux-repo-cdn noarch 2023.1.20230628-0.amzn2023 amazonlinux 18 k ca-certificates noarch 2023.2.60-1.0.amzn2023.0.2 amazonlinux 829 k curl-minimal x86_64 8.0.1-1.amzn2023 amazonlinux 150 k glib2 x86_64 2.74.7-688.amzn2023.0.1 amazonlinux 2.7 M glibc x86_64 2.34-52.amzn2023.0.3 amazonlinux 1.9 M glibc-common x86_64 2.34-52.amzn2023.0.3 amazonlinux 307 k glibc-minimal-langpack x86_64 2.34-52.amzn2023.0.3 amazonlinux 35 k gnupg2-minimal x86_64 2.3.7-1.amzn2023.0.4 amazonlinux 421 k keyutils-libs x86_64 1.6.3-1.amzn2023 amazonlinux 33 k libcap x86_64 2.48-2.amzn2023.0.3 amazonlinux 67 k libcurl-minimal x86_64 8.0.1-1.amzn2023 amazonlinux 249 k libgcc x86_64 11.3.1-4.amzn2023.0.3 amazonlinux 105 k libgomp x86_64 11.3.1-4.amzn2023.0.3 amazonlinux 280 k libstdc++ x86_64 11.3.1-4.amzn2023.0.3 amazonlinux 744 k libxml2 x86_64 2.10.4-1.amzn2023.0.1 amazonlinux 706 k ncurses-base noarch 6.2-4.20200222.amzn2023.0.4 amazonlinux 60 k ncurses-libs x86_64 6.2-4.20200222.amzn2023.0.4 amazonlinux 328 k openssl-libs x86_64 1:3.0.8-1.amzn2023.0.3 amazonlinux 2.2 M python3-rpm x86_64 4.16.1.3-12.amzn2023.0.6 amazonlinux 88 k rpm x86_64 4.16.1.3-12.amzn2023.0.6 amazonlinux 486 k rpm-build-libs x86_64 4.16.1.3-12.amzn2023.0.6 amazonlinux 90 k rpm-libs x86_64 4.16.1.3-12.amzn2023.0.6 amazonlinux 309 k rpm-sign-libs x86_64 4.16.1.3-12.amzn2023.0.6 amazonlinux 21 k system-release noarch 2023.1.20230628-0.amzn2023 amazonlinux 29 k tzdata noarch 2023c-1.amzn2023.0.1 amazonlinux 433 k Transaction Summary ================================================================================= Upgrade 25 Packages Total download size: 12 M Is this ok [y/N]:

The version of the system-release package shows the release that a dnf update command would update to, which is the 2023.1.20230628 release that was requested in the dnf update --releasever=2023.1.20230628 command.

By default, dnf will ask you to confirm you wish to apply the updates. You can bypass this prompt by using the -y flag to dnf. for this example, the dnf update -y --releasever=2023.1.20230628 command would not ask for confirmation before applying the updates. This is useful in scripts or other automation environments.

Once confirming you want to apply the updates, dnf applies them.

Is this ok [y/N]:y Downloading Packages: (1/25): libcap-2.48-2.amzn2023.0.3.x86_64.rpm 1.5 MB/s | 67 kB 00:00 (2/25): python3-rpm-4.16.1.3-12.amzn2023.0.6.x86 2.1 MB/s | 88 kB 00:00 (3/25): libcurl-minimal-8.0.1-1.amzn2023.x86_64. 2.6 MB/s | 249 kB 00:00 (4/25): glib2-2.74.7-688.amzn2023.0.1.x86_64.rpm 26 MB/s | 2.7 MB 00:00 (5/25): glibc-minimal-langpack-2.34-52.amzn2023. 1.3 MB/s | 35 kB 00:00 (6/25): rpm-build-libs-4.16.1.3-12.amzn2023.0.6. 2.8 MB/s | 90 kB 00:00 (7/25): rpm-libs-4.16.1.3-12.amzn2023.0.6.x86_64 6.6 MB/s | 309 kB 00:00 (8/25): libgcc-11.3.1-4.amzn2023.0.3.x86_64.rpm 3.9 MB/s | 105 kB 00:00 (9/25): glibc-common-2.34-52.amzn2023.0.3.x86_64 11 MB/s | 307 kB 00:00 (10/25): glibc-2.34-52.amzn2023.0.3.x86_64.rpm 31 MB/s | 1.9 MB 00:00 (11/25): rpm-sign-libs-4.16.1.3-12.amzn2023.0.6. 877 kB/s | 21 kB 00:00 (12/25): gnupg2-minimal-2.3.7-1.amzn2023.0.4.x86 15 MB/s | 421 kB 00:00 (13/25): openssl-libs-3.0.8-1.amzn2023.0.3.x86_6 35 MB/s | 2.2 MB 00:00 (14/25): libxml2-2.10.4-1.amzn2023.0.1.x86_64.rp 14 MB/s | 706 kB 00:00 (15/25): curl-minimal-8.0.1-1.amzn2023.x86_64.rp 4.2 MB/s | 150 kB 00:00 (16/25): rpm-4.16.1.3-12.amzn2023.0.6.x86_64.rpm 11 MB/s | 486 kB 00:00 (17/25): libgomp-11.3.1-4.amzn2023.0.3.x86_64.rp 7.0 MB/s | 280 kB 00:00 (18/25): libstdc++-11.3.1-4.amzn2023.0.3.x86_64. 14 MB/s | 744 kB 00:00 (19/25): keyutils-libs-1.6.3-1.amzn2023.x86_64.r 1.6 MB/s | 33 kB 00:00 (20/25): ncurses-libs-6.2-4.20200222.amzn2023.0. 10 MB/s | 328 kB 00:00 (21/25): tzdata-2023c-1.amzn2023.0.1.noarch.rpm 11 MB/s | 433 kB 00:00 (22/25): amazon-linux-repo-cdn-2023.1.20230628-0 781 kB/s | 18 kB 00:00 (23/25): ca-certificates-2023.2.60-1.0.amzn2023. 16 MB/s | 829 kB 00:00 (24/25): system-release-2023.1.20230628-0.amzn20 1.5 MB/s | 29 kB 00:00 (25/25): ncurses-base-6.2-4.20200222.amzn2023.0. 3.1 MB/s | 60 kB 00:00 --------------------------------------------------------------------------------- Total 28 MB/s | 12 MB 00:00 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Upgrading : libgcc-11.3.1-4.amzn2023.0.3.x86_64 1/50 Running scriptlet: libgcc-11.3.1-4.amzn2023.0.3.x86_64 1/50 Upgrading : system-release-2023.1.20230628-0.amzn2023.noarch 2/50 Upgrading : amazon-linux-repo-cdn-2023.1.20230628-0.amzn2023.no 3/50 Upgrading : ncurses-base-6.2-4.20200222.amzn2023.0.4.noarch 4/50 Upgrading : tzdata-2023c-1.amzn2023.0.1.noarch 5/50 Upgrading : glibc-common-2.34-52.amzn2023.0.3.x86_64 6/50 Running scriptlet: glibc-2.34-52.amzn2023.0.3.x86_64 7/50 Upgrading : glibc-2.34-52.amzn2023.0.3.x86_64 7/50 Running scriptlet: glibc-2.34-52.amzn2023.0.3.x86_64 7/50 Upgrading : glibc-minimal-langpack-2.34-52.amzn2023.0.3.x86_64 8/50 Upgrading : libcap-2.48-2.amzn2023.0.3.x86_64 9/50 Upgrading : gnupg2-minimal-2.3.7-1.amzn2023.0.4.x86_64 10/50 Upgrading : libgomp-11.3.1-4.amzn2023.0.3.x86_64 11/50 Running scriptlet: ca-certificates-2023.2.60-1.0.amzn2023.0.2.noarch 12/50 Upgrading : ca-certificates-2023.2.60-1.0.amzn2023.0.2.noarch 12/50 Running scriptlet: ca-certificates-2023.2.60-1.0.amzn2023.0.2.noarch 12/50 Upgrading : openssl-libs-1:3.0.8-1.amzn2023.0.3.x86_64 13/50 Upgrading : libcurl-minimal-8.0.1-1.amzn2023.x86_64 14/50 Upgrading : curl-minimal-8.0.1-1.amzn2023.x86_64 15/50 Upgrading : rpm-libs-4.16.1.3-12.amzn2023.0.6.x86_64 16/50 Upgrading : rpm-4.16.1.3-12.amzn2023.0.6.x86_64 17/50 Upgrading : rpm-build-libs-4.16.1.3-12.amzn2023.0.6.x86_64 18/50 Upgrading : rpm-sign-libs-4.16.1.3-12.amzn2023.0.6.x86_64 19/50 Upgrading : python3-rpm-4.16.1.3-12.amzn2023.0.6.x86_64 20/50 Upgrading : glib2-2.74.7-688.amzn2023.0.1.x86_64 21/50 Upgrading : libxml2-2.10.4-1.amzn2023.0.1.x86_64 22/50 Upgrading : libstdc++-11.3.1-4.amzn2023.0.3.x86_64 23/50 Upgrading : keyutils-libs-1.6.3-1.amzn2023.x86_64 24/50 Upgrading : ncurses-libs-6.2-4.20200222.amzn2023.0.4.x86_64 25/50 Cleanup : glib2-2.73.2-680.amzn2023.0.3.x86_64 26/50 Cleanup : libstdc++-11.3.1-4.amzn2023.0.2.x86_64 27/50 Cleanup : libxml2-2.10.3-2.amzn2023.0.1.x86_64 28/50 Cleanup : python3-rpm-4.16.1.3-12.amzn2023.0.5.x86_64 29/50 Cleanup : rpm-build-libs-4.16.1.3-12.amzn2023.0.5.x86_64 30/50 Cleanup : rpm-sign-libs-4.16.1.3-12.amzn2023.0.5.x86_64 31/50 Cleanup : rpm-libs-4.16.1.3-12.amzn2023.0.5.x86_64 32/50 Cleanup : libcap-2.48-2.amzn2023.0.2.x86_64 33/50 Cleanup : gnupg2-minimal-2.3.7-1.amzn2023.0.3.x86_64 34/50 Cleanup : ncurses-libs-6.2-4.20200222.amzn2023.0.3.x86_64 35/50 Cleanup : libgomp-11.3.1-4.amzn2023.0.2.x86_64 36/50 Cleanup : rpm-4.16.1.3-12.amzn2023.0.5.x86_64 37/50 Cleanup : curl-minimal-7.88.1-1.amzn2023.0.1.x86_64 38/50 Cleanup : libcurl-minimal-7.88.1-1.amzn2023.0.1.x86_64 39/50 Cleanup : openssl-libs-1:3.0.8-1.amzn2023.0.1.x86_64 40/50 Cleanup : keyutils-libs-1.6.1-2.amzn2023.0.2.x86_64 41/50 Cleanup : amazon-linux-repo-cdn-2023.0.20230315-1.amzn2023.no 42/50 Cleanup : system-release-2023.0.20230315-1.amzn2023.noarch 43/50 Cleanup : ca-certificates-2023.2.60-1.0.amzn2023.0.1.noarch 44/50 Cleanup : ncurses-base-6.2-4.20200222.amzn2023.0.3.noarch 45/50 Cleanup : glibc-minimal-langpack-2.34-52.amzn2023.0.2.x86_64 46/50 Cleanup : glibc-2.34-52.amzn2023.0.2.x86_64 47/50 Cleanup : glibc-common-2.34-52.amzn2023.0.2.x86_64 48/50 Cleanup : tzdata-2022g-1.amzn2023.0.1.noarch 49/50 Cleanup : libgcc-11.3.1-4.amzn2023.0.2.x86_64 50/50 Running scriptlet: libgcc-11.3.1-4.amzn2023.0.2.x86_64 50/50 Running scriptlet: ca-certificates-2023.2.60-1.0.amzn2023.0.2.noarch 50/50 Running scriptlet: rpm-4.16.1.3-12.amzn2023.0.6.x86_64 50/50 Running scriptlet: libgcc-11.3.1-4.amzn2023.0.2.x86_64 50/50 Verifying : libcurl-minimal-8.0.1-1.amzn2023.x86_64 1/50 Verifying : libcurl-minimal-7.88.1-1.amzn2023.0.1.x86_64 2/50 Verifying : libcap-2.48-2.amzn2023.0.3.x86_64 3/50 Verifying : libcap-2.48-2.amzn2023.0.2.x86_64 4/50 Verifying : glib2-2.74.7-688.amzn2023.0.1.x86_64 5/50 Verifying : glib2-2.73.2-680.amzn2023.0.3.x86_64 6/50 Verifying : python3-rpm-4.16.1.3-12.amzn2023.0.6.x86_64 7/50 Verifying : python3-rpm-4.16.1.3-12.amzn2023.0.5.x86_64 8/50 Verifying : glibc-minimal-langpack-2.34-52.amzn2023.0.3.x86_64 9/50 Verifying : glibc-minimal-langpack-2.34-52.amzn2023.0.2.x86_64 10/50 Verifying : rpm-libs-4.16.1.3-12.amzn2023.0.6.x86_64 11/50 Verifying : rpm-libs-4.16.1.3-12.amzn2023.0.5.x86_64 12/50 Verifying : rpm-build-libs-4.16.1.3-12.amzn2023.0.6.x86_64 13/50 Verifying : rpm-build-libs-4.16.1.3-12.amzn2023.0.5.x86_64 14/50 Verifying : glibc-2.34-52.amzn2023.0.3.x86_64 15/50 Verifying : glibc-2.34-52.amzn2023.0.2.x86_64 16/50 Verifying : libgcc-11.3.1-4.amzn2023.0.3.x86_64 17/50 Verifying : libgcc-11.3.1-4.amzn2023.0.2.x86_64 18/50 Verifying : glibc-common-2.34-52.amzn2023.0.3.x86_64 19/50 Verifying : glibc-common-2.34-52.amzn2023.0.2.x86_64 20/50 Verifying : rpm-sign-libs-4.16.1.3-12.amzn2023.0.6.x86_64 21/50 Verifying : rpm-sign-libs-4.16.1.3-12.amzn2023.0.5.x86_64 22/50 Verifying : openssl-libs-1:3.0.8-1.amzn2023.0.3.x86_64 23/50 Verifying : openssl-libs-1:3.0.8-1.amzn2023.0.1.x86_64 24/50 Verifying : gnupg2-minimal-2.3.7-1.amzn2023.0.4.x86_64 25/50 Verifying : gnupg2-minimal-2.3.7-1.amzn2023.0.3.x86_64 26/50 Verifying : libxml2-2.10.4-1.amzn2023.0.1.x86_64 27/50 Verifying : libxml2-2.10.3-2.amzn2023.0.1.x86_64 28/50 Verifying : curl-minimal-8.0.1-1.amzn2023.x86_64 29/50 Verifying : curl-minimal-7.88.1-1.amzn2023.0.1.x86_64 30/50 Verifying : rpm-4.16.1.3-12.amzn2023.0.6.x86_64 31/50 Verifying : rpm-4.16.1.3-12.amzn2023.0.5.x86_64 32/50 Verifying : libstdc++-11.3.1-4.amzn2023.0.3.x86_64 33/50 Verifying : libstdc++-11.3.1-4.amzn2023.0.2.x86_64 34/50 Verifying : libgomp-11.3.1-4.amzn2023.0.3.x86_64 35/50 Verifying : libgomp-11.3.1-4.amzn2023.0.2.x86_64 36/50 Verifying : keyutils-libs-1.6.3-1.amzn2023.x86_64 37/50 Verifying : keyutils-libs-1.6.1-2.amzn2023.0.2.x86_64 38/50 Verifying : ncurses-libs-6.2-4.20200222.amzn2023.0.4.x86_64 39/50 Verifying : ncurses-libs-6.2-4.20200222.amzn2023.0.3.x86_64 40/50 Verifying : ca-certificates-2023.2.60-1.0.amzn2023.0.2.noarch 41/50 Verifying : ca-certificates-2023.2.60-1.0.amzn2023.0.1.noarch 42/50 Verifying : tzdata-2023c-1.amzn2023.0.1.noarch 43/50 Verifying : tzdata-2022g-1.amzn2023.0.1.noarch 44/50 Verifying : amazon-linux-repo-cdn-2023.1.20230628-0.amzn2023.no 45/50 Verifying : amazon-linux-repo-cdn-2023.0.20230315-1.amzn2023.no 46/50 Verifying : system-release-2023.1.20230628-0.amzn2023.noarch 47/50 Verifying : system-release-2023.0.20230315-1.amzn2023.noarch 48/50 Verifying : ncurses-base-6.2-4.20200222.amzn2023.0.4.noarch 49/50 Verifying : ncurses-base-6.2-4.20200222.amzn2023.0.3.noarch 50/50 Upgraded: amazon-linux-repo-cdn-2023.1.20230628-0.amzn2023.noarch ca-certificates-2023.2.60-1.0.amzn2023.0.2.noarch curl-minimal-8.0.1-1.amzn2023.x86_64 glib2-2.74.7-688.amzn2023.0.1.x86_64 glibc-2.34-52.amzn2023.0.3.x86_64 glibc-common-2.34-52.amzn2023.0.3.x86_64 glibc-minimal-langpack-2.34-52.amzn2023.0.3.x86_64 gnupg2-minimal-2.3.7-1.amzn2023.0.4.x86_64 keyutils-libs-1.6.3-1.amzn2023.x86_64 libcap-2.48-2.amzn2023.0.3.x86_64 libcurl-minimal-8.0.1-1.amzn2023.x86_64 libgcc-11.3.1-4.amzn2023.0.3.x86_64 libgomp-11.3.1-4.amzn2023.0.3.x86_64 libstdc++-11.3.1-4.amzn2023.0.3.x86_64 libxml2-2.10.4-1.amzn2023.0.1.x86_64 ncurses-base-6.2-4.20200222.amzn2023.0.4.noarch ncurses-libs-6.2-4.20200222.amzn2023.0.4.x86_64 openssl-libs-1:3.0.8-1.amzn2023.0.3.x86_64 python3-rpm-4.16.1.3-12.amzn2023.0.6.x86_64 rpm-4.16.1.3-12.amzn2023.0.6.x86_64 rpm-build-libs-4.16.1.3-12.amzn2023.0.6.x86_64 rpm-libs-4.16.1.3-12.amzn2023.0.6.x86_64 rpm-sign-libs-4.16.1.3-12.amzn2023.0.6.x86_64 system-release-2023.1.20230628-0.amzn2023.noarch tzdata-2023c-1.amzn2023.0.1.noarch Complete! bash-5.2#
Updates in the latest version

In this example we are going to apply updates available in the latest version of AL2023 if we launched a container of the 2023.4.20240319 release. At the time of writing, the latest release is 2023.5.20240708, so the listed updates in this example will be as of that release.

Note

This example uses the 2023.4.20240319 and 2023.5.20240708 releases, the latter being the latest release at the time of writing. For more information on the latest releases, see the AL2023 Release Notes.

In this example we will be starting with a container image for the 2023.4.20240319 release.

First, we fetch this container image from the container registry. The .1 at the end indicates the version of the image for a particular release. While the image version is typically zero, this example uses a release where the image version is one.

$ docker pull public.ecr.aws/amazonlinux/amazonlinux:2023.4.20240319.1 2023.4.20240319.1: Pulling from amazonlinux/amazonlinux 6de065fda9a2: Pull complete Digest: sha256:b4838c4cc9211d966b6ea158dacc9eda7433a16ba94436508c2d9f01f7658b4e Status: Downloaded newer image for public.ecr.aws/amazonlinux/amazonlinux:2023.4.20240319.1 public.ecr.aws/amazonlinux/amazonlinux:2023.4.20240319.1

We can now spawn a shell inside the container, from which we will apply updates.

$ docker run -it public.ecr.aws/amazonlinux/amazonlinux:2023.4.20240319.1 bash-5.2#

The dnf update command is now used to apply updates available in the latest release, which at the time of writing was 2023.5.20240708.

Note

Applying package updates is a priviledged operation. Although elevating privileges is typically not required when running in a container, if running in a non-containerized environment such as an Amazon EC2 instance, you will need to run the dnf update command as the root user. This can be done using the sudo or su commands.

By default, dnf will ask you to confirm you wish to apply the updates. In this example, we are bypassing this prompt by using the -y flag to dnf.

$ dnf -y --releasever=latest update Amazon Linux 2023 repository 75 MB/s | 25 MB 00:00 Last metadata expiration check: 0:00:04 ago on Mon Jul 22 18:00:10 2024. Dependencies resolved. ================================================================================= Package Arch Version Repository Size ================================================================================= Upgrading: amazon-linux-repo-cdn noarch 2023.5.20240708-1.amzn2023 amazonlinux 17 k curl-minimal x86_64 8.5.0-1.amzn2023.0.4 amazonlinux 160 k dnf noarch 4.14.0-1.amzn2023.0.5 amazonlinux 460 k dnf-data noarch 4.14.0-1.amzn2023.0.5 amazonlinux 34 k expat x86_64 2.5.0-1.amzn2023.0.4 amazonlinux 117 k glibc x86_64 2.34-52.amzn2023.0.10 amazonlinux 1.9 M glibc-common x86_64 2.34-52.amzn2023.0.10 amazonlinux 295 k glibc-minimal-langpack x86_64 2.34-52.amzn2023.0.10 amazonlinux 23 k krb5-libs x86_64 1.21-3.amzn2023.0.4 amazonlinux 758 k libblkid x86_64 2.37.4-1.amzn2023.0.4 amazonlinux 105 k libcurl-minimal x86_64 8.5.0-1.amzn2023.0.4 amazonlinux 275 k libmount x86_64 2.37.4-1.amzn2023.0.4 amazonlinux 132 k libnghttp2 x86_64 1.59.0-3.amzn2023.0.1 amazonlinux 79 k libsmartcols x86_64 2.37.4-1.amzn2023.0.4 amazonlinux 62 k libuuid x86_64 2.37.4-1.amzn2023.0.4 amazonlinux 26 k openssl-libs x86_64 1:3.0.8-1.amzn2023.0.12 amazonlinux 2.2 M python3 x86_64 3.9.16-1.amzn2023.0.8 amazonlinux 27 k python3-dnf noarch 4.14.0-1.amzn2023.0.5 amazonlinux 409 k python3-libs x86_64 3.9.16-1.amzn2023.0.8 amazonlinux 7.3 M system-release noarch 2023.5.20240708-1.amzn2023 amazonlinux 28 k yum noarch 4.14.0-1.amzn2023.0.5 amazonlinux 32 k Transaction Summary ================================================================================= Upgrade 21 Packages Total download size: 14 M Downloading Packages: (1/21): amazon-linux-repo-cdn-2023.5.20240708-1. 345 kB/s | 17 kB 00:00 (2/21): dnf-4.14.0-1.amzn2023.0.5.noarch.rpm 6.8 MB/s | 460 kB 00:00 (3/21): dnf-data-4.14.0-1.amzn2023.0.5.noarch.rp 1.6 MB/s | 34 kB 00:00 (4/21): expat-2.5.0-1.amzn2023.0.4.x86_64.rpm 4.6 MB/s | 117 kB 00:00 (5/21): glibc-2.34-52.amzn2023.0.10.x86_64.rpm 38 MB/s | 1.9 MB 00:00 (6/21): glibc-common-2.34-52.amzn2023.0.10.x86_6 8.8 MB/s | 295 kB 00:00 (7/21): glibc-minimal-langpack-2.34-52.amzn2023. 1.7 MB/s | 23 kB 00:00 (8/21): curl-minimal-8.5.0-1.amzn2023.0.4.x86_64 998 kB/s | 160 kB 00:00 (9/21): libblkid-2.37.4-1.amzn2023.0.4.x86_64.rp 4.1 MB/s | 105 kB 00:00 (10/21): krb5-libs-1.21-3.amzn2023.0.4.x86_64.rp 16 MB/s | 758 kB 00:00 (11/21): libmount-2.37.4-1.amzn2023.0.4.x86_64.r 7.9 MB/s | 132 kB 00:00 (12/21): libnghttp2-1.59.0-3.amzn2023.0.1.x86_64 5.6 MB/s | 79 kB 00:00 (13/21): libsmartcols-2.37.4-1.amzn2023.0.4.x86_ 4.4 MB/s | 62 kB 00:00 (14/21): libcurl-minimal-8.5.0-1.amzn2023.0.4.x8 7.1 MB/s | 275 kB 00:00 (15/21): libuuid-2.37.4-1.amzn2023.0.4.x86_64.rp 1.1 MB/s | 26 kB 00:00 (16/21): python3-3.9.16-1.amzn2023.0.8.x86_64.rp 1.5 MB/s | 27 kB 00:00 (17/21): python3-dnf-4.14.0-1.amzn2023.0.5.noarc 19 MB/s | 409 kB 00:00 (18/21): system-release-2023.5.20240708-1.amzn20 1.9 MB/s | 28 kB 00:00 (19/21): yum-4.14.0-1.amzn2023.0.5.noarch.rpm 1.6 MB/s | 32 kB 00:00 (20/21): openssl-libs-3.0.8-1.amzn2023.0.12.x86_ 26 MB/s | 2.2 MB 00:00 (21/21): python3-libs-3.9.16-1.amzn2023.0.8.x86_ 59 MB/s | 7.3 MB 00:00 --------------------------------------------------------------------------------- Total 34 MB/s | 14 MB 00:00 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Upgrading : glibc-common-2.34-52.amzn2023.0.10.x86_64 1/42 Upgrading : glibc-minimal-langpack-2.34-52.amzn2023.0.10.x86_64 2/42 Running scriptlet: glibc-2.34-52.amzn2023.0.10.x86_64 3/42 Upgrading : glibc-2.34-52.amzn2023.0.10.x86_64 3/42 Running scriptlet: glibc-2.34-52.amzn2023.0.10.x86_64 3/42 Upgrading : libuuid-2.37.4-1.amzn2023.0.4.x86_64 4/42 Upgrading : openssl-libs-1:3.0.8-1.amzn2023.0.12.x86_64 5/42 Upgrading : krb5-libs-1.21-3.amzn2023.0.4.x86_64 6/42 Upgrading : libblkid-2.37.4-1.amzn2023.0.4.x86_64 7/42 Running scriptlet: libblkid-2.37.4-1.amzn2023.0.4.x86_64 7/42 Upgrading : expat-2.5.0-1.amzn2023.0.4.x86_64 8/42 Upgrading : python3-3.9.16-1.amzn2023.0.8.x86_64 9/42 Upgrading : python3-libs-3.9.16-1.amzn2023.0.8.x86_64 10/42 Upgrading : libnghttp2-1.59.0-3.amzn2023.0.1.x86_64 11/42 Upgrading : libcurl-minimal-8.5.0-1.amzn2023.0.4.x86_64 12/42 Upgrading : system-release-2023.5.20240708-1.amzn2023.noarch 13/42 Upgrading : amazon-linux-repo-cdn-2023.5.20240708-1.amzn2023.no 14/42 Upgrading : dnf-data-4.14.0-1.amzn2023.0.5.noarch 15/42 Upgrading : python3-dnf-4.14.0-1.amzn2023.0.5.noarch 16/42 Upgrading : dnf-4.14.0-1.amzn2023.0.5.noarch 17/42 Running scriptlet: dnf-4.14.0-1.amzn2023.0.5.noarch 17/42 Upgrading : yum-4.14.0-1.amzn2023.0.5.noarch 18/42 Upgrading : curl-minimal-8.5.0-1.amzn2023.0.4.x86_64 19/42 Upgrading : libmount-2.37.4-1.amzn2023.0.4.x86_64 20/42 Upgrading : libsmartcols-2.37.4-1.amzn2023.0.4.x86_64 21/42 Cleanup : yum-4.14.0-1.amzn2023.0.4.noarch 22/42 Running scriptlet: dnf-4.14.0-1.amzn2023.0.4.noarch 23/42 Cleanup : dnf-4.14.0-1.amzn2023.0.4.noarch 23/42 Running scriptlet: dnf-4.14.0-1.amzn2023.0.4.noarch 23/42 Cleanup : python3-dnf-4.14.0-1.amzn2023.0.4.noarch 24/42 Cleanup : amazon-linux-repo-cdn-2023.4.20240319-1.amzn2023.no 25/42 Cleanup : libmount-2.37.4-1.amzn2023.0.3.x86_64 26/42 Cleanup : curl-minimal-8.5.0-1.amzn2023.0.2.x86_64 27/42 Cleanup : libcurl-minimal-8.5.0-1.amzn2023.0.2.x86_64 28/42 Cleanup : krb5-libs-1.21-3.amzn2023.0.3.x86_64 29/42 Cleanup : libblkid-2.37.4-1.amzn2023.0.3.x86_64 30/42 Cleanup : libnghttp2-1.57.0-1.amzn2023.0.1.x86_64 31/42 Cleanup : libsmartcols-2.37.4-1.amzn2023.0.3.x86_64 32/42 Cleanup : system-release-2023.4.20240319-1.amzn2023.noarch 33/42 Cleanup : dnf-data-4.14.0-1.amzn2023.0.4.noarch 34/42 Cleanup : python3-3.9.16-1.amzn2023.0.6.x86_64 35/42 Cleanup : python3-libs-3.9.16-1.amzn2023.0.6.x86_64 36/42 Cleanup : openssl-libs-1:3.0.8-1.amzn2023.0.11.x86_64 37/42 Cleanup : libuuid-2.37.4-1.amzn2023.0.3.x86_64 38/42 Cleanup : expat-2.5.0-1.amzn2023.0.3.x86_64 39/42 Cleanup : glibc-2.34-52.amzn2023.0.8.x86_64 40/42 Cleanup : glibc-minimal-langpack-2.34-52.amzn2023.0.8.x86_64 41/42 Cleanup : glibc-common-2.34-52.amzn2023.0.8.x86_64 42/42 Running scriptlet: glibc-common-2.34-52.amzn2023.0.8.x86_64 42/42 Verifying : amazon-linux-repo-cdn-2023.5.20240708-1.amzn2023.no 1/42 Verifying : amazon-linux-repo-cdn-2023.4.20240319-1.amzn2023.no 2/42 Verifying : curl-minimal-8.5.0-1.amzn2023.0.4.x86_64 3/42 Verifying : curl-minimal-8.5.0-1.amzn2023.0.2.x86_64 4/42 Verifying : dnf-4.14.0-1.amzn2023.0.5.noarch 5/42 Verifying : dnf-4.14.0-1.amzn2023.0.4.noarch 6/42 Verifying : dnf-data-4.14.0-1.amzn2023.0.5.noarch 7/42 Verifying : dnf-data-4.14.0-1.amzn2023.0.4.noarch 8/42 Verifying : expat-2.5.0-1.amzn2023.0.4.x86_64 9/42 Verifying : expat-2.5.0-1.amzn2023.0.3.x86_64 10/42 Verifying : glibc-2.34-52.amzn2023.0.10.x86_64 11/42 Verifying : glibc-2.34-52.amzn2023.0.8.x86_64 12/42 Verifying : glibc-common-2.34-52.amzn2023.0.10.x86_64 13/42 Verifying : glibc-common-2.34-52.amzn2023.0.8.x86_64 14/42 Verifying : glibc-minimal-langpack-2.34-52.amzn2023.0.10.x86_64 15/42 Verifying : glibc-minimal-langpack-2.34-52.amzn2023.0.8.x86_64 16/42 Verifying : krb5-libs-1.21-3.amzn2023.0.4.x86_64 17/42 Verifying : krb5-libs-1.21-3.amzn2023.0.3.x86_64 18/42 Verifying : libblkid-2.37.4-1.amzn2023.0.4.x86_64 19/42 Verifying : libblkid-2.37.4-1.amzn2023.0.3.x86_64 20/42 Verifying : libcurl-minimal-8.5.0-1.amzn2023.0.4.x86_64 21/42 Verifying : libcurl-minimal-8.5.0-1.amzn2023.0.2.x86_64 22/42 Verifying : libmount-2.37.4-1.amzn2023.0.4.x86_64 23/42 Verifying : libmount-2.37.4-1.amzn2023.0.3.x86_64 24/42 Verifying : libnghttp2-1.59.0-3.amzn2023.0.1.x86_64 25/42 Verifying : libnghttp2-1.57.0-1.amzn2023.0.1.x86_64 26/42 Verifying : libsmartcols-2.37.4-1.amzn2023.0.4.x86_64 27/42 Verifying : libsmartcols-2.37.4-1.amzn2023.0.3.x86_64 28/42 Verifying : libuuid-2.37.4-1.amzn2023.0.4.x86_64 29/42 Verifying : libuuid-2.37.4-1.amzn2023.0.3.x86_64 30/42 Verifying : openssl-libs-1:3.0.8-1.amzn2023.0.12.x86_64 31/42 Verifying : openssl-libs-1:3.0.8-1.amzn2023.0.11.x86_64 32/42 Verifying : python3-3.9.16-1.amzn2023.0.8.x86_64 33/42 Verifying : python3-3.9.16-1.amzn2023.0.6.x86_64 34/42 Verifying : python3-dnf-4.14.0-1.amzn2023.0.5.noarch 35/42 Verifying : python3-dnf-4.14.0-1.amzn2023.0.4.noarch 36/42 Verifying : python3-libs-3.9.16-1.amzn2023.0.8.x86_64 37/42 Verifying : python3-libs-3.9.16-1.amzn2023.0.6.x86_64 38/42 Verifying : system-release-2023.5.20240708-1.amzn2023.noarch 39/42 Verifying : system-release-2023.4.20240319-1.amzn2023.noarch 40/42 Verifying : yum-4.14.0-1.amzn2023.0.5.noarch 41/42 Verifying : yum-4.14.0-1.amzn2023.0.4.noarch 42/42 Upgraded: amazon-linux-repo-cdn-2023.5.20240708-1.amzn2023.noarch curl-minimal-8.5.0-1.amzn2023.0.4.x86_64 dnf-4.14.0-1.amzn2023.0.5.noarch dnf-data-4.14.0-1.amzn2023.0.5.noarch expat-2.5.0-1.amzn2023.0.4.x86_64 glibc-2.34-52.amzn2023.0.10.x86_64 glibc-common-2.34-52.amzn2023.0.10.x86_64 glibc-minimal-langpack-2.34-52.amzn2023.0.10.x86_64 krb5-libs-1.21-3.amzn2023.0.4.x86_64 libblkid-2.37.4-1.amzn2023.0.4.x86_64 libcurl-minimal-8.5.0-1.amzn2023.0.4.x86_64 libmount-2.37.4-1.amzn2023.0.4.x86_64 libnghttp2-1.59.0-3.amzn2023.0.1.x86_64 libsmartcols-2.37.4-1.amzn2023.0.4.x86_64 libuuid-2.37.4-1.amzn2023.0.4.x86_64 openssl-libs-1:3.0.8-1.amzn2023.0.12.x86_64 python3-3.9.16-1.amzn2023.0.8.x86_64 python3-dnf-4.14.0-1.amzn2023.0.5.noarch python3-libs-3.9.16-1.amzn2023.0.8.x86_64 system-release-2023.5.20240708-1.amzn2023.noarch yum-4.14.0-1.amzn2023.0.5.noarch Complete! bash-5.2#

To discover AL2023 updates, do one or more of the following:

  • Run the dnf check-update command. This checks for any unapplied updates in the version of Amazon Linux which you are locked to. This may show updates if you updated only the system-release package, moving what version of the repositories the instance is locked to but not applying any of the updates available in it.

  • Subscribe to the Amazon Linux repository update SNS topic (arn:aws:sns:us-east-1:137112412989:amazon-linux-2023-ami-updates). For more information, see Subscribing to an Amazon SNS topic in the Amazon Simple Notification Service Developer Guide.

  • Regularly refer to the AL2023 release notes.

  • Discover new versions by Checking for newer repository versions with dnf check-release-update.

Important

New versions of AL2023 containing security updates are released frequently. Be sure to keep up to date with relevant security patches.

Automatic service restart after (security) updates

Amazon Linux now ships with the smart-restart package. Smart-restart restarts systemd services on system updates whenever a package is installed or deleted using the systems package manager. This occurs whenever dnf (update|upgrade|downgrade) is executed.

Smart-restart uses the needs-restarting package from dnf-utils and a custom denylisting mechanism to determine which services need to be restarted and whether a system reboot is advised. If a system reboot is advised, a reboot hint marker file is generated (/run/smart-restart/reboot-hint-marker).

To install smart-restart

Run the following DNF command (as you would with any other package).

$ sudo dnf install smart-restart

After the installation, the subsequent transactions will trigger the smart-restart logic.

Denylist

Smart-restart can be instructed to block certain services from being restarted. The blocked services won't contribute to the decision of whether a reboot is required. To block additional services, add a file with the suffix -denylist in /etc/smart-restart-conf.d/ as shown in the following example.

$ cat /etc/smart-restart-conf.d/custom-denylist # Some comments myservice.service
Note

All *-denylist files are read and evaluated when making the decision of whether a reboot is required.

Custom hooks

In addition to denylisting, smart-restart provides a mechanism to run custom scripts before and after the attempts to restart the service. The custom scripts can be used to manually perform preparation steps or to inform other components of a remaining or completed restart.

All scripts in /etc/smart-restart-conf.d/ with the suffix -pre-restart or -post-restartare executed. If the order is important, prefix all of the scripts with a number to ensure the execution order as shown in the following example.

$ ls /etc/smart-restart-conf.d/*-pre-restart 001-my-script-pre-restart 002-some-other-script-pre-restart

Launching an instance with the latest repository version enabled

You can add DNF commands to a user-data script to control what RPM packages are installed on an Amazon Linux AMI when it's launched. In the following example, a user-data script is used to make sure that any instance launched with the user-data script has the same package updates installed.

#!/bin/bash dnf update --releasever=2023.0.20230210 # Additional setup and install commands below dnf install httpd php7.4 mysql80

You must run this script as superuser (root). To do this, run the following command.

$ sudo sh -c "bash nameofscript.sh"

For more information, see User data and shell scripts in the Amazon EC2 User Guide.

Note

Instead of using a user-data script, launch the latest Amazon Linux AMI or a custom AMI that's based on the Amazon Linux AMI. The latest Amazon Linux AMI has all the necessary updates installed and is configured to point at a particular repository version.

Getting package support information

AL2023 incorporates many different open-source software projects. Each of these projects is managed independently from Amazon Linux and have different release and end-of-support schedules. To provide you with Amazon Linux specific information about these different packages, the DNF supportinfo plugin provides metadata about a package. In the following example, the dnf supportinfo command returns metadata for the glibc package.

$ sudo dnf supportinfo --pkg glibc Last metadata expiration check: 0:07:56 ago on Wed Mar 1 23:21:49 2023. Name : glibc Version : 2.34-52.amzn2023.0.2 State : installed Support Status : supported Support Periods : from 2023-03-15 : supported : from 2028-03-15 : unsupported Support Statement : Amazon Linux 2023 End Of Life Link : https://aws.amazon.com/amazon-linux-ami/faqs/ Other Info : This is the support statement for AL2023. The ...: end of life of Amazon Linux 2023 would be March 2028. ...: From this point, the Amazon Linux 2023 packages (listed ...: below) will no longer, receive any updates from AWS.

Checking for newer repository versions with dnf check-release-update

In an AL2023 instance, you can use the DNF utility to manage repositories and apply updated RPM packages. These packages are available in the Amazon Linux repositories. You can use the DNF command dnf check-release-update to check for new versions of the DNF repository.

Note

AL2023 container images do not include the dnf check-release-update command by default.

$ dnf check-release-update No such command: check-release-update. Please use /usr/bin/dnf --help It could be a DNF plugin command, try: "dnf install 'dnf-command(check-release-update)'"

When dnf install 'dnf-command(check-release-update)' is run, dnf will install the package which provides the check-release-update command, which is the dnf-plugin-release-notification package. In the below example, the -q argument is given to dnf for it to have quiet output.

$ dnf -y -q install 'dnf-command(check-release-update)' Installed: dnf-plugin-release-notification-1.2-1.amzn2023.0.2.noarch

In non-containerized environments such as an Amazon EC2 instance, the check-release-update command is included by default.

$ sudo dnf check-release-update WARNING: A newer release of "Amazon Linux" is available. Available Versions: Version 2023.0.20230210: Run the following command to update to 2023.0.20230210: dnf update --releasever=2023.0.20230210 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes.html

This returns a full list of all the newer versions of the DNF repositories that are available. If nothing's returned, this means that DNF is currently configured to use the latest available version. The version of the currently installed system-release package sets the releasever DNF variable. To check the current repository version, run the following command.

$ rpm -q system-release --qf "%{VERSION}\n"

When you run DNF package transactions (such as install, update, or remove commands), a warning message notifies you of any new repository versions. For example, if you install the httpd package on an instance that was launched from an older version of AL2023, the following output is returned.

$ sudo dnf install httpd -y Last metadata expiration check: 0:16:52 ago on Wed Mar 1 23:21:49 2023. Dependencies resolved. ==================================================================== Package Arch Version Repository Size ==================================================================== Installing: httpd x86_64 2.4.54-3.amzn2023.0.4 amazonlinux 46 k Installing dependencies: apr x86_64 1.7.2-2.amzn2023.0.2 amazonlinux 129 k apr-util x86_64 1.6.3-1.amzn2023.0.1 amazonlinux 98 k generic-logos-httpd noarch 18.0.0-12.amzn2023.0.3 amazonlinux 19 k httpd-core x86_64 2.4.54-3.amzn2023.0.4 amazonlinux 1.3 M httpd-filesystem noarch 2.4.54-3.amzn2023.0.4 amazonlinux 13 k httpd-tools x86_64 2.4.54-3.amzn2023.0.4 amazonlinux 80 k libbrotli x86_64 1.0.9-4.amzn2023.0.2 amazonlinux 315 k mailcap noarch 2.1.49-3.amzn2023.0.3 amazonlinux 33 k Installing weak dependencies: apr-util-openssl x86_64 1.6.3-1.amzn2023.0.1 amazonlinux 17 k mod_http2 x86_64 1.15.24-1.amzn2023.0.3 amazonlinux 152 k mod_lua x86_64 2.4.54-3.amzn2023.0.4 amazonlinux 60 k Transaction Summary ==================================================================== Install 12 Packages Total download size: 2.3 M Installed size: 6.8 M Downloading Packages: (1/12): apr-util-openssl-1.6.3-1.am 212 kB/s | 17 kB 00:00 (2/12): apr-1.7.2-2.amzn2023.0.2.x8 1.1 MB/s | 129 kB 00:00 (3/12): httpd-core-2.4.54-3.amzn202 8.9 MB/s | 1.3 MB 00:00 (4/12): mod_http2-1.15.24-1.amzn202 1.9 MB/s | 152 kB 00:00 (5/12): apr-util-1.6.3-1.amzn2023.0 1.7 MB/s | 98 kB 00:00 (6/12): mod_lua-2.4.54-3.amzn2023.0 1.4 MB/s | 60 kB 00:00 (7/12): httpd-2.4.54-3.amzn2023.0.4 1.5 MB/s | 46 kB 00:00 (8/12): libbrotli-1.0.9-4.amzn2023. 4.4 MB/s | 315 kB 00:00 (9/12): mailcap-2.1.49-3.amzn2023.0 753 kB/s | 33 kB 00:00 (10/12): httpd-tools-2.4.54-3.amzn2 978 kB/s | 80 kB 00:00 (11/12): httpd-filesystem-2.4.54-3. 210 kB/s | 13 kB 00:00 (12/12): generic-logos-httpd-18.0.0 439 kB/s | 19 kB 00:00 -------------------------------------------------------------------- Total 6.6 MB/s | 2.3 MB 00:00 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : apr-1.7.2-2.amzn2023.0.2.x86_64 1/12 Installing : apr-util-openssl-1.6.3-1.amzn2023.0.1. 2/12 Installing : apr-util-1.6.3-1.amzn2023.0.1.x86_64 3/12 Installing : mailcap-2.1.49-3.amzn2023.0.3.noarch 4/12 Installing : httpd-tools-2.4.54-3.amzn2023.0.4.x86_ 5/12 Installing : generic-logos-httpd-18.0.0-12.amzn2023 6/12 Running scriptlet: httpd-filesystem-2.4.54-3.amzn2023.0.4 7/12 Installing : httpd-filesystem-2.4.54-3.amzn2023.0.4 7/12 Installing : httpd-core-2.4.54-3.amzn2023.0.4.x86_6 8/12 Installing : mod_http2-1.15.24-1.amzn2023.0.3.x86_6 9/12 Installing : libbrotli-1.0.9-4.amzn2023.0.2.x86_64 10/12 Installing : mod_lua-2.4.54-3.amzn2023.0.4.x86_64 11/12 Installing : httpd-2.4.54-3.amzn2023.0.4.x86_64 12/12 Running scriptlet: httpd-2.4.54-3.amzn2023.0.4.x86_64 12/12 Verifying : apr-1.7.2-2.amzn2023.0.2.x86_64 1/12 Verifying : apr-util-openssl-1.6.3-1.amzn2023.0.1. 2/12 Verifying : httpd-core-2.4.54-3.amzn2023.0.4.x86_6 3/12 Verifying : mod_http2-1.15.24-1.amzn2023.0.3.x86_6 4/12 Verifying : apr-util-1.6.3-1.amzn2023.0.1.x86_64 5/12 Verifying : mod_lua-2.4.54-3.amzn2023.0.4.x86_64 6/12 Verifying : libbrotli-1.0.9-4.amzn2023.0.2.x86_64 7/12 Verifying : httpd-2.4.54-3.amzn2023.0.4.x86_64 8/12 Verifying : httpd-tools-2.4.54-3.amzn2023.0.4.x86_ 9/12 Verifying : mailcap-2.1.49-3.amzn2023.0.3.noarch 10/12 Verifying : httpd-filesystem-2.4.54-3.amzn2023.0.4 11/12 Verifying : generic-logos-httpd-18.0.0-12.amzn2023 12/12 Installed: apr-1.7.2-2.amzn2023.0.2.x86_64 apr-util-1.6.3-1.amzn2023.0.1.x86_64 apr-util-openssl-1.6.3-1.amzn2023.0.1.x86_64 generic-logos-httpd-18.0.0-12.amzn2023.0.3.noarch httpd-2.4.54-3.amzn2023.0.4.x86_64 httpd-core-2.4.54-3.amzn2023.0.4.x86_64 httpd-filesystem-2.4.54-3.amzn2023.0.4.noarch httpd-tools-2.4.54-3.amzn2023.0.4.x86_64 libbrotli-1.0.9-4.amzn2023.0.2.x86_64 mailcap-2.1.49-3.amzn2023.0.3.noarch mod_http2-1.15.24-1.amzn2023.0.3.x86_64 mod_lua-2.4.54-3.amzn2023.0.4.x86_64 Complete!

Adding, enabling, or disabling new repositories

Warning

Only add repositories designed to be used with AL2023.

While repositories designed for other distributions may work today, there is no guarantee they will continue to do so with any package update in AL2023 or the repository not designed for use with AL2023.

To install a package from a different repository than the default Amazon Linux repositories, you will need to configure the DNF package management system to know where the repostiory is

To tell dnf about a package repository, add the repository information to a configuration file for that repository in the /etc/yum.repos.d/ directory. Many third-party repositories provide either the configuration file content or an installable package which includes the configuration file.

Note

While repositories can be configured directly in the /etc/dnf/dnf.conf file, this is not recommended. It is recommended that each repository be configured in its own file in /etc/yum.repos.d/.

To find out what repositories are currently enabled, you can run the following command:

$ dnf repolist all --verbose Loaded plugins: builddep, changelog, config-manager, copr, debug, debuginfo-install, download, generate_completion_cache, groups-manager, needs-restarting, playground, release-notification, repoclosure, repodiff, repograph, repomanage, reposync, supportinfo DNF version: 4.12.0 cachedir: /var/cache/dnf Last metadata expiration check: 0:00:02 ago on Wed Mar 1 23:40:15 2023. Repo-id : amazonlinux Repo-name : Amazon Linux 2023 repository Repo-status : enabled Repo-revision : 1677203368 Repo-updated : Fri Feb 24 01:49:28 2023 Repo-pkgs : 12632 Repo-available-pkgs: 12632 Repo-size : 12 G Repo-mirrors : https://al2023-repos-us-west-2-de612dc2.s3.dualstack.us-west-2.amazonaws.com/core/mirrors/2023.0.20230222/x86_64/mirror.list Repo-baseurl : https://al2023-repos-us-west-2-de612dc2.s3.dualstack.us-west-2.amazonaws.com/core/guids/cf9296325a6c46ff40c775a8e2d632c4c3fd9d9164014ce3304715d61b90ca8e/x86_64/ : (0 more) Repo-expire : 172800 second(s) (last: Wed Mar 1 23:40:15 : 2023) Repo-filename : /etc/yum.repos.d/amazonlinux.repo Repo-id : amazonlinux-debuginfo Repo-name : Amazon Linux 2023 repository - Debug Repo-status : disabled Repo-mirrors : https://al2023-repos-us-west-2-de612dc2.s3.dualstack.us-west-2.amazonaws.com/core/mirrors/2023.0.20230222/debuginfo/x86_64/mirror.list Repo-expire : 21600 second(s) (last: unknown) Repo-filename : /etc/yum.repos.d/amazonlinux.repo Repo-id : amazonlinux-source Repo-name : Amazon Linux 2023 repository - Source packages Repo-status : disabled Repo-mirrors : https://al2023-repos-us-west-2-de612dc2.s3.dualstack.us-west-2.amazonaws.com/core/mirrors/2023.0.20230222/SRPMS/mirror.list Repo-expire : 21600 second(s) (last: unknown) Repo-filename : /etc/yum.repos.d/amazonlinux.repo Repo-id : kernel-livepatch Repo-name : Amazon Linux 2023 Kernel Livepatch repository Repo-status : disabled Repo-mirrors : https://al2023-repos-us-west-2-de612dc2.s3.dualstack.us-west-2.amazonaws.com/kernel-livepatch/mirrors/al2023/x86_64/mirror.list Repo-expire : 172800 second(s) (last: unknown) Repo-filename : /etc/yum.repos.d/kernel-livepatch.repo Repo-id : kernel-livepatch-source Repo-name : Amazon Linux 2023 Kernel Livepatch repository - : Source packages Repo-status : disabled Repo-mirrors : https://al2023-repos-us-west-2-de612dc2.s3.dualstack.us-west-2.amazonaws.com/kernel-livepatch/mirrors/al2023/SRPMS/mirror.list Repo-expire : 21600 second(s) (last: unknown) Repo-filename : /etc/yum.repos.d/kernel-livepatch.repo Total packages: 12632
Note

If you don't add the --verbose option flag, the output only includes the Repo-id, Repo-name, and Repo-status information.

To add a yum repository to /etc/yum.repos.d directory:

  1. Find the location of the .repo file. In this example, the .repo file is at https://www.example.com/repository.repo.

  2. Add the repository with the dnf config-manager command.

$ sudo dnf config-manager --add-repo https://www.example.com/repository.repo Loaded plugins: priorities, update-motd, upgrade-helper adding repo from: https://www.example.com/repository.repo grabbing file https://www.example.com/repository.repo to /etc/yum.repos.d/repository.repo repository.repo | 4.0 kB 00:00 repo saved to /etc/yum.repos.d/repository.repo

After you install a repository, you must enable it as described in the next procedure.

To enable a yum repository in /etc/yum.repos.d, use the dnf config-manager command with the --enable flag and repository name.

$ sudo dnf config-manager --enable repository
Note

To disable a repository, use the same command syntax, but replace --enable with --disable in the command.

Adding repositories with cloud-init

In addition to adding a repository using the previous method, you can also add a new repository using the cloud-init framework.

To add a new package repository, we recommend the use of the following template. Consider saving this file locally.

#cloud-config yum_repos: repository.repo: baseurl: https://www.example.com/ enabled: true gpgcheck: true gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EXAMPLE name: Example Repository
Note

One advantage to using cloud-init is that you can add a packages: section to your configuration file. In this section, you can include the names of the packages that you want to install. You can install packages from either the default repository or the new repository that you added in the cloud-config file.

For more specific information about the structure of the YAML file, see Adding a YUM repository in the cloud-init documentation.

After you set up the YAML format file, you can run it in the cloud-init framework in the Amazon CLI. Make sure to include the --userdata option and the name of the .yml file to call the desired operations.

$ aws ec2 run-instances \ --image-id \ resolve:ssm:/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-x86_64 \ --instance-type m5.xlarge \ --region us-east-1 \ --key-name aws-key-us-east-1 \ --security-group-ids sg-004a7650 \ --user-data file://cloud-config.yml