Sometimes, you install software by compiling it from source code instead of using package managers like yum or apt-get. When a security fix is available for such software, you can’t just upgrade it like you normally would. Instead, you must download the security patch, apply it to the source code, and then recompile the software.
This article explains how to create and apply the diff and patch commands. A patch file contains the differences between two versions of the same file or source code. It is made using the diff command and applied using the patch command.
Run Patch Command in Linux
- Syntax of running patch command in Linux
- Application of the Patch File
- Options and descriptions for patch command
- Create a Patch File using diff
- Apply Patch File using Patch Command
- Create a Patch From a Source Tree
- Apply Patch File to a Source Code Tree
- Take a Backup before Applying the Patch using -b
- Validate the Patch without Applying (Dry-run Patch File)
- How to Undo/Reverse a Patch
Syntax of running patch command in Linux
The Linux patch command is used to apply changes to files. You need the original patch files to run the patch. Here is the basic syntax.
Command :
patch [options] originalfile patchfile- patch: This is the command itself.
- [options]: These are extra instructions you can give, but you don’t need to use them.
- originalfile: This is the name of the file you want to change.
- patchfile: This is the name of the file that has the changes listed.
Application of the Patch File
1. Have the Original File: Make sure you have the file that needs to be modified. This is the file you will apply the patch to.
2. Get the Patch File: Obtain the patch file that contains the changes you want to make to the original file. Patch files usually have a .patch extension.
3. Go to the Right Folder: Open the terminal and navigate to the folder where the original file is located.
4. Run the Patch Command: In the terminal, run the below command.
Command :
patch < patchfileReplace ‘patchfile’ with the name of your patch file.
This command tells the patch program to read the instructions from the patch file and apply those changes to the original file in the same folder.
After running the command, the original file will be modified with the changes from the patch file. That’s it! The patch has been applied to the original file.
Options and descriptions for patch command
|
Options |
Descriptions |
|---|---|
|
-p<n> or –strip=<n> |
Tells patch how many directory levels to remove from file paths in the patch file. Use this when the patch file has different directory paths than your current folder. |
|
-i <patch_file> or –input=<patch_file> |
Specifies the patch file to use. Use this if you don’t want to provide the patch file as a separate argument. |
|
-d <directory> or –directory=<directory> |
Tells patch the folder where the original file is located. Use this if the patch file doesn’t include the folder information. |
|
-R or –reverse |
Undoes changes made by a previous patch, reversing the patch. Use this to remove changes applied earlier. |
|
-N or –forward |
Applies the patch even if the original file is missing. |
Create a Patch File using diff
Let’s start with a small C program called hello.c:
#include <stdio.h>
int main(int argc, char *argv[]) {
printf("Hello World\n");
}
First, make a copy of hello.c called hello_new.c using the following command.
Command :
cp hello.c hello_new.cOutput :
Next, make some changes to hello_new.c:
#include <stdio.h>
int main(int argc, char *argv[]) {
printf("Hello World\n");
return 0;
}
Now, use the diff command to create a patch file called hello.patch:
Command :
diff -u hello.c hello_new.c > hello.patchOutput :
The patch file hello.patch will contain the differences between the original hello.c and the modified hello_new.c.
Apply Patch File using Patch Command
The “patch” command allows you to apply the changes in a patch file to the original file(s). To do that use the below command.
Command :
patch < patch_file_nameOr :
patch [options] original_file patch_file_nameTo apply the hello.patch file to the original hello.c file, use this following command.
Command :
patch < hello.patchOutput :
This will modify the hello.c file to match the changes in the hello.patch file. After running this command, both hello.c and hello_new.c will have the same updated content.
The patch file contains the names of the files that need to be patched. When you run the patch command, it reads the patch file and applies the changes to the specified original file(s).
Create a Patch From a Source Tree
The previous example was very simple, involving only one file. However, when working with larger projects, you may need to create and apply patches for an entire source code directory or “source tree.”
Let’s use the OpenVPN source code as an example. Imagine you have downloaded two different versions: openvpn-2.3.2 and openvpn-2.3.4.
First, extract both versions :
tar -xvzf openvpn-2.6.9.tar.gz
tar -xvzf openvpn-2.3.10.tar.gz
Now, to create a patch file containing the differences between these two versions, use the following command.
Command :
diff -Naur openvpn-2.6.9 openvpn-2.6.10 > openvpn.patch Output :
This command will compare the two source code directories recursively and save all the differences in a file called “openvpn.patch.” The diff command will look at all the files and directories inside openvpn-2.3.2 and openvpn-2.3.4, find the changes, and put those changes into the openvpn.patch file.
Apply Patch File to a Source Code Tree
To apply the openvpn.patch file to the openvpn-2.3.2 source code directory, use the following command.
Command :
patch -p3 < openvpn.patchThis will apply all the changes from the patch file to the appropriate files and directories within the openvpn-2.3.2 source tree.
Output :
patching file openvpn-2.3.2/aclocal.m4
patching file openvpn-2.3.2/build/Makefile.in
patching file openvpn-2.3.2/build/msvc/Makefile.in
The `-p3` option tells the patch command to ignore the first 3 directory levels from the file paths listed in the patch file. This is necessary because the patch file contains full paths, like `/usr/src/openvpn-2.3.2/aclocal.m4`.
If you run the patch command from the `/usr/src` directory without `-p3`, it won’t work correctly. The `-p3` option makes patch ignore the `/usr/src/` part of the paths, so it can apply the changes to the right files within the openvpn-2.3.2 directory.
Take a Backup before Applying the Patch using -b
You can make a backup copy of the original file before applying a patch. This is done using the -b option with the following patch command.
Command :
patch -b < patch_fileAfter running this, you’ll have a new file with the “.orig” extension, which is a backup of the original file before the patch was applied. For example, if patching hello.c use the below command.
Command :
patch -b < hello.patchOutput :
This will create a backup file called “hello.c.orig”.
You can also customize the backup file name format using the -V option along with -b:
patch -b -V numbered < patch_fileThis will create a backup file with a numbered extension, like “hello.c.1”.
So in summary, -b creates a backup, and -V numbered lets you choose a numbered backup file name format instead of the default “.orig” extension.
Validate the Patch without Applying (Dry-run Patch File)
You can test the patch command without actually modifying any files. This is called a “dry run.” To do a dry run, use the –dry-run option.
Command :
patch --dry-run < patch_fileThis will show you what files would be patched, but it won’t make any changes. For example:
Command :
patch --dry-run < hello.patch
patching file hello.c
Output :
After this command, hello.c will remain unchanged. The dry run just simulates what would happen if you applied the patch for real. Doing a dry run allows you to check for any potential errors before permanently modifying your files. If the dry run looks good, you can run the patch command again without –dry-run to actually apply the changes.
How to Undo/Reverse a Patch
You can undo or reverse a patch that you’ve already applied using the -R option use the below command.
Command :
patch -R < patch_fileFor example, let’s say you applied hello.patch to hello.c:
patch < hello.patch
patching file hello.c
To reverse the changes made by hello.patch use the below command.
Command :
patch -R < hello.patch Output :
This will undo the patch, restoring hello.c to its original state before hello.patch was applied.
You can check the file size to confirm the undo worked properly. The file size of hello.c should go back to its original size before patching. So in summary, the -R option allows you to cleanly reverse or undo a previously applied patch.
Run Patch Command in Linux – FAQs
What is a patch file, and why would I need one?
A patch file shows the differences between two versions of a file or set of files. You might need one if you need to update software that you installed from source code, rather than through a package manager.
How do I create a patch file?
You can create a patch file using the `diff` command. This compares two versions of a file or directory and saves the differences to a text file.
Can I test a patch before applying it?
Yes, you can do a “dry run” using the `–dry-run` option with the `patch` command. This simulates applying the patch without actually modifying any files.
What if I want to undo a patch I already applied?
You can reverse or undo a previously applied patch using the `-R` option with the `patch` command.
How do I apply a patch to an entire directory instead of just one file?
You can apply a patch to a whole directory tree by running the `patch` command from the parent directory and using the `-p` option to adjust the path levels.
What’s the benefit of making a backup before patching?
Creating a backup with the `-b` option ensures you have a copy of the original files before patching, in case you need to revert the changes or something goes wrong.
Can I customize the name of the backup files created by `patch`?
Yes, you can use the `-V` option along with `-b` to specify a custom naming scheme for the backup files instead of the default “.orig” extension.