-----BEGIN PGP SIGNED MESSAGE-----
There is now a tool for secure updating of software available for
the Trustix Secure Linux (TSL) v1.2: SWUP.
SWUP is short for SoftWare UPdater, and is based on ideas from Debian
apt and rpmfind. The basic features are:
* SWUP resolves all dependencies and conflicts _before_
downloading any kind of software. Additional required
packages are automatically fetched and installed or
upgraded.
* Uses SPI - Software Package Information (SPI), a subset of
the XML-Resource Description Format as proposed by the World
Wide Web Consortium (also known as W3C).
* Use digital signatures and GnuPG for all information and
software that is downloaded. I.e. if you have not added the
public key of the signer in your SWUP keyring or the
signature is invalid, SWUP will refuse to install or upgrade
the software. The TSL key is added by default.
* Possibility of excluding software or groups of software by
regular expressions. The kernel RPMs are excluded by
default.
* Possibility of specifying multiple prioritarized update
sites and mirrors. SWUP will only use information for a
package retrieved from the highest priority sites if
multiple information is found for the package. SWUP will not
proceed to lower priority sites if the higher priority sites
are unreachable.
* Installation of packages is also available.
* Listing of available packages from sites.
* Poll-only mode.
* Download-only mode.
* Uses only standard ftp and http protocols.
* Non-interactive. Can be run by a daemon (e.g. cron). With
the new tsl-utils package, new in TSL-1.2 and available as
an update for 1.1, daemons that are configured to run in the
current runlevel will automatically be restarted after
upgrade. The daemon packages now require tsl-utils, and a
SWUP upgrade will automatically install this package.
Trustix Secure Linux 1.2 will be shipped with the necessary SPI for
version 1.2 under the directory rdfs, adjacent to the
RPMS-directory. The default configuration file in /etc/swup/swup.conf
will have entries for polling the Trustix serves. You will also be
able to use any mirror that do not exclude the rdfs-directory.
SWUP is Copyright of Trustix AS and released under the GNU General
Public Licence.
SWUP has been tested at Trustix, but not extensively. We know of no
serious bugs at this time. However, we can not guarantee the quality
of this software. Use at your own risk. We have successfully upgraded
from TSL-1.0.1 and TSL-1.1 to TSL-1.2, with the exception of a few
packages that have minor bugs and therefore are rejected by
SWUP/RPM (because of file conflicts and RPM-serial numbers). The
problems were solved by removing the old packages with bugs and
running a SWUP in install mode for theese packages before upgrading.
SWUP can be run by e.g. cron for scheduled automatic upgrades. But be
aware that automatic updating is a potential sequrity hazard.
SWUP is available at
http://www.trustix.net/pub/Trustix/software/swup
ftp://ftp.trustix.com/pub/Trustix/software/swup/
For further info, read the manpages swup.1 and swup.5.
Happy upgrading!
Olaf Trygve Berglihn
TSL-developer
- --
Olaf Trygve Berglihn <olafb _at_ trustix.com>
- --
This article has been digitally signed by the moderator, using PGP.
http://www.iki.fi/mjr/cola-public-key.asc has PGP key for validating signature.
Send submissions for comp.os.linux.announce to: linux-announce _at_ news.ornl.gov
PLEASE remember a short description of the software and the LOCATION.
This group is archived at http://www.iki.fi/mjr/linux/cola.html
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
iQCVAgUBOnQ57lrUI/eHXJZ5AQHLUQQAh8jz0o7/hgnoOS9vs3dnVPelzfhgvmH/
yWXlssAMSzJ1F5n9bufCGMnF8YEHH6kXkFfy+1oQ1KyBHMjouGBGyMDt7U/GscYt
GSf1m82xMX55Re6HjWqbR2oUtoU9S4NQsI7NgOAPyYQjPRAOYhQEBW8Je2TMEqGg
j2jZVkyGefk=
=ZH9B
-----END PGP SIGNATURE-----
