To: tsl-announce@trustix.com Subject: SWUP - SoftWare UPdater for TSL From: Olaf Trygve Berglihn <olafb@trustix.com> Date: 12 Jan 2001 16:00:19 +0100 There is now a tool for secure updating of software available for Trustix Secure Linux 1.2: SWUP. SWUP is short for SoftWare UPdater, and is based on ideas from Debian apt and rpmfind. The basic features are: * SWUP resolves all dependencies and conflicts _before_ downloading any kind of software. Additional required packages are automatically fetched and installed or upgraded. * Uses SPI - Software Package Information, a subset of the XML-Resource Description Format as proposed by the World Wide Web Consortium (also known as W3C). * Use digital signatures and GnuPG for all information and software that is downloaded. I.e. if you have not added the public key of the signer in your SWUP keyring or the signature is invalid, SWUP will refuse to install or upgrade the software. The TSL key is added by default. * Possibility of excluding software or groups of software by regular expressions. The kernel RPMs are excluded by default. * Possibility of specifying multiple prioritarized update sites and mirrors. SWUP will only use information for a package retrieved from the highest priority sites if multiple information is found for the package. SWUP will not proceed to lower priority sites if the higher priority sites are unreachable. * Installation of packages is also available. * Listing of available packages from sites. * Poll-only mode. * Download-only mode. * Uses only standard ftp and http protocols. * Non-interactive. Can be run by a daemon (e.g. cron). With the new tsl-utils package, new in TSL-1.2 and available as an update for 1.1, daemons that are configured to run in the current runlevel will automatically be restarted after upgrade. The daemon packages now require tsl-utils, and a SWUP upgrade will automatically install this package. Trustix Secure Linux 1.2 will be shipped with the necessary SPI for version 1.2 under the directory rdfs, adjacent to the RPMS-directory. The default configuration file in /etc/swup/swup.conf will have entries for polling the Trustix serves. You will also be able to use any mirror that do not exclude the rdfs-directory. SWUP is Copyright of Trustix AS and released under the GNU General Public Licence. SWUP has been tested at Trustix, but not extensively. We know of no serious bugs at this time. However, we can not guarantee the quality of this software. Use at your own risk. We have successfully upgraded from TSL-1.0.1 and TSL-1.1 to TSL-1.2, with the exception of a few packages that have minor bugs and therefore are rejected by SWUP/RPM (because of file conflicts and RPM-serial numbers). The problems were solved by removing the old packages with bugs and running a SWUP in install mode for theese packages before upgrading. SWUP can be run by e.g. cron for scheduled automatic upgrades. But be aware that automatic updating is a potential sequrity hazard. SWUP is available at http://www.trustix.net/pub/Trustix/software/swup ftp://ftp.trustix.com/pub/Trustix/software/swup/ For further info, read the manpages swup.1 and swup.5. Happy upgrading! Olaf Trygve Berglihn TSL-developer -- Olaf Trygve Berglihn <olafb@trustix.com> - To unsubscribe, send a message to majordomo@trustix.com with the following line in the BODY: unsubscribe tsl-announce