[LWN Logo]
To: tsl-announce@trustix.com
Subject: SWUP - SoftWare UPdater for TSL
From: Olaf Trygve Berglihn <olafb@trustix.com>
Date: 12 Jan 2001 16:00:19 +0100

There is now a tool for secure updating of software available for
Trustix Secure Linux 1.2: SWUP.

SWUP is short for SoftWare UPdater, and is based on ideas from Debian
apt and rpmfind. The basic features are:

        * SWUP resolves all dependencies and conflicts _before_
          downloading any kind of software. Additional required
          packages are automatically fetched and installed or

        * Uses SPI - Software Package Information, a subset of the
          XML-Resource Description Format as proposed by the World
          Wide Web Consortium (also known as W3C).

        * Use digital signatures and GnuPG for all information and
          software that is downloaded. I.e. if you have not added the
          public key of the signer in your SWUP keyring or the
          signature is invalid, SWUP will refuse to install or upgrade
          the software. The TSL key is added by default.

        * Possibility of excluding software or groups of software by
          regular expressions. The kernel RPMs are excluded by

        * Possibility of specifying multiple prioritarized update
          sites and mirrors. SWUP will only use information for a
          package retrieved from the highest priority sites if
          multiple information is found for the package. SWUP will not
          proceed to lower priority sites if the higher priority sites
          are unreachable.

        * Installation of packages is also available.

        * Listing of available packages from sites.

        * Poll-only mode.

        * Download-only mode.

        * Uses only standard ftp and http protocols.

        * Non-interactive. Can be run by a daemon (e.g. cron). With
          the new tsl-utils package, new in TSL-1.2 and available as
          an update for 1.1, daemons that are configured to run in the
          current runlevel will automatically be restarted after
          upgrade. The daemon packages now require tsl-utils, and a
          SWUP upgrade will automatically install this package.

Trustix Secure Linux 1.2 will be shipped with the necessary SPI for
version 1.2 under the directory rdfs, adjacent to the
RPMS-directory. The default configuration file in /etc/swup/swup.conf
will have entries for polling the Trustix serves. You will also be
able to use any mirror that do not exclude the rdfs-directory.

SWUP is Copyright of Trustix AS and released under the GNU General
Public Licence.

SWUP has been tested at Trustix, but not extensively. We know of no
serious bugs at this time. However, we can not guarantee the quality
of this software. Use at your own risk. We have successfully upgraded
from TSL-1.0.1 and TSL-1.1 to TSL-1.2, with the exception of a few
packages that have minor bugs and therefore are rejected by
SWUP/RPM (because of file conflicts and RPM-serial numbers). The
problems were solved by removing the old packages with bugs and
running a SWUP in install mode for theese packages before upgrading.

SWUP can be run by e.g. cron for scheduled automatic upgrades. But be
aware that automatic updating is a potential sequrity hazard.

SWUP is available at

For further info, read the manpages swup.1 and swup.5.

Happy upgrading!

Olaf Trygve Berglihn
Olaf Trygve Berglihn <olafb@trustix.com>
To unsubscribe, send a message to majordomo@trustix.com with the
following line in the BODY:
unsubscribe tsl-announce