Difference between revisions of "OS4X update"

From OS4X
Jump to navigation Jump to search
 
(19 intermediate revisions by the same user not shown)
Line 11: Line 11:
 
These update files, if received via '''OFTP''', have always the virtual filename
 
These update files, if received via '''OFTP''', have always the virtual filename
 
  OS4X_UPDATE
 
  OS4X_UPDATE
When [[OS4X Core configuration#Enable automatic update mechanism?|this]] flag is set, your OS4X installation tries to check the integrity and signature of this package internally. For this purpose, an event binary is (configured [[OS4X Core configuration#Enable_automatic_update_mechanism_.26_OS4X_automatic_software_update_script|here]]) started. This event binary (default:
+
When [[OS4X Core configuration#Enable automatic update mechanism?|this]] flag is set, your OS4X installation tries to check the integrity and signature of this package internally. For this purpose, an event binary (configured [[OS4X Core configuration#Enable_automatic_update_mechanism_.26_OS4X_automatic_software_update_script|here]]) is started. This event binary (default:
 
  /opt/os4x/bin/os4xupdate
 
  /opt/os4x/bin/os4xupdate
 
is started with the parameter "<code>-f</code>". It checks the signature of the file and if valid, it extracts the update procedure program and executes it in an OS4X shell. The update process searches for the OS4X environment variables and uses them to change and update the installation.
 
is started with the parameter "<code>-f</code>". It checks the signature of the file and if valid, it extracts the update procedure program and executes it in an OS4X shell. The update process searches for the OS4X environment variables and uses them to change and update the installation.
  
 
== Run update semi-automatically (1) ==
 
== Run update semi-automatically (1) ==
If you have received such a signed update file manually or houy ave disabled [[OS4X Core configuration#Enable automatic update mechanism?|this]] feature, you are able to re-start the event program manually. For this (in a standard environment), call the update program with appropriate parameters. They are documented [[OS4X Core binaries#os4xupdate|here]].
+
If you have received such a signed update file manually or you have disabled [[OS4X Core configuration#Enable automatic update mechanism?|this]] feature and downloaded an automatic update file (with the file suffix "<code>.sh.signed</code>"), you are able to re-start the event program manually. For this (in a standard environment), call the update program with appropriate parameters. They are documented [[OS4X Core binaries#os4xupdate|here]].
  
 
Example:
 
Example:
  /opt/os4x/bin/os4xupdate -f /tmp/OS4X_UPDATE
+
  /opt/os4x/bin/os4xupdate -f /tmp/os4x3_full_pe_Linux-x86.sh.signed
  
 
== Run update semi-automatically (2) ==
 
== Run update semi-automatically (2) ==
Line 26: Line 26:
 
Example:
 
Example:
 
  /opt/os4x/bin/shox -e /tmp/os4x_update_linux_x86_he.sh
 
  /opt/os4x/bin/shox -e /tmp/os4x_update_linux_x86_he.sh
 +
 +
'''Beware: The process started via "shox" is using a user configured in [[OS4X_Core_configuration#run_OS4X_programs_as_user|"Configuration" -> "Daemon" -> "running OS4X programs as user"]].''' This user may not have sufficient permissions to write files in required directories.
  
 
== Run update manually (1) ==
 
== Run update manually (1) ==
 
You receive a gzipped TAR file which contains all files in [[OS4X Core installation#TAR Package|this]] structure. You may exchange the binaries, scripts, programs, webinterfaces. You should do this in the following order:
 
You receive a gzipped TAR file which contains all files in [[OS4X Core installation#TAR Package|this]] structure. You may exchange the binaries, scripts, programs, webinterfaces. You should do this in the following order:
 
#make a backup of everything
 
#make a backup of everything
 +
#run the OS4X database schema updater "<code>os4x_dbupdate</code>"
 
#copy all binaries to the target directory
 
#copy all binaries to the target directory
 
##if swapping the whole directory, don't forget to copy the license file into the new directory!
 
##if swapping the whole directory, don't forget to copy the license file into the new directory!
Line 40: Line 43:
 
##copy all plugins
 
##copy all plugins
 
#have a look at the configuration page of OS4X (administrative web interface)
 
#have a look at the configuration page of OS4X (administrative web interface)
#run the OS4X database updater "<code>os4x_dbupdate</code>"!
+
#restart the wanted daemons ("<code>os4xrd</code>", "<code>os4xsqd</code>", "<code>os4xclientd</code>")
#restart the wanted daemons ("<code>os4xrd</code>", "<code>os4xsqd</code>", "<code>os4xdebugd</code>", "<code>os4xclientd</code>")
 
  
 
== Run update manually (2) ==
 
== Run update manually (2) ==
 
In some cases, you just receive single files, fixing a specific small problem. In this case, refer to the above method ([[OS4X update#Run update manually (1)|Run update manually (1)]])
 
In some cases, you just receive single files, fixing a specific small problem. In this case, refer to the above method ([[OS4X update#Run update manually (1)|Run update manually (1)]])
 +
 +
== Troubleshooting automatic updates ==
 +
In case of the following error in the system log (temporary and update package filenames will vary)
 +
<pre>
 +
OS4X update: error verifying update file '/tmp/os4x2_core_he_20100607_linux.sh.signed':
 +
command:
 +
$OPENSSL_BIN smime -verify -in '/tmp/os4x2_core_he_20100607_linux.sh.signed' -out /opt/os4x/tmp/os4x.vrqilO -inform DER -CAfile $OS4X_BIN_DIR/../c-works.softwareupdate.pub.cer 2>&1
 +
 +
Output:
 +
 +
Verification failure
 +
4403:error:21075075:PKCS7 routines:PKCS7_verify:certificate verify error:pk7_smime.c:343:Verify error:self signed certificate
 +
</pre>
 +
your local software certificate is not the actual one. You will have to download the actual file at [http://www.os4x.com/c-works.softwareupdate.pub.cer http://www.os4x.com/c-works.softwareupdate.pub.cer] and copy the file to your base installation of your OS4X installation (mostly at "<code>/opt/os4x</code>"):
 +
/opt/os4x/c-works.softwareupdate.pub.cer
 +
Check that the file has read-permissions for everyone (<code>444</code>, "<code>-r--r--r--</code>").
 +
 +
To verify the software certificate validity timeframe, you can use the following command:
 +
os4xbox:/opt/os4x# openssl x509 -in /opt/os4x/c-works.softwareupdate.pub.cer -noout -enddate
 +
notAfter='''Jun 15 18:18:53 2032 GMT'''
 +
This means the software update support certificate is valid until June 15th 2032.
 +
 +
== Post work to be done ==
 +
Starting with OS4X release 2014-09-23, a [[OS4X_Core_configuration#OS4X_automatic_update_post_event|configurable post event]] can be defined which will be run after an updated was executed. You can implement any functionality in this process, i.e. cleanup, system information, backup or other tasks. The parameters of this event are documented [[OS4X_Core_event_scripts#OS4X_automatic_update_post_event|here]].
 +
 +
== Verifying version history ==
 +
In order to check which version has been installed when, the panel "Programs" -> "Versions" -> "Version history" offers this information in a scrollable window:
 +
 +
[[File:Bildschirmfoto 2024-10-01 um 15.17.23.png]]

Latest revision as of 14:24, 10 October 2024

Requirements

If you have a software support bought with your software distribution, you may receive updates from time to time via several media. These media can be:

  • Download links in the internet
  • Files via OFTP, received via
    • ISDN
    • ENX
    • Internet
    • etc.

Run update automatically

These update files, if received via OFTP, have always the virtual filename

OS4X_UPDATE

When this flag is set, your OS4X installation tries to check the integrity and signature of this package internally. For this purpose, an event binary (configured here) is started. This event binary (default:

/opt/os4x/bin/os4xupdate

is started with the parameter "-f". It checks the signature of the file and if valid, it extracts the update procedure program and executes it in an OS4X shell. The update process searches for the OS4X environment variables and uses them to change and update the installation.

Run update semi-automatically (1)

If you have received such a signed update file manually or you have disabled this feature and downloaded an automatic update file (with the file suffix ".sh.signed"), you are able to re-start the event program manually. For this (in a standard environment), call the update program with appropriate parameters. They are documented here.

Example:

/opt/os4x/bin/os4xupdate -f /tmp/os4x3_full_pe_Linux-x86.sh.signed

Run update semi-automatically (2)

You may have received a file which is a verified and extracted version of the "OS4X_UPDATE" file. They have normally a file extension of ".sh". This file is a complete OS4X installation package, which checks if it's running inside OS4X. In order to do this manually, use the OS4X shell "shox".

Example:

/opt/os4x/bin/shox -e /tmp/os4x_update_linux_x86_he.sh

Beware: The process started via "shox" is using a user configured in "Configuration" -> "Daemon" -> "running OS4X programs as user". This user may not have sufficient permissions to write files in required directories.

Run update manually (1)

You receive a gzipped TAR file which contains all files in this structure. You may exchange the binaries, scripts, programs, webinterfaces. You should do this in the following order:

  1. make a backup of everything
  2. run the OS4X database schema updater "os4x_dbupdate"
  3. copy all binaries to the target directory
    1. if swapping the whole directory, don't forget to copy the license file into the new directory!
  4. check if the configuration file has changed it's schema ("/etc/os4x.conf")
  5. copy the webinterface for administration to it's destination
    1. check the file "database.inc.php"
  6. if OS4X Enteprise is installed:
    1. copy the OS4X web access client to it's target destination
    2. check the file "database.inc.php" in the OS4X web access directory
    3. copy all plugins
  7. have a look at the configuration page of OS4X (administrative web interface)
  8. restart the wanted daemons ("os4xrd", "os4xsqd", "os4xclientd")

Run update manually (2)

In some cases, you just receive single files, fixing a specific small problem. In this case, refer to the above method (Run update manually (1))

Troubleshooting automatic updates

In case of the following error in the system log (temporary and update package filenames will vary)

OS4X update: error verifying update file '/tmp/os4x2_core_he_20100607_linux.sh.signed':
command:
$OPENSSL_BIN smime -verify -in '/tmp/os4x2_core_he_20100607_linux.sh.signed' -out /opt/os4x/tmp/os4x.vrqilO -inform DER -CAfile $OS4X_BIN_DIR/../c-works.softwareupdate.pub.cer 2>&1

Output:

Verification failure
4403:error:21075075:PKCS7 routines:PKCS7_verify:certificate verify error:pk7_smime.c:343:Verify error:self signed certificate

your local software certificate is not the actual one. You will have to download the actual file at http://www.os4x.com/c-works.softwareupdate.pub.cer and copy the file to your base installation of your OS4X installation (mostly at "/opt/os4x"):

/opt/os4x/c-works.softwareupdate.pub.cer

Check that the file has read-permissions for everyone (444, "-r--r--r--").

To verify the software certificate validity timeframe, you can use the following command:

os4xbox:/opt/os4x# openssl x509 -in /opt/os4x/c-works.softwareupdate.pub.cer -noout -enddate
notAfter=Jun 15 18:18:53 2032 GMT

This means the software update support certificate is valid until June 15th 2032.

Post work to be done

Starting with OS4X release 2014-09-23, a configurable post event can be defined which will be run after an updated was executed. You can implement any functionality in this process, i.e. cleanup, system information, backup or other tasks. The parameters of this event are documented here.

Verifying version history

In order to check which version has been installed when, the panel "Programs" -> "Versions" -> "Version history" offers this information in a scrollable window:

Bildschirmfoto 2024-10-01 um 15.17.23.png