Difference between revisions of "OS4X update"

From OS4X
Jump to navigation Jump to search
Line 66: Line 66:
 
To verify the software certificate validity timeframe, you can use the following command:
 
To verify the software certificate validity timeframe, you can use the following command:
 
  os4xbox:/opt/os4x# openssl x509 -in /opt/os4x/c-works.softwareupdate.pub.cer -noout -enddate
 
  os4xbox:/opt/os4x# openssl x509 -in /opt/os4x/c-works.softwareupdate.pub.cer -noout -enddate
  notAfter=Jul 14 09:24:28 2010 GMT
+
  notAfter='''Jul 14 09:24:28 2010 GMT'''
 
This means the software update support certificate is valid until July 14h 2032.
 
This means the software update support certificate is valid until July 14h 2032.

Revision as of 18:53, 21 July 2010

Requirements

If you have a software support bought with your software distribution, you may receive updates from time to time via several media. These media can be:

  • Download links in the internet
  • Files via OFTP, received via
    • ISDN
    • ENX
    • Internet
    • etc.

Run update automatically

These update files, if received via OFTP, have always the virtual filename

OS4X_UPDATE

When this flag is set, your OS4X installation tries to check the integrity and signature of this package internally. For this purpose, an event binary (configured here) is started. This event binary (default:

/opt/os4x/bin/os4xupdate

is started with the parameter "-f". It checks the signature of the file and if valid, it extracts the update procedure program and executes it in an OS4X shell. The update process searches for the OS4X environment variables and uses them to change and update the installation.

Run update semi-automatically (1)

If you have received such a signed update file manually or you have disabled this feature and downloaded an automatic update file (with the file suffix ".sh.signed"), you are able to re-start the event program manually. For this (in a standard environment), call the update program with appropriate parameters. They are documented here.

Example:

/opt/os4x/bin/os4xupdate -f /tmp/OS4X_UPDATE

Run update semi-automatically (2)

You may have received a file which is a verified and extracted version of the "OS4X_UPDATE" file. They have normally a file extension of ".sh". This file is a complete OS4X installation package, which checks if it's running inside OS4X. In order to do this manually, use the OS4X shell "shox".

Example:

/opt/os4x/bin/shox -e /tmp/os4x_update_linux_x86_he.sh

Run update manually (1)

You receive a gzipped TAR file which contains all files in this structure. You may exchange the binaries, scripts, programs, webinterfaces. You should do this in the following order:

  1. make a backup of everything
  2. run the OS4X database schema updater "os4x_dbupdate"
  3. copy all binaries to the target directory
    1. if swapping the whole directory, don't forget to copy the license file into the new directory!
  4. check if the configuration file has changed it's schema ("/etc/os4x.conf")
  5. copy the webinterface for administration to it's destination
    1. check the file "database.inc.php"
  6. if OS4X Enteprise is installed:
    1. copy the OS4X web access client to it's target destination
    2. check the file "database.inc.php" in the OS4X web access directory
    3. copy all plugins
  7. have a look at the configuration page of OS4X (administrative web interface)
  8. restart the wanted daemons ("os4xrd", "os4xsqd", "os4xdebugd", "os4xclientd")

Run update manually (2)

In some cases, you just receive single files, fixing a specific small problem. In this case, refer to the above method (Run update manually (1))

Troubleshooting automatic updates

In case of the following error in the system log (temporary and update package filenames will vary)

OS4X update: error verifying update file '/tmp/os4x2_core_he_20100607_linux.sh.signed':
command:
$OPENSSL_BIN smime -verify -in '/tmp/os4x2_core_he_20100607_linux.sh.signed' -out /opt/os4x/tmp/os4x.vrqilO -inform DER -CAfile $OS4X_BIN_DIR/../c-works.softwareupdate.pub.cer 2>&1

Output:

Verification failure
4403:error:21075075:PKCS7 routines:PKCS7_verify:certificate verify error:pk7_smime.c:343:Verify error:self signed certificate

your local software certificate is not the actual one. You will have to download the actual file at http://www.os4x.com/downloads/:

http://www.os4x.com/downloads/c-works.softwareupdate.pub.cer

and copy the file to your base installation of your OS4X installation (mostly at "/opt/os4x"):

/opt/os4x/c-works.softwareupdate.pub.cer

Check that the file has read-permissions for everyone (444, "-r--r--r--").

To verify the software certificate validity timeframe, you can use the following command:

os4xbox:/opt/os4x# openssl x509 -in /opt/os4x/c-works.softwareupdate.pub.cer -noout -enddate
notAfter=Jul 14 09:24:28 2010 GMT

This means the software update support certificate is valid until July 14h 2032.