This manual is for swbis (version 0.951, 01 Dec 2007), which is a implementation of the POSIX System Administration – Part 2: Software Administration conforming to IEEE Std 1387.2-1995 (ISO/IEC 15068-2) and Open Group CAE C701. Currently, not all of the standard is implemented. There are extensions for package authentication. Extensions to the standard are indicated as such in this document.
Copyright © 2005, 2006 James H. Lowe, Jr.
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.1 or any later version published by the Free Software Foundation; with no Invariant Sections, with the Front-Cover Texts being “A GNU Manual,” and with the Back-Cover Texts as in (a) below. A copy of the license is included in the section entitled “GNU Free Documentation License.”(a) The FSF's Back-Cover Text is: “You have freedom to copy and modify this GNU Manual, like GNU software. Copies published by the Free Software Foundation raise funds for GNU development.”
The first step in package signing is to obtain GNU Privacy Guard and its command line program gpg. The next step is to invoke it directly to test your gpg configuration. The gpg program is invoked by swpackage with the following options:
gpg --no-tty --no-secmem-warning --armor --passphrase-fd 3 -sb -o -
The --passphrase-fd and --no-tty options would not be used if running the gpg utility from the command line. The option swpackage --gpg-name option maps to gpg --local-user option and the swpackage --gpg-path option maps to gpg --homedir option. The default id to sign and home directory depends on gpg's defaults, the default home directory is is usually ~/.gnupg.
If you experience difficulty signing a test file using gpg then consult the gpg manual, since configuring gpg is outside the scope of swbis.
Once you know swpackage works without signing enabled simply invoke it with the additional option --sign and possibly --gpg-name=YOUR_ID and --gpg-path=PATH. swpackage should ask for your passphrase. Note that the --sign turns on --archive-digests automatically since a package is not fully verifiable without archive digests.
Other swpackage options you may which to use are --files and --file-digests.
For example:
swpackage -Wsign,files,gpg-name="Test User" -s PSF @- >/dev/null
There are defaults file options which can be set to your preferences. The command line options always override the the defaults file settings.
swpackage.swbis_file_digests = "true" # true or false
swpackage.swbis_files = "false" # true or false
swpackage.swbis_sign = "false" # true or false
swpackage.swbis_gpg_name =
swpackage.swbis_gpg_path = "~/.gnupg"
swpackage.swbis_signer_pgm = "GPG"
In addition, signed packages can be created using the ad-hoc extension utility swign. It was designed especially to create signed POSIX packages of free software source packages.
The operational constraints for using swign are that every file in the current directory is packaged, all files have the same ownerships, the archive will have a single leading package directory equal to the current directory name, and the package will contain the catalog directory. Other than the additional catalog directory, the package can be identical to the non-POSIX package created with tar.
swign is designed to be fail safe. swign uses swpackage and GNU tar as tools in a fashion such that all data copied to the user is generated by GNU tar from a file list generated by swpackage. Therefore, there is no chance the archive is corrupt, and because of sanity checks on the file list using existing GNU file system utilities, little to no chance of missing data.
swign requires GNU tar version 1.13.25 or 1.14 or 1.15.x. Using a version other than these will produce a valid archive, but the signature may not be valid.
swign packages all the files in the current directory, makes the path name prefix the name of the current directory, and all the files will have the same ownerships. These constraints are suited to GNU and Unix free software source packages.
Creating a signed package with swign is easy. Just change directory to the directory you want to archive, verify the documented side-effect of removing and replacing a directory name catalog is not a problem. If your directory has a file named catalog (that is not a POSIX exported catalog) that belongs to your data set you must rename it. For better or worse 'catalog' is a keyname of the POSIX standard.
Then type:
swign -o 0 -o 0 --show-psf
-or-
swign --show-psf
to show the internally PSF to stdout. It tries to make a reasonable PSF
using the name of the current directory. You can supply you own PSF from
a file or on standard input like this
swign -o 0 -o 0 --show-psf | swign -s - --show-psf
Now, make a package for real.
swign -o 0 -o 0 --show-psf | swign -u "My GPG Name" @- >../my_new_signed_tarball
swign writes to stdout.
You must redirect the archive to a more useful file.
You could verify it like this:
swign -u "My GPG Name" @- | swverify -d @-
-or like this-
swverify -d @:../my_new_signed_tarball
If a checkdigest script is included then you should unpack the package at a new location and run 'swverify –checksig "."' in the new location. See Providing a checkdigest script.
Creating a signed directory is actually the first step that swign does when creating a signed archive. Using the -S simply causes swign to exit early.
Aside:
This feature exposes a regression test constraint, namely
that the byte stream generated by 'swpackage' and installed
by 'tar' is identical to the byte stream generated by GNU 'tar'
from the newly installed 'catalog' directory.
To sign the directory, and then verify it:
swign -S; swverify -d @.
This produces the output:
swign: Generating the catalog and installing with tar...
swpackage: Warning: exclude definition source [catalog] does not exist.
Enter Password:
swverify: GPG signature verified.
swverify: checkdigest script not found
swverify: Package authenticity not confirmed.
For more information about the 'checkdigest' script:
See (swbis_swverify)IMPLEMENTATION EXTENSION DISTRIBUTOR SCRIPTS, and
See (swbis_swverify)Verifying the Directory Form of a Distribution.
Swign can be used to sign any directory using the file ownerships of the source files. The following commands act as a test of swpackage's ability to generate an archive identical to GNU tar. (Note: checkdigest.sh is found in ./bin of the source distribution.)
swign -D $HOME/checkdigest.sh -u "Test User" -o "" -g "" -S;
swverify -d @.
swverify is affected by the following environment variables: SWPACKAGEPASSFD, SWPACKAGEPASSPHRASE, GNUPGHOME, and GNUPGNAME. For more information: (See (swbis_swpackage)ENVIRONMENT.)
The checkdigest script is a distributor extension script. Only the swbis implementation of swverify knows how to use it. An example file is found in the swbis source package.
You need to supply a checkdigest script only if you wish your customers to be able to verify the directory form (i.e. unpacked archive) of a POSIX package. There are constraints on the usefulness of this script which are the same as when attempting to verify manually. See (swbis_swverify)Verifying a POSIX Distribution Directory Manually. It is not used when verifying the archive file form. Also, since it should only use non-swbis standard GNU tools and is a shell script, it does not do anything that the end user could not do themselves.
The script is included in the package one of two ways: using the -D option of the swign command or by specifying in a PSF to be processed by swpackage. The syntax for referencing from a PSF is:
checkdigest < /path/name/to/your/checkdigest.sh
This line should be added in the distribution object of the PSF.
Here is a target to put in your Makefile.am (This example was tested with Automake version 1.9):
# Provide am__remove_distdir ourselves since am__remove_distdir may be a
# private automake variable.
sw_am__remove_distdir = \
{ test ! -d $(distdir) \
|| { find $(distdir) -type d ! -perm -200 -exec chmod u+w {} ';' \
&& rm -fr $(distdir); }; }
dist-swbis: distdir
(cd $(distdir) && swign -s PSF.in --name-version=$(distdir) @-) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
$(sw_am__remove_distdir)
An example invocation using the environment controls:
(SWPACKAGEPASSFD="agent"; GNUPGNAME="Your Name"; make dist-swbis)
The PSF.in should employ the replacement strings '%__tag' and '%__revision' as in this example PSF.in (See (swbis_swign)SAMPLE SOURCE PACKAGE PSF).
In summary, alot is working and alot is not.
swpackage is the most complete utility. It implements all of the ISO/IEC 15068-2 features of the Product Specification File, the input file of swpackage.
swpackage can create POSIX tar archives with a POSIX file layout with an embedded GPG signature and payload digest (md5 and sha1). This capability is mature and safe, but for those who are paranoid about using a new tool to create archives of your data, there is swign. swign signs the current working directory, presumably a directory containing your source tree, and then uses tar to emit the archive. The result is a package, created by GNU tar, which looks like a source tar archive with a leading directory. The archive has the ./catalog/ directory which contains the package metadata, GPG signature and digests which are stored as separate regular files, and as ascii text of course.
swinstall is usable though missing some Posix features. Control script execution is implemented for checkinstall, preinstall, and postinstall. Dependency checks are not implemented. Only packages with one product and one fileset are supported. swinstall can install RPM packages on/to hosts that have neither rpm nor swinstall.
swcopy is usable though missing lots of POSIX capability. It can be used to translate an RPM to a POSIX package with a single path name prefix. It can unpack and copy archives from host to host.
swverify is usable though missing lots of POSIX capability. It most stable feature is verifying signed tar archives (i.e. packages signed according to how GNU swpackage does it). The ability to verify the GPG signature and file metadata of installed software (as opposed to the compressed tarball) is a work in progress.
Below is more detail about current capabilities.
Command: swinstall
swinstall is missing many features but it is useful for packages with a single fileset and product and if control script execution is not required. It can install RPMs to the local or a remote host (but the postinst script will not be executed.)
Command: swcopy
swcopy is missing many features specified in the POSIX spec. Several degenerative basic features work and can be useful. It can unpack compressed tar archives handling compression transparently. It can copy directories from host to host. It can be used as a copying tool for arbitrary data, however this is not its intended application. Unfortunately, many of its intended uses don't work yet.
Command: swinstall or swcopy
swcopy can translate RPMs to a tar archive. This is useful for installing the contents of a source RPM into a single directory.
swinstall can install a RPM as a POSIX package (i.e by translating first).
Command: swpackage
swpackage is at a beta release level. It supports all Product Specification File (PSF) features in the IEEE spec.
Command: swverify
swverify is used to verify the payload digests and GPG signature (if any) of a POSIX package (i.e. tar archive in POSIX format). Currently, swverify does not completely implement verification of installed software.
Command: swign
swign is a ad-hoc implementation extension utility.
swign is used to create a GPG signed POSIX package from the contents of the current directory. The intended use is for creation of signed source tar archives.
It is a shell script that uses swpackage and gpg and GNU tar. Since the created archive is written to stdout by GNU tar and makes sanity checks using standard utilities it is safe to use.
The utilities are invoked from the command line.
The commands share a common syntax that is:
<sw_utility> [options] [software_selections] [@Targets]
The current swbis utilities are swpackage, swinstall, swverify, swcopy, swign.
A central element of all the commands is the target syntax. See Target Syntax.
Here are several rules worth remembering about the Target:
If the target path is not given for a remote target, the target path is either '.' or '/' depending on the utility and the defaults files. (The default target path for swinstall is always '/')
Here are several example of Targets:
@ root@host1
@ root@host1@@guest@host2:/tmp/mnt/test
@ user@host1:.
@ :file1 # Impl Extension
The command swbis can be used to invoke the swbis utilities. The swbis command is useful if the utilities are not installed in $PATH. Alternatively, individual utilities can be invoked by themselves.
Here are some example invocations:
swbis --version
swbis --help
swpackage --sign --gpg-name="Your GPG Identity" --format=ustar -s /tmp/mypsf >/tmp/foo.tar
swverify -d @/tmp/foo.tar
swinstall -s -
swcopy -s /tmp/myrpm.rpm --audit --allow-rpm @- | tar tvf -
swign -u "Your GPG Identity" @- | tar tvf -
Source and Target Specification and Logic
Synopsis:
Posix:
host[:path]
host
host:
/path # Absolute path
Swbis Extension:
[user@]host[:path]
[user@]host_port[:path]
:path
Swbis Multi-hop Target Extension:
# ':' is the target delimiter
# '_' delimits a port number in the host field
[user@]host[@@[user@]host[@@...]][:file]
[user@]host_port[@@[user@]host[@@...]][:file]
# Using ':', a trailing colon is used to
# disambiguate between a host and file.
# For Example,
:file
host:
host
host:file
host:host:
host_port:host_port:
host:host:file
user@host:user@host:
user@host:user@host:host:
user@host:user@host:file
A more formal description:
target : HOST_CHARACTER_STRING ':' PATHNAME_CHARACTER_STRING
| HOST_CHARACTER_STRING ':'
| HOST_CHARACTER_STRING
| PATHNAME_CHARACTER_STRING
| ':' PATHNAME_CHARACTER_STRING # Impl extension
;
PATHNAME_CHARACTER_STRING must be an absolute path unless
a HOST_CHARACTER_STRING is given. Allowing
a relative path is a feature of the swbis
implementation.
NOTE: A '.' as a target is an implementation
extension and means extract in current
directory.
NOTE: A '-' indicating stdout/stdin is an
implementation extension.
NOTE: A ':' in the first character indicates a filename.
This is an implementation extension.
HOST_CHARACTER_STRING is an IP or hostname.
Examples:
Copy the distribution /var/tmp/foo.tar.gz at 192.168.1.10
swcopy -s /var/tmp/foo.tar.gz @192.168.1.10:/root
Implementation Extension Syntax (multi ssh-hop) :
Syntax:
%start wtarget # the Implementation Extension Target
# Note: a trailing ':' forces interpretation
# as a host, not a file.
wtarget : wtarget DELIM sshtarget
| sshtarget
| sshtarget DELIM
;
sshtarget : user '@' target # Note: only the last target
| target # may have a PATHNAME, and only a host
; * may have a user
target : HOST_CHARACTER_STRING
| PATHNAME_CHARACTER_STRING
;
user : PORTABLE_CHARACTER_STRING # The user name
DELIM : ':' # The multi-hop delimiter.
;
Copyright © 2000,2001,2002 Free Software Foundation, Inc.
59 Temple Place, Suite 330, Boston, MA 02111-1307, USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
The purpose of this License is to make a manual, textbook, or other functional and useful document free in the sense of freedom: to assure everyone the effective freedom to copy and redistribute it, with or without modifying it, either commercially or noncommercially. Secondarily, this License preserves for the author and publisher a way to get credit for their work, while not being considered responsible for modifications made by others.
This License is a kind of “copyleft”, which means that derivative works of the document must themselves be free in the same sense. It complements the GNU General Public License, which is a copyleft license designed for free software.
We have designed this License in order to use it for manuals for free software, because free software needs free documentation: a free program should come with manuals providing the same freedoms that the software does. But this License is not limited to software manuals; it can be used for any textual work, regardless of subject matter or whether it is published as a printed book. We recommend this License principally for works whose purpose is instruction or reference.
This License applies to any manual or other work, in any medium, that contains a notice placed by the copyright holder saying it can be distributed under the terms of this License. Such a notice grants a world-wide, royalty-free license, unlimited in duration, to use that work under the conditions stated herein. The “Document”, below, refers to any such manual or work. Any member of the public is a licensee, and is addressed as “you”. You accept the license if you copy, modify or distribute the work in a way requiring permission under copyright law.
A “Modified Version” of the Document means any work containing the Document or a portion of it, either copied verbatim, or with modifications and/or translated into another language.
A “Secondary Section” is a named appendix or a front-matter section of the Document that deals exclusively with the relationship of the publishers or authors of the Document to the Document's overall subject (or to related matters) and contains nothing that could fall directly within that overall subject. (Thus, if the Document is in part a textbook of mathematics, a Secondary Section may not explain any mathematics.) The relationship could be a matter of historical connection with the subject or with related matters, or of legal, commercial, philosophical, ethical or political position regarding them.
The “Invariant Sections” are certain Secondary Sections whose titles are designated, as being those of Invariant Sections, in the notice that says that the Document is released under this License. If a section does not fit the above definition of Secondary then it is not allowed to be designated as Invariant. The Document may contain zero Invariant Sections. If the Document does not identify any Invariant Sections then there are none.
The “Cover Texts” are certain short passages of text that are listed, as Front-Cover Texts or Back-Cover Texts, in the notice that says that the Document is released under this License. A Front-Cover Text may be at most 5 words, and a Back-Cover Text may be at most 25 words.
A “Transparent” copy of the Document means a machine-readable copy, represented in a format whose specification is available to the general public, that is suitable for revising the document straightforwardly with generic text editors or (for images composed of pixels) generic paint programs or (for drawings) some widely available drawing editor, and that is suitable for input to text formatters or for automatic translation to a variety of formats suitable for input to text formatters. A copy made in an otherwise Transparent file format whose markup, or absence of markup, has been arranged to thwart or discourage subsequent modification by readers is not Transparent. An image format is not Transparent if used for any substantial amount of text. A copy that is not “Transparent” is called “Opaque”.
Examples of suitable formats for Transparent copies include plain ascii without markup, Texinfo input format, LaTeX input format, SGML or XML using a publicly available DTD, and standard-conforming simple HTML, PostScript or PDF designed for human modification. Examples of transparent image formats include PNG, XCF and JPG. Opaque formats include proprietary formats that can be read and edited only by proprietary word processors, SGML or XML for which the DTD and/or processing tools are not generally available, and the machine-generated HTML, PostScript or PDF produced by some word processors for output purposes only.
The “Title Page” means, for a printed book, the title page itself, plus such following pages as are needed to hold, legibly, the material this License requires to appear in the title page. For works in formats which do not have any title page as such, “Title Page” means the text near the most prominent appearance of the work's title, preceding the beginning of the body of the text.
A section “Entitled XYZ” means a named subunit of the Document whose title either is precisely XYZ or contains XYZ in parentheses following text that translates XYZ in another language. (Here XYZ stands for a specific section name mentioned below, such as “Acknowledgements”, “Dedications”, “Endorsements”, or “History”.) To “Preserve the Title” of such a section when you modify the Document means that it remains a section “Entitled XYZ” according to this definition.
The Document may include Warranty Disclaimers next to the notice which states that this License applies to the Document. These Warranty Disclaimers are considered to be included by reference in this License, but only as regards disclaiming warranties: any other implication that these Warranty Disclaimers may have is void and has no effect on the meaning of this License.
You may copy and distribute the Document in any medium, either commercially or noncommercially, provided that this License, the copyright notices, and the license notice saying this License applies to the Document are reproduced in all copies, and that you add no other conditions whatsoever to those of this License. You may not use technical measures to obstruct or control the reading or further copying of the copies you make or distribute. However, you may accept compensation in exchange for copies. If you distribute a large enough number of copies you must also follow the conditions in section 3.
You may also lend copies, under the same conditions stated above, and you may publicly display copies.
If you publish printed copies (or copies in media that commonly have printed covers) of the Document, numbering more than 100, and the Document's license notice requires Cover Texts, you must enclose the copies in covers that carry, clearly and legibly, all these Cover Texts: Front-Cover Texts on the front cover, and Back-Cover Texts on the back cover. Both covers must also clearly and legibly identify you as the publisher of these copies. The front cover must present the full title with all words of the title equally prominent and visible. You may add other material on the covers in addition. Copying with changes limited to the covers, as long as they preserve the title of the Document and satisfy these conditions, can be treated as verbatim copying in other respects.
If the required texts for either cover are too voluminous to fit legibly, you should put the first ones listed (as many as fit reasonably) on the actual cover, and continue the rest onto adjacent pages.
If you publish or distribute Opaque copies of the Document numbering more than 100, you must either include a machine-readable Transparent copy along with each Opaque copy, or state in or with each Opaque copy a computer-network location from which the general network-using public has access to download using public-standard network protocols a complete Transparent copy of the Document, free of added material. If you use the latter option, you must take reasonably prudent steps, when you begin distribution of Opaque copies in quantity, to ensure that this Transparent copy will remain thus accessible at the stated location until at least one year after the last time you distribute an Opaque copy (directly or through your agents or retailers) of that edition to the public.
It is requested, but not required, that you contact the authors of the Document well before redistributing any large number of copies, to give them a chance to provide you with an updated version of the Document.
You may copy and distribute a Modified Version of the Document under the conditions of sections 2 and 3 above, provided that you release the Modified Version under precisely this License, with the Modified Version filling the role of the Document, thus licensing distribution and modification of the Modified Version to whoever possesses a copy of it. In addition, you must do these things in the Modified Version:
If the Modified Version includes new front-matter sections or appendices that qualify as Secondary Sections and contain no material copied from the Document, you may at your option designate some or all of these sections as invariant. To do this, add their titles to the list of Invariant Sections in the Modified Version's license notice. These titles must be distinct from any other section titles.
You may add a section Entitled “Endorsements”, provided it contains nothing but endorsements of your Modified Version by various parties—for example, statements of peer review or that the text has been approved by an organization as the authoritative definition of a standard.
You may add a passage of up to five words as a Front-Cover Text, and a passage of up to 25 words as a Back-Cover Text, to the end of the list of Cover Texts in the Modified Version. Only one passage of Front-Cover Text and one of Back-Cover Text may be added by (or through arrangements made by) any one entity. If the Document already includes a cover text for the same cover, previously added by you or by arrangement made by the same entity you are acting on behalf of, you may not add another; but you may replace the old one, on explicit permission from the previous publisher that added the old one.
The author(s) and publisher(s) of the Document do not by this License give permission to use their names for publicity for or to assert or imply endorsement of any Modified Version.
You may combine the Document with other documents released under this License, under the terms defined in section 4 above for modified versions, provided that you include in the combination all of the Invariant Sections of all of the original documents, unmodified, and list them all as Invariant Sections of your combined work in its license notice, and that you preserve all their Warranty Disclaimers.
The combined work need only contain one copy of this License, and multiple identical Invariant Sections may be replaced with a single copy. If there are multiple Invariant Sections with the same name but different contents, make the title of each such section unique by adding at the end of it, in parentheses, the name of the original author or publisher of that section if known, or else a unique number. Make the same adjustment to the section titles in the list of Invariant Sections in the license notice of the combined work.
In the combination, you must combine any sections Entitled “History” in the various original documents, forming one section Entitled “History”; likewise combine any sections Entitled “Acknowledgements”, and any sections Entitled “Dedications”. You must delete all sections Entitled “Endorsements.”
You may make a collection consisting of the Document and other documents released under this License, and replace the individual copies of this License in the various documents with a single copy that is included in the collection, provided that you follow the rules of this License for verbatim copying of each of the documents in all other respects.
You may extract a single document from such a collection, and distribute it individually under this License, provided you insert a copy of this License into the extracted document, and follow this License in all other respects regarding verbatim copying of that document.
A compilation of the Document or its derivatives with other separate and independent documents or works, in or on a volume of a storage or distribution medium, is called an “aggregate” if the copyright resulting from the compilation is not used to limit the legal rights of the compilation's users beyond what the individual works permit. When the Document is included an aggregate, this License does not apply to the other works in the aggregate which are not themselves derivative works of the Document.
If the Cover Text requirement of section 3 is applicable to these copies of the Document, then if the Document is less than one half of the entire aggregate, the Document's Cover Texts may be placed on covers that bracket the Document within the aggregate, or the electronic equivalent of covers if the Document is in electronic form. Otherwise they must appear on printed covers that bracket the whole aggregate.
Translation is considered a kind of modification, so you may distribute translations of the Document under the terms of section 4. Replacing Invariant Sections with translations requires special permission from their copyright holders, but you may include translations of some or all Invariant Sections in addition to the original versions of these Invariant Sections. You may include a translation of this License, and all the license notices in the Document, and any Warranty Disclaimers, provided that you also include the original English version of this License and the original versions of those notices and disclaimers. In case of a disagreement between the translation and the original version of this License or a notice or disclaimer, the original version will prevail.
If a section in the Document is Entitled “Acknowledgements”, “Dedications”, or “History”, the requirement (section 4) to Preserve its Title (section 1) will typically require changing the actual title.
You may not copy, modify, sublicense, or distribute the Document except as expressly provided for under this License. Any other attempt to copy, modify, sublicense or distribute the Document is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance.
The Free Software Foundation may publish new, revised versions of the GNU Free Documentation License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. See http://www.gnu.org/copyleft/.
Each version of the License is given a distinguishing version number. If the Document specifies that a particular numbered version of this License “or any later version” applies to it, you have the option of following the terms and conditions either of that specified version or of any later version that has been published (not as a draft) by the Free Software Foundation. If the Document does not specify a version number of this License, you may choose any version ever published (not as a draft) by the Free Software Foundation.
To use this License in a document you have written, include a copy of the License in the document and put the following copyright and license notices just after the title page:
Copyright (C) year your name.
Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU Free Documentation License, Version 1.2
or any later version published by the Free Software Foundation;
with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.
A copy of the license is included in the section entitled ``GNU
Free Documentation License''.
If you have Invariant Sections, Front-Cover Texts and Back-Cover Texts, replace the “with...Texts.” line with this:
with the Invariant Sections being list their titles, with
the Front-Cover Texts being list, and with the Back-Cover Texts
being list.
If you have Invariant Sections without Cover Texts, or some other combination of the three, merge those two alternatives to suit the situation.
If your document contains nontrivial examples of program code, we recommend releasing these examples in parallel under your choice of free software license, such as the GNU General Public License, to permit their use in free software.
The related standards are IEEE Std 1387.2-1995 (ISO/IEC 15068-2:1999), OpenGroup CAE C701.
ISO/IEC 15068-2:1999 is identical to 1387.2 except for its name.
CAE C701 is nearly identical to 1387.2 and can be viewed online at http://www.opengroup.org/publications/catalog/c701.htm
The implementation reference specification is a printed postscript rendering of the C701 pdf file available at http://www.opengroup.org/publications/catalog/c701.htm (size: 696095 bytes; md5sum: a98e5fd7d723db63e27136c70bfff7aa) and a copy of IEEE Std 1387.2-1995 (ISBN 1-55937-537-X). These two documents match up line-for-line except for chapter ordering and where there are descriptions of C701's additional attributes.
(The IEEE standard is superseded by and identical to ISO/IEC 15068-2:1999).
Commands
Formats
swpackage(8) swpackage(8)
NAME
swpackage — Package a software distribution.
SYNOPSIS
swpackage # Filter: read PSF on stdin, write a tar archive to stdout
swpackage [-p] [-s psf_file] [-f file] [-x option=value] \
[-X options_file] [-W option] [software_selections] [@targets]
swpackage [options] --to-swbis [-s package_file] # format translator
DESCRIPTION
swpackage reads a Product Specification File (PSF) and writes a dis-
tribution to the specified target. If no options are given a PSF is
read on stdin and a distribution is written to the default target
either a directory, device, or standard output. To specify standard
output use a dash ’-’ as the target. This implementation only sup-
ports writing to stdout.
OPTIONS
software_selections
Refer to the software objects (products, filesets) on which to
be operated. (Not yet implemented)
targets
Refers to the software_collection where the software selections
are to be applied. To specify standard output use a dash ’-’,
this overrides media_type setting to ’serial’. Target may be a
file system directory, or device file or ’-’ Currently this
implementation only supports a serial archive written to std-
out.
-f FILE
Reads software_selections from FILE. (Not implemented).
-p
Preview the package. Perform all the packaging operations
except writing the target. In verbose level 1, nothing is
written. Higher verbose levels write information on stdout.
Error and warning messages are written to stderr for verbose
levels 1 and higher.
-s PSF
Specify the PSF file, "-" is standard input.
-x option=value
Specify the extended option overriding the defaults file value.
-X FILE
Specify the extended options filename, FILE, overriding the
default filenames. This option may be given more then once. If
the resulting specified value is an empty string then reading
of any options file is disabled.
-v
(Implementation extension.) Given one time it is identical to
-x verbose=2. This option can be given multiple times with
increasing effect.
level 0: silent on stdout and stderr (not implemented).
level 1: fatal and warning messages.
-v level 2: level 1 plus file list and trailer message.
-vv level 3: level 2 verbose tar-like listing.
-vvv level 4: level 3 extra verbose tar listing.
-b BYTES
Set blocksize to BYTES number of bytes (octets). The default
is 10240. (implementation extension)
--version, -V
Show version. (Implementation extension)
--help
Show help (Implementation extension)
-W option[,option,...]
Specify the implementation extension option.
Syntax: -W option[=option_argument[,option...]
Options may be separated by a comma. The implementation exten-
sion options may also be given individually using the ’--long-
option[=option_arg]’ syntax.
-W cksum
Compute POSIX cksum of the individual files.
-W file-digests -W digests
Compute md5 digests of the individual files. (-W digests is
deprecated, use -W file-digests).
-W files
Store the distribution file list in .../dfiles/files.
-W dir=NAME
Use NAME as the path name prefix of a distribution and also as
the value of the distribution.control_directory and distribu-
tion.tag attribute (if not set). May be set to an empty string
to eliminate stray leading "./".
-W sign
Compute the md5sum, sha1sum and adjunct_md5sum digests and sign
the package.
-W dummy-sign
Same as -W sign except use a dummy signature. The signer pro-
gram is not run and no password is required.
-W signer-pgm=SIGNER
Recognized SIGNERs are GPG, PGP2.6, and PGP5. swverify only
supports GPG, however, other types can be verified manually
using the options of swverify and command line utilities.
-W archive-digests
Compute the md5sum, sha1sum and adjunct_md5sum digests. See
sw(5) for info on the digest and signed data input files. The
sha1sum and md5sum attributes have identical input streams.
-W no-sha1
Do not compute the sha1 digest even if directed to by other
options. (Deprecated: There is limited reason to use this
option).
-W signed-file
Write only the signed data to the specified target but do not
sign. (Deprecated: There is limited reason to use this
option).
-W gpg-name=NAME
Use NAME as the user ID to sign. NAME becomes the option arg
of the gpg --local-user option.
-W gpg-path=PATH
Use PATH as the gpg homedir.
-W gzip
compress output with file system gzip utilty
-W bzip2
compress output with file system bzip2 utility
-W source=FILE
Use serial archive located at FILE as the source instead of the
file system. The files referred by the PSF are taken from the
serial archive and not the file system.
-W numeric-owner
Same as GNU tar option. Emitted archive has only uid and gids.
-W absolute-names
Same as GNU tar option. Leading slash ’/’ are always stripped
unless this option is given.
-W format=FORMAT
FORMAT is one of:
ustar is the POSIX.1 tar format capable of storing
pathnames up to 255 characters in length.
Identical to GNU tar 1.15.1 --format=ustar
This is the default format but may be changed by
the options files.
ustar0 is a different POSIX.1 tar personality.
Identical to GNU tar 1.13.25 --posix -b1 for 99 char pathnames
Has different rendering of device numbers for non-device files,
but otherwise identical to ’ustar’
gnu Identical to GNU tar version 1.15.1 --format=gnu
oldgnu Identical to GNU tar version 1.13 and later with
block size set to 1. i.e. with option -b1.
Also identical to GNU tar 1.15.1 --format=oldgnu
gnutar same as oldgnu, oldgnu preferred.
pax Extended header tar (Not implemented).
odc Posix.1 cpio (magic 070707).
newc cpio format (magic 070701).
crc cpio format (magic 070702).
bsdpax3 Identical to pax v3.0, ustar format with option -b 512.
-W create-time=TIME
Applies to catalog files and the create_time attribute. TIME
is the seconds since the Unix Epoch. You must use this option
to make the catalog directory identical in subsequent invoca-
tions.
-W list-psf
Write the PSF to stdout after having processed the extended
definitions.
-W to-swbis
Read a package on standard input and write a POSIX package on
standard output. Requires the .../libexec/swbis/lxpsf program.
Supported formats are any supported format of lxpsf. Identical
to:
/swbis/lxpsf --psf-form3 -H ustar | swpackage -Wsource=- -s@PSF
-W passphrase-fd=N
Read the passphrase on file descriptor N.
-W passfile=FILE
Read the passphrase from FILE in the file system. Setting FILE
to /dev/tty resets (i.e unsets) all passphrase directives, thus
establishing the default action, reading from the terminal.
-W dir-owner=OWNER
Set the owner of the leading directory archive member to OWNER.
If the option arg is "", then the owner is the owner of the
current directory.
-W dir-group=OWNER
Set the group of the leading directory archive member to OWNER.
If the option arg is "", then the owner is the owner of the
current directory.
-W dir-modep=MODE
Set the file permissions mode of the leading directory archive
member to MODE.
-W catalog-owner=OWNER
Set the owner of the catalog section to OWNER.
-W catalog-group=GROUP
Set the group of the catalog section to GROUP.
-W files-from=NAME
Read a list of files from file NAME. Directories are not
descended recursively.
-W show-options-files
Show the complete list of options files and if they are found.
-W show-options
Show the options after reading the files and parsing the com-
mand line options.
-W no-catalog
Do not write the catalog section.
-W no-front-dir
Do not write the directory archive members that preceed the
catalog section.
EXTENDED OPTIONS
These extended options can be specified on the command line using the
-x option or from the defaults file, swdefaults.
Posix
Shown below is an actual portion of a defaults file which show default
values. These options are set in the /usr/lib/swbis/swdefaults or the
~/.swdefaults file.
swpackage.distribution_target_directory = /var/spool/sw # Not used
swpackage.distribution_target_serial = - # Not used
swpackage.enforce_dsa = false # Not used
swpackage.follow_symlinks = false # Not used
swpackage.logfile = /var/lib/swbis/swpackage.log # Not used
swpackage.loglevel = 1 # Not used
swpackage.media_capacity = 0 # Not used
swpackage.media_type = serial # Not used
swpackage.psf_source_file = - # Not used
swpackage.software = # Not used
swpackage.verbose = 1 # May be 1 2 or 3
Swbis Implementation
These extended options can be specified on the command line using
-Woption=optionarg or --option=optionarg syntax.
These options are set in the /usr/lib/swbis/swbisdefaults or the
~/.swbis/swbisdefaults file.
swpackage.swbis_cksum = "false" # true or false
swpackage.swbis_file_digests = "false" # true or false
swpackage.swbis_file_digests_sha2 = "false" # true or false
swpackage.swbis_files = "false" # true or false
swpackage.swbis_sign = "false" # true or false
swpackage.swbis_archive_digests = "false" # true or false
swpackage.swbis_archive_digests_sha2 = "false" # true or false
swpackage.swbis_gpg_name = ""
swpackage.swbis_gpg_path = "~/.gnupg"
swpackage.swbis_gzip = "false" # true or false
swpackage.swbis_bzip2 = "false" # true or false
swpackage.swbis_numeric_owner = "false" # true or false
swpackage.swbis_absolute_names = "false" # true or false
swpackage.swbis_format = "ustar" # gnutar or ustar
swpackage.swbis_signer_pgm = "GPG" # GPG or PGP5 or PGP2.6
PACKAGE SIGNING
Support for embedded cryptographic signature.
Description
Package signing is accomplished by including, as a package attribute,
a detached signature in the package metadata (the catalog section of
the package). The signed data is the catalog section of the package
(see sw(5) for a description) excluding the signature files archive
header and data. The package leading directory that does not contain
the /catalog/ directory in its name is not included in the signed
stream. The signed stream is terminated by two (2) null tar blocks
(which are not in the actual package file). The storage section (or
payload) of the package is included in the signed data by computing
its md5 and sha1 message digests and storing these as attributes in
the catalog section.
Signature Generation
The signature is generated by the file system signing utility. Cur-
rently, swpackage supports GPG PGP-2.6 and PGP-5. The default is GPG
but can be selected using the -Wsigner-pgm command line option and the
swpackage.swbis_signer_pgm defaults file option. The options and pro-
gram can the displayed with the -Wshow-signer-pgm option. The options
in each case produce a detached ascii-armored signature. The maximum
length for the ascii armored file is 1023 bytes.
Passphrase Handling
The passphrase can be read from the tty, a file descriptor, and envi-
ronment variable or the GNUpg passphrase agent. These are controlled
by the options or the environment variables SWPACKAGEPASSFD and
SWPACKAGEPASSPHRASE. Placing your passphrase in an environment vari-
able is insecure but may be usefull to sign packages with a test key
and later replace it [when on a different host for example].
SIGNATURE VERIFICATION
swpackage does not perform verification of the embedded cryptographic
signature, although, a description is included here for completness.
Overview
Verification requires verifying the payload section md5 and sha1 mes-
sage digests and then verifying the signature. Naturally, it is
required that the signed data include the payload messages digests.
See swverify.
Manual Verification
Verification requires re-creating the signed and digested byte streams
from the archive file. This is not possible using any known extant
tar reading utility because of a lack of ability to write selected
archive members to stdout instead of installing in the file system;
however, the swverify utility can be used to write these bytes streams
to stdout allowing manual inspection and verification. See swverify.
Manual Verification Using Standard Tools
Verification using standard GNU/Linux tools is possible if the archive
is installed in the file system. Success depends on the following
factors:
1) The tar utility preserves modification times
(e.g. not GNU tar 1.3.19).
2) The archive does not contain Symbolic Links
(see sw(5) for explanation).
3) The file system is a Unix file system (e.g. ext2).
4) The package was created using -Wformat=gnutar or, -Wformat=ustar
with no file name longer than 99 octets.
Recreating the signed and digested byte streams is then accomplished
using GNU tar and the file list stored in the <path>/cata-
log/dfiles/files attribute file as follows:
In this example, the package has a single path name prefix called,
namedir and the file owner/group are root. These restrictions are
suited to source packages.
Verify the signature:
#!/bin/sh
tar cf - -b1 --owner=root --group=root \
--exclude=namedir/catalog/dfiles/signature \
namedir/catalog | gpg --verify namedir/catalog/dfiles/signature -
If this fails try using GNU tar option --posix. If this fails then
you are out of luck as nothing in the catalog section can be trusted.
Verify the payload digests:
#!/bin/sh
grep -v namedir/catalog namedir/catalog/dfiles/files | \
tar cf - -b1 --owner=root --group=root \
--files-from=- --no-recursion | md5sum
cat namedir/catalog/dfiles/md5sum
Likewise for the sha1 digest.
If the package has symbolic links, Verify the adjunct_md5sum:
#!/bin/sh
grep -v namedir/catalog namedir/catalog/dfiles/files | \
( while read file; do if [ ! -h $file ]; then echo $file; fi done; )|\
tar cf - -b1 --owner=root --group=root \
--files-from=- --no-recursion | md5sum
cat namedir/catalog/dfiles/adjunct_md5sum
The symbolic link files must be verified manually by comparing to the
INFO file information.
SWPACKAGE OUTPUT FORMAT
The output format is either one of two formats specified in POSIX.1
(ISO/IEC 9945-1) which are tar (header magic=ustar) or cpio (header
magic=070707). The default format of the swbis implementation is
"ustar". The POSIX spec under specifies definitions for some of the
ustar header fields. The personality of the default swbis ustar for-
mat mimics GNU tar 1.15.1 and is designed to be compliant to POSIX.1.
The personality of the "ustar0" format mimics, for pathnames less than
99 octets, GNU tar 1.13.25 using the "-b1 --posix" options. This
bit-for-bit sameness does not exist for pathnames greater than 99
chars as swbis follows the POSIX spec and GNU tar 1.13.25 does not.
The "ustar0" ustar personality is deprecated. It is only slightly
different from ’ustar’ in how device number fields are filled (with
spaces, zeros or NULs) for non-device files.
In addition the swbis implementation supports several other tar vari-
ants including bit-for-bit mimicry of GNU tar (1.13.25) default format
which uses a non-standard name split and file type (type ’L’). This
format is known as ’--format=oldgnu’. Also supported is the gnu for-
mat of GNU tar 1.15.1 specified by ’--format=gnu’
The defacto cpio formats are also supported. "new ASCII" (sometimes
called SVR4 cpio) and "crc" cpio formats with header magic "070701"
and "070702" respectively.
Support for "pax Interchange Format" (Extended header tar) described
in IEEE 1003.1-2001 under the "pax" manual page is planned.
The entirety of the output byte stream is a single valid file of one
the formats mentioned above.
The swbis implementation writes its output to stdout. The default
output block size is 10240 bytes. The last block is not padded and
therefore the last write(2) may be a short write. The selected block
size does not affect the output file contents.
The swbis implementation is biased, in terms of capability and default
settings, to the tar format. Package signing is only supported in tar
format.
SWPACKAGE INPUT FILE FORMAT
The input file is called a product specification file or PSF. It con-
tains information to direct swpackage and information that is package
meta-data [that is merely transferred unchanged into the global INDEX
file].
A PSF may contain object keywords, attributes (keyword/value pairs)
and Extended Definitions (described below). An object keyword con-
notes a logical object (i.e. software structure) supported by the
standard. An object keyword does not have a value field after it, as
it contains Attributes and Extended Definitions. An attribute keyword
conotes an attribute which is always in the form of a keyword/value
pair.
Attribute keywords not recognized by the standard are allowed and are
transferred into the INDEX file. Object keywords not recognized by
the standard are not allowed and will generate an error. Extended
Definitions may only appear in a PSF (never in a INDEX or INFO created
by swpackage). Extended Definitions are translated [by swpackage]
into object keywords (objects) and attributes recognized by the stan-
dard.
Comments in a PSF are not transferred into the INDEX file by the swbis
implementation of swpackage.
The file syntax is the same as a INDEX, or INFO file. A PSF may con-
tain all objects defined by the standard as well as extended defini-
tions.
For additional information see
XDSA C701 http://www.opengroup.org/publications/catalog/c701.htm, or
sw manual page.
EXTENDED DEFINITIONS
A Product Specification File (PSF) can contain Extended Definitions in
the fileset, product or bundle software definitions. They would have
the same level or containment relationship as a file or control_file
definition in the same contaning object.
Extended Definitions represent a minimal, expressive form for specify-
ing files and file attributes. Their use in a PSF is optional in that
an equivalent PSF can be constructed without using them, however,
their use is encouraged for the sake of brevity and orthogonality.
The swbis implementation requires that no [ordinary] attributes appear
after Extended Definitions in the containing object, and, requires
that Extended Definitions appear before logically contained objects.
That is, the parser uses the next object keyword to syntacticly and
logically terminate the current object even if the current object has
logically contained objects.
o Extended Control File Definitions
checkinstall source [path]
preinstall source [path]
postinstall source [path]
verify source [path]
fix source [path]
checkremove source [path]
preremove source [path]
postremove source [path]
configure source [path]
unconfigure source [path]
request source [path]
unpreinstall source [path]
unpostinstall source [path]
space source [path]
control_file source [path]
The source attribute defines the location in distributors’s develop-
ment system where the swpackage utility will find the script. The
keyword is the value of the tag attribute and tells the utilities when
to execute the script. The path attribute is optional and specifies
the file name in the packages distribution relative to the con-
trol_directory for software containing the script. If not given the
tag value is used as the filename.
o Directory Mapping
directory source [destination]
Applies the source attribute as the directory under which the subse-
quently listed files are located. If destination is defined it will
be used as a prefix to the path (implied) file definition. source is
typically a temporary or build location and dest is its unrealized
absolute pathname destination.
o Recursive File Definition
file *
Specifies every file in current source directory. The directory
extended definition must be used before the recursive specification.
o Explicit File Definition
file [-t type] [-m mode] [-o owner[,uid]] [-g group[,gid]] [-n] [-v] source [path]
source
source defines the pathname of the file to be used as the
source of file data and/or attributes. If it is a relative
path, then swpackage searches for this file relative to the the
source argument of the directory keyword, if set. If directory
keyword is not set then the search is relative to the current
working directory of the swpackage utility’s invocation.
All attributes for the destination file are taken from the
source file, unless a file_permissions keyword is active, or
the -m, -o, or -g options are also included in the file speci-
fication.
path
path defines the destination path where the file will be cre-
ated or installed. If it is a relative path, then the destina-
tion path of the of the directory keyword must be active and
will be used as the path prefix. If path is not specified then
source is used as the value of path and directory mapping
applied (if active).
-t type
type may one of ’d’ (directory), or ’h’ (hard link), or ’s’
(symbolic link).
-t d Create a directory.
If path is not specified source is used as the path attribute.
-t h Create a hard link.
path and source are specified. source is used as the value of
the link_source attribute, and path is the value of the path
attribute.
-t s Create a symbolic link.
path and source are specified. source is used as the value of
the link_source attribute, and path is the value of the path
attribute.
-m mode
mode defines the octal mode for the file.
o Default Permission Definition
file_permissions [-m mode] [-u umask] [-o [owner[,]][uid]] [-g [group[,]][gid]]
Applies to subsequently listed file definitions in a fileset. These
attributes will apply where the file attributes were not specified
explicitly in a file definition. Subsequent file_permissions defini-
tions simply replace previous definitions (resetting all the options).
To reset the file_permission state (i.e. turn it off) use one of the
following:
file_permissions ""
or the preferred way is
file_permissions -u 000
o Excluding Files
exclude source
Excludes a previously included file or an entire directory.
o Including Files
include <filename
The contents of filename may be more definitions for files. The syn-
tax of the included file is PSF syntax.
SWBIS PSF CONVENTIONS
This section describes attribute usage and conventions imposed by the
swbis implementation. Not all attributes are listed here. Those that
are have important effects or particular interest.
o Distribution Attributes
The standard defines a limited set of attributes for the distribution
object. An expanded set is suggested by the informative annex however
a conforming implementation is not required act on them. The reason
for this is a distribution may be acted upon by a conforming utility
in such a way that attributes of the distribution become invalid. For
this reason, some attributes that refer to an entire "package" [in
other package managers] are referred from the product object and
attain their broadened scope by the distributor’s convention that
their distribution contains just one product.
For example, the package NAME and VERSION are referred from the prod-
uct tag and revision, not the distribution’s. This convention sup-
ports multiple products in a distribution and is consistent with the
standard.
tag
tag is the short, file system friendly, name of the distribu-
tion. Providing a distribution tag is optional. The swbis
implementation will use this as the [single] path name prefix
if there is no distribution.control_directory attribute. A
distribution tag attribute and swpackage’s response to it is an
implementation extension. The leading package path can also be
controlled with the ’’-W dir’’ option.
control_directory
control_directory, in a distribution object, is the constant
leading package path. Providing this attribute is optional. A
distribution control_directory attribute and swpackage’s
response to it is an implementation extension. The leading
package path can also be controlled with the ’’-W dir’’ option.
This attribute will be generated by swpackage if not set in a
PSF.
o Bundle Attributes
A bundle defines a collection of products whether or not the distribu-
tion has all the products present.
tag
tag is the short, file system friendly, name of the bundle.
This value is used by the swbis implementation as a path name
component in the installed software catalog. If it is not
present the product tag is used.
o Product Attributes
A product defines the software product.
tag
tag is the short, file system friendly, name of the product.
This value is used by the swbis implementation as a path name
component in the installed software catalog. It is required.
The swbis implementation uses it in a way that is analogous to
the RPMTAG_NAME attribute, namely as the public recognizable
name of the package.
control_directory
Is the directory name in the distribution under which the prod-
uct contents are located. This value has no affect on the
installed software catalog. If it is not given in a PSF then
the tag is used.
revision
Is the product revision. It should not contain a "RELEASE"
attribute part or other version suffix modifiers. This value
is used by the swbis implementation as a path name component in
the installed software catalog. It is required by swinstall.
vendor_tag
This is a short identifying name of the distributor that sup-
plied the product and may associate (refer to) a vendor object
from the INDEX file that has a matching tag attribute. This
attribute is optional. This attribute value should strive to
be unique among all distributors. The swbis implementation mod-
ifies the intended usage slightly as a string that strives to
be globally unique for a given product.tag and product.revi-
sion. In this capacity it serves to distinguish products with
the same revision and tag from the same or different distribu-
tor. It most closely maps to the RPMTAG_RELEASE or
"debian_revision" attributes. It is one of the version distin-
guishing attributes of a product specified by the standard. It
is transfered into the installed_software catalog (not as a
path name component) by swinstall. If this attribute exists
there should also be a vendor object in the PSF in the distri-
bution object that has this tag. This attribute is assigned
the value of RPMTAG_RELEASE by swpackage when translating an
RPM.
architecture
This string is one of the version attributes. It is used to
disambiguate products that have the same tag, revision and ven-
dor_tag. It is not used for determining a products compatibil-
ity with a host. The form is implementation defined. swbis
uses the output of GNU config.guess as the value of this
string. A wildcard pattern should not be used. The canonical
swbis architecture string can be listed with swlist. For exam-
ple
swlist -a architecture @ localhost
Here are some example outputs from real systems.
System ‘uname -srm‘ architecture
Red Hat 8.0: Linux 2.4.18 i686 i686-pc-linux-gnu
OpenSolaris: SunOS 5.11 i86pc i386-pc-solaris2.11
NetBSD 3.1: NetBSD 3.1 i386 i386-unknown-netbsdelf3.1
Red Hat 4.1: Linux 2.0.36 i586 i586-pc-linux-gnulibc1
Debian 3.1: Linux 2.6.8-2-386 i686 i686-pc-linux-gnu
os_name os_release os_version machine_type
These attributes are used to determine compatibility with a
host. They correspond to the uname attributes defined by
POSIX.1. If an value is nil or non-existent it is assumed to
match the host. All attributes must match for there to be com-
patibility. Distributors may wish to make these values a shell
pattern in their PSF’s so to match the intended collection of
hosts. swbis uses fnmatch (with FLAGS=0) to determine a match.
o Fileset Attributes
A fileset defines the fileset.
tag
tag is the short, file system friendly, name of the fileset.
It is required although selection of filesets is not yet sup-
ported therefore the end user will have little to do with the
fileset tag.
control_directory
Is the directory name in the product under which the fileset
contents are located. This value has no affect on the
installed software catalog. If it is not given in a PSF then
the tag is used.
o Example Source Package PSF
This PSF packages every file is current directory. It uses nil control
directories so the package structure does not change relative to a
vanilla tarball.
distribution
description "fooit - a program from fooware
that does everything."
title "fooit - a really cool program"
COPYING < /usr/local/fooware/legalstuff/COPYING
vendor
the_term_vendor_is_misleading false
tag fooware
title fooware Consultancy Services, Inc.
description ""
vendor
the_term_vendor_is_misleading true
tag myfixes1
title Bug fixes, Set 1
description "a place for more detailed description"
product
tag fooit
control_directory ""
revision 1.0
vendor_tag myfixes1 # Matches the vendor object above
fileset
tag fooit-SOURCE
control_directory ""
directory .
file *
exclude catalog
o Example Runtime (Binary) Package PSF
This is a sample PSF for a runtime package. It implies multiple prod-
ucts (e.g. sub-packages) using the bundle.contents attribute. Since
the bundle and product tags exist in a un-regulated namespace and are
seen by end users they should be carefully chosen. Note that the
bundle and product have the same tag which may force downstream users
to disambiguate using software selection syntax such as fooit,bv=* or
fooit,pv=* .
distribution
description "fooit - a program from fooware
that does everything."
title "fooit - a really cool program"
COPYING < /usr/local/fooware/legalstuff/COPYING
vendor
the_term_vendor_is_misleading false
tag fooware
title fooware Consultancy Services, Inc.
description "Provider of the programs
that do everything"
vendor
the_term_vendor_is_misleading true
tag fw0
title fooware fixes
description "More fixes from the fooware users"
# Bundle definition: Use a bundle
bundle
tag fooit
vendor_tag fooware
contents fooit,v=fw0 fooit-devel fooit-doc
# Product definition:
product
tag fooit # This is the package name
revision 1.0 # This is the package version
vendor_tag fw0 # This is a release name e.g. RPMTAG_RELEASE
postinstall scripts/postinstall
fileset
tag fooit-RUN
file doc/man/man1/fooit.1 /usr/man/man1/fooit.1
file src/fooit /usr/bin/fooit
SAMPLE PRODUCT SPEC FILES
This section shows several example PSF files.
o A minimal PSF to package all files in current directory.
distribution
product
tag prod
control_directory ""
revision 1.0
fileset
tag files
control_directory ""
directory .
file *
o A PSF that uses directory mapping.
This PSF creates a package with live system paths from source that is
installed in non-live temporary locations. It is modeled on the swbis
source package.
distribution
product
tag somepackage # this is the package name
control_directory ""
revision 1.0 # this is the package revision
fileset
tag files
control_directory ""
file_permissions -o root -g root
directory swprogs /usr/bin
file swpackage
file swinstall
file swverify
file -m 755 -o root -g root / /usr/libexec/swbis
directory swprogs /usr/libexec/swbis
file swbisparse
directory swsupplib/progs /usr/libexec/swbis
file swbistar
file -m 755 -o root -g root / /usr/share/doc/swbis
directory . /usr/share/doc/swbis
file -m 444 ./README
file -m 444 CHANGES
When this PSF is processed by the command:
swpackage -Wsign -s - @- | tar tvf -
It produces the following:
drwxr-x--- root/root 0 2003-06-03 ... catalog/
-rw-r----- root/root 307 2003-06-03 ... catalog/INDEX
drwxr-x--- root/root 0 2003-06-03 ... catalog/dfiles/
-rw-r----- root/root 65 2003-06-03 ... catalog/dfiles/INFO
-rw-r----- root/root 33 2003-06-03 ... catalog/dfiles/md5sum
-rw-r----- root/root 41 2003-06-03 ... catalog/dfiles/sha1sum
-rw-r----- root/root 33 2003-06-03 ... catalog/dfiles/adjunct_md5sum
-rw-r----- root/root 512 2003-06-03 ... catalog/dfiles/sig_header
-rw-r----- root/root 1024 2003-06-03 ... catalog/dfiles/signature
drwxr-x--- root/root 0 2003-06-03 ... catalog/pfiles/
-rw-r----- root/root 65 2003-06-03 ... catalog/pfiles/INFO
-rw-r----- root/root 1503 2003-06-03 ... catalog/INFO
-rwxr-xr-x root/root 510787 2003-06-03 ... usr/bin/swpackage
-rwxr-xr-x root/root 301255 2003-06-03 ... usr/bin/swinstall
-rwxr-xr-x root/root 4105 2003-06-03 ... usr/bin/swverify
drwxr-xr-x root/root 0 2003-06-03 ... usr/libexec/swbis/
-rwxr-xr-x root/root 365105 2003-06-03 ... usr/libexec/swbis/swbisparse
-rwxr-xr-x root/root 243190 2003-06-03 ... usr/libexec/swbis/swbistar
drwxr-xr-x root/root 0 2003-06-03 ... usr/share/doc/swbis/
-r--r--r-- root/root 8654 2003-05-27 ... usr/share/doc/swbis/README
-r--r--r-- root/root 10952 2003-06-03 ... usr/share/doc/swbis/CHANGES
o Create a PSF from a list of files.
find . -print | swpackage -Wfiles-from=- -Wlist-psf
RETURN VALUE
0 on success, 1 on error and target medium not modified, 2 on error if
target medium modified.
SIDE EFFECTS
No temporary files are used in the package generation process. When
using the default target of stdout (directed to /dev/null), there are
no file system side effects from swpackage. GNU Privacy Guard (gpg)
may alter its keys when invoked for package signing.
ENVIRONMENT
SWPACKAGEPASSFD
Sets the --passphrase-fd option. Set the option arg to a inte-
ger value of the file descriptor, or to "env" to read the
passphrase from the environment variable SWPACKAGEPASSPHRASE,
or to "agent" to cause gpg to use gpg-agent, or to "tty" to
restore default behavoir to reading passphrase from the termi-
nal.
SWPACKAGEPASSPHRASE
Use the value as the passphrase if --passphrase-fd is set to
"env"
GNUPGHOME
Sets the --gpg-home option.
GNUPGNAME
Sets the --gpg-name option, which is turn set the --local-user
option of gpg.
REQUISITE UTILITIES
Swpackage does not use any archive writing utilities, it has its own
code to generate archives.
Package signing uses one of the following:
/usr/bin/gpg
/usr/bin/pgp (PGP 2.6.x)
/usr/bin/pgps (PGP 5)
Swpackage will use /usr/bin/uuidgen if present to create the uuid.
You must use this option to make the catalog directory identical in
subsequent invocations.
FILES
libdir/swbis/swdefaults
libbir/swbis/swbisdefaults
$HOME/.swbis/swdefaults
$HOME/.swbis/swbisdefaults
APPLICABLE STANDARDS
ISO/IEC 15068-2:1999, Open Group CAE C701.
SEE ALSO
info swbis
sw(5), swpackage(5), swbisparse(1), swign(1), swverify(8)
IDENTIFICATION
swpackage(8): The packaging utility of the swbis project.
Author: Jim Lowe Email: jhlowe at acm.org
Version: 0.951
Last Updated: 2006-07-01
Copying: GNU Free Documentation License
BUGS
A comment after an object keyword is wrongly not allowed by this PSF
parser. The --dir="" does not do what one would expect sometimes.
The output stream content is unaffected by the blocksize, that is the
last write may be short write. Signing is broken for cpio format
archives.
swpackage(8)
swinstall(8) swinstall(8)
NAME
swinstall — Install POSIX and RPM packages.
SYNOPSIS
swinstall [-p] [-r] [-s source_file] [-f file] \
[-t targetfile] [-x option=value] [-X options_file] [-W option] \
[software_selections] [@target [target1...]]
swinstall -s - # Minimum unambiguous invocation.
DESCRIPTION
swinstall installs a POSIX distribution from a source archive to a
target directory. A POSIX distribution is a package, typically a com-
pressed tarball with metadata files in the prescribed file layout.
Neither swinstall nor any component of swbis is required on the target
host, however, the target host must look like a Unix system at the
shell and command-line utility level and have a POSIX shell. Remote
network connections are made by ssh. Ssh is the default but rsh can
be selected by a command line option.
By default and with no external influences (i.e. swdefaults file)
swinstall will read an archive on stdin and install all products and
filesets of package in "/" directory on the target host. An alternate
root may be specified using the target syntax. The distribution
source directory (swbis default: stdin) is selectable via the defaults
file, therefore it should be specified in uncontrolled environments.
swinstall operates on cpio or tar archives. swinstall supports cpio
archives by first translating to tar format, therefore, to reduce the
data transformations performed by swinstall, distributors encouraged
to deliver products in tar format.
swinstall will create an entry in an installed software catalog. This
is a directory usually located at /var/lib/swbis/catalog. Using this
information checks for upgrade, downdate, dependencies, and reinstal-
lation are made.
OPTIONS
-f FILE
Reads software_selections from FILE. (Not implemented).
-p
Preview the operation. Depending on the verbose level informa-
tion is written to stdout. The target is not modified although
a remote connection is established.
-r
This option has no affect.
-s SOURCE
Specify the source file SOURCE, "-" is standard input. The
syntax is the same as for a target. SOURCE may be an archive
file or stdin.
-t targetfile
Specify a file containing a list of targets (one per line).
-x option=value
Specify the extended option overriding the defaults file value.
-X FILE
Specify the extended options filename, FILE, overriding the
default filenames. This option may be given more then once. If
the resulting specified value is an empty string then reading
of any options file is disabled.
-v
Given one time it is identical to -x verbose=2. This option
can be given multiple times with increasing effect. (Implemen-
tation extension option).
-v is level 2, -vv is level 3,... etc.
level 0: silent on stdout and stderr.
level 1: fatal and warning messages to stderr.
-v level 2: level 1 plus a progress bar.
-vv level 3: level 2 plus script stderr.
-vvv level 4: level 3 plus events.
-vvvv level 5: level 4 plus events.
-vvvvv level 6: level 5 plus set shell -vx option.
-vvvvvv level 7 and higher: level 6 plus debugging messages.
--version, -V
Show version (Implementation extension)
--help
Show help (Implementation extension)
-W option[,option,...]
Specify the implementation extension option.
Syntax: -W option[=option_argument[,option...]
Options may be separated by a comma. The implementation exten-
sion options may also be given individually using the ’--long-
option[=option_arg]’ syntax.
-W preview-tar-file=FILE
This is a testing/development option. Writes the fileset
archive to FILE. This is the same data stream that would have
been loaded on the target. This option should only be used
with the ’-p’ option. The output sent to FILE is a tar archive
but without trailer blocks.
-W remote-shell=NAME
Defaults File Option: swbis_remote_shell_client
This is the remote connection client program on the management
(originating host). The path NAME may be an absolute path (not
located in $PATH). The basename of NAME is used for intermedi-
ate hops. Supported shells are "ssh" and "rsh". The default
is "ssh".
-W quiet-progress
Defaults File Option: swbis_quiet_progress_bar Disable progress
bar, which is active for verbose levels 2 and higher (i.e. -v).
-W show-options-files
Show the complete list of options files and if they are found.
-W show-options
Show the options after reading the files and parsing the com-
mand line options.
-W pax-command={tar|pax|star|gtar}
Set the portable archive command for all operations. The
default is "pax".
-W pax-read-command={tar|pax|star|gtar}
Set the read command for local and remote hosts.
-W remote-pax-read-command={tar|pax|star|gtar}
Defaults File Option: swbis_remote_pax_read_command
Set the read command for remote hosts. This is the command
that runs on the target (e.g. pax -r, tar xpf -). The default
is "pax".
-W local-pax-read-command={tar|pax|star|gtar}
Defaults File Option: swbis_local_pax_read_command
Set the read command for local hosts. This is the command that
runs on the target (e.g. pax -r, tar xpf -). The default is
"pax".
-W pax-write-command={tar|pax|star|gtar|swbistar}
Set the write command for local and remote hosts. This is the
command that runs on the target (e.g. pax -w, tar cf -).
-W remote-pax-write-command={tar|pax|star|gtar|swbistar}
Defaults File Option: swbis_remote_pax_write_command
Set the write command for remote hosts.
-W local-pax-write-command={tar|pax|star|gtar|swbistar}
Defaults File Option: swbis_local_pax_write_command
Set the portable archive write command for local host opera-
tions. This is the command that runs on the source (e.g. pax
-w, tar cf -). The default is "pax".
-W remote-pax-write-command={tar|pax|star|gtar|swbistar}
Defaults File Option: swbis_remote_pax_write_command
Set the portable archive write command for remote host opera-
tions. This is the command that runs on the source (e.g. pax
-w, tar cf -). The default is "pax".
-W no-defaults
Do not read any defaults files.
-W no-remote-kill
Defaults File Option: swbis_no_remote_kill
Disables the use of a second remote connection to tear down the
first in the event of SIGINT or SIGTERM or SIGPIPE. Only has
effect if the number of ssh hops is greater than 1. A single
host remote connection (ssh hop = 1) never uses a second remote
connection.
-W no-getconf
Defaults File Option: swbis_no_getconf
Makes the remote command be ’/bin/sh -s’ instead of the default
’PATH=‘getconf PATH‘ sh -s’.
-W shell-command=NAME
Defaults File Option: swbis_shell_command
This is the interactive shell on the target host. NAME may be
one of "bash", "sh", "ksh" or "posix" and specifies the remote
command run by the remote shell. "posix" is ’PATH=‘getconf
PATH‘ sh -s’, "bash" is "/bin/bash -s", "sh" is "/bin/sh -s",
and "ksh" is "ksh -s". The default is "posix".
-W use-getconf
Opposite of --no-getconf.
-W allow-rpm
Defaults File Option: swbis_allow_rpm
Enable automatic detection, translation to POSIX format, and
installation of RPMs.
-W pump-delay1=NANOSECONDS
Adds a NANOSECONDS delay (999999999 nanoseconds ~ 1 second)
every ADJSIZE bytes in the file data byte pump. A delay of
10111000 nanoseconds (~1/100th second) is added for 2-hop or
greater target (i.e more than 1 remote host in the target
spec). This is a work around for a bug in OpenSSH [or Linux
kernel] that is seen for multi-hop installs where the interme-
diate host is a Linux kernel. If 2-hop install fails, try it
again, you may get lucky, or, increase this delay, or, use ssh
protocol version 1 by using ’’--ssh-options=1’’, or try a 2-hop
install where the middle host is BSD. To disable delay for
multi-hop targets specify zero. For more information about
this bug see the README file from the source distribution.
-W burst-adjust=ADJSIZE
ADJSIZE is the pumped data size, in bytes, between the NANOSEC-
ONDS delays. This is a work around for a bug in OpenSSH or the
Linux kernel that is seen for multi-hop installs where the
intermediate host is a Linux kernel. The default is 72000 for
2-hops or greater, and zero for single hop and localhost
installs.
-W ssh-options=OPTIONS
ssh client program options. For example -W ssh-options=1 sets
the ’-1’ ssh client option which specifies protocol version 1.
-W source-script-name=NAME
Write the script that is written into the remote shell’s stdin
to NAME. This is useful for debugging.
-W target-script-name=NAME
Write the script that is written into the remote shell’s stdin
to NAME. This is useful for debugging.
software_selections
Refers to the software objects (products, filesets) on which to
be operated. This is not implemented, however, specification of
a location and qualifier are supported. location allow speci-
fication of a alternate relative root path within the target
path, and qualifier allows specification of a user-selectable
modifier. For example:
swinstall q=exp @ 192.168.1.1 # Tag the package as experimental
swinstall l=/unionfs/somepackage-1.0 @ 192.168.1.1 # Allows multiple
# packages with same tag to exist in the
# same target path, where the location
# disambiguates.
target
Refers to the software_collection where the software selections
are to be applied. Allows specification of host and pathname
where the software collection is to be located. A target that
contains only one part is assumed to be a hostname. To force
interpretation as a path, use an absolute path or prefix with
’:’. The default target path for ’swinstall’ is always ’/’.
Source and Target Specification and Logic
Synopsis:
Posix:
host[:path]
host
host:
/path # Absolute path
Swbis Extension:
[user@]host[:path]
[user@]host_port[:path]
:path
Swbis Multi-hop Target Extension:
# ’:’ is the target delimiter
# ’_’ delimits a port number in the host field
[user@]host[@@[user@]host[@@...]][:file]
[user@]host_port[@@[user@]host[@@...]][:file]
# Using ’:’, a trailing colon is used to
# disambiguate between a host and file.
# For Example,
:file
host:
host
host:file
host:host:
host_port:host_port:
host:host:file
user@host:user@host:
user@host:user@host:host:
user@host:user@host:file
A more formal description:
target : HOST_CHARACTER_STRING ’:’ PATHNAME_CHARACTER_STRING
| HOST_CHARACTER_STRING ’:’
| HOST_CHARACTER_STRING
| PATHNAME_CHARACTER_STRING
| ’:’ PATHNAME_CHARACTER_STRING # Impl extension
;
PATHNAME_CHARACTER_STRING must be an absolute path unless
a HOST_CHARACTER_STRING is given. Allowing
a relative path is a feature of the swbis
implementation.
NOTE: A ’.’ as a target is an implementation
extension and means extract in current
directory.
NOTE: A ’-’ indicating stdout/stdin is an
implementation extension.
NOTE: A ’:’ in the first character indicates a filename.
This is an implementation extension.
HOST_CHARACTER_STRING is an IP or hostname.
Examples:
Copy the distribution /var/tmp/foo.tar.gz at 192.168.1.10
swcopy -s /var/tmp/foo.tar.gz @192.168.1.10:/root
Implementation Extension Syntax (multi ssh-hop) :
Syntax:
%start wtarget # the Implementation Extension Target
# Note: a trailing ’:’ forces interpretation
# as a host, not a file.
wtarget : wtarget DELIM sshtarget
| sshtarget
| sshtarget DELIM
;
sshtarget : user ’@’ target # Note: only the last target
| target # may have a PATHNAME, and only a host
; * may have a user
target : HOST_CHARACTER_STRING
| PATHNAME_CHARACTER_STRING
;
user : PORTABLE_CHARACTER_STRING # The user name
DELIM : ’:’ # The multi-hop delimiter.
;
INSTALLED SOFTWARE CATALOG
The form or format of an installed software catalog is not specified
by the ISO/IEC spec although it does specify an interface to it (e.g.
swlist utility) and operations on it.
This implementation creates a de-facto installed software catalog
rooted at the file system path specified by the value of the
installed_software_catalog extended option. The catalog is a file
system hierarchy containing regular files and directories.
CATALOG FILE LAYOUT
<path>/
<path>/<ISC>/
<path>/<ISC>/<bundle>/
<path>/<ISC>/<bundle>/<product>/
<path>/<ISC>/<bundle>/<product>/<pr>/
<path>/<ISC>/<bundle>/<product>/<pr>/<seqence_number>/
<path>/<ISC>/<bundle>/<product>/<pr>/<sequence_number>/export/
<path>/<ISC>/<bundle>/<product>/<pr>/<sequence_number>/export/catalog.tar
<path>/<ISC>/<bundle>/<product>/<pr>/<sequence_number>/export/catalog.tar.sig
<path>/<ISC>/<bundle>/<product>/<pr>/<sequence_number>/export/catalog.tar.sig<N>
<path>/<ISC>/<bundle>/<product>/<pr>/<sequence_number>/INSTALLED
<path>/<ISC>/<bundle>/<product>/<pr>/<sequence_number>/control.sh
<path>/<ISC>/<bundle>/<product>/<pr>/<sequence_number>/session_options
<path>/<ISC>/<bundle>/<product>/<pr>/<sequence_number>/vendor_tag
<path>/<ISC>/<bundle>/<product>/<pr>/<sequence_number>/location
<path>/<ISC>/<bundle>/<product>/<pr>/<sequence_number>/qualifier
<path> is the target path. <ISC> is the value of the installed_soft-
ware_cataglog extended option. <bundle> and <product> are bundle and
product tags. If there is no bundle in the distribution the product
tag is used. <pr> is the product revision. Other items are explained
below.
CATALOG LOCATION
/<path>/
/<path>/<installed_software_catalog>/
/<path>/<installed_software_catalog>/...
* Root or Alternate Root
/<path>/
<path>/ is the target path specified in the target syntax. By default
"/".
* Catalog Relative Root Directory
/<path>/
/<path>/<installed_software_catalog>/
<installed_software_catalog>/ is the value of the extended option by
the same name. By default "var/lib/swbis/catalog".
PACKAGE CATALOG RELATIVE ROOT
/<{bundle|prod}.tag>/<prod.tag>/<prod.revision>/...
In other words, if ’product’ and ’bundle’ refers to tags, and prod-
uct_revision is the value of the product.revision attribute then the
path segment is:
/bundle/product/product_revision
CATALOG SEQUENCE NUMBER
/<sequence_number>/
/<sequence_number>/...
sequence_number is a decimal integer starting with ’0’. It is chosen
by swinstall to be unique at the time of installation.
CATALOG CONTENTS
<sequence_number>/
<sequence_number>/export/
<sequence_number>/export/catalog.tar
<sequence_number>/export/catalog.tar.sig
<sequence_number>/INSTALLED
<sequence_number>/control.sh
<sequence_number>/session_options
<sequence_number>/vendor_tag
<sequence_number>/location
<sequence_number>/qualifier
The export directory
export/
export/...
export/catalog.tar
export/catalog.tar.sig
export/catalog.tar.sig2
...
export/catalog.tar.sigN
The export/ is a file system directory and its name is constant for
all packages and is unique to the swbis implementation. The
export/catalog.tar file is the signed file from the POSIX distribu-
tion. The export/catalog.tar.sig file is the signature file from the
distribution. If there is more than one signature, then it is the
last one. export/catalog.tar.sig2 is the next to last signature, and
export/catalog.tar.sigN is the first one, where N is the total number
of signatures.
INSTALLED -- The state metadata file
<sequence_number>/INSTALLED
The INSTALLED file is similar to an INDEX file in its grammar and syn-
tax. Unlike an INDEX file, it may contain control_file definitions.
The INSTALLED file stores the control script return codes and fileset
installation state. It is updated several times during the operation
of ’swinstall’. It can be parsed using libexec/swbisparse and the
’--installed’ option.
control.sh -- The master control script
<sequence_number>/control.sh
SYNOPSIS: control.sh tag_spec script_tag
The control.sh file is a POSIX shell script that is automatically gen-
erated by swinstall. It provides a common interface for control
script execution. Its primary purpose is to set up the script’s exe-
cution environment and map script tags to the control script path-
names. It assumes that ’export/catalog.tar’ is unpacked in export/.
session_options -- The extended options
<sequence_number>/session_options
This file contains the extended options in a form that may be executed
by the shell ’.’ (dot) command. It is automatically generated by
swinstall. The value of the SW_SESSION_OPTIONS environment variable
is the absolute pathname of the this file.
EXAMPLE CATALOG ENTRY
Below is an example entry of the catalog created by swbis version
0.405. In this example, the target path is ’/mnt/test’, the
installed_software_catalog is ’/var/lib/swbis/catalog/’, the bundle
tag is ’foobare’, the product tag is ’foobare-doc’, and the product
revision attribute is ’0.902’.
/mnt/test/var/lib/swbis/catalog/foobare/foobare-doc/0.902/0/export
/mnt/test/var/lib/swbis/catalog/foobare/foobare-doc/0.902/0/export/catalog.tar
/mnt/test/var/lib/swbis/catalog/foobare/foobare-doc/0.902/0/export/catalog.tar.sig
/mnt/test/var/lib/swbis/catalog/foobare/foobare-doc/0.902/0/INSTALLED
/mnt/test/var/lib/swbis/catalog/foobare/foobare-doc/0.902/0/control.sh
/mnt/test/var/lib/swbis/catalog/foobare/foobare-doc/0.902/0/vendor_tag
/mnt/test/var/lib/swbis/catalog/foobare/foobare-doc/0.902/0/location
/mnt/test/var/lib/swbis/catalog/foobare/foobare-doc/0.902/0/qualifier
/mnt/test/var/lib/swbis/catalog/foobare/foobare-doc/0.902/0/session_options
Although swinstall does not depend on the file name as this accommo-
dates installing from standard input, a typical name for this package
would be:
foobare-doc-0.902-sl04.tar.gz
where ’sl04’ is the vendor tag.
IMPLEMENTATION EXTENSIONS
Software Specification Targets
A dash ’-’ is supported and means stdout or stdin. Operations with
stdout and stdin on a remote host is not supported.
A decimal ’.’ is supported and means the current directory. This is
supported for remote and non-remote targets. If the source is stan-
dard input, the distribution will be unpacked (e.g. pax -r) in the
directory ’.’. If the source is a regular file then a regular file in
’.’ will be created with the same name.
RPM Translation
RPM (RedHat Package Manager) format packages are installed by first
translating to an equivalent ISO/IEEE file layout in POSIX tar format
and then installing as a POSIX package. This translation and detec-
tion is transparent to the user if the ’’--allow-rpm’’ option is set
in the command line args or the swbis_allow_rpm is set to "true" by
the defaults files, otherwise an error occurs.
Since translation is done on the local (management) host, RPM is not
required on the remote (target) host.
The translation is (internally) equivalent to :
cat your-0.0-1.bin.rpm |
/usr/lib/swbis/lxpsf --psf-form2 -H ustar |
swpackage -W source=- -s @PSF | swinstall -s - @/
Testing with RPM
To test the swbis components, a completely independent means to
install and verify a package is needed. RPM provides this means and
can be used in the following way:
rpm -i --nodeps --force your-0.0-1.i386.rpm # Install
rpm --verify --nodeps your-0.0-1 # Show that all is well
rpm -e --nodeps your-0.0-1 # Remove it.
rpm -i --nodeps --justdb your-0.0-1.i386.rpm # Install just the database.
rpm --verify --nodeps your-0.0-1 # Shows the files are missing.
swinstall --allow-rpm -s - < your-0.0-1.i386.rpm
rpm --verify --nodeps your-0.0-1 # Show that all is well again
EXTENDED OPTIONS
Extended options can be specified on the command line using the -x
option or from the defaults file, swdefaults. Shown below is an
actual portion of a defaults file which show default values.
POSIX
These options are set in the /usr/lib/swbis/swdefaults or the ~/.swde-
faults
allow_downdate = false # Not Implemented
allow_incompatible = false # Not Implemented
ask = false # Not Implemented
autoreboot = false # Not Implemented
autorecover = false # Not Implemented
autoselect_dependencies = false # Not Implemented
defer_configure = false # Not Implemented
distribution_source_directory = - # Stdin
enforce_dependencies = false # Not Implemented
enforce_locatable = false # Not Implemented
enforce_scripts = false # Not Implemented
enforce_dsa = false # Not Implemented
installed_software_catalog = var/lib/swbis/catalog
logfile = /var/lib/sw/swinstall.log #Not Implemented
loglevel = 0 # Not Implemented
reinstall = false # Not Implemented
select_local = false # Not Implemented
verbose = 1
Swbis Implementation
These options are set in the /usr/lib/swbis/swbisdefaults or the
${HOME}/.swbis/swbisdefaults file.
swinstall.swbis_no_getconf = false # true or false
swinstall.swbis_shell_command = posix # {sh|bash|posix}
swinstall.swbis_no_remote_kill = false # true or false
swinstall.swbis_no_audit = false # true or false
swinstall.swbis_quiet_progress_bar = false # true or false
swinstall.swbis_local_pax_write_command=pax #{pax|tar|star|gtar}
swinstall.swbis_remote_pax_write_command=pax #{pax|tar|star|gtar}
swinstall.swbis_local_pax_read_command=pax #{pax|tar|gtar|star}
swinstall.swbis_remote_pax_read_command=pax #{pax|tar|gtar|star}
swinstall.swbis_enforce_sig=false # true or false
swinstall.swbis_enforce_file_md5=false # true or false
swinstall.swbis_allow_rpm=false # true or false
swinstall.swbis_remote_shell_client=ssh
swinstall.swbis_install_volatile=true
swinstall.swbis_volatile_newname= #empty string, e.g. ".rpmnew"
RETURN VALUE
0 if all targets succeeded, 1 if all targets failed, 2 if some targets
failed and some succeeded.
NOTES
Multiple ssh-hops is an implementation extension.
REQUISITE UTILITIES
swinstall requires a POSIX shell accessible by the remote shell com-
mand. This is the remote command run by ssh (or rsh) for all opera-
tions. This command can be controlled by the --shell-command option
or the swbis_shell_command defaults file option. Permitted values are
"bash" (/bin/bash -s) or "sh" (/bin/sh -s) or "posix" (’PATH=‘getconf
PATH‘ sh -s’). The default is "posix". swinstall requires the POSIX
capability of reading commands on stdin according to the specification
described in IEEE Std 1003.1, 2003 Ed.; sh -shell, Section STDIN.
This requirement accommodates reading of shell program code and data
on STDIN. This capability may not be present in some /bin/sh shells.
The "/bin/sh" on FreeBSD-5.1 may be broken in this regard, hence
’’--shell-command=bash’’ should be used for BSD hosts. The public
domain Korn shell (pdksh-5.2.14) seems to work OK, that is, it com-
plies by luck or intent with the POSIX capability of reading data and
code on stdin.
If the --no-getconf option is set or the swinstall.swbis_no_getconf
defaults option is "true" then the remote command is ’/bin/sh -s’.
Use of the no-getconf option is needed for communication with user
accounts on remote machines whose login shell is not a Bourne shell
(e.g. csh) such as root on some default BSD installations. Other *nix
systems may require use of getconf because their /bin/sh is broken or
not POSIX enough (e.g. Sun platforms). Still other systems may not
have getconf.
Other utilities required to be in $PATH on the remote host are: dd,
pax (or tar|star|gtar), hostname, mkdir, expr, echo, test, sleep, read
(if not builtin).
FILES
/usr/lib/swbis/swdefaults
/usr/lib/swbis/swbisdefaults
$HOME/.swbis/swdefaults
$HOME/.swbis/swbisdefaults
APPLICABLE STANDARDS
ISO/IEC 15068-2:1999, Open Group CAE C701
SEE ALSO
info swbis
swcopy(8), sw(5), swbisparse(1), swign(1), swverify(8)
IDENTIFICATION
swinstall(8): The installation utility of the swbis project.
Author: Jim Lowe Email: jhlowe at acm.org
Version: 0.951
Last Updated: 2008-04-18
Copying: GNU Free Documentation License
BUGS
swinstall is subject to breakage if a user’s account on an intermedi-
ate (or terminal) host in a target spec is not configured to use a
Bourne compatible shell. (This breakage may be eliminated by use of
the --no-getconf option as explained above.)
A multiple ssh hop source spec (more than 1 remote host involved in
the source transfer) upon a SIGINT may result in sshd and ssh pro-
cesses being left on on the intermediate host(s), this despite, swin-
stall’s action of sending a SIGTERM to the remote script’s parent pro-
cess.
swinstall does not currently implement Software Selections, not file-
set dependencies, and much more. Only packages with one product and
one fileset are supported.
swinstall(8)
swremove(8) swremove(8)
NAME
swremove — Remove installed software
SYNOPSIS
swremove [-d|-r] [-v] [-t targetfile] \
[-x option=value] [-X options_file] [-W option] \
[software_selections] [@targets]
swremove --cleansh [options] [@targets]
DESCRIPTION
swremove removes installed software. swremove is a distributed util-
ity. Neither swremove nor any component of swbis is required on the
target host, however, the target host must look like a Unix system at
the shell and command-line utility level. Remote network connections
are made by ssh. Ssh is the default but rsh can be selected by a com-
mand line option.
swremove operates on installed software identified by a software
selection and target.
OPTIONS
-d
Specify the target is a distribution.
Note: This is currently not supported by this implemen-
tation.
-f FILE
Read the list of software selections from FILE.
-p
Preview mode, establish contact with target host, however, mod-
ify nothing.
-r
Indicates that the operation is on installed software at a
location indicated by the the target.
Note: This is the default mode among -d and -r
-t targetfile
Specify a file containing a list of targets (one per line).
-v
Increment the verbose level.
-x option=value
Specify the extended option overriding the defaults file value.