HP-UX Software Assistant Reference (November, 2010)
-option -? Describes the legal values for this option. If option is -x, all possible extended
options are listed for the specified major mode (swa command). If no major mode
is given, all extended options are listed for all the major modes.
Extended Options
Extended options allow you to tailor SWA behavior to your own specifications as each phase is
performed: analysis, reporting, and downloading HP software. SWA commands are capable of
accepting extended options via command line or in an extended options configuration file.
To specify an extended option via command line, use the syntax swa_command -x option.
To use a configuration file, there are three options:
• Specify a file on the command line with swa_command -X option_file.
• Use the $HOME/.swa.conf file.
• Use the /etc/opt/swa/swa.conf file.
If the same option is given in multiple locations, the following order is prioritized from highest to
lowest:
• Options specified on the command line
• Options specified with an option file
• Proxy environment variables
• Options specified with the $HOME/.swa.conf file
• Options specified within the /etc/opt/swa/swa.conf file
• Default value, specified in each options' description
The individual SWA manpages document applicable extended options for a command, and the
/etc/opt/swa/swa.conf.template file outlines the usage and syntax of each extended
option. Be sure to read the applicable manpages so you are aware of the extended options' default
values associated with each command.
Security Considerations
The analysis that swa performs relies on the integrity of the inventory to determine the appropriate
patches to install on the system. It is important that all protocols used to transmit the inventory data
are integrity protected and that the host used to generate the inventory data is accurately
represented. For example, use of swlist for gathering an inventory of a remote system uses a
clear-text, unauthenticated protocol that does not protect the integrity of the data. Using Secure
Shell to gather an inventory of a remote system uses an integrity protected (and encrypted) protocol.
Even when using Secure Shell, the analysis still relies on the source of the data (the remote host)
to accurately represent the software contents installed on that system.
Software download (swa get or swa step download) relies on the integrity of the analysis
file to ensure the integrity of patches before unpacking them. The analysis file gets MD5 checksum
information directly from the catalog. Therefore it is important that all transmissions of the catalog
and/or analysis file are integrity protected and that file permissions do not allow unnecessary
modification.
Depot creation (swa get or swa step depot) relies on the integrity of the patches within the
swcache directory. Therefore, after unpacking the patches, it is important that all subsequent
transmissions of the patches are integrity protected and that file permissions do not allow
unauthorized modification. Deploying software using Software Distributor (using the swinstall
command) has security properties that are documented in the Software Distributor Administration
Guide.
RETURN VALUE
swa returns the following values:
7