Software Distributor (SD-UX) Administration Guide HP-UX 11i v1, 11i v2, and 11i v3 (762797-001, March 2014)
Table Of Contents
- Software Distributor Administration Guide
- Contents
- HP secure development lifecycle
- About This Document
- 1 Introduction to Software Distributor
- SD-UX Overview
- SD-UX Concepts
- Using the GUI and TUI Commands
- The Terminal User Interface
- Starting the GUI/TUI Commands
- Window Components
- Opening and closing items in the object list
- Marking Items in the Object List
- Preselecting Host Files
- Software Selection Window
- Session and File Management—The File Menu
- Changing Software Views—The View Menu
- Changing Options and Refreshing the Object List—The Options Menu
- Performing Actions—The Actions Menu
- Getting Help—The Help Menu
- XToolkit Options and Changing Display Fonts
- Working from the Command Line
- 2 Installing Software
- Installation with swinstall
- Features and Limitations
- Installing with the GUI
- Installing from the Command Line
- Installation Tasks and Examples
- Updating to HP-UX 11i
- Installing Patches
- Recovering Updated Files
- Installing Software That Requires a System Reboot
- Using Software Codewords and Customer IDs
- Re-installing Software Distributor
- Installing Multiple Versions
- Installing to an Alternate Root
- Compatibility Filtering and Checking
- Software Selection Checking
- Configuring Your Installation (swconfig)
- Verifying Your Installation (swverify)
- Installation with swinstall
- 3 Managing Installed Software
- 4 Managing Software Depots
- Depot Management Commands and Concepts
- Copying Software Depots
- Registering and Unregistering Depots (swreg)
- Verifying Signed Software Signatures
- Additional Depot Management Tasks and Examples
- Combining Patch Depots
- Creating a Tape Depot for Distribution
- Setting Depot Attributes
- Creating a Network Depot
- Managing Multiple Versions of HP-UX
- Listing Registered Depots
- Listing the Contents of a Depot (swlist -d)
- Source Depot Auditing
- Verifying a Depot (swverify -d)
- Removing Software from Depots
- Removing a Depot
- 5 HP-UX Patching and Patch Management
- 6 Using Jobs and the Job Browser
- 7 Remote Operations Overview
- 8 Reliability and Performance
- 9 SD-UX Security
- 10 Creating Software Packages
- Overview of the Packaging Process
- Identifying the Products to Package
- Adding Control Scripts
- Creating a Product Specification File (PSF)
- Product Specification File Examples
- PSF Syntax
- PSF Object Syntax
- Selecting the PSF Layout Version
- PSF Value Types
- Product Specification File Semantics
- Re-Specifying Files
- Packaging the Software (swpackage)
- Packaging Tasks and Examples
- Registering Depots Created by swpackage
- Creating and Mastering a CD-ROM Depot
- Compressing Files to Increase Performance
- Packaging Security
- Repackaging or Modifying a Software Package
- Packaging In Place
- Following Symbolic Links in the Source
- Generating File Revisions
- Depots on Remote File Systems
- Verifying the Software Package
- Packaging Patch Software
- Writing to Multiple Tapes
- Making Tapes from an Existing Depot
- 11 Using Control Scripts
- Introduction to Control Scripts
- General Script Guidelines
- Packaging Control Scripts
- Using Environment Variables
- Execution of Control Scripts
- Execution of Other Commands by Control Scripts
- Control Script Input and Output
- File Management by Control Scripts
- Testing Control Scripts
- Requesting User Responses (swask)
- Request Script Tasks and Examples
- 12 Nonprivileged SD
- A Command Options
- B Troubleshooting
- Error Logging
- Common Problems
- Cannot Contact Target Host’s Daemon or Agent
- GUI Won’t Start or Missing Support Files
- Access To An Object Is Denied
- Slow Network Performance
- Connection Timeouts and Other WAN Problems
- Disk Space Analysis Is Incorrect
- Packager Fails
- Command Logfile Grows Too Large
- Daemon Logfile Is Too Long
- Cannot Read a Tape Depot
- Installation Fails
- swinstall or swremove Fails With a Lock Error
- Use of Square Brackets ([ and ]) Around an IPv6 Address Causes an Error
- Some SD commands do not work after network configuration changes
- C Replacing or Updating SD-UX
- D Software Distributor Files and File System Structure
- Glossary
- Index
the SD-UX security provisions for remote operations do not apply to swpackage. See Chapter 9:
“SD-UX Security ” (page 141) for more information on ACLs.
The swpackage command operates as setuid root, that is, the Package Selection phase
operates as the invoking user, the Analysis and Packaging phases operate as the superuser. The
superuser owns and manages all depots and therefore has all permissions for all operations on a
depot. If the depot happens to be on an NFS volume, access problems will not arise from ACLs,
but will arise if the local superuser does not have NFS root access on the NFS mounted file system.
If you are not the local superuser, you will not have permission to create or modify a depot unless
the local superuser grants you permission.
swpackage checks and enforces the following permissions:
1. Can you create a new depot?
Superuser Yes
Other Yes, if the ACL for the local host grants the user “insert” permission, i.e.
permission to insert a new depot into the host.
If the proper permissions are not in place and the depot is a new one,
swpackage terminates with an error.
2. Can you create a new product?
Superuser Yes
Other Yes, if the depot is new and you passed check #1 above or if the ACL for an
existing depot grants you insert permission, i.e. permission to change the
contents of the depot (by adding a new product).
If you are denied authorization to create a new product, swpackage generates
an error message and excludes the product from the session.
3. Can you modify an existing product?
Superuser Yes
Other Yes, if the ACL for the existing product grants you write permission, i.e.
permission to overwrite/change the contents of the product. If you are denied
authorization to change an existing product, swpackage generates an error
message and excludes the product from the session.
If you are denied insert and write permission for all selected products,
swpackage terminates with an error.
4. Can you change the depot-level attributes?
Superuser Yes
Other Yes, if the depot is a new one and you passed check #1 above or if the ACL
for an existing depot grants you write permission, i.e. permission to
write/change the contents of the depot (same as #2 above).
If you are denied authorization to change an existing depot, and if the PSF
specifies some depot-level attributes, then swpackage produces a warning
message and does not change the depot attributes.
ACL Creation
When swpackage creates a new depot or a new product, it also creates an ACL for it:
New depot swpackage creates an ACL for the depot and a template ACL for all the
products that will be packaged into it.
The depot ACL is generated from the host’s global_soc_template ACL (that
is, the template ACL established for new depots and new root file systems).
196 Creating Software Packages