Project

General

Profile

sec-updater

Synopsis

sec-updater [--debug level] [--quiet] [--security] --os string --arch string --uri uri --file filename

sec-updater -h | --help

Description

sec-updater extracts information about security updates and backports of Linux repositories (e.g. Debian or Ubuntu). This information is used to update the package version information stored in the strongTNC SQLite database. The dbkg --compare-versions command is used to determine which package versions are affected by a given security update.

Options

-h, --help
      Prints usage information and a short summary of the available commands.

-v, --debug level
      Set debug level, default: 1.

-q, --quiet
      Disable debug output to stderr.

-s, --security
      Set when parsing a distributions file with security updates.

-o, --os string
      Name of operating system (OS). eg. "Ubuntu 16.04".

-a, --arch string
      Name of HW architecture. eg. "x86_64".

-u, --uri uri
      URI where to download deb package from.

-f, --file filename
      Linux package information file to parse.

Configuration

The following parameter can be configured in strongswan.conf:

sec-updater {
   database = sqlite:///etc/pts/config.db
   swid_gen {
      command = /usr/local/bin/swid_generator
      tag_creator {
         name = strongSwan Project
         regid = strongswan.org
      }
   }
   tnc_manage_command = /var/www/tnc/manage.py
   tmp {
      deb_file = /tmp/sec-updater.deb
      tag_file = /tmp/sec-updater.tag
   }
}

Example

sec-updater --os "Ubuntu 16.04" --arch "x86_64" --uri http://security.ubuntu.com/ubuntu \
            --security --file xenial-security/binary-amd64/Packages-main