Hi all, I have a project in which I need to remotely update my application. I was thinking that I could package up the application as an RPM, and place the RPM in a place where a cron job could check periodically. However, the cron job would need to kick off a process to install the RPM as root, which makes me feel a little uncomfortable. Can anyone suggest a method that already exists to do this sort of thing? Am I going down the right path? Thanks, -ronc
* Ron Cordell (roncordell@attbi.com) [020329 14:20]:
I have a project in which I need to remotely update my application. I was thinking that I could package up the application as an RPM, and place the RPM in a place where a cron job could check periodically. However, the cron job would need to kick off a process to install the RPM as root, which makes me feel a little uncomfortable.
Any automated update like that is going to be a little sketchy, cron is probably fine as long as you pgp sign the packages and make sure that 'rpm --checksig' exits with 0 before installing it (it will exit 1 if checksig fails). If you don't normally run cron on the machine for security reasons you can always just start a script at boot that does something like #!/bin/bash while true; do sleep 86400 # that's 24 hours ftp -a ftp://blah.blah/path/foo.rpm -o /root/foo.rpm rpm --checksig /root/foo.rpm || echo "checksig failed" ; exit 1 rpm -Uvh /root/foo.rpm done Of course, the ftp might be an rsync or scp and you'll probably want to log everything. The important thing is that the file is copied to a place that is only writable by root. -- -ckm
participants (2)
-
Christopher Mahmood
-
Ron Cordell