Login | Register
My pages Projects Community openCollabNet
Project highlights: Stable Version: 1.6.1, Development Version: 1.7.6

Configuring Up2date

The configuration file for up2date is located in /etc/sysconfig/rhn/up2date. It is a simple ASCII text file, and the format is a simple key=value type, with no more than one key/value pair per line.

Note

If you work working with clients using Red Hat Linux 7.3 or earlier you will need to modify /etc/sysconfig/rhn/rhn_register as well. It contains similar information to the up2date configuration file. This same modifications you make to the up2date configuration file need to be made here as well.

There are three lines in this file we are concerned about. The first one we will cover deals with the certificate file generated by the user of Current when first initializing the server. The default setting, as shipped by Red Hat is:

sslCACert=/usr/share/rhn/RHNS-CA-CERT

For our discussion, we will assume you have already places the certificate file on the client system as discussed above, and given it the name CURRENT-CA-CERT. To use that file, simply change the line above to read:

sslCACert=/usr/share/rhn/CURRENT-CA-CERT

The other two lines we are concerned about are the lines giving the location of both the SSL and non-SSL server(s) from which to actually retrieve package information and actual packages. Those two lines, as shipped by Red Hat, are:

serverURL=https://www.rhns.redhat.com/XMLRPC

for the SSL server, and

noSSLServerURL=https://www.rhns.redhat.com/XMLRPC

for the non-SSL server. The portion you will need to modify is the hostname portion of the URLs; if you modify the /XMLRPC portion of the URLs, neither rhn_register nor up2date will work with your Current server. For my testing purposes, which involves using the same machine as both client and server, those lines appear in my configuration file as:

serverURL=https://localhost/XMLRPC

and

noSSLServerURL=http://localhost/XMLRPC

The next line of concern in the up2date configuration file is not critical to normal operations, but needs to be mentioned for those security-conscious individuals who use GPG to sign custom or modified packages. In the default Red Hat configuration, there is a line:

gpgKeyRing=/etc/sysconfig/rhn/up2date-keyring.gpg

which tells the up2date client where to find the GPG key to use to verify package signatures. If you wish to use GPG signature verification on the clients, you must either change this line to reflect the location of the GPG key used to sign the packages (after putting that key into a key ring on the client, of course), or you must add that key to the key ring in the file specified.

Please note that if you choose to GPG sign your packages, you must use one of the two above methods to allow signature checking; a recent change to RPM now requires a signature check to pass if there is a GPG signature on the package. This is not a behavior of Current or of up2date, but is a behavior of RPM itself.