The configuration file for up2date is located in
/etc/sysconfig/rhn/up2date. It is a simple ASCII
text file, and the format is a simple key=value type, with no more than one
key/value pair per line.
If you work working with clients using Red Hat Linux 7.3 or earlier
you will need to modify /etc/sysconfig/rhn/rhn_register
as well. It contains similar information to the up2date
configuration file. This same modifications you make
to the up2date configuration file need to be made
here as well.
There are three lines in this file we are concerned about. The first one we
will cover deals with the certificate file generated by the user of Current
when first initializing the server. The default setting, as shipped by Red Hat
For our discussion, we will assume you have already places the certificate file
on the client system as discussed above, and given it the name
CURRENT-CA-CERT. To use that file, simply change the line
above to read:
The other two lines we are concerned about are the lines giving the location of
both the SSL and non-SSL server(s) from which to actually retrieve package
information and actual packages. Those two lines, as shipped by Red Hat, are:
for the SSL server, and
for the non-SSL server. The portion you will need to modify is the hostname
portion of the URLs; if you modify the
/XMLRPC portion of the URLs, neither
rhn_register nor up2date will work with
your Current server. For my testing purposes, which involves using the same
machine as both client and server, those lines appear in my configuration file
The next line of concern in the up2date configuration
file is not critical to normal operations, but needs to be mentioned for those
security-conscious individuals who use GPG to sign custom or modified packages.
In the default Red Hat configuration, there is a line:
which tells the up2date client where to find the GPG key to
use to verify package signatures. If you wish to use GPG signature
verification on the clients, you must either change this line to reflect the
location of the GPG key used to sign the packages (after putting that key into
a key ring on the client, of course), or you must add that key to the key ring
in the file specified.
Please note that if you choose to GPG sign your packages, you must use one of
the two above methods to allow signature checking; a recent change to RPM now
requires a signature check to pass if there is a GPG signature on the package.
This is not a behavior of Current or of up2date, but is
a behavior of RPM itself.