Logical Solutions Secure Console Server RPM HOWTO $Date: 2007/09/28 18:28:38 $ $Revision: 1.12 $ NOTE: see the caution notes associated with several of the rpm files, you may be restoring some files to their factory default settings. Introduction RPM is the Redhat Package Manager. It is an open packaging system available for anyone to use. It allows users to take source code for new software and package it into source and binary form such that binaries can be easily installed and tracked and source can be rebuilt easily. It also maintains a database of all packages and their files that can be used for verifying packages and querying for information about files and/or packages. The package is a .rpm file containing software meant to be installed by RPM. Each RPM package has a specific set of information that uniquely identifies it. This information is called a package label. Here are two sample lsi package labels: lsiscs-scripts-1.5-7 lsiscs-connect-3.1-6 The package label begins with the company product identifier. In this case it is a Logical Solutions Inc. secure console sever. As you can see, the company product identifier is separated from the rest of the package label by a dash. Next in the package label is the name of the software. The name may be derived from the name of the application packaged, or it may be a name describing a group of related programs bundled together. The software names in the packages listed above are: scripts and connect. A dash separates the software name from the remainder of the package label. Next in the package label is an identifier that describes the version of the software being packaged. The versions shown are: 1.5 and 1.6. A dash separates the software version from the remainder of the package label. Next is the package release. It reflects the number of times the package has been rebuilt using the same version software. The package releases in the example above are: 7 and 9. Logical Solutions Inc. packages software updates into .rpm files for users to field upgrade their secure console servers. The filenames contain the package label plus a platform ID and the file extension .rpm. An example filename is: lsiscs-connect-3.1-6.i386.rpm. Note: rpm will allow you to have multiple versions of a package installed at the same time. This is a good thing for the kernel, because you may want to boot with an older release. It is not recommended for the LSI packages (non-kernel) packages. You want to UPGRADE (-U) most packages. Thsi will replace the older package with the new one. The first time a packaged is placed onto the SCS, INSTALL is used. rpm will not let you install the exact same package more than once, but you are allowed multiple versions of the updated packages. Follow the instructions in section 1.2, that lists which packages need to be installed, and which need updating. 1.1 Package Description The following packages are available. The version, release number, platform ID, and file extension are not indicated: lsiscs-cardd lsiscs-common lsiscs-connect lsiscs-device-data-block lsiscs-edituser lsiscs-exserial lsiscs-lcd lsiscs-lsi lsiscs-lsissh lsiscs-port_access lsiscs-portlogd lsiscs-powerd lsiscs-scripts lsiscs-snmp lsiscs-sredird lsiscs-stty lsiscs-timeout lsiscs-linux.mods scs-kernel-upgrade webserver lsiscs-passwords lsiscs-scs-kernel lsiscs-monitor (obsolete) 1.1.1 Upgrade RPMs These RPMs are used to upgrade existing or to install new software onto the SCS. 1.1.1.1 lsiscs-cardd This package contains the daemon that monitors the hot-swappable device cards found on the Sentinel model of our console servers. 1.1.1.2 lsiscs-common This is the common library used by the SCS product applications. 1.1.1.3 lsiscs-connect The connect command will allow a user, with the correct permissions, to connect and communicate with a server port. This package also now contains the monitor command and documentation. 1.1.1.4 lsiscs-device-data-block This package contains the driver that creates the /proc/lsi_config entries. 1.1.1.5 lsiscs-edituser The edituser command will allow a user to change their escape and break sequences. The root user can update all of the system users escape and break sequences and the server port permissions for clear, connect and monitor. 1.1.1.6 lsiscs-exserial This package contains the driver for the EXAR UART. 1.1.1.7 lsiscs-lcd The LCD daemon is used to drive the LCD display on the SCS product line. It can be run as a daemon, normal use, or it can be run as a type of printf, such that when it is called it will display the data that is passed to it and then the process will exit. 1.1.1.8 lsiscs-lsi This package contains all of the platform specific files for the LSI Secure Console Server. When the system first starts up the software determines the system type and expands the correct tar file. 1.1.1.9 lsiscs-lsissh This contains the files to implement the ssh-to-a-port feature. There is a modified sshd program, setup scripts and documentation. 1.1.1.10 lsiscs-port_access The port_access command is used by the system to test if a user has permission to access a server port. 1.1.1.11 lsiscs-portlogd The portlogger is a daemon that runs on the Logical Solutions' Secure Console Server (SCS) line. It enables the SCS to listen to a server port and log data to any combination of log file(s), syslog (system logger) and generate emails. 1.1.1.12 lsiscs-powerd The powerd daemon is used to monitor the dual power supplies of some models of the SCS product line. When a power event occurs (loss of power or return of power), the daemon can take several actions. These actions include: sending an email, running a user-supplied script, or modifying the motd file. An entry is always made into the syslog. 1.1.1.13 lsiscs-scripts The scripts package contain the LSI SCS system helper scripts. 1.1.1.14 lsiscs-snmp This package contains the LSI libraries, mibs, and executables for SNMP support. It is based on net-snmp-5.0.6-8.80.2. We include the LSI private mib. 1.1.1.15 lsiscs-sredird This rpm contains the the files to implement the telnet-to-a-port feature. 1.1.1.16 lsiscs-stty This modified version of the stty command is an extension of stty. It allows the user to change server port settings and pass options to stty. This RPM contains stty (GNU sh-utils) 2.0.12 Written by David MacKenzie. Modified by Logical Solutions Inc., V1.0. Copyright (C) 2002 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 1.1.1.17 lsiscs-timeout This command set allows the root user to set the system timeout for inactivity on the console, telnet and ppp ports. 1.1.1.18 lsiscs-linux.mods This package contains the modified Linux startup and config files needed by the LSI Secure Console Server. 1.1.1.19 scs-kernel-upgrade This rpm will add a new kernel to the SCS. The existing kerenl and its' modules will remain on the system. The grub.conf file will be modfied to include the new kernel, but the default boot selection will not be changed. You must edit the file /boot/grub/grub.conf to change the default to the new kernel. I recommend doing an install (--install) instead of an upgrade (--upgrade) for the kernel rpm. Doing an install will keep the old kernel files/modules. Also, you will want it install the exserial and device_data_block RPM's at the same time as the kernel upgrade. These two RPM's contain needed LSI modules. 1.1.1.20 webserver This is the web-based interface to the SCS. Older releases of the SCS will require additional rpms. A complete package of these rpms cam be found in the file: webserver.rpms.tar. You can determine if you need the other rpms with the command: rpm -q CherryPy If it is not installed, you will get the message 'package CherryPy is not installed'. 1.1.2 Factory restore RPMs These RPMs will restore some of the original factory file contents. It is not a complete restore; these RPMs are included for completeness, and should be used with care and understanding of how these changes could affect a working system. 1.1.2.1 lsiscs-passwords This package contains the default LSI SCS password and group files. The files will be created with a .rpmnew extension. !!!!!!!! CAUTION: you are attempting to replace your current passwords with the factory defaults. !!!!!!!! 1.1.2.2 lsiscs-scs-kernel This package contains the kernel, modules and boot files for the LSI Secure Console Server. It is no longer avaialble for download, but can be requested. The upgrade rpm should be used in its place. 1.1.3 Obsolete These RPMs are no longer supplied. 1.1.3.1 lsiscs-monitor This package is now obsolete and its' members are included in lsiscs-connect. 1.2 Package Installation This section details the rpm command and options need to install each package. In several instances the --force option is added to allow the installing package to overwrite files owned by another package. During installation you should review the output of each command. In particular watch for files being renamed with a .rpmsave extension. The information in these files may still be of use and may need to be folded into the new file. In this example, the version to be installed is 1.6. The release is 9. Replace the version and release number with the ones you are installing. You must mount the root filesystem in R/W mode before installing any package. mount -o remount,rw / After installation, we recommend running the 'save' command to write any configuration changes to the compact flash. rpm -U lsiscs-cardd-3.1-6.i386.rpm rpm -U lsiscs-common-3.1-6.i386.rpm rpm -U lsiscs-connect-3.1-6.i386.rpm rpm -U lsiscs-edituser-3.1-6.i386.rpm rpm -U lsiscs-lcd-3.1-6.i386.rpm rpm -U lsiscs-lsi-3.1-6.i386.rpm rpm -U lsiscs-lsissh-3.1-6.i386.rpm rpm -U lsiscs-port_access-3.1-6.i386.rpm rpm -U lsiscs-portlogd-3.1-6.i386.rpm rpm -U lsiscs-powerd-3.1-6.i386.rpm rpm -U lsiscs-sredird-3.1-6.i386.rpm rpm -U lsiscs-timeout-3.1-6.i386.rpm rpm -U webserver-1.0-1516.21.noarch.rpm rpm -i lsiscs-exserial-3.1-6.i386.rpm --nodeps rpm -i lsiscs-device-data-block-3.1-6.i386.rpm --nodeps These RPMs replace files that are in other RPMs, so the --force option is required. rpm -U --force lsiscs-scripts-3.1-6.i386.rpm rpm -U --force lsiscs-stty-3.1-6.i386.rpm rpm -U --force lsiscs-snmp-3.1-6.i386.rpm rpm -U --force lsiscs-linux.mods-3.1-6.i386.rpm rpm -U --force lsiscs-passwords-3.1-6.i386.rpm This RPM modifies files on the /boot partition, so it (/boot) must be mounted read-write, in addition to /. mount -o remount,rw /boot rpm -i scs-kernel-upgrade-3.1-6.i386.rpm --nodeps mount -o remount,ro /boot 1.3 Example of upgrading the kernel: Use the --install option, so that the older versions of the kernel and modules will not removed. [root]# mount -o remount,rw /boot [root]# mount -o remount,rw / [root]# rpm -i --nodeps scs-kernel-upgrade-1.7-5.i386.rpm / lsiscs-device-data-block-1.7-5.i386.rpm / lsiscs-exserial-1.7-5.i386.rpm Uninstalling LSI proc info driver Warning: loadingLoading LSI proc info driver V1.13 /lib/modules/2.4.18-27.8.0/kernel/drivers/misc/db_proc.o will taint the kernel: non-GPL license - Proprietary See http://www.tux.org/lkml/#export-tainted for information about tainted modules Module db_proc loaded, with warnings initrdfile is /boot/initrd-2.4.20-28.8.img running depmod for 2.4.20-28.8 adding 2.4.20-28.8 to /boot/grub/grub.conf /etc/lilo.conf does not exist, not running grubby [root]# rpm -U --force lsiscs-scripts-3.1-6.i386.rpm lsiscs-linux.mods-3.1-6.i386.rpm [root]# mount -o remount,ro /boot [root]# mount -o remount,ro / [root]# save The first 2 commands mount / and /boot as read-write. The new kernel requires updated linux-mods and scripts, so the --nodeps option is needed. The other scripts will be added later. !!!!!!!!!!!!!! Don't do an upgrade, that will cause the old modules to be deleted, do an install instead. !!!!!!!!!!!!!! The device-data-block module is not GPL'd, so you get a warning when it is installed - you can ignore it. LILO is not present, so you get a warning - you can ignore it. When finished, the new kernel boot lines have been added to /etc/grub.conf. However, the original kernel is still the default. The new modules have been added to /lib/modules, but the linux-2.4 symlink has not been changed. 1.4 Example of upgrading from version 1.5-25 to V1.7-7 This example will show the commands required to do a full upgrade, kernel and programs. !!!! Note, DO NOT use the lsiscs-passwords or the lsiscs-scs-kernel rpm's. Either move them to a different directory from the other rpm's, or delete them from the SCS. Assume the rpm's are located in /root. mv lsiscs-passwords*.rpm /tmp mv lsiscs-scs-kernel*.rpm /tmp mount -o remount,rw /boot mount -o remount,rw / rpm -i --nodeps scs-kernel-upgrade-1.7-7.i386.rpm / lsiscs-device-data-block-1.7-7.i386.rpm / lsiscs-exserial-1.7-7.i386.rpm mv lsiscs-device-data-block-1.7-7.i386.rpm /tmp mv lsiscs-exserial-1.7-7.i386.rpm /tmp rpm -U --force lsiscs-*.rpm mount -o remount,ro /boot mount -o remount,ro / save 2.1 Upgrading/Installing third-party rpm's The SCS uses a 256Meg compact flash as it's hard drive. This puts a severe space constraint on the software that is installed. For example, there are no X11 packages installed. Another space saving step was to remove documentation that is found in /usr/share/doc. What's left on the SCS are man pages. When adding a package to the SCS, be aware of the remaining free space on the system; the command df -h will show how much is left. Compare this to the size of the package you wish to install. I recommend using the --test option on the rpm command line as a trial run. Sometimes there will be failed dependencies for the new package. These may be missing libraries that we (LSI) never installed. If space permits, you may add these libraries; sometimes they are just to big to fit. You will have to determine if the package you are trying to install will run without these libraries. 2.1.1 RPM commands To install packages without their documentation, use the --excludedocs option. If a package install fails due to missing dependencies, use --nodeps. ----------------------------------------------------------------------------- Appendix A. About this HOWTO A.1. Copyright The first edition of this document is copyright © 2003 Logical Solutions, Inc. and is distributed under the terms of the Linux Documentation Project (LDP) License, see Section A.1.1. ----------------------------------------------------------------------------- A.1.1. Linux Documentation Project License Unless otherwise stated, Linux HOWTO documents are copyrighted by their respective authors. Linux HOWTO documents may be reproduced and distributed in whole or in part, in any medium physical or electronic, as long as this copyright notice is retained on all copies. Commercial redistribution is allowed and encouraged; however, the author would like to be notified of any such distributions. All translations, derivative works, or aggregate works incorporating any Linux HOWTO documents must be covered under this copyright notice. That is, you may not produce a derivative work from a HOWTO and impose additional restrictions on its distribution. Exceptions to these rules may be granted under certain conditions; please contact the Linux HOWTO coordinator at the address given below. In short, we wish to promote dissemination of this information through as many channels as possible. However, we do wish to retain copyright on the HOWTO documents, and would like to be notified of any plans to redistribute the HOWTOs. If you have any questions, please contact . ----------------------------------------------------------------------------- A.2. Disclaimer No liability for the contents of this documents can be accepted. Use the concepts, examples and other content at your own risk. As this is a new edition of this document, there may be errors and inaccuracies, that may of course be damaging to your system. Proceed with caution, and although this is highly unlikely, the author(s) do not take any responsibility for that. All copyrights are held by their by their respective owners, unless specifically noted otherwise. Use of a term in this document should not be regarded as affecting the validity of any trademark or service mark. Naming of particular products or brands should not be seen as endorsements. You are strongly recommended to take a backup of your system before major installation and backups at regular intervals.