package update
Update an existing secure package on the Luna appliance. All packages from Thales are signed and encrypted and come with an authcode that must be provided to decrypt and use the package. Use this command to update packages that can be seen when using the package listfile command. You can verify a package with the package verify command.
CAUTION! Use an uninterruptible power supply (UPS) to power your HSM. There is a small chance that a power failure during an update could leave your HSM in an unrecoverable condition.
If a version of this package is already installed, an error occurs:
Command failed: RPM update for original filename (fwupdateK7_RealCert-7.0.2-RC2.i386.rpm)
NOTE You must log into the HSM before you run this command.
User Privileges
Users with the following privileges can perform this command:
>Admin
>Operator
Syntax
package update <filename> -authcode <authcode> [-des3 | -useevp] [-force]
| Argument(s) | Shortcut | Description |
|---|---|---|
| <filename> | The name of the update package file. | |
| -authcode <authcode> | -a | Specifies the secure package authorization code provided by Thales with the secure package - the authorization code is checked during package installation to ensure that the package was encrypted and signed by Thales. |
| -des3 | -d | Use DES3 Cipher for backward compatibility with older secure package updates (cannot be used simultaneously with -useevp). |
| -force | -f | Force the action - useful when scripting; this option causes the command to proceed without confirmation. |
| -useevp | -u | Use the OpenSSL EVP (Digital EnVeloPe library) API to decrypt and validate the update package in appliance software without need for HSM SO login. If this option is not specified, the default action is to refer update verification to the HSM (cannot be used simultaneously with -des3). |
Example
lunash:>package update lunasa_update-7.1.0.spkg -authcode 5/Rd79MAGd/G9EY5 WARNING!! Appliance software upgrade is a one-way operation: you cannot downgrade the appliance software. If you are sure that you wish to proceed, type 'proceed', otherwise type 'quit'. >proceed Command succeeded: decrypt package Command succeeded: verify package certificate Command succeeded: verify package signature Preparing packages... lunasa_update-7.1.0.x86_64 Running update script Version file found. Proceeding with upgrade. BEGINNING UPDATE...... Updating to Luna SA Release 7.1.0 UNPACKING UPDATE FILES...... VERIFYING SOFTWARE PACKAGES...... 1...Passed 2...Passed 3...Passed 4...Passed 5...Passed 6...Passed 7...Passed 8...Passed 9...Passed 10...Passed 11...Passed 12...Passed 13...Passed 14...Passed 15...Passed 16...Passed 17...Passed 18...Passed 19...Passed 20...Passed 21...Passed 22...Passed 23...Passed 24...Passed 25...Passed 26...Passed 27...Passed 28...Passed 29...Passed 30...Passed 31...Passed 32...Passed 33...Passed INSTALLING SOFTWARE PACKAGES...... 1...Passed 2...Passed 3...Passed 4...Passed 5...Passed 6...Passed 7...Passed 8...Passed 9...Passed 10...Passed 11...Passed 12...Passed 13...Passed 14...Passed 15...Passed 16...Passed 17...Passed 18...Passed 19...Passed 20...Passed 21...Passed 22...Passed 23...Passed 24...Passed 25...Passed 26...Passed 27...Passed 28...Passed 29...Passed 30...Passed 31...Failed 32...Failed 33...Failed CLEANING UP FILES...... CLEANUP AFTER REMOVAL...... SOFTWARE UPDATE COMPLETED! The system MUST now be rebooted for the changes to take effect. Please ensure all client connections are terminated prior to rebooting the system. To reboot, use the command "sysconf appliance reboot". Update Completed Copied all update log files, current and previous Command Result : 0 (Success)
