package update

Update an existing secure package on the Luna appliance. All packages from Thales are signed and encrypted and come with an authcode that must be provided to decrypt and use the package. Use this command to update packages that can be seen when using the package listfile command. You can verify a package with the package verify command.

CAUTION!   Use an uninterruptible power supply (UPS) to power your HSM. There is a small chance that a power failure during an update could leave your HSM in an unrecoverable condition.

If a version of this package is already installed, an error occurs:

Command failed: RPM update for original filename (fwupdateK7_RealCert-7.0.2-RC2.i386.rpm)

NOTE   You must log into the HSM before you run this command.

User Privileges

Users with the following privileges can perform this command:

>Admin

>Operator

Syntax

package update <filename> -authcode <authcode> [-des3 | -useevp] [-force]

Argument(s) Shortcut Description
<filename>   The name of the update package file.
-authcode <authcode> -a Specifies the secure package authorization code provided by Thales with the secure package - the authorization code is checked during package installation to ensure that the package was encrypted and signed by Thales.
-des3 -d Use DES3 Cipher for backward compatibility with older secure package updates (cannot be used simultaneously with -useevp).
-force -f Force the action - useful when scripting; this option causes the command to proceed without confirmation.
-useevp -u Use the OpenSSL EVP (Digital EnVeloPe library) API to decrypt and validate the update package in appliance software without need for HSM SO login. If this option is not specified, the default action is to refer update verification to the HSM (cannot be used simultaneously with -des3).

Example

lunash:>package update lunasa_update-7.1.0.spkg -authcode 5/Rd79MAGd/G9EY5

WARNING!!  Appliance software upgrade is a one-way operation: you 
cannot downgrade the appliance software. 
If you are sure that you wish to proceed, type 'proceed', otherwise type 'quit'.  >proceed

Command succeeded:  decrypt package

Command succeeded:  verify package certificate

Command succeeded:  verify package signature
Preparing packages...
lunasa_update-7.1.0.x86_64
Running update script

Version file found.
Proceeding with upgrade.
BEGINNING UPDATE......
   Updating to Luna SA Release 7.1.0

UNPACKING UPDATE FILES......

VERIFYING SOFTWARE PACKAGES......

1...Passed  2...Passed  3...Passed  4...Passed  5...Passed  6...Passed  7...Passed  8...Passed  9...Passed  10...Passed  11...Passed  12...Passed  13...Passed  14...Passed  15...Passed  16...Passed  17...Passed  18...Passed  19...Passed  20...Passed  21...Passed  22...Passed  23...Passed  24...Passed  25...Passed  26...Passed  27...Passed  28...Passed  29...Passed  30...Passed  31...Passed  32...Passed  33...Passed

INSTALLING SOFTWARE PACKAGES......

1...Passed  2...Passed  3...Passed  4...Passed  5...Passed  6...Passed  7...Passed  8...Passed  9...Passed  10...Passed  11...Passed  12...Passed  13...Passed  14...Passed  15...Passed  16...Passed  17...Passed  18...Passed  19...Passed  20...Passed  21...Passed  22...Passed  23...Passed  24...Passed  25...Passed  26...Passed  27...Passed  28...Passed  29...Passed  30...Passed  31...Failed  32...Failed  33...Failed

CLEANING UP FILES......

CLEANUP AFTER REMOVAL......


SOFTWARE UPDATE COMPLETED!

The system MUST now be rebooted for the changes to take effect.

Please ensure all client connections are terminated prior to rebooting the system.
To reboot, use the command "sysconf appliance reboot".

Update Completed

Copied all update log files, current and previous

Command Result : 0 (Success)