SSANotifier How-To

INTRODUCTION

I've not found time to write a complete man page for ssanotifier. As a consequence, you can refer only to this page for any help! I've not found enougth time for this page too. Thus there will be some typos here and there, please mail me for any error!
The configuration file is self-explaining, nonetheless I provide here some hints to setup the security advisors notifier. SSAnotifier is configured by means of a configuration file named /etc/SSANotifier/SSANotifier.conf. The package is shipped with a template rather then with a pre-build configuration file. Such a template is called SSANotifier.conf.new and it is located in /etc/SSANotifier. As first you have to rename it SSANotifer.conf (yes, remove the trainling .new extension). By renaming it, we are ready to costumize SSANotifier to fit our needs. This is the topic of next section.


EXPLAINING THE CONFIG FILE

In this section I will explain each entry of the config file. At the end of the reading, you will be able to have SSAnotifer properly configured in your slack box! You have to understand that the SSAnotifier configuration file is just a piece of ash scripting. Inside the file the are some values used by the tool. All ash scripting rules have to be respected. basically this means that you can't put space inside strings, unless you quote them. for example:
SOMETHING= something else
is wrong, while
SOMETHING="something else"
is correct. In the former there are 2 problems: the space after the equal sign (=) and a lack of quotation marks (") to group more words together (something else).

Wget Options

the following code defines the behaviour of the wget utility, used to download updates. These are exactliy the same options you are used to pass to wget. The -q option is used to remove a lot of verbose informations from the shell prompt.

#######################################################################
#set your download options (see wget man page).
#leave it black for no options. by default the -q option is used

WGETOPTS="-q"

Package checkup section

In this section you can enable some checks on the tgz. You can calculate the checksum, to be sure you have correctly downloaded the package. You can enable the gpg signature check to be (almost :-) sure you have downloaded an official/unmodified security update. Use 1 to enable a check, use 0 to disable it.

#######################################################################
#set to 1 if you want to check the md5 of tgzs. set to 0 otherwise
#!!! note that the md5sum utility is still required, even if you set this value to 0 !!!

CHECKMD5=1

#######################################################################
#set to 1 if you want to check the gpg key of tgzs. set to 0 otherwise

CHECKGPG=1

Locations

In this section you define some locations. The official Slackware GPG key location (required only if you have enabled the gpg signature check), your preferred slackware mirror (specifically the fully qualified path to the remote slackware patch directory) and the local storage path inside your filesystem. I suggest to reserve a specific directory for the patch storage (as shown by the example).

#######################################################################
#set location of slackware public gpg key
#!!! used only if CHECKGPG is set to 1 !!!
#for example:
#GPGKEY=http://slackware.osuosl.org/slackware-12.0/GPG-KEY

GPGKEY=

#######################################################################
#select your preferred patches server. for example:
#SERVER="http://slackware.osuosl.org/slackware-12.0/patches"

SERVER=

#######################################################################
#select your preferred location to store patches.
#for example:
#LOCALMIRROR="/var/log/patches/"

LOCALMIRROR=

Notification style

You can choose how SSAnotifier will be run. Currently you can run it inside a sheel or as a deamon, inside the KDE/GNOME environment. You have just to define the notification style and everything will be managed by the tool. If you run under KDE, use the string KDE. If your run under GNOME use the string GNOME ;-). Otherwise use the string SHELL. Note that they are all uppercase!

#######################################################################
#set your preferred way for notifications
#possible values are:
#NOTIFY=KDE to use from KDE via the kdialog interface
#NOTIFY=SHELL to use from shell via the dialog interface
#NOTIFY=GNOME to use from GNOME via the gdialog interface, actually not implemented
#NOTIFY=X11 !!! actually not implemented !!! to use with any grafical environment different from kde and gnome

NOTIFY=SHELL

Upgrade utility

In this section you define your preferred upgrade utility (upgradepkg, slapt-get, tracepkg :-). Currently upgradepkg is the only one I've tested. Indipendently of the selected tool, you have to provide the full path (eg. /sbin/upgradepkg, /usr/sbin/tracepkg). As this is a beta release, I've imposed a predefined option to the tool. You can pass options using the UPOPTS string. It works exactly in the same way WGETOPTS works. If you leave the --dry-run option (which is a safe/paranoid default) you don't update your system, actually. Indeed a complete simulation will run. You download and check all the patches but nothing will be upgraded. If you really want to use SSAnotifier to manage you security holes, remove this option!

#######################################################################
#set your upgrade command (full path). for example:
#UPGRADEPKG=/sbin/upgradepkg

UPGRADEPKG=/sbin/upgradepkg

#######################################################################
#set upgrade options (see man page of your upgrade utility)
#leave it black for no options.
#!!! if you want to test the tool behaviour without any real update, !!!
#!!! try the /sbin/upgradepkg utility and use the --dry-run option !!!

UPOPTS="--dry-run"


AUTOMATIC LAUNCH

As long as you want to use SSAnotifier to manage your security holes, it is expected that you want it to be launched automogically. There are some different strategies to do an autolaunch. You can insert a call in cron or in the KDE scheduler. You can also launch SSAnotifier automatically, every time you log in your pc.
To do so, copy the file /usr/doc/SSAnotifier-$(VERSION)/SSAnotifier.desktop inside your /etc/autostart directory. Note that $(VERSION) is your installed version.


Valid XHTML 1.1