swa-get(1M)swa-get(1M)NAME
- Download software from HP to resolve issues and make a depot
SYNOPSISDESCRIPTION
The command uses the results file generated by the analyze step of to
download the necessary software from HP. Write access to the swcache
directory is required for this step; see The downloaded software is
then packaged in a depot. You must be a privileged user for this step.
While swa get can update an existing depot, it does not analyze that
depot for issues and the original contents of that depot are the
responsibility of the system administrator. Currently, only patches can
be downloaded from HP (for example, Application Release software is
excluded), and some security issues require manual action (that is,
cannot be resolved by HP-supplied patches).
If a preexisting depot is being updated, determines if the needed soft‐
ware is already in the depot or in the swcache directory. The command
will not download patches that already exist in either location.
Software download relies on the integrity of the analysis file to
ensure the integrity of patches before unpacking them. The analysis
file gets MD5 checksum information directly from the catalog. There‐
fore it is important that all transmissions of the catalog and/or anal‐
ysis file are integrity protected and that file permissions do not
allow unnecessary modification.
Depot creation relies on the integrity of the patches within the direc‐
tory. Therefore, after unpacking the patches, it is important that
all subsequent transmissions of the patches are integrity protected and
that file permissions do not allow unauthorized modification. Deploy‐
ing software using Software Distributor (e.g., using the command) has
security properties that are documented in the "Software Distributor
Administration Guide". recognizes the following options:
Run this command in preview mode.
The depot software is copied into. This is where patches from
HP are copied into.
Normally, the target_depot should be empty and a new
depot will be created. If the depot already exists, you
must specify the advanced option and understand its
implications. (See also the option).
The verbosity level is decreased by one for each instance
is specified. (See also the option.)
The verbosity level is increased by one for each instance
is specified. (See also the option.)
Displays general usage.
Describes the legal values for this option. If <option> is
all possible extended options are listed for the speci‐
fied major mode. If no mode is given, all extended
options are listed.
Sets the extended option to a value. See Extended Options defi‐
nitions below.
Describe the legal values for this option.
Gets the extended options from
option_file. (See the file for a description and exam‐
ples of syntax for this file).
The extended options may be specified in different ways: on the command
line using the option, in an option file specified using the option, or
in one of the configuration files (system wide) or (user-specific).
The file provides example syntax for a configuration or file. If the
same option is given in multiple locations, the following order is pri‐
oritized from highest to lowest:
1. Options specified on the command line
2. Options specified within an option file
3. Proxy environment variables (See Environment Variable
section.)
4. Options specified within the $HOME/.swa.conf file
5. Options specified within the /etc/opt/swa/swa.conf file
6. Default value, specified in the descriptions of each
option below in format
Note: If the same option or extended option is given multiple times in
the same location, the last takes effect. If the option has a single
letter equivalent (e.g., and ) and both are used on the command line,
the single letter option generally takes precedence. If the single
letter option affects an extended option that takes a list of argu‐
ments, specifying the single letter option multiple times will append
to the list.
recognizes the following (extended) options, which are shown with their
default values:
Usage: Advanced
Determines whether the target depot must be empty at the start
of the command, or can be an existing depot. SWA does not per‐
form any analysis of the depot contents. By specifying this
option, you accept responsibility for the contents of this
depot.
Target depot can be existing (i.e., non-empty).
Target depot must be empty at the start of
the command.
Usage: Basic
The file containing the raw analysis results, including a list
of software that should be downloaded from Hewlett-Packard in
order to address the issues found by the analysis. Use this
option to save the results from a specific analysis, and later
reuse those results in order to download the corresponding soft‐
ware from HP. If you do not use the default location when the
analysis file is created (e.g., creates this file), be sure to
specify that location when the analysis file is later used
(e.g., uses this file).
Possible values include any absolute or relative pathname with
appropriate permissions.
The use of ${user_dir} at the beginning of this option value is
substituted with the value of the option (which defaults to
$HOME.swa).
Usage: Advanced
When set to true, swa will require the certificate revocation
list (CRL) to be updated and checked for the trusted certificate
authority (CA) certificate being used to validate the remote
server.
In the unlikely event that the private certificate of the server
pointed to by the option is suspected of being compromised, its
certificate will be revoked, and added to a list of revoked cer‐
tificates by the CA.
The CRL must be signed by the same certificate chain that signed
the host certificate being checked. Checking the CRL requires
regular downloads from the CA, which can lengthen the swa run
time. If you do not wish to validate a revocation list, set
this to false.
Usage: Advanced
The download_cmd extended option can be used to override the
default swa download commands, and therefore the protocols swa
uses to download the catalog and patch files. The command is
enclosed in single quotes ('). This option is useful in cases
where a system does not have a direct connection to the Inter‐
net, but can execute a command that can download a URL from the
Internet (for example, by using a gateway machine).
Using this option overrides many options which are used by the
internal swa download functionality, including proxy and CRL
configuration.
This command should take one option that is supplied by swa (the
URL of a file to download), and outputs that file to its stdout.
If the actual command in your environment behaves differently,
it can be wrapped by a shell script in order to provide the
interface that swa needs.
Note: Programs like wget, curl, and Perl's GET can be used to
pass the contents of a URL to standard output. These commands
may provide support for different types of proxies or can be
used with ssh to work with a gateway server. The GET command
provides basic functionality. The wget and curl commands provide
extended functionality and are provided with HP-UX 11i Internet
Express (see http:www.hp.comgointernetexpress). All three of
these commands are available for operating systems other than
HP-UX, such as Linux and Windows. For example, some external
commands can authenticate using Windows NT.-based domain pass‐
words to a Microsoft. web proxy, which is not directly supported
by swa.
The following command is an example:
-x download_cmd='usrlocalbinmyScript.sh'
The URL passed to download_cmd may contain characters with spe‐
cial meanings to shells or other command interpreters. By using
a custom script as shown above any requirement for nested quotes
can be handled.
The download command also allows URL target substitution. The
actual URL used will be substituted in place of the URL target
string of the download command. The URL target string default is
%url. The above example download command does not use the URL
target string, SWA appends the URL destination to the end of the
command, which becomes the script argument. The URL target
string can be customized, see the option.
The following command is an example:
-x download_cmd='usrbincurl %url'
The URL passed to download_cmd may be defined in the cata‐
log_source option. Otherwise the default URL will be used.
Usage: Advanced
Proxy host and port (with optional http basic authentication
username and password) for accessing content via the FTP proto‐
col. No proxy information is specified by default.
The following format is used:
<service>:[user:password@]<proxy-server>:<port>
For example: ftp_proxy=http:web-proxy.mycompany.com:8088
The use of ${proxy} for this option value is substituted with
the value of the option (which is not set by default).
Usage: Basic
Use this option to specify the HP user ID to gain access to the
HPSC patch database. If SWA determines that the HP user ID is
not set in a config file or on the command line, the user will
be prompted for it. Prompting for HP user ID can be turned off
using '-x prompt=false'.
Usage: Basic
Use this option in conjunction with hp_id to specify the HP
password to gain access to the HPSC patch database. If SWA
determines that the HP password is not set in a config file or
on the command line, the user will be prompted for it. Prompting
for HP password can be turned off using '-x prompt=false'.
Usage: Advanced
Proxy host and port (with optional http basic authentication
username and password) for accessing content via the HTTPS pro‐
tocol. No proxy information is specified by default.
The following format is used:
<service>:[user:password@]<proxy-server>:<port>
For example: https_proxy=http:web-proxy.mycompany.com:8088
If usernamepassword are specified as authentication credentials
to your proxy server, http basic authentication is used, which
is a clear-text protocol, (i.e., your password may be visible to
others on your network). Also, credentials specified on the
command-line are visible to other local users, and access to
credentials stored in extended option files are determined by
their permissions. If your proxy server requires another type
of authentication, see the option.
The use of ${proxy} for this option value is substituted with
the value of the option (which is not set by default).
Usage: Advanced
Proxy host and port (with optional http basic authentication
username and password) for accessing content via the HTTP proto‐
col. No proxy information is specified by default.
The following format is used:
<service>:[user:password@]<proxy-server>:<port>
For example: http_proxy=http:web-proxy.mycompany.com:8088
The HTTP protocol is the default protocol used to download cer‐
tificate revocation lists.
The use of ${proxy} for this option value is substituted with
the value of the option (which is not set by default).
Usage: Basic
This is the path to the log file for this command. Each time
SWA is run, this file will grow larger. This can be changed,
for example, to a month-specific location for easier archiving,
off-host backup, and rotation.
Usage: Basic
Specifies the level of message verbosity in the log file (See
also -x verbosity). Legal values are:
Only ERROR messages and the startingending BANNER messages.
Adds WARNING messages.
Adds NOTE messages.
Adds INFO messages (informational messages preceded by the '*'
character).
Adds verbose INFO messages.
Adds very-verbose INFO messages.
Usage: Basic
If true, run this command in preview mode only (i.e., complete
the analysis phase and exit; no changes are committed to disk).
Setting this option to true has the same effect as specifying -p
on the command line.
Usage: Basic
Use this option to turn off prompting for HP user ID and pass‐
word if SWA determines the values are not set. See the and '-x
hp_pw' options.
Usage: Basic
Proxy host and port (with optional http basic authentication
username and password) for accessing content via the relevant
protocol. No proxy information is specified by default.
The following format is used:
<service>:[user:password@]<proxy-server>:<port>
For example: proxy=http:web-proxy.mycompany.com:8088
If usernamepassword are specified as authentication credentials
to your proxy server, http basic authentication is used, which
is a clear-text protocol, (i.e., your password may be visible to
others on your network). Also, credentials specified on the
command-line are visible to other local users, and access to
credentials stored in extended option files are determined by
their permissions. If your proxy server requires another type
of authentication, see the option. This option is used as the
default for the other proxy settings.
This option controls the default for all three proxies. See the
option, the option, and the option for more details.
Usage: Basic
This is the directory where SWA stores downloaded patches before
putting them into a depot. The default location is only
writable by root, so this value needs to be changed for a non-
root user to be able to download software. Opening up permis‐
sions on the default location is not recommended.
Usage: Advanced
This option is used in conjunction with the download_cmd option
to override the default url_target string(%url), for specific
environment needs. The url_target string will be substituted in
the download command with the actual URL for completing any
downloads.
The following command is an example:
-x url_target='myUrlTargetString1' -x download_cmd='optperl‐
binGET myUrlTargetString1'
See the option.
Usage: Basic
The directory where swa stores catalog, inventory, analysis,
ignore, and report files. The default location is a subdirec‐
tory (.swa) of the user's home directory. This can be changed,
for example, to allow archival of previous interim artifacts in
a date-specific directory or off-host. Several other options
default to a directory relative to this directory, so changing
this option allows all of those locations to stay in synch rela‐
tive to a common root.
Usage: Basic
Specifies the level of stderr verboseness:
Only ERROR messages and the startingending BANNER messages.
Adds WARNING messages.
Adds NOTE messages.
Adds INFO messages (informational messages preceded by the '*'
character).
Adds verbose INFO messages.
Adds very-verbose INFO messages.
Note: The '-v' option is equivalent to increasing ver‐
bosity by 1 (e.g., from 3 to 4) and the '-q' option is
equivalent to decreasing verbosity by 1. The '-v' and
'-q' options can be used more than once.
For compatibility with other applications, several environment vari‐
ables can be used to configure how SWA connects to the Internet to
retrieve catalogs, certificate revocation lists, and software. These
environment variables include and
These environment variables have the same effect as the corresponding
extended options of the same names. The Extended Options section
describes the usage and meaning of each option and the behavior if the
same option is specified in multiple places.
The extended option cannot be specified as an environment variable, but
may be a useful alternative if all protocols use the same proxy server
at your site.
The environment variable is also honored for local operations, if set.
If this value is not set, the default of is used. This directory does
not allow write operations for non-privileged users, so TMPDIR must be
set by non-root users if a temporary directory is required for that
operation. An example operation that uses this directory is unsharing
of patch files. For older-style patches which do not honor TMPDIR, SWA
rewrites the shar file so that TMPDIR will be honored before unpacking
the patch.
Return Values
returns the following values:
Success
Error
Warning
Examples
These example commands assume your default configuration file contains
your ITRC login information. The syntax will be:
To display usage information:
To display usage and list all extended options:
To run using the options specified in the file "./myconfig":
To get patches from HP that are recommended in the default analysis
file (i.e., from the previous command) and place the results into the
new depot mydepot:
To add newly recommended patches into the existing depot mydepot, only
downloading patches from HP that are neither in mydepot nor previously
downloaded:
To preview which patches need to be downloaded from HP and added to an
existing depot without actually doing the work, and with increased ver‐
bosity:
AUTHOR
was developed by Hewlett-Packard Development Company, L.P.
FILES
The per-user Software Assistant configuration file. This file takes
precedence over the system-wide SWA configuration file.
An HP-supplied catalog file from the ITRC website that
contains known security issues and other defects along with
their solutions. This file is downloaded with the command swa
report or swa step catalog.
The analysis of the inventory file and the catalog file
created with swa report or swa step analyze.
The inventory of installed software created by swa
inventory or swa step inventory.
Use this file to specify issues for analyzers to ignore. It is
possible to use more than one ignore file by using the extended
option ignore_file.
The comprehensive report written by swa report and
swa step report.
Default alternative log file if you don't have permissions
to write to /var/opt/swa/swa.log.
The system-wide SWA configuration file.
An example configuration file outlining the usage of each
extended option.
Script to configure HP SIM 5.2 and later for SWA. Only
required if SWA is installed when HP SIM is installed but not
running. HP SIM must be running when configHPSIM is run.
Manpages.
The default directory for downloading software before it
is packaged in a depot. This directory can be set with the
extended option swcache. Note that this directory can consume a
significant amount of disk space.
Directory that holds all clients' files generated from SWA
within HP SIM. Files are kept in user and job-specific subdirec‐
tories. This directory might require significant space to sup‐
port clients' analysis, catalog, inventory, and report files.
User-specific directory used by SWA when running under
HP SIM.
Default log file.
Lists all files downloaded from HP to the swcache. It is
located in the swcache directory.
Lists special installation instructions and dependencies
for the patches in the depot. It is located in the depot direc‐
tory.
Lists all files downloaded from HP stored within the
a directory specified by the extended option.
Lists special installation instructions and other dependencies for the
patches in the depot.
Located in the root directory of the target depot.
SEE ALSOswa(1M), swa-report(1M), swa-step(1M), swa-clean(1M), and secu‐
rity_patch_check(1M).
swa-get(1M)