...
- Only files (no directories) contained in a tar.gz archive file named UPDATE_NUMBER.tar.gz
- A sha1sum file named UPDATE_NUMBER.tar.gz.sha1 with the output of
.No Format sha1sum UPDATE_NUMBER.tar.gz
- Recommended , but optional, is a detached GPG signature for the update named UPDATE_NUMBER.tar.gz.asc via something like
. Optionally this can be skipped, but users need to use "--nogpg" with sa-updateNo Format gpg -bas UPDATE_NUMBER.tar.gz
Examples
Here is a short example of how an update for SpamAssassin 3.1.x would be published. By convention, we use the svn version of the directory as the update number.
...
When v3.1.0's sa-update looks for an update, it gets no TXT response (having an existing 0.1.3 record overrides the wildcard record), and therefore it sees no updates available. However, when v3.1.1 or above looks for an update, it gets "386156" returned.
More Examples based on custom channel sa.zmi.at
Here is a short summary of what I do to provide the ZMI_GERMAN ruleset via it's channel sa.zmi.at. I found it hard to grab all the bits together, so this should help others to save some time installing their own channel.
No Format |
---|
# $version is the version taken from the ruleset, example "311"
cp $ruleset_tested $releasepath/70_zmi_german.cf
cd $releasepath
tar czf $version.tar.gz 70_zmi_german.cf
# create gpg signature. Needs to remove an existing .asc file first:
rm -f $version.tar.gz.asc 2>/dev/null
gpg --homedir $sa_channel/.gnupg -bas $version.tar.gz
# create the .sha1 sum:
sha1sum $version.tar.gz >$version.tar.gz.sha1
# publish everything on the web server:
rsync -qa $version.tar.gz* $websrv::sa-german-channel/
|
Now we auto-generate the DNS zone for sa.zmi.at, basically it contains this:
No Format |
---|
@ SOA ns.zmi.at. ns-admin.zmi.at. ("
$(date +%y%j)$version ; serial
[snip]
A 212.69.164.60 ; IP address of webserver for sa.zmi.at
mirrors 86400 TXT "http://sa.zmi.at/sa-update-german/MIRRORED.BY"
*.1.3 TXT $version
*.2.3 TXT $version
*.3.3 TXT $version
|
HOWTO setup gpg
Setting up a new gpg key for a channel is simple if you know what to do. Here are the quick steps to save some time:
First create a new key in a new directory:
No Format |
---|
mkdir .gnupg-sa.zmi.at
gpg --homedir .gnupg-sa.zmi.at --gen-key
|
Now list that key so you know it's key-id, then export it to an ascii file. This is what your users have to import to sa-update later:
No Format |
---|
gpg --homedir .gnupg-sa.zmi.at --list-key
# our key id is 40F74481
gpg --homedir .gnupg-sa.zmi.at --armor --export 40F74481 >sa.zmi.at.asc
# upload our key to a keyserver
gpg --homedir .gnupg-sa.zmi.at --keyserver hkp://wwwkeys.pgp.net --send-keys 40F74481
|
In order to use the new channel, users need to do the following. I assume the .asc file has been downloaded from a website:
No Format |
---|
sa-update --import sa.zmi.at.asc
|
from now on, simply use
No Format |
---|
sa-update --gpgkey 40F74481 --channel sa.zmi.at
|
you can use it with "-D" for the first time, which gives a lot of debug output so you can see if everything went well.
The Backend
Details of the rule-update generation backend at updates.spamassassin.org can be read at SaUpdateBackend.
...