UCS 2.4 - Univention
UCS 2.4 - Univention
UCS 2.4 - Univention
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
11.2 <strong>UCS</strong> updates<br />
system version which have not yet been installed, these are installed as well so that the system is kept<br />
up-to-date. The security updates are downloaded from the set repository server. This is entered in the<br />
<strong>Univention</strong> Configuration Registry variable repository/online/server. The web proxy settings of<br />
the system are taken into account when accessing the server.<br />
Alternatively, security updates can be downloaded as .tar archives and installed using the<br />
univention-security-update local command. These variants can, however, only be used on<br />
repository servers. An example usage is:<br />
univention-security-update local --file ucs-security-2.2sec1.tar.gz<br />
In advance it must be checked whether the archive was downloaded completely and correctly. This can<br />
be done using the md5sum command, which creates a unique check sum for the archive. The check sums<br />
of all the archives can be found under the specified URL for comparison. If the MD5 sum is correct, the<br />
security update can be imported with the named command. Firstly the local repository is updated and then<br />
security update is installed on the system.<br />
Security updates for <strong>UCS</strong> usually contains several packages to correct security risks and serious errors.<br />
This eliminates the need to import new packages individually time and time again. In certain circumstances<br />
it may be necessary to retrieve the corrections for certain packages as soon as possible. This is done using<br />
<strong>Univention</strong> hotfixes. As soon as a package is created with the corresponding correction and this has been<br />
tested, it is provided in the hotfix repository and the update announced per e-mail. <strong>Univention</strong> hotfixes can<br />
be imported on <strong>UCS</strong> systems from this repository using the command univention-actualise. The<br />
<strong>Univention</strong> Configuration Registry variable repository/online/hotfixes needs to be set to yes for<br />
the inclusion of the hotfix repository.<br />
11.2.2 <strong>UCS</strong> release updates<br />
An important part in the development of <strong>UCS</strong> is the update-ability. This means that a <strong>UCS</strong> environment<br />
can be updated to the next versions without the need for extensive interventions. It is usually not necessary<br />
for the security updates available for the previous versions to have been imported.<br />
Parallel to the installation DVDs for a new <strong>UCS</strong> release, <strong>Univention</strong> also publishes update DVDs in the form<br />
of ISO images for the update. Alternatively to the update via an update DVD, this can also be performed<br />
via the online repository. A changelog document is published for each release update listing the packages<br />
which have been updated and the reason for their updating or additional functions. In addition, a document<br />
is published with the release notes containing important information which must be observed.<br />
As with security updates, in a <strong>UCS</strong> release update the packages for new <strong>UCS</strong> version are imported in a<br />
repository using univention-repository-update before the remaining <strong>UCS</strong> systems are updated.<br />
If the online repository should be used, the system update can be begun immediately. When importing<br />
a release update in a <strong>UCS</strong> environment, the domain controller master should be the first system to be<br />
updated. Once the release update has been imported, the respective system must be rebooted.<br />
It is recommended to update a <strong>UCS</strong> system directly on the console or using the <strong>Univention</strong> Management<br />
Console Updating over a network connection (e.g., SSH session) is not advisable as this may result in the<br />
update procedure being cancelled. If updating should occur over a network connection nevertheless, it<br />
239