|
|
Package management
|
|
|
|
Fresh-Faced Recruit
Join Date: Dec 2000
Location: Granby,QC, Canada
Status:
Offline
|
|
Hi! I'm the network admin in a jr. high school. I have dozen of OS X computers to maintain, and I'm looking for a way to manage software updates (apple and 3rd party).
I've searched a bit, and I haven't found anything. I'm sure it's doable quite easily with some scripting, but i'm just not that good or patient when it comes to programming.
What I'm thinking here is a script that would compare a list of available packages (maybe in a static automount like /Network/Library/Updates or on a local web server) and install the appropriate packages.
This tool would have to be command-line based (perl,sh, whatever as long as it works) so that it could be automated through a crontab or /etc/daily script.
The tool could use apple's pkg format because the GUI Installer tool is available in the CLI (/usr/sbin/installer and /usr/sbin/softwareupdate) and most of apple's updates are in pkg format.
I already know radmind, but it is conceived for maintaining the whole volume state (like Assimilator) rather than installing software packages or updates. It is slow, especially to transfer a complete load (in both directions). Also, with OS X filesystem security, there is no need to check the whole hard drive.
Also, i'd like to point out that simply copying the application bundle is not enough sometimes, like Acrobat Reader 6 or MS-Office, where the user must authenticate as an admin on the first run because the application needs to copy frameworks, fonts or helper applications in /Library.
edit: I have only a dozen of OS X clients, but I planning for when all of my clients (over a hundred) will be on OS X
(
Last edited by blanalex; Jun 2, 2003 at 11:04 AM.
)
|
#define (2b)||!(2b)
-- Shakespear
|
|
|
|
|
|
|
|
Moderator
Join Date: Jan 2001
Location: Atlanta, GA
Status:
Offline
|
|
|
|
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Dec 2000
Location: Granby,QC, Canada
Status:
Offline
|
|
I'm thinking a bit like Apple Remote Desktop, but instead of having the server to push the updates (requiring all the clients to be online), the clients should poll the server.
It's like the Software Updates preference pane, but totally unattended (i.e. not requiring admin authentication) and with the ability to put customized packages.
|
#define (2b)||!(2b)
-- Shakespear
|
|
|
|
|
|
|
|
Posting Junkie
Join Date: Dec 2000
Status:
Offline
|
|
Originally posted by blanalex:
It's like the Software Updates preference pane, but totally unattended (i.e. not requiring admin authentication)
Hmm, in order to provide this feature, the app will need to be constantly running as root. This would open up some exploits - what would stop someone from making their own package and tricking the program into installing it, thus making it possible to screw with just about any file or folder that would normally have been write protected?
|
|
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Dec 2000
Location: Granby,QC, Canada
Status:
Offline
|
|
I agree with you that such a tool would need to run as root or suid root.
I'm thinking that this tool would be invoked by a crontab, a startup script or by /etc/daily, there would be no arguments. It would scan the available package list on a server (like I said, either through http or a static automount in /Network/Library/Updates, something like that)
At that point, it's only a matter of filesystem security (i.e. make /Network/Library/Updates and the script unreadable to non-admins) or network security (SSL, SSH-tunnelling, VPN).
It might be a good idea though to sign/encrypt packages with pgp/gpg or with an encrypted disk image.
|
#define (2b)||!(2b)
-- Shakespear
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Rules
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|