I like to introduce a complete rewrite of the Linux download scripts for the project WSUS Offline Update. These scripts offer many improvements over the legacy script DownloadUpdates.sh:
- Separation of a frontend and backend script
The script update-generator.bash is used to interactively select the update, language and download options. The script download-updates.bash fetches the selected updates without any user interaction. This separation makes the structure of both files more straightforward.
- Highly modular approach
Both scripts are further split into libraries, common tasks, setup tasks and download tasks. Each script does one task only in the most straightforward manner. This resembles the flow of control and makes the scripts easily expandable and more maintainable.
- Unified language settings
There is no distinction between default languages, custom languages and update languages.
Users can specify one language on the command line, and then they will get downloads for the specified language only, and nothing more.
- Verification of downloaded files
SHA-1 hashes are embedded into the filename of all security updates, as a number of 40 hexadecimal digits. These are compared to the checksums, which are calculated by hashdeep.
The verification of digital file signatures with Sysinternals Sigcheck running under wine was tried, but it doesn't really work without the necessary root certificates.
The download script uses the same algorithms for calculating superseded and dynamic updates as the Windows script DownloadUpdates.cmd. The compliance with the Windows scripts can be tested with the scripts compare-integrity-database.bash and compare-update-tables.bash.
- Desktop integration
Obsolete updates are not deleted immediately, but moved into the trash. GNOME and most other GTK+ based desktop environments use GVFS to handle the trash. The package trash-cli can be used with other desktop environments or window managers. trash-cli should also work without any graphical environment.
- Self updates of WSUS Offline Update
Both the setup and the download script check for new versions of WSUS Offline Update. They also handle updates of the configuration files in the static and exclude directories.
- Same day rules
Same day rules are used to prevent the repeated evaluation of the same tasks in adjacent runs of the download script.
There is even a complete documentation.
Download and installation
An archive and the corresponding hashes file can be downloaded at:
http://downloads.hartmut-buhrmester.de/ ... a-2.tar.gz
http://downloads.hartmut-buhrmester.de/ ... beta-2.txt
http://downloads.hartmut-buhrmester.de/ ... beta-2.pdf
Verify the archive with:
- Code: Select all
hashdeep -a -v -v -l -k hashes-sh-new-1.0-beta-2.txt sh-new-1.0-beta-2.tar.gz
Then unpack it into the wsusoffline directory. It should create a directory "sh-new-1.0-beta-2" along the existing directory "sh".
Edited on 2017-01-09 to point to the new version 1.0-beta-2