I like to introduce a complete rewrite of the Linux download scripts for the project WSUS Offline Update. These scripts offer many improvements over the legacy script DownloadUpdates.sh:
- Separation of a frontend and backend script
The script update-generator.bash is used to interactively select the update, language and download options. The script download-updates.bash fetches the selected updates without any user interaction. This separation makes the structure of both files more straightforward. - Highly modular approach
Both scripts are further split into libraries, common tasks, setup tasks and download tasks. Each script does one task only in the most straightforward manner. This resembles the flow of control and makes the scripts easily expandable and more maintainable. - Unified language settings
There is no distinction between default languages, custom languages and update languages.
Users can specify one language on the command line, and then they will get downloads for the specified language only, and nothing more. - Verification of downloaded files
SHA-1 hashes are embedded into the filename of all security updates, as a number of 40 hexadecimal digits. These are compared to the checksums, which are calculated by hashdeep.
The verification of digital file signatures with Sysinternals Sigcheck running under wine was tried, but it doesn't really work without the necessary root certificates. - Compatibility
The download script uses the same algorithms for calculating superseded and dynamic updates as the Windows script DownloadUpdates.cmd. The compliance with the Windows scripts can be tested with the scripts compare-integrity-database.bash and compare-update-tables.bash. - Desktop integration
Obsolete updates are not deleted immediately, but moved into the trash. GNOME and most other GTK+ based desktop environments use GVFS to handle the trash. The package trash-cli can be used with other desktop environments or window managers. trash-cli should also work without any graphical environment. - Self updates of WSUS Offline Update
Both the setup and the download script check for new versions of WSUS Offline Update. They also handle updates of the configuration files in the static and exclude directories. - Same day rules
Same day rules are used to prevent the repeated evaluation of the same tasks in adjacent runs of the download script. - Documentation
There is even a complete documentation.
Current version
The current version is 1.4, which was released on 2018-04-21. It is compatible with WSUS Offline Update 11.2.2 and later.
An archive, the corresponding hashes file, and the results of a virus scan at VirusTotal can be downloaded at:
http://downloads.hartmut-buhrmester.de/sh-1.4.tgz
http://downloads.hartmut-buhrmester.de/ ... hashes.txt
http://downloads.hartmut-buhrmester.de/ ... report.pdf
http://downloads.hartmut-buhrmester.de/ ... llpage.png
The hashes for the archive sh-1.4.tgz are:
- Code: Select all
MD5: c4ddf148487616d4a3314cc1db9efd03
SHA-256: b1c010ee06f182288a1ff64bfe7c28541eafc7420f5f3b1dde0a2cd7f25cde1a
Please see the installation guides in English ( viewtopic.php?f=9&t=6180#p21449 ) and German ( viewtopic.php?f=9&t=6180#p21450 ) in the following posts for the setup.
Changes
- 2017-01-09 Download links edited to point to version 1.0-beta-2
- 2017-03-30 Download links edited to point to version 1.0-beta-3
- 2017-06-24 Download links edited to point to version 1.0-beta-4
- 2017-08-26 Download links edited to point to version 1.0-beta-5
- 2018-01-19 Download links edited to point to version 1.0
- 2018-01-21 Changed the file ending of the archive from .tar.gz to .tgz
- 2018-02-06 Download links edited to point to version 1.1
- 2018-04-17 Download links edited to point to version 1.2
- 2018-04-19 Download links updated to point to version 1.3
- 2018-04-21 Download links updated to point to version 1.4