Release Notes for Linux scripts, version 1.1-esr

Release Notes for Linux scripts, version 1.1-esr

Postby hbuhrmester » 14.02.2018, 22:51

Downloads for Linux scripts, version 1.1-esr

A new version 1.1-esr of the Linux download scripts is available as a backport for WSUS Offline Update 9.2.3 ESR.

Downloads

http://downloads.hartmut-buhrmester.de/ ... .1-esr.tgz
http://downloads.hartmut-buhrmester.de/ ... hashes.txt
http://downloads.hartmut-buhrmester.de/ ... report.pdf
http://downloads.hartmut-buhrmester.de/ ... llpage.png


Hashes of the archive sh-new-1.1-esr.tgz

Code: Select all
MD5:     580c282f42727e287d02c7f9263ed72b
SHA-256: eb0c39bc003439f2c096c8183af99e59dbfbd96ca8cfaaa134e98cf4597b3e5f
hbuhrmester
 
Posts: 525
Joined: 11.10.2013, 20:59

Re: Release Notes for Linux scripts, version 1.1-esr

Postby hbuhrmester » 14.02.2018, 22:51

Differences between the ESR and the most recent version of WSUS Offline Update

The download page http://download.wsusoffline.net/ for WSUS Offline Update has two different versions. As of this writing, these are:
  • The most recent version 11.1.1
  • The ESR version 9.2.3

The ESR version of WSUS Offline Update is meant to support Windows and Office versions, which are not officially supported by Microsoft anymore:
  • Windows XP and Windows Server 2003
  • Windows Vista and 8 (desktop versions only)
  • Office 2003 and 2007

The most recent version of WSUS Offline Update should be used for:
  • the server versions of Windows Vista and 8 (Windows Server 2008 and 2012), since they are still supported
  • Windows 7, 8.1 and 10, including their server versions (Windows Server 2008 R2, 2012 R2, and 2016)
  • Office 2010 - 2016

Windows Server versions are longer supported than the corresponding desktop versions. This makes some selections in WSUS Offline Update slightly ambiguous:
  • w60 and w60-x64 refer to "Windows Vista" in the ESR version, but to "Windows Server 2008" in the most recent version.
  • w62 and w62-x64 refer to "Windows 8" in the ESR version, but w62-x64 is "Windows Server 2012" in the most recent version.

However, if the support for a specific Windows or Office version ended only recently, you might also try the last version of WSUS Offline Update, which supported it. This might work better e.g. for Windows Vista or Office 2007.
viewtopic.php?f=7&t=6730
viewtopic.php?f=4&t=7418
hbuhrmester
 
Posts: 525
Joined: 11.10.2013, 20:59

Re: Release Notes for Linux scripts, version 1.1-esr

Postby hbuhrmester » 14.02.2018, 22:51

Release Notes for Version 1.1-esr

Release date: 2018-02-14
Intended compatibility: WSUS Offline Update Version 9.2.3 ESR


The version 1.1-esr of the Linux download scripts is the first release for the WSUS Offline Update ESR branch. It is based on the regular version 1.1, with the additional changes:

  • Several files were added or changed to match the supported downloads, and to describe the manual installation of this version:

    Code: Select all
    get-all-updates.bash
    documentation/Differences_between_ESR_and_most_recent_version.txt
    documentation/Installation_Guide.txt
    documentation/Installationsanleitung.txt
    documentation/usage.txt
    libraries/updates-and-languages.bash
    libraries/usage.bash


  • Several files were removed, to disable all self-updates:

    Code: Select all
    available-tasks/60-check-script-version.bash
    common-tasks/50-check-wsusoffline-version.bash
    common-tasks/70-update-configuration-files.bash
    versions/installed-version.txt


    In the ESR version, all self-updates should be disabled. Updates to the configuration files are always meant for the most recent version of WSUS Offline Update. Downloading such updates to the ESR version may even lead to the loss of files:

    After the WannaCry ransomware attack in May 2017, Microsoft released some updates for Windows versions, which are not officially supported anymore. These custom updates for the desktop versions of Windows Vista were added to the file StaticDownloadLinks-w60-x86-glb.txt of the ESR version only. They are not found in the corresponding file of the most recent version, because the server versions of Windows Vista are still supported and they get their regular updates through the WSUS catalog file wsusscn2.cab.

    The script 10-remove-obsolete-scripts.bash was renamed to 10-remove-obsolete-files.bash.

  • Some files were added to the wsusoffline directories, to enable the download of otherwise missing updates, and to calculate superseded updates:

    Code: Select all
    ../static/custom/StaticDownloadLinks-win-x86-glb.txt
    ../exclude/custom/ExcludeList-superseded-exclude.txt
    ../xslt/extract-existing-bundle-revision-ids.xsl
    ../xslt/extract-superseding-and-superseded-revision-ids.xsl
    ../xslt/extract-update-cab-exe-ids-and-locations.xsl
    ../xslt/extract-update-revision-and-file-ids.xsl


    In Windows XP, several updates for the .Net Frameworks are marked as superseded, but the superseding updates can only be installed in the embedded Windows XP POSReady. Since WSUS Offline Update only supports the regular desktop versions of Windows XP, this will cause ten updates to be missing during installation. This should be corrected by the custom file ExcludeList-superseded-exclude.txt.

    The custom file StaticDownloadLinks-win-x86-glb.txt provides working links for the files rootsupd.exe and rvkroots.exe. The file rootsupd.exe uses a snapshot at archive.org, as recently discussed in the forum: viewtopic.php?f=3&t=4820&start=20#p25057

    The file StaticDownloadLinks-win-x86-glb.txt also provides four download links for an update for Silverlight (kb2977218), but one of these files ("Update for Silverlight" or "Silverlight for Developers", 32-bit or 64-bit) must still be installed manually.

    The additional xslt files are needed for the calculation of superseded updates. They are included in recent versions of WSUS Offline Update, but not yet in version 9.2.3 ESR.


Further reading

  • Missing updates for Windows XP in WSUS Offline Update 9.2.3
    viewtopic.php?f=6&t=7650
  • Using the Microsoft Baseline Security Analyzer
    viewtopic.php?f=7&t=7651

    This introduction shows the final test runs with WSUS Offline Update 9.2.3 ESR on Windows XP.
hbuhrmester
 
Posts: 525
Joined: 11.10.2013, 20:59

Re: Release Notes for Linux scripts, version 1.1-esr

Postby hbuhrmester » 14.02.2018, 22:52

Installation guide for the Linux download scripts, version 1.1 ESR

The new Linux scripts don't work alone – they need the configuration files of an existing WSUS Offline Update installation.

Furthermore, the Linux download scripts can only replace the download part of WSUS Offline Update, namely the application UpdateGenerator.exe and the script DownloadUpdates.cmd. To install the downloaded updates, you also need the files from the wsusoffline/client directory, for example the application UpdateInstaller.exe.

The version 1.1 ESR of the new Linux download scripts was developed for WSUS Offline Update 9.2.3 ESR.

WSUS Offline Update 9.2.3 ESR still uses the older Linux script DownloadUpdates.sh. To install the new Linux scripts additionally, you should:

  1. install the needed packages of your Linux distribution
  2. download and unpack the archive wsusoffline923.zip
  3. download and unpack the archive sh-new-1.1-esr.tgz

Install the required and recommended packages

For Debian and Debian-derived distributions, you need to distinguish between the packages md5deep and hashdeep.

The upstream developers moved their project from SourceForge to GitHub, and they renamed their project from md5deep to hashdeep:

http://md5deep.sourceforge.net/
https://github.com/jessek/hashdeep/

Debian followed this move and renamed the package md5deep to hashdeep, starting with Debian 8 Jessie-Backports in summer 2015. The general rule for Debian and Debian-derived distributions then is: Install the package md5deep, if the distribution was released before 2015. Install the package hashdeep for all recent distributions.

  • For Debian 7 Wheezy:
    Code: Select all
    su -
    aptitude install cabextract md5deep wget xmlstarlet trash-cli

  • For Debian 8 Jessie-Backports and newer:
    Code: Select all
    su -
    aptitude install cabextract hashdeep wget xmlstarlet trash-cli

  • For Ubuntu 14.04 LTS Trusty:
    Code: Select all
    sudo apt-get install cabextract md5deep wget xmlstarlet trash-cli

  • For Ubuntu 16.04 LTS Xenial and newer:
    Code: Select all
    sudo apt-get install cabextract hashdeep wget xmlstarlet trash-cli

Other distributions, which are not Debian-based, seem to keep the package name md5deep.

Note, that both packages md5deep and hashdeep install a series of related applications: hashdeep, md5deep, sha1deep, sha256deep, tigerdeep, and whirlpooldeep. Throughout WSUS Offline Update, you always need the application hashdeep, regardless of the package name.


Download and unpack the wsusoffline archive

Note: This guide refers to WSUS Offline Update 9.2.3 ESR. If the section ESR version of the download page http://download.wsusoffline.net/ has a newer version 9.2.* ESR, then you should get that version.

Download the archive wsusoffline923.zip and the hashes file wsusoffline923_hashes.txt:

Code: Select all
wget http://download.wsusoffline.net/wsusoffline923.zip
wget http://download.wsusoffline.net/wsusoffline923_hashes.txt


You can verify the archive with the hashes file:

Code: Select all
hashdeep -a -v -v -l -k wsusoffline923_hashes.txt wsusoffline923.zip


Unpack the zip archive:

Code: Select all
unzip wsusoffline923.zip


Change to the new directory wsusoffline:

Code: Select all
cd wsusoffline



Download and unpack the archive sh-new-1.1-esr.tgz

Download the archive sh-new-1.1-esr.tgz and the hashes file to the directory wsusoffline:

Code: Select all
wget http://downloads.hartmut-buhrmester.de/sh-new-1.1-esr.tgz
wget http://downloads.hartmut-buhrmester.de/sh-new-1.1-esr_hashes.txt


You can verify the archive with the hashes file:

Code: Select all
hashdeep -a -v -v -b -k sh-new-1.1-esr_hashes.txt sh-new-1.1-esr.tgz


Unpack the archive in the directory wsusoffline:

Code: Select all
tar xvzf sh-new-1.1-esr.tgz


Change to the new directory sh-new-1.1-esr and start the script update-generator.bash for an interactive setup of the needed updates:

Code: Select all
cd sh-new-1.1-esr
./update-generator.bash


You can also use the script get-all-updates.bash as a template: This script downloads all Windows and Office updates with all optional downloads for the default languages German and English. You can customize it as needed – just comment out all options you don't need.


Notes

It is important, that the archive sh-new-1.1-esr.tgz is unpacked in the directory wsusoffline. This ensures, that all included files are extracted to the correct directories:

  • A new directory sh-new-1.1-esr is created in the directory "wsusoffline".
  • Several additional xslt files are extracted to the directory "wsusoffline/xslt".
  • One file is extracted to the directory "wsusoffline/static/custom".
  • One file is extracted to the directory "wsusoffline/exclude/custom".

You should use the generic tar to unpack the archive. Other utilities like aunpack may create an enclosing directory with the name of the archive, if the archive contains multiple files or folders at the root level. This will prevent the correct installation of the included files.

If you need to copy or move the wsusoffline directory, please make sure, to preserve the file modification date of all files. You could use "cp --archive" or "cp --preserve" instead of just "cp". This is important for the correct function of WSUS Offline Update.

You can find the complete documentation in the subdirectory documentation.
hbuhrmester
 
Posts: 525
Joined: 11.10.2013, 20:59

Re: Release Notes for Linux scripts, version 1.1-esr

Postby hbuhrmester » 14.02.2018, 22:52

Installationsanleitung für die Linux-Download-Skripte, Version 1.1 ESR

Die Linux-Download-Skripte funktionieren nicht alleine – sie benötigen die Konfigurationsdateien einer WSUS-Offline-Update-Installation.

Außerdem können die Linux-Download-Skripte nur den Download-Teil von WSUS Offline Update ersetzen, also zum Beispiel die Anwendung UpdateGenerator.exe und das Skript DownloadUpdates.cmd. Um die heruntergeladenen Updates zu installieren, werden auch die Dateien aus dem Verzeichnis wsusoffline/client benötigt, zum Beispiel die Anwendung UpdateInstaller.exe.

Die Version 1.1 ESR der neuen Linux-Download-Skripte wurde für WSUS Offline Update 9.2.3 ESR entwickelt.

WSUS Offline Update 9.2.3 ESR verwendet noch das ältere Linux-Skript DownloadUpdates.sh. Um die neuen Linux-Skripte für diese Version zusätzlich zu installieren, müssen Sie:

  1. die benötigten Pakete ihrer Linux-Distribution installieren
  2. das Archiv wsusoffline923.zip herunterladen und entpacken
  3. das Archiv sh-new-1.1-esr.tgz herunterladen und entpacken

Installieren Sie die benötigten und empfohlenen Pakete

Bei Debian und von Debian abgeleiteten Distributionen müssen Sie zwischen den Paketen md5deep und hashdeep unterscheiden.

Die Entwickler sind mit ihrem Projekt von SourceForge nach GitHub umgezogen, und sie haben ihr Projekt von md5deep in hashdeep umbenannt:

http://md5deep.sourceforge.net/
https://github.com/jessek/hashdeep/

Debian hat diesen Schritt nachvollzogen und das Paket md5deep in hashdeep umbenannt. Dieser Wechsel erfolgte im Sommer 2015 mit den Debian 8 Jessie-Backports. Die allgemeine Regel für Debian und von Debian abgeleitete Distributionen lautet deshalb: Installieren Sie das Paket md5deep, wenn die Distribution älter ist als 2015. Installieren Sie das Paket hashdeep in allen aktuellen Distributionen.

  • Für Debian 7 Wheezy:
    Code: Select all
    su -
    aptitude install cabextract md5deep wget xmlstarlet trash-cli

  • Für Debian 8 Jessie-Backports und neuer:
    Code: Select all
    su -
    aptitude install cabextract hashdeep wget xmlstarlet trash-cli

  • Für Ubuntu 14.04 LTS Trusty:
    Code: Select all
    sudo apt-get install cabextract md5deep wget xmlstarlet trash-cli

  • Für Ubuntu 16.04 LTS Xenial und neuer:
    Code: Select all
    sudo apt-get install cabextract hashdeep wget xmlstarlet trash-cli

Andere Distributionen, die nicht auf Debian basieren, scheinen den Paketnamen md5deep beizubehalten.

Beachten Sie, dass beide Pakete md5deep und hashdeep eine Reihe von ähnlichen Anwendungen installieren: hashdeep, md5deep, sha1deep, sha256deep, tigerdeep und whirlpooldeep. In WSUS Offline Update müssen Sie immer die Anwendung hashdeep verwenden, unabhängig vom Paketnamen.


Laden Sie das wsusoffline-Archiv herunter und entpacken Sie es

Hinweis: Diese Anleitung bezieht sich auf die derzeit aktuelle Version WSUS Offline Update 9.2.3 ESR. Wenn es auf der Downloadseite http://download.wsusoffline.net/ im Abschnitt ESR version eine neuere Version 9.2.* ESR gibt, sollten sie diese Version verwenden.

Laden Sie das Archiv wsusoffline923.zip und die Prüfsummendatei wsusoffline923_hashes.txt herunter:

Code: Select all
wget http://download.wsusoffline.net/wsusoffline923.zip
wget http://download.wsusoffline.net/wsusoffline923_hashes.txt


Sie können das Archiv mit hashdeep überprüfen:

Code: Select all
hashdeep -a -v -v -l -k wsusoffline923_hashes.txt wsusoffline923.zip


Entpacken Sie das Archiv mit unzip:

Code: Select all
unzip wsusoffline923.zip


Wechseln Sie in das neue Verzeichnis "wsusoffline":

Code: Select all
cd wsusoffline



Laden Sie das Archiv sh-new-1.1-esr.tgz herunter und entpacken Sie es

Laden Sie das Archiv sh-new-1.1-esr.tgz und die Prüfsummendatei in das Verzeichnis wsusoffline herunter:

Code: Select all
wget http://downloads.hartmut-buhrmester.de/sh-new-1.1-esr.tgz
wget http://downloads.hartmut-buhrmester.de/sh-new-1.1-esr_hashes.txt


Sie können das Archiv mit hashdeep überprüfen:

Code: Select all
hashdeep -a -v -v -b -k sh-new-1.1-esr_hashes.txt sh-new-1.1-esr.tgz


Entpacken Sie das Archiv im Verzeichnis wsusoffline:

Code: Select all
tar xvzf sh-new-1.1-esr.tgz


Wechseln Sie in das neue Verzeichnis sh-new-1.1-esr und rufen Sie das Skript update-generator.bash für eine interaktive Auswahl der gewünschten Updates auf:

Code: Select all
cd sh-new-1.1-esr
./update-generator.bash


Sie können auch das Skript get-all-updates.bash als Vorlage verwenden: Dieses Skript lädt alle Updates für Windows und Office mit allen verfügbaren Optionen für die Standardsprachen Deutsch und Englisch herunter. Es kann beliebig angepasst werden – kommentieren Sie einfach alle Punkte aus, die sie nicht benötigen.


Anmerkungen

Es ist wichtig, dass Sie das Archiv sh-new-1.1-esr.tgz im Ordner wsusoffline entpacken. Dies stellt sicher, dass alle enthaltenen Dateien in die richtigen Verzeichnisse entpackt werden:

  • Der Ordner sh-new-1.1-esr wird im Ordner "wsusoffline" neu erstellt.
  • Mehrere zusätzliche xslt-Dateien werden in den Ordner "wsusoffline/xslt" entpackt.
  • Eine Datei wird in den Ordner "wsusoffline/static/custom" entpackt.
  • Eine Datei wird in den Ordner "wsusoffline/exclude/custom" entpackt.

Verwenden Sie zum Entpacken am besten das generische tar. Manche Utilities wie aunpack erzeugen ein zusätzliches Verzeichnis mit dem Namen des Archivs, wenn das Archiv mehrere Dateien oder Ordner auf der obersten Ebene enthält. Dies verhindert die richtige Installation der enthaltenen Dateien.

Wenn Sie das Verzeichnis wsusoffline kopieren oder verschieben möchten, achten Sie bitte darauf, das Änderungsdatum aller Dateien beizubehalten. Anstelle "cp" können Sie "cp --archive" oder "cp --preserve" verwenden. Dies ist für die korrekte Funktion von WSUS Offline Update notwendig.

Sie finden die komplette Dokumentation im Verzeichnis documentation.
hbuhrmester
 
Posts: 525
Joined: 11.10.2013, 20:59


Return to Linux

Who is online

Users browsing this forum: No registered users and 139 guests