Date: Fri, 29 Mar 2024 09:37:52 +0100 (CET) Message-ID: <2128725590.111588.1711701472803@srvdoc.doc.ipesoft.com> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_111587_297688048.1711701472803" ------=_Part_111587_297688048.1711701472803 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
Sada util=C3=ADt d2u_* sl=C3=BA=C5=BEi na automatick=C3= =BA aktualiz=C3=A1ciu in=C5=A1tal=C3=A1cie syst=C3=A9mu D2000 z FTP/SFTP se= rvera. Podpora SFTP bola pridan=C3=A1 do verzie d2u_client 4.0.0.37
Pozn=C3=A1mka: Popisovan=C3=BD stav je platn=C3=BD od v= erzie d2u_client 2.2.0.6 (D2000 v7.02.002 patche).
Medzi utility d2u_* patria:
Od verzie d2u_client 2.3.0.24 je dostupn=C3=BD =
r=C3=BDchly m=C3=B3d (=C5=A1tandardne zapnut=C3=BD), t.j. na klien=
tovi nekontroluje jednotliv=C3=A9 s=C3=BAbory a adres=C3=A1re, ale pre=C4=
=8D=C3=ADta si UUID (identifik=C3=A1tor) z lok=C3=A1lneho s=C3=BAboru "cont=
ent.xml" v installdir a appldir a ak sa nel=C3=AD=C5=A1ia=
od UUID v "content.xml" na FTP serveri, tak pova=C5=BEuje klienta za plne =
synchronizovan=C3=A9ho.
V pr=C3=ADpade, =C5=BEe lok=C3=A1lne UUID v "content.xml" sa l=C3=AD=C5=A1=
i, pr=C3=ADpadne ch=C3=BDba, prebehne pln=C3=A1 aktualiz=C3=A1cia a v pr=C3=
=ADpade, =C5=BEe nenastala chyba, tak sa UUID do lok=C3=A1lneho "content.xm=
l" zap=C3=AD=C5=A1e. R=C3=BDchly m=C3=B3d je mo=C5=BEn=C3=A9 potla=C4=8Di=
=C5=A5 prep=C3=ADna=C4=8Dom /F (vi=C4=8F parametre pr=C3=ADkazov=C3=A9ho riadk=
a).
Pre pou=C5=BEitie r=C3=BDchleho m=C3=B3du je treba pou=C5=BEi=C5=A5 d2u_sna= pshot.exe minim=C3=A1lne verzie z 24.10.2011 a n=C3=ADm pregenerova=C5= =A5 s=C3=BAbory content.xml na FTP serveri.
Utilita d2u_service be=C5=BE=C3=AD ako servis pod u=C5= =BE=C3=ADvate=C4=BEom s pr=C3=A1vami na z=C3=A1pis do in=C5=A1tala=C4=8Dn=C3=A9ho a aplika=C4=8Dn=C3=A9ho adr= es=C3=A1ra a umo=C5=BE=C5=88uje vykona=C5=A5 aktualiz=C3=A1ciu, aj ke=C4=8F= je za konzolou prihl=C3=A1sen=C3=BD u=C5=BE=C3=ADvate=C4=BE, ktor=C3=BD ti= eto pr=C3=A1va nem=C3=A1. Utilitu mus=C3=AD na klientskom po=C4=8D=C3=ADta= =C4=8Di zaregistrova=C5=A5 lok=C3=A1lny administr=C3=A1tor spusten=C3=ADm "= d2u_service -i" v adres=C3=A1ri D2000_INSTALL_DIR\bin\.
Utilita d2u_client po spusten=C3=AD vykon=C3=A1 aktuali= z=C3=A1ciu in=C5=A1tala=C4=8Dn=C3=A9ho a aplika=C4=8Dn=C3=A9ho adres=C3=A1r= a oproti FTP/SFTP serveru a spust=C3=AD zadan=C3=BD proces (typicky HI.EXE)= .
K svojmu behu potrebuje v syst=C3=A9mov=C3=BDch registroch nasledovn=C3= =A9 hodnoty:
[HKEY_LOCAL_MACHINE\SOFTWARE\Ipesoft\<k=C4=BE=C3=BA=C4=8D_in=C5=
=A1tal=C3=A1cie>\Update]
"FTPServer"=3Dip_adresa_(s)ftp_servera ; napr=C3=ADklad: "192.168=
.103.10" [1]
"FTPMode"=3Dm=C3=B3d_ftp_spojenia ; pr=C3=ADpustn=C3=A9 m=C3=B3dy=
s=C3=BA: "active" a "passive", z=C3=A1le=C5=BE=C3=AD od konfigur=C3=A1cie =
firewallu, nastavenie m=C3=A1 v=C3=BDznam len pre protokol FTP
"FTPApplDir"=3Daplika=C4=8Dn=C3=BD_adres=C3=A1r_na_(s)ftp_serveri=
; napr=C3=ADklad "/pub/D2000.APP", [2]
"FTPInstallRoot"=3Din=C5=A1tala=C4=8Dn=C3=BD_adres=C3=A1r_na_(s)ftp_se=
rveri ; napr=C3=ADklad "/pub/D2000.EXE", [3]
"FTPScriptsFile"=3Dmeno popisn=C3=A9ho s=C3=BAboru skriptov; napr=
=C3=ADklad "scripstfile.ini", [3]
"FTPUser"=3Dftp_login ; napr=C3=ADklad "d2update"
"FTPPassword"=3Dftp_password ; napr=C3=ADklad "w589pt7yegsf6hjx" =
[4]
"Protocol"=3D 'FTP' alebo 'SFTP' (SFTP od verzie d2u_client 4.0.0.37)<=
/em>; ak nie je uveden=C3=BD alebo nie je rozpoznan=C3=BD, pou=C5=BEi=
je sa FTP
In=C5=A1tala=C4=8Dn=C3=BD adres=C3=A1r na (S)FTP serv=
eri m=C3=A1 nasledovn=C3=BA =C5=A1trukt=C3=BAru:
s=C3=BAbor /in=C5=A1tala=C4=8Dn=C3=BD_adres=C3=A1r_na_ftp_serv=
eri/update/content.xml
S=C3=BAbor mus=C3=AD by=C5=A5 vygenerovan=C3=BD utilitou d2u_snapshot.exe=
(vi=C4=8F ni=C5=BE=C5=A1ie) po ka=C5=BEdej zmene aplika=C4=8Dn=C3=A9ho adr=
es=C3=A1ra na (S)FTP serveri.
adres=C3=A1r /in=C5=A1tala=C4=8Dn=C3=BD_adres=C3=A1r_na_ftp_se=
rveri/scripts/
Tu m=C3=B4=C5=BEu by=C5=A5 ulo=C5=BEen=C3=A9 popisn=C3=A9 s=C3=BAbory skri=
ptov a skripty , ktor=C3=A9 bud=C3=BA spusten=C3=A9 pred a po aktualiz=C3=
=A1cii. Ak m=C3=A1 d=C3=B4js=C5=A5 k spusteniu skriptov, mus=C3=AD =C5=A1pe=
cifikovan=C3=A9 meno popisn=C3=A9ho s=C3=BAboru skriptov scriptsfile.in=
i v registroch alebo z pr=C3=ADkazov=C3=A9ho riadka prep=C3=ADna=C4=8D=
om /S (vi=C4=8F ni=C5=BE=C5=A1ie)
Form=C3=A1t skriptov=C3=A9ho s=C3=BAboru je nasledovn=C3=BD:
[BEFORE= ] RUN_AS_CLIENT=3Dbefore_cli.cmd RUN_AS_SERVICE=3Dbefore_srv.cmd [AFTER] RUN_AS_CLIENT=3Dafter_cli.cmd RUN_AS_SERVICE=3Dafter_srv.cmd
= Parametre z pr=C3=ADkazov=C3=A9ho riadka:
/V | verbose |
/S=3Dscriptsfile.ini | spust=C3=AD skripty pop=C3=ADsan=C3=A9 v scr= ipstfile.ini |
/Lsk | slovensk=C3=BD jazyk |
/Q | quiet |
/A | aktualizuje iba aplika=C4=8Dn=C3=BD adres=C3=A1r= |
/T | test - ni=C4=8D fyzicky nezapisuje, iba simuluje= aktualiz=C3=A1ciu |
/F | fullcheck - ignoruje lok=C3=A1lny content.xm= l |
/Dtime | delay [time] sek=C3=BAnd |
Utilitu pou=C5=BE=C3=ADvali d2u_service a d2u_client na svoju aktualiz=C3= =A1ciu, od verzie 3.0 u=C5=BE nie je potrebn=C3=A1
Utilita po spusten=C3=AD vytvor=C3=AD v aktu=C3=A1lnom pracovnom adres=
=C3=A1ri s=C3=BAbor content.xml, ktor=C3=BD je umiestnen=
=C3=BD na (S)FTP serveri a d2u_client.exe pod=C4=BEa tohto=
s=C3=BAboru porovn=C3=A1va, ktor=C3=A9 s=C3=BAbory treba stiahnu=C5=A5 z (=
S)FTP servera.
Typick=C3=BD postup je nakop=C3=ADrova=C5=A5 d2u_snapshot.exe do /aplika=C4=8Dn=C3=BD_adres=C3=A1r_na_ftp_serveri/ a do /
Pri ka=C5=BEdej zmene v in=C5=A1tala=C4=8Dnom a aplika=C4=8Dnom = adres=C3=A1ri na (S)FTP serveri je potrebn=C3=A9 zo servera spusti=C5=A5 ob= e utility, tie vygeneruj=C3=BA s=C3=BAbory /aplika=C4=8Dn=C3= =BD_adres=C3=A1r_na_ftp_serveri/content.xml a /in=C5=A1tala=C4=8Dn= =C3=BD_adres=C3=A1r_na_ftp_serveri/update/content.xml. Tieto s=C3=BAbo= ry si potom pri aktualiz=C3=A1cii klienta stiahne d2u_client.exe a pod=C4=BEa nich vykon=C3=A1 aktualiz=C3=A1ciu.
IPSAutorun umo=C5=BE=C5=88uje spusti=C5=A5 z definovan=C3=A9ho adres=C3= =A1ra alebo prenosn=C3=A9ho USB m=C3=A9dia pripraven=C3=BD bal=C3=AD=C4=8De= k, ktor=C3=BD m=C3=B4=C5=BEe vykona=C5=A5 napr. aktualiz=C3=A1ciu syst=C3= =A9mu, nain=C5=A1talova=C5=A5 patch, urobi=C5=A5 servisn=C3=BD z=C3=A1sah a= pod. Bal=C3=AD=C4=8Dek je digit=C3=A1lne podp=C3=ADsan=C3=BD opr=C3=A1vnen= =C3=BDm subjektom a d2u_service spust=C3=AD bal=C3=AD=C4= =8Dek iba po =C3=BAspe=C5=A1nom overen=C3=AD podpisu.
IPSAutoRun bal=C3=AD=C4=8Dek pozost=C3=A1va z dvoch s= =C3=BAborov:
pri=C4=8Dom "<<nazov>>.7z" je .7zip arch=C3=ADv a "<<n= azov>>.7z.sig" je s=C3=BAbor s digit=C3=A1lnym podpisom zaru=C4=8Duj= =C3=BAcim autenticitu arch=C3=ADvu. Arch=C3=ADv mus=C3=AD obsahova=C5=A5 s= =C3=BAbor "\autorun.cmd" a =C5=A1tandardne =C4=8Fal=C5=A1ie s=C3=BAbory.
d2u_service.exe sleduje pr=C3=ADtomnos=C5=A5 IPSAutoRun= bal=C3=AD=C4=8Dkov:
d2u_service.exe =C4=8D=C3=ADta z registrov nasledovn=C3= =A9 parametre:
(string) HKEY_LOCAL_MACHINE\SOFTWARE\Ipesoft\<<base>>\IPSAut=
oRun\PublicKey
- cel=C3=A1 cesta k s=C3=BAboru s verejn=C3=BDm k=C4=BE=C3=BA=C4=8Dom opr=
=C3=A1vnen=C3=A9ho subjektu (napr. "c:\D2000\D2000.EXE\utils\ipsautorun\pub=
lic_key.pem"). Tento s=C3=BAbor mus=C3=AD by=C5=A5 chr=C3=A1nen=C3=BD proti=
zmazaniu/z=C3=A1pisu pr=C3=ADstupov=C3=BDmi pr=C3=A1vami OS vo=C4=8Di neau=
torizovan=C3=BDm u=C5=BE=C3=ADvate=C4=BEom.
(string) HKEY_LOCAL_MACHINE\SOFTWARE\Ipesoft\<<base>>\IPSAut=
oRun\UnpackDir
- cesta k pracovn=C3=A9mu adres=C3=A1ru, do ktor=C3=A9ho sa autorun bal=C3=
=AD=C4=8Dky rozbalia a odkia=C4=BE bud=C3=BA spusten=C3=A9 (napr. "c:\temp\=
ipsautorun\")
(string) HKEY_LOCAL_MACHINE\SOFTWARE\Ipesoft\<<base>>\IPSAut=
oRun\WatchedDir
- cesta k pracovn=C3=A9mu adres=C3=A1ru, ktor=C3=BD bude monitorovan=C3=BD=
na pr=C3=ADtomnos=C5=A5 autorun bal=C3=AD=C4=8Dkov. Kv=C3=B4li konzistenci=
i bal=C3=AD=C4=8Dka a podpisu, je nutn=C3=A9 najsk=C3=B4r do adres=C3=A1ra =
kop=C3=ADrova=C5=A5 arch=C3=ADv <meno>.7z a a=C5=BE potom podpis <=
meno>.7z.sig.
Opr=C3=A1vnen=C3=BD subjekt si vygeneruje s=C3=BAkromn=C3=BD + verejn=C3= =BD k=C4=BE=C3=BA=C4=8D napr=C3=ADklad pomocou aplik=C3=A1cie openssl.e= xe, ktor=C3=BA si stiahne z bezpe=C4=8Dn=C3=A9ho zdroja (alebo pou=C5= =BEije openssl.exe, ktor=C3=A9 je v adres=C3=A1ri <D2000_in=C5= =A1tala=C4=8Dn=C3=BD_adres=C3=A1r>/bin resp. /bin64).
Postup generovania p=C3=A1ru k=C4=BE=C3=BA=C4=8Dov v pr=C3=ADkazovom ria= dku windows cmd.exe:
set RANDFILE=3D.\.rnd openssl genrsa -out private_key.pem 4096 openssl rsa -pubout -in private_key.pem -out public_key.pem |
V aktu=C3=A1lnom adres=C3=A1ri vznikn=C3=BA s=C3=BAbory "private_key.pem= " - s=C3=BAkromn=C3=BD k=C4=BE=C3=BA=C4=8D a "public_key.pem" - verejn=C3= =BD k=C4=BE=C3=BA=C4=8D. Priv=C3=A1tny k=C4=BE=C3=BA=C4=8D je nutn=C3=A9 za= bezpe=C4=8Di=C5=A5 proti neopr=C3=A1vnen=C3=A9mu pr=C3=ADstupu, bude sl=C3= =BA=C5=BEi=C5=A5 na podpisovanie bal=C3=AD=C4=8Dkov. Verejn=C3=BD k=C4=BE= =C3=BA=C4=8D je nutn=C3=A9 rozdistribuova=C5=A5 na po=C4=8D=C3=ADta=C4=8De,= kde bude be=C5=BEa=C5=A5 d2u_service.
Do bal=C3=AD=C4=8Dka (do kore=C5=88ov=C3=A9ho adres=C3=A1ra) umiestnite = d=C3=A1vkov=C3=BD s=C3=BAbor autorun.cmd, v ktorom je implementova= n=C3=A1 potrebn=C3=A1 funkcionalia a pr=C3=ADpadne =C4=8Fal=C5=A1ie potrebn= =C3=A9 s=C3=BAbory. Bal=C3=AD=C4=8Dek zba=C4=BEte do form=C3=A1tu 7zip (www.= 7-zip.org). Potom bal=C3=AD=C4=8Dek podp=C3=AD=C5=A1te s=C3=BAkromn=C3= =BDm k=C4=BE=C3=BA=C4=8Dom nasledovn=C3=BDm postupom (op=C3=A4=C5=A5 je pot= rebn=C3=BD openssl.exe):
openssl dgst -sha256 -sign private_key.pem -keyf= orm PEM -out .7z.sig .7z |
Vznikne s=C3=BAbor .7z.sig, ktor=C3=BD spolu so .7z tvor=C3=AD bal=C3=AD= =C4=8Dek pripravnen=C3=BD na pou=C5=BEitie pre d2u_service.
S=C3=BAvisiace str=C3=A1nky: