1SA-UPDATE(1) User Contributed Perl Documentation SA-UPDATE(1)
2
3
4
6 sa-update - automate SpamAssassin rule updates
7
9 sa-update [options]
10
11 Options:
12
13 --channel channel Retrieve updates from this channel
14 Use multiple times for multiple channels
15 --channelfile file Retrieve updates from the channels in the file
16 --checkonly Check for update availability, do not install
17 --install filename Install updates directly from this file. Signature
18 verification will use "file.asc" and "file.sha1"
19 --allowplugins Allow updates to load plugin code
20 --gpgkey key Trust the key id to sign releases
21 Use multiple times for multiple keys
22 --gpgkeyfile file Trust the key ids in the file to sign releases
23 --gpghomedir path Store the GPG keyring in this directory
24 --gpg and --nogpg Use (or do not use) GPG to verify updates
25 (--gpg is assumed by use of the above
26 --gpgkey and --gpgkeyfile options)
27 --import file Import GPG key(s) from file into sa-update's
28 keyring. Use multiple times for multiple files
29 --updatedir path Directory to place updates, defaults to the
30 SpamAssassin site rules directory
31 (default: /var/lib/spamassassin/3.003001)
32 --refreshmirrors Force the MIRRORED.BY file to be updated
33 -D, --debug [area=n,...] Print debugging messages
34 -v, --verbose Be more verbose, like print updated channel names
35 -V, --version Print version
36 -h, --help Print usage message
37
39 sa-update automates the process of downloading and installing new rules
40 and configuration, based on channels. The default channel is
41 updates.spamassassin.org, which has updated rules since the previous
42 release.
43
44 Update archives are verified using SHA1 hashes and GPG signatures, by
45 default.
46
47 Note that "sa-update" will not restart "spamd" or otherwise cause a
48 scanner to reload the now-updated ruleset automatically. Instead,
49 "sa-update" is typically used in something like the following manner:
50
51 sa-update && /etc/init.d/spamassassin reload
52
53 This works because "sa-update" only returns an exit status of 0 if it
54 has successfully downloaded and installed an updated ruleset.
55
57 --channel
58 sa-update can update multiple channels at the same time. By
59 default, it will only access "updates.spamassassin.org", but more
60 channels can be specified via this option. If there are multiple
61 additional channels, use the option multiple times, once per
62 channel. i.e.:
63
64 sa-update --channel foo.example.com --channel bar.example.com
65
66 --channelfile
67 Similar to the --channel option, except specify the additional
68 channels in a file instead of on the commandline. This is useful
69 when there are a lot of additional channels.
70
71 --checkonly
72 Only check if an update is available, don't actually download and
73 install it. The exit code will be 0 or 1 as described below.
74
75 --install
76 Install updates "offline", from the named tar.gz file, instead of
77 performing DNS lookups and HTTP invocations.
78
79 Files named file.sha1 and file.asc will be used for the SHA-1 and
80 GPG signature, respectively. The filename provided must contain a
81 version number of at least 3 digits, which will be used as the
82 channel's update version number.
83
84 Multiple --channel switches cannot be used with --install. To
85 install multiple channels from tarballs, run "sa-update" multiple
86 times with different --channel and --install switches, e.g.:
87
88 sa-update --channel foo.example.com --install foo-34958.tgz
89 sa-update --channel bar.example.com --install bar-938455.tgz
90
91 --allowplugins
92 Allow downloaded updates to activate plugins. The default is not
93 to activate plugins; any "loadplugin" or "tryplugin" lines will be
94 commented in the downloaded update rules files.
95
96 --gpg, --nogpg
97 sa-update by default will verify update archives by use of a SHA1
98 checksum and GPG signature. SHA1 hashes can verify whether or not
99 the downloaded archive has been corrupted, but it does not offer
100 any form of security regarding whether or not the downloaded
101 archive is legitimate (aka: non-modifed by evildoers). GPG
102 verification of the archive is used to solve that problem.
103
104 If you wish to skip GPG verification, you can use the --nogpg
105 option to disable its use. Use of the following gpgkey-related
106 options will override --nogpg and keep GPG verification enabled.
107
108 Note: Currently, only GPG itself is supported (ie: not PGP). v1.2
109 has been tested, although later versions ought to work as well.
110
111 --gpgkey
112 sa-update has the concept of "release trusted" GPG keys. When an
113 archive is downloaded and the signature verified, sa-update
114 requires that the signature be from one of these "release trusted"
115 keys or else verification fails. This prevents third parties from
116 manipulating the files on a mirror, for instance, and signing with
117 their own key.
118
119 By default, sa-update trusts key id "265FA05B", which is the
120 standard SpamAssassin release key. Use this option to trust
121 additional keys. See the --import option for how to add keys to
122 sa-update's keyring. For sa-update to use a key it must be in sa-
123 update's keyring and trusted.
124
125 For multiple keys, use the option multiple times. i.e.:
126
127 sa-update --gpgkey E580B363 --gpgkey 298BC7D0
128
129 Note: use of this option automatically enables GPG verification.
130
131 --gpgkeyfile
132 Similar to the --gpgkey option, except specify the additional keys
133 in a file instead of on the commandline. This is extremely useful
134 when there are a lot of additional keys that you wish to trust.
135
136 --gpghomedir
137 Specify a directory path to use as a storage area for the
138 "sa-update" GPG keyring. By default, this is
139
140 /etc/mail/spamassassin/sa-update-keys
141
142 --import
143 Use to import GPG key(s) from a file into the sa-update keyring
144 which is located in the directory specified by --gpghomedir.
145 Before using channels from third party sources, you should use this
146 option to import the GPG key(s) used by those channels. You must
147 still use the --gpgkey or --gpgkeyfile options above to get sa-
148 update to trust imported keys.
149
150 To import multiple keys, use the option multiple times. i.e.:
151
152 sa-update --import channel1-GPG.KEY --import channel2-GPG.KEY
153
154 Note: use of this option automatically enables GPG verification.
155
156 --refreshmirrors
157 Force the list of sa-update mirrors for each channel, stored in the
158 MIRRORED.BY file, to be updated. By default, the MIRRORED.BY file
159 will be cached for up to 7 days after each time it is downloaded.
160
161 --updatedir
162 By default, "sa-update" will use the system-wide rules update
163 directory:
164
165 /var/lib/spamassassin/3.003001
166
167 If the updates should be stored in another location, specify it
168 here.
169
170 Note that use of this option is not recommended; if you're just
171 using sa-update to download updated rulesets for a scanner, and sa-
172 update is placing updates in the wrong directory, you probably need
173 to rebuild SpamAssassin with different "Makefile.PL" arguments,
174 instead of overriding sa-update's runtime behaviour.
175
176 -D [area,...], --debug [area,...]
177 Produce debugging output. If no areas are listed, all debugging
178 information is printed. Diagnostic output can also be enabled for
179 each area individually; area is the area of the code to instrument.
180 For example, to produce diagnostic output on channel, gpg, and
181 http, use:
182
183 sa-update -D channel,gpg,http
184
185 For more information about which areas (also known as channels) are
186 available, please see the documentation at
187 <http://wiki.apache.org/spamassassin/DebugChannels>.
188
189 -h, --help
190 Print help message and exit.
191
192 -V, --version
193 Print sa-update version and exit.
194
196 An exit code of 0 means an update was available, and was downloaded and
197 installed successfully if --checkonly was not specified.
198
199 An exit code of 1 means no fresh updates were available.
200
201 An exit code of 2 means that at least one update is available but that
202 a lint check of the site pre files failed. The site pre files must
203 pass a lint check before any updates are attempted.
204
205 An exit code of 4 or higher, indicates that errors occurred while
206 attempting to download and extract updates.
207
209 Mail::SpamAssassin(3) Mail::SpamAssassin::Conf(3) spamassassin(1)
210 spamd(1) <http://wiki.apache.org/spamassassin/RuleUpdates>
211
213 "Mail::SpamAssassin"
214
216 See <http://issues.apache.org/SpamAssassin/>
217
219 The Apache SpamAssassin(tm) Project <http://spamassassin.apache.org/>
220
222 SpamAssassin is distributed under the Apache License, Version 2.0, as
223 described in the file "LICENSE" included with the distribution.
224
225
226
227perl v5.10.1 2013-12-05 SA-UPDATE(1)