Corrected manual procedure... the at job needs to be run as updatesd:
On 27/01/2011 12:29 AM, Daryl C. W. O'Shea wrote:
Going forward... we, probably me, need to get an automated way to push
some sort of emergency rule update.
The current manually steps would be:
- un-tar an existing STABLE version rule update
- make the changes (using a patch or manually)
- test that those rules work with all .x versions that you're going to
publish the update for (that is 3.3.0, 3.3.1, 3.3.2, etc...)
- tar up, sign and hash the update
- copy the three update files to the update tarball directory on the zone
- make the files all 544 and owned by updatesd:dns
- update the DNS record for each .x version
- wait 16 or more minutes (the mirrors rsync every 15) and reload the
DNS zone
- alternatively for the last step you could immediately do this:
You'll need to be updatesd, so first
$ sudo su - updatesd
then
$ echo
/export/home/updatesd/svn/spamassassin/build/mkupdates/tick_zone_serial
| at -q n now + 16min
