Software updates
Software updates are provided as image files.
- Operating system: The operation system image, called
nevisappliance-<type>-os-<version>.img
, includes all OS system files as well as any additional third-party software. All this software is licensed under the terms of the GNU General Public License - GPL. - Nevis software: The Nevis products and components are bundled in the image called
nevisappliance-<type>-nevis-<version>.img
.
Update tasks:
- Copy the images to the nevisAppliance, e.g., using SSH.
- Install the image by using the
update-nevis.sh
- Note: You can execute the update-nevis.sh script only once for an OS image. You need to reboot the server before you can execute the script again.
- Activate the new software by rebooting the server.
Example (please give full path to the images):
update-nevis.sh /path/to/nevisappliance-extended-os-8.2411.0.0.img /path/to/nevisappliance-extended-nevis-8.2411.0.0.img
# [update-nevis.sh] start update........o......+...............n...................
# [update-nevis.sh] normal end
After the reboot you can check the installed nevisAppliance version in the /etc/nevisappliance file. This file contains the version number of the operating system image. To check the installed Nevis product and component version, issue the nevisappliance -v
command:
Example:
[root@extended ~]# nevisappliance -v
version=8.2405.3.1182 image=20241030134100 rev=6c81aa4 extended
cluster=8.2405.3.1182 extended, installed on Mon Nov 04 08:11:34 2024
system=Rocky Linux release 9.4 (Blue Onyx) java=openjdk version "17.0.13" 2024-10-15 LTS SELinux=PERMISSIVE
adnooprint 7.2311.0.6565033000
nevisadapt 8.2405.2.1
nevisauth 8.2405.2.0
nevisbase 1.2.10
neviscred 2.0.20.0
nevisdetect 8.2405.2.1
nevisdetectcl 8.2405.2.1
nevisdp 8.2405.1.11028253699
nevisfido 8.2405.3.1
nevisfidocl 8.2405.3.1
nevisidm 8.2405.5.11573780478
nevisidmcl 8.2405.5.11573780478
nevisidmdb 8.2405.5.11573780478
neviskeybox 2.2.5.0
nevislogrend 8.2405.0.1
nevismeta 8.2405.1.0
nevisproxy 8.2405.1.0
Image types
nevisAppliance is available in different image types:
- The base image contains the Nevis core products and components such as nevisProxy, nevisAuth, nevisLogRend, and nevisAdmin. This image is used for most installations.
- The extended image contains additional Nevis software required for identity management or mobile authentication, such as nevisIDM, nevisFIDO, nevisDataPorter, as well as the necessary printing services.
- The admin image is suited to be used for administration purposes. It is available as nevisAdmin v3 or nevisAdmin v4 variant.
- The monitoring image contains Monitoring Tools like Prometheus and AlertManager.
- The database image features MariaDB, which can be used as a database server for session clustering or nevisIDM.
The dmz image contains the Nevis core products and components nevisProxy, nevisAuth, and nevisLogRend.
nevisappliance-base-os-<version>.img nevisappliance-base-nevis-<version>.img
Included components: nevisProxy, nevisAuth, nevisLogRend, ClamAV.
The base
image is used to set up servers hosting nevisProxy, nevisAuth, and nevisLogRend.
nevisappliance-extended-os-<version>.img nevisappliance-extended-nevis-<version>.img
Included components: nevisAdapt, nevisDetect, nevisProxy, nevisAuth, nevisLogRend, nevisIDM, nevisDataPorter, nevisFIDO, nevisMeta, adnooprint, CUPS.
The extended
image is used to set up servers hosting nevisIDM, in addition to the base Nevis products and components.
nevisappliance-admin4-os-<version>.img nevisappliance-admin4-nevis-<version>.img
Included components: nevisAdmin v4, MariaDB.
Use this image to set up a server for administration purposes with nevisAdmin v4.
nevisappliance-db-os-<version>.img nevisappliance-db-nevis-<version>.img
Included components: MariaDB, PostgreSQL.
The database
image can be used to set up a database server for session sharing, nevisIDM or nevisMeta, see the chapter Database appliance for nevisIDM.
nevisappliance-dmz-os-<version>.img nevisappliance-dmz-nevis-<version>.img
Included components: nevisProxy, nevisAuth, nevisLogRend, ClamAV.
The dmz
image is used to set up servers hosting nevisProxy, nevisAuth, and nevisLogRend only.
All image types provide the necessary base Nevis product and components like the Java runtime environment, the J2EE containers, nevisKeybox/nevisCred, opentelemetry-agent, ClamAV, and all necessary system tools.
Image signatures
The updated images include an internal digital signature which is automatically verified when you install the image. A modified image (corrupt file download or a manipulated image) can't be installed without modifying the updating script.
For the ISO image, we provide an external GnuPG signature which can be validated using the following public key.
GnuPG signing key
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.22 (GNU/Linux)
mQENBFZDVkYBCAC3V6cAV9xyZMs1TBRkEtjiP1mlatWxQ3GouHvM6hOIyimtN9YY
8DiiKuLghS1wjrGC0K+sZIjj50ZSCpLvc9KkQf/q0PTlc52w00j90zkyCtlxv8LD
aglgTpQgr+9irwLO2j38U5uDW6I/dmlC9IyP+pvELZvCnhB5iWhHr99TpihN8z34
87h0E4eEZguAcMootlE3WVrKusIr1G+B/s5e77Up1OGCjc4GDEBJcYXuJZ7ER0vh
Ser7PZ50LLnlrmQfH3Wr3rdNrUH53+xUjSOu0Vg6fn1+JN61Ue8Y3jgruKg2k0yc
hoo+JzUlaEBoaGAQetRT7p382Egm0XU1EhFHABEBAAG0LU5ldmlzIEFwcGxpYW5j
ZSBWMiBCdWlsZCA8c3VwcG9ydEBhZG5vdnVtLmNoPokBOQQTAQIAIwUCVkNWRgIb
AwcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheAAAoJEI7vDni7GZLyp/0H/RrXKq64
lY8m4vUKzuLxdYO8uKfN5B3pwKbW8xn6k9G0BqNhDVsdEIUvgs70Z+Os3GAumyT/
q8pHJWnpmOWhOQMGZmoz9jSVJYf96RO1bNTwiJrmbyJwiwQrjAdgHyrymfYPepRY
h+ZEy0XqNVxlKjat+3m51b/jtYsUTKVr4tCUIz26oRpr2iy9P4LVMuyxVvtrkqEB
om4t3SZ8CC+21s9aDsvrpTNobmmnDI+yxnWZblJ0kXcu/175hp3NpyCVsWw6ATHi
by+gCqNfQisWeuPUgSHd6yTZL6GYu2NQDMD8glkPJsIkJ8G9WWNrh+iU5Te+O1Go
1mr1xUZHCl9fiP65AQ0EVkNWRgEIAPRkoaXp+aDvjNYErR+fOzEl0vWbWysfhIWe
eSmTb62R8Q4krJLHBSPkpOWeGt95kJu5XmxcDJc2mBCf7aJ2nuerImkneTX43RlS
b8mZn6s74m3xVdfh4IUWs4CRBlXkte7y/ptONeqDanlFd/hnpYTvZChhSUot6JIC
Ebd6Y2oqYBZrFCneOzeizntoWBQ1S9kBT6NzS3YgzmKAajG9p5i18qlFcGfIfGzV
fmNEDPZmp6xNHYR8pODPb/+OJrV1dVizD2tEYgba8AV9hwjUibRwaE91nMQB7/VG
NNvpn/e3S7f1cbizdxlMeb6Hz0zMwyAvF03D27JGs7DLKYqptpsAEQEAAYkBHwQY
AQIACQUCVkNWRgIbDAAKCRCO7w54uxmS8gNiB/9fEi/Jd4hsJ/aWvZgIk8yqXTSf
sELqLN2Lld1YTfKRXQ00LpmNKIXnooCMrXatT8i3aUItbOjk74iBIo15UGUeN0kJ
ocWcaczNOoWy5g7DFMMiTrV9LFyIEdMtDid71uoVzpqi6uk/91JxJoXNkcY4Do40
v+2g9h6+LvSHw58J2cFF/ffVcaH0i1TvWls9Jln/r8+73kAsbBsoJ0uhsfLEtNvJ
o49hLEcfETx8hstKVOKIhhfDramaA4LMCNG2Z56RzjNSVV9J9ZaTkOwtCyoxLF6F
/8M5hRLfEV99r5DSJY/84RPjKB9ztiIhvGnsPnOilIgqIsKyVgjY/VHiBxm7
=7AeV
-----END PGP PUBLIC KEY BLOCK-----
Import this key to your local keystore and validate the image signature by using the gpg --verify
command.
Example:
# gpg --verify nevisappliance-install-8.2405.3.1182.iso.asc nevisappliance-install-8.2405.3.1182.iso
gpg: Signature made Thu 26 Nov 2015 02:25:41 PM CET using RSA key ID BB1992F2
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 2 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 2u
gpg: Good signature from "Nevis Appliance V2 Build <[email protected]>"