CheckForUpdates

The update command allows you to check to see whether an update is available for the IdP.

By default this will display whether the IdP can be updated:

$  ./update.sh
INFO  - No Upgrade available from 5.0.0

If a new version is available it will be announced:

$  ./update.sh
INFO  - Version 5.0.0 can be upgraded to 5.1.0

The updated distribution can be downloaded using the -d qualifier. Downloaded files are signature checked against the current Shibboleth PGP_KEYS file but, as for the plugin installer, you have to accept the offered key (which you are expected to independently validate). The keystore of trusted signatures can be overridden on the command line, but defaults to %{idp.home}/credentials/net.shibboleth.idp/

Command Line Options

By defaut (no qualifiers) a check of the current version is made.

Short	Long	Type	Description

Short	Long	Type	Description
-l	-list		List versions available
-d	--downloadDir	Path	If an upgrade is available download and signature check it
-fd	--forceDownload	Version string	Download the distribution for the provided version even if it isn’t an available update (required -d)

The following are for advanced use:

	--truststore	Path to a GPG key ring	Path to the (non default) trust store file used check the signature
	--updateURL	URL	Location to get the update information
	--verbose		Verbose logging
	--quiet		Quiet logging
	--logConfig	Path to logback configuration	Specify a file to use to control the logging of the plugin command
	--version		Output the version of the plugin command
-hc	--http-client	Bean ID	Allows specification of an HTTP client bean used to download updates (or perform any related Module operation). For details on wiring up a client bean, refer to the HttpClientConfiguration topic.
-hs	--http-security	Bean ID	Allows security customization of the HTTP operation(s).

Additionally a set of Spring resource files can be supplied to provide the configuration for the last two qualifiers.