Software Identification (SWID) User’s Guide Abstract This guide describes the Software Identification (SWID) utility, which is available for HP NonStop™ system customers and service providers. This utility enables you to collect exact file identification information for all NonStop software that resides on your system. Product Version SWID G02, H06 Supported Release Version Updates (RVUs) This publication supports D48.03 and all subsequent D-series RVUs, G06.08 and all subsequent G-series RVUs, and H06.
Document History Part Number Product Version Published 069099 SWID C30 March 1993 527243-001 SWID D40 December 2003 527243-002 SWID D40 November 2004 527243-003 SWID D40 July 2005 527243-004 SWID G02, H06 September 2005
Software Identification (SWID) User’s Guide Glossary Index What’s New in This Manual v Manual Information v New and Changed Information v About This Manual vii Who Should Use This Guide vii How This Guide is Organized vii Notation Conventions viii 1.
2. Running SWID (continued) Contents 2. Running SWID (continued) Error Reporting 2-6 Error Recovery 2-7 Execution Errors 2-7 IN File 2-7 OUT File 2-7 Files to be Fingerprinted 2-7 3. SWID Output Sample Output 3-1 Banner Format 3-1 File Fingerprints 3-2 Composite Fingerprint Sample 3-2 4.
. SWID Formatted Output Contents 5. SWID Formatted Output Formatted Output 5-1 Sample Input 5-1 Sample Output 5-1 6. SWID Server Interface SWID as a Server 6-1 Starting SWID as a Server 6-1 Using SWID as a Server 6-2 Configuring SWID as a Pathway Server 6-9 A.
Contents Software Identification (SWID) User’s Guide— 527243-004 iv
What’s New in This Manual Manual Information Software Identification (SWID) User’s Guide Abstract This guide describes the Software Identification (SWID) utility, which is available for HP NonStop™ system customers and service providers. This utility enables you to collect exact file identification information for all NonStop software that resides on your system. Product Version SWID G02, H06.04 Supported Release Version Updates (RVUs) This publication supports D48.03 and all subsequent D-series RVUs, G06.
What’s New in This Manual • New and Changed Information ° In the Switch Options subsection, under -FT (Fingerprint Type), the description of num value 1 is updated and a new num value, 63, is added. ° In the Switch Usage Examples subsection, under -FT/-FD Switches, the example is updated. Section 6, SWID Server Interface: Under GetFpts Command, the description of value 2 for the fptver field is updated and a new value, 63, for the fpttype field is added.
About This Manual The Software Identification (SWID) utility aims to uniquely identify and verify the integrity of NonStop system files. SWID generates a unique identifier (fingerprint) for all NonStop system files and helps in uniquely identifying the files. Note. The fingerprinting algorithm used by SWID is derived from the RSA Data Security, Inc. Message Digest 4 (MD4) algorithm. RSA Data Security Inc. has granted license for such derivative work.
Notation Conventions About This Manual This manual provides a glossary of special terms and an index to help you quickly find the information you are looking for. Notation Conventions Hypertext Links Blue underline is used to indicate a hypertext link within text. By clicking a passage of text with a blue underline, you are taken to the location described. For example: This requirement is described under Backup DAM Volumes and Physical Disk Drives on page 3-2.
General Syntax Notation About This Manual each side of the list, or horizontally, enclosed in a pair of brackets and separated by vertical lines. For example: FC [ num ] [ -num ] [ text ] K [ X | D ] address { } Braces. A group of items enclosed in braces is a list from which you are required to choose one item. The items in the list can be arranged either vertically, with aligned braces on each side of the list, or horizontally, enclosed in a pair of braces and separated by vertical lines.
Notation for Messages About This Manual Line Spacing. If the syntax of a command is too long to fit on a single line, each continuation line is indented three spaces and is separated from the preceding line by a blank line. This spacing distinguishes items in a continuation line from items in a vertical list of selections. For example: ALTER [ / OUT file-spec / ] LINE [ , attribute-spec ]… !i and !o.
Change Bar Notation About This Manual lowercase italic letters. Lowercase italic letters indicate variable items whose values are displayed or returned. For example: p-register process-name [ ] Brackets. Brackets enclose items that are sometimes, but not always, displayed. For example: Event number = number [ Subject = first-subject-value ] A group of items enclosed in brackets is a list of all possible items that can be displayed, of which one or none might actually be displayed.
Change Bar Notation About This Manual The message types specified in the REPORT clause are different in the COBOL environment and the Common Run-Time Environment (CRE). The CRE has many new message types and some new message type codes for old message types. In the CRE, the message type SYSTEM includes all messages except LOGICAL-CLOSE and LOGICAL-OPEN.
1 SWID Overview The Software Identification (SWID) utility aims to uniquely identify and verify the integrity of NonStop system files. SWID is available as a stand-alone utility. SWID uniquely identifies all NonStop system files distributed by HP. This unique identifier is known as the fingerprint of the file and is used to perform software inventory, version analysis, and delivery. SWID supersedes the Version Procedure (VPROC) utility (T9617), which was used for software identification.
Original Fingerprint SWID Overview current contents of all files within the specified file set. The same computation method is used to generate the file fingerprint as described for the current fingerprint. Composite fingerprints provide an efficient mechanism to compare all files within two or more file sets. The composite fingerprint eliminates the need to compare independent fingerprints for files within the file set.
Operations That Do Change the Fingerprint SWID Overview Microcode Files • • Recompiling the object from the same source and the same tools (compiler, Binder, and so on) Recompiling with a change in file name, variable name, and so on Operations That Do Change the Fingerprint Edit Files • • Renumbering lines Using the EDIT compaction function Zero-Byte Files Changing a file’s characteristic, such as file code, type, primary extent, secondary extent, max extent, or buffer size System Requirements Ver
Target Users SWID Overview Software Identification (SWID) User’s Guide— 527243-004 1 -4
2 Running SWID This section describes how to install and run the SWID utility. Installing SWID SWID is a stand-alone object file like other NonStop utilities such as the File Utility Program (FUP). SWID does not require any special installation procedures before its use. Note. Set the PROGID to change the SWID process access ID to super ID, so that SWID can read and compute the fingerprint of any file on the system.
Sample File Set Running SWID in Section 4, Running SWID With Customized Switches. The available switches are -DA, -DV, -DS, -SC, -SO, -SH, -FD, -FV, -FT -FA, -FO, -AF, and -BS. If you specify more than one switch, use spaces to separate items. fileset is either a single file name or a file-name template using wild-card characters (* and ?) as supported by FILEINFO (a TACL command). SWID can accept file names in network format. fileset is expanded using the current system, volume, and subvolume. Note.
SWID Output Running SWID SWID Output The following example illustrates an interactive session of SWID when no arguments are passed. The entries you make in this example are shown in bold text. Note. The example also illustrates what happens when you enter a command that is no longer supported. SWID treats the command as a file name and displays a message indicating that the file cannot be found.
SWID Output Running SWID . \HERA $SYSTEM.SYSTEM 62> run swid SoftWare Identification Utility - T9298G02 - (30AUG2005) System \HERA (C)1991 Tandem (C)2005 Hewlett Packard Development Company, L.P. 05Jul 5 02:42:28 (Switches: None) Enter fileset>-help SWID, SoftWare File Identification Utility, computes current and extracts the original file-fingerprints by reading the specified files. It also provides VPROC functionality. The invocation syntax is: SWID [/IN [,OUT ].../] [ ..
Security Issues Running SWID SWID Banner SWID displays its banner and prompts you with Enter fileset>. Entering -help causes SWID to display the invocation syntax. File Information A line read from the IN file is ignored if the first nonspace character is “an exclamation point (!). This feature enables the command files (IN files) to contain comments. When no files match a specified file set or when the input file set is invalid, SWID responds with the appropriate error message.
IN File Running SWID When executed, the SWID process runs under the Guardian user ID of the invoker unless the PROGID has been set. Any file access requested by SWID is controlled by Guardian. (If SWID tries to open a file that does not allow the user read access, SWID receives a security error 48.) Note. Set the PROGID to change the SWID process access ID to super ID, so that SWID can read and compute the fingerprint of any file on the system. SWID requires only read access to files.
Error Recovery Running SWID another that reflects the suberror. The possible values for errors and suberrors, and the suggested method of recovery, are described in Appendix A, Error Messages. Error Recovery Execution Errors When SWID cannot recover from an execution error, it calls ABEND and transfers a message text to the ABEND procedure. If you invoked the SWID process from TACL, TACL displays the ABEND message. For a complete list of ABEND messages, see Appendix A, Error Messages.
Files to be Fingerprinted Running SWID Software Identification (SWID) User’s Guide— 527243-004 2 -8
3 SWID Output The format of SWID output consists of three parts: • • • The SWID banner File fingerprints Run statistics (only when you use the -DS switch) Use of the -DS switch is optional and is explained in further detail in Section 4, Running SWID With Customized Switches. Sample Output This is a sample of SWID output when SWID is invoked at a TACL prompt: \FOXII $ATHENS AJ40AAJ 84> swid swi* anil7.
File Fingerprints SWID Output • • • The second line contains the standard copyright statement. The third line contains a timestamp indicating when the run started and which switches you selected. The fourth line is optional and is displayed if SWID is used without any parameters. File Fingerprints The format of the main body of a file fingerprint is similar to the FILEINFO command of the TACL program: • • • • The first line is blank. The second line contains the subvolume name.
4 Running SWID With Customized Switches This section describes how to customize the SWID output. Switch Options You can optionally select the following switches to customize the SWID application according to your needs. The switches can be used only in run-line arguments. Switches cannot be used in the IN file. Switches must precede the fileset and be separated by spaces in the run line. -DA (Display Any Fingerprint) The -DA switch option causes SWID to display either the original or current fingerprint.
Running SWID With Customized Switches -FD (Fingerprint Detail) -FD (Fingerprint Detail) The -FD switch option causes SWID to display the fingerprint version and type with the fingerprint. The fingerprint detail is displayed in the following format: version type fingerprint The -FD switch is not valid when used with the -BS or -FO switch. -FV (Fingerprint Version) The -FV switch option causes SWID to generate the requested fingerprint version for the specified file or files.
Running SWID With Customized Switches -FT (Fingerprint Type) -FT (Fingerprint Type) The -FT switch option causes SWID to generate the requested fingerprint type for the specified file or files. The -FT switch option has the format -FT num. The parameter num specifies this fingerprint type. An error is returned if the type does not exist for a file. The -FT switch is not valid when used with the -BS, -SC, or -DA switch. The value specified for num must not exceed four digits.
Running SWID With Customized Switches -FO (Formatted Output) -FO (Formatted Output) The -FO switch option causes SWID to output formatted binary data. The binary data is written to the OUT file you specify. This switch is provided to enable parsing of the SWID output. Caution. If no OUT file is specified in the TACL RUN command and this switch is used, binary data is written to the terminal. If the terminal displays unusual graphic characters, reset the terminal.
Running SWID With Customized Switches Switch Usage Examples Switch Usage Examples These usage examples are for illustrative purposes only. The output you receive on your system might vary slightly. -DV Switch In this example, SWID is invoked using the -DV switch. When you use this switch, it provides VPROC functionality. \FOXII $ATHENS ANIL5 93> vproc swida VPROC - T9617D42 - (20 DEC 2000) SYSTEM \FOXII Date 16 OCT 2003, 06:17:39 COPYRIGHT TANDEM COMPUTERS INCORPORATED 1986 - 2000 $ATHENS.ANIL5.
Running SWID With Customized Switches -FD Switch Considerations • • • • • • Version procedures exist only for object (file codes 100, 700, and 800), microcode (file code 510), and millicode (file code 860) files. The VPROC utility and the SWID utility display such version procedures. VPROC displays Accelerated Execution: DISABLED if the AXCEL region of an object file has been disabled using Binder.
-FV/-FD Switches Running SWID With Customized Switches $DSMSCM SWIDQA 107> swid -fd c800v1 c800v2 SoftWare Identification Utility - T9298AAL - (12JUL2004) System \CHINOOK (C)1991 Tandem (C)2004 Hewlett Packard Development Company, L.P. 17Jun 4 05:12:13 (Switches: -FD ) $DSMSCM.
-FT/-FD Switches Running SWID With Customized Switches In the third example, the version parameter is set to 2 and three files with codes 800, 800, and 101, respectively, are passed. In this example, the Version 2 fingerprint is computed. The code 101 file generates an error, because the Version 2 fingerprint is not supported for file code 101. In the last example, the version parameter is set to .8. As indicated by the error message, this fingerprint version is invalid.
Running SWID With Customized Switches -FT/-FD Switches Five files are passed to SWID: two have file code 800, two have file code 700, and one have file code 100. In the first example, the fingerprint type parameter is set to 0. SWID computes the DEFAULT TYPE fingerprint for the files. In the second example, the fingerprint type parameter is set to 1.
-FT/-FD Switches Running SWID With Customized Switches DSMSCM SWIDQA 49> swid -fd -ft 0 c800v1 c800v2 c700ev1 COFF31A1 C100NOFP SoftWare Identification Utility - T9298G02 - (30AUG2005) System \CHINOOK (C)1991 Tandem (C)2005 Hewlett Packard Development Company, L.P. 21Jul 5 18:08:17 (Switches: -FD -FT ) $DSMSCM.
-FA Switch Running SWID With Customized Switches -FA Switch In this example, SWID is invoked with the -FA switch. \FOXII $ATHENS ANIL7 102> aj40aaj.swid -fa * \FOXII $ATHENS ANIL7 102.. SoftWare Identification Utility - T9298AAJ - (30OCT2003) System \FOXII (C)1991 Tandem (C)2003 Hewlett Packard Development Company, L.P. 16Oct 3 06:31:29 (Switches: -FA ) $ATHENS.ANIL7.SWID Current fpts: Original fpts: e93b5763b8937c7b ** n/a ** $ATHENS.ANIL7.
-DV/-SO Switches Running SWID With Customized Switches -DV/-SO Switches In this example, SWID is invoked with a combination of the -DV and -SO switches. These switches provide VPROC functionality and suppress the original fingerprint for the file OBJFMTC. OBJFMT, SWIDA, and SOBJ2 are object files. \FOXII $ATHENS ANIL5 107> aj40aaj.swid -dv -so * SoftWare Identification Utility - T9298AAJ - (30OCT2003) System \FOXII (C)1991 Tandem (C)2003 Hewlett Packard Development Company, L.P.
-DV/-DS Switches Running SWID With Customized Switches -DV/-DS Switches In this example, SWID is invoked with a combination of the -DV and -DS switches. Two file sets are passed in the run-line arguments: * and t* \FOXII $ATHENS ANIL7 32> aj40aaj.swid -dv -ds * t* SoftWare Identification Utility - T9298AAJ - (30OCT2003) System \FOXII (C)1991 Tandem (C)2003 Hewlett Packard Development Company, L.P. 05Nov 3 06:08:34 (Switches: -DV -DS ) $ATHENS.ANIL7.
Running SWID With Customized Switches -DV/-DS Switches Considerations • • • • • The -DV switch prompts SWID to generate output in a -FA switch format. In addition, the output includes VPROC information whenever the file is an object file or a microcode file. The -DS switch displays the run statistics at the end of the output. The Selected files under Run Statistics indicate how many of the files met the file set criteria.
5 SWID Formatted Output This section explains how to request a formatted SWID output file. Formatted Output You can use the -FO switch to request output in a structured format, which enables parsing of SWID output. Sample Input Formatted input to SWID consists of one or more fi-rec records. The DDL syntax of the record structure ID is: * SWID Formatted Input Record Structure def fi-rec. 03 rectype type binary 16. When the word contains Esc and ^ in two bytes. 88 WhoRU value 7006. 88 GetFpts value 0.
Sample Output SWID Formatted Output The record type is indicated by the first word. The second word indicates the length of the record. The actual record indicated by rectype follows these two words. The possible record types are listed as level 88. The first record of the entire output always has rectype WhoAmI to indicate the product version of SWID. The last record of the output always has rectype ds (Display Statistics), whether or not you use the -DS switch.
6 SWID Server Interface Any application can use SWID as a Pathway server, or as a private dedicated server process, by using the -BS (Be My Server) switch. This section describes how to use SWID as a server. SWID as a Server Instead of providing SWID as a procedure or a function that an application can use, HP recommends that applications initially request SWID as their server. This action eliminates sharing the SWID code with other applications.
Using SWID as a Server SWID Server Interface 5. Close the SWID process to signal the end of startup. Note. When sending the startup message, applications should ignore error 70 returned by SWID. Error 70 indicates that the server is now ready to receive more messages (such as parameters) as part of the startup. Using SWID as a Server 1. Start the SWID process. 2. Call the WRITEREAD procedure when the fingerprint is required. The WRITE buffer must contain one of the commands described next.
Using SWID as a Server SWID Server Interface and earlier, use the literal SWIDVersion-C20 (value 9). You may use either SWIDVersion-C20 (value 9) or SWIDVersion-AAJ (value 10) for SWID product versions T9298AAJ and later. If required, appropriate literals will be made available in the DDL source file, ZSWDDDL, for later product versions of SWID. The reply from SWID consists of only one FO-REC record with rectype being WhoAmI.
Using SWID as a Server SWID Server Interface The rectype of FO-REC is determined by the switches used during startup and remains the same during the life of the server. The rectype is one of the defaults or dv. Sample record structures of def-rec, adef-rec, and dv-rec are as follows: def def-rec. 04 fileiname 04 original. type character 24. * -1 in error field indicates suppressed; -2 indicates n/a. 05 perror type binary 16. 05 serror type binary 16. 05 fpts. 10 version type binary 16.
Using SWID as a Server SWID Server Interface def dv-rec. 04 def-rec 04 vproc. 05 perror 05 serror type *. type binary 16. type binary 16. * Bit<0> is ON for TNS, <1> is ON for TNS/R, <2> is ON for TNS/E, Bit<15> is ON only if AXCEL region exists and is enabled, Bit<13> is ON only if OCA region exists and is enabled. 05 cpu type binary 16. * All zeroes if the file is not axceled. 05 05 05 05 axcelts ts num-vpcs vpc type binary 16 occurs 4 times. type binary 16 occurs 3 times. type binary 16 unsigned.
Using SWID as a Server SWID Server Interface The fptver field indicates the version of the fingerprint to be computed. The following table gives the possible values for fptver: Value Meaning -1 SWID computes the latest (max) version of the fingerprint that is supported by the current version of SWID based on the file code. 0 SWID computes the same fingerprint as the original fingerprint for a file.
Using SWID as a Server SWID Server Interface GetOrigFpts Command * SWID Formatted Input: def GetOrigFpts-Rec. 03 rectype 03 fname 03 fcode 03 buflen 03 buf GetOrigFpts Command Structure type binary 16 value is 1. type character 36. type binary 16. type binary 16 must be 0 thru 2048. type character 1 occurs 0 to 2048 times depending on GetOrigFpts-Rec.buflen. end.
Using SWID as a Server SWID Server Interface def ds-rec. 04 fsetinput type binary 32. * of which so many were invalid 04 fsetinvalid 04 current 05 selct 05 ok 05 err 05 na 04 original. 05 selct 05 ok 05 err 05 na 04 vproc. 05 selct 05 ok 05 err 05 na 04 mismatch type binary 32. type type type type binary binary binary binary 32. 32. 32. 32. type type type type binary binary binary binary 32. 32. 32. 32. type type type type type binary binary binary binary binary 32. 32. 32. 32. 32.
Configuring SWID as a Pathway Server SWID Server Interface Configuring SWID as a Pathway Server Follow this sample command file to configure SWID as a Pathway server. RESET SERVER RESET SERVER PROCESS SET SERVER MAXLINKS 0 SET SERVER MAXSERVERS 2 SET SERVER NUMSTATIC 2 SET SERVER STARTUP "-BS" SET SERVER IN $0 SET SERVER OUT $0 SET SERVER PROGRAM $SYSTEM.SYSTEM.SWID SET SERVER VOLUME $SYSTEM.
SWID Server Interface Configuring SWID as a Pathway Server Software Identification (SWID) User’s Guide— 527243-004 6- 10
A Error Messages This appendix contains error messages for the SWID utility. Error messages are of two types: those generated to the OUT file during the fingerprinting process and those that occur as a result of an ABEND. Each of the messages is listed, with a cause, effect, and suggested recovery method. SWID Messages Not available. Cause. Original fingerprints are not available for this file. Effect. The SWID operation continues with the next file. Recovery.
SWID Messages Error Messages • • An invalid file or fileset was specified. A compressed file was specified. Effect. The SWID operation is terminated. Recovery. Possible recovery actions: • • • • Make sure the file is a valid file of the correct format. Check the file contents for incorrect data or corruption. Make sure you have proper permission to insert fingerprints. Make sure you have the latest version of SWID. Unsupported object file format. Cause.
SWID Messages Error Messages Cause. File sets were specified on the RUN line with the -BS switch. Effect. The SWID operation is terminated. Recovery. Do not specify a file set on the RUN line. Instead, specify file sets in WRITEREADs to the SWID server. -FA switch not allowed with -FO and -BS switches. Cause. The switch designation is invalid. Effect. The SWID operation is terminated. Recovery. Specify a valid combination of switches and try again.
ABEND Messages Error Messages Cause. Invalid syntax was specified for SWID. Effect. The SWID operation is terminated. Recovery. Verify your entry and try again. Syntax Error! Separator expected. Cause. Invalid syntax was specified for SWID. Effect. The SWID operation is terminated. Recovery. Verify your entry and try again. Syntax Error! Closing parenthesis not expected. Cause. Invalid syntax was specified for SWID. Effect. The SWID operation is terminated. Recovery. Verify your entry and try again.
Glossary abend. Abnormal end. Also known as abort. The SWID utility abends if it cannot complete its process. An error message is displayed. current fingerprint. A fingerprint of a file computed by reading the current contents of the file. composite fingerprint. A fingerprint of fingerprints of all files in the specified file set. original fingerprint. The current fingerprint computed when a file is created. MD4. Message Digest 4 algorithm, used to compute unique fingerprints. SUT. Site update tape.
VPROC.
Index A G Abend ABEND messages A-4 description of Glossary-1 error recovery 2-7 executing SWID 2-6 AUDITED file 2-6 AXCEL region 4-6 Guardian file security 2-5 fixup 1-1 userid 2-6 B Binder disabling acceleration using 4-6 timestamp 4-1, 4-14 C Composite fingerprint 1-1/1-2, 2-2, Glossary-1 Current fingerprint description of 1-1, Glossary-1 SWID output 3-1, 4-4 switch options 4-1 -SC switch 4-1 I IN file ABEND messages A-4 concept of 2-1 error recovery 2-7 executing SWID 2-6 file information 2-5 SWID
P Index OCA region 4-6 Original fingerprint description of 1-2, Glossary-1 GetOrigFpts command 6-7 SWID messages A-1 -DA switch 4-1 -DV and -SO switches 4-12 OUT file ABEND messages A-4 concept of 2-1 error messages A-1 error recovery 2-7 executing SWID 2-6 SWID as a Pathway server 6-9 SWID as a server 6-1 P PROGID 2-6 R READ access 2-6, 4-14, 6-1 Record structures input structures fi-rec 5-1 GetFpts2-rec 5-2 GetFpts-rec 5-2 GetOrigFpts-rec 5-2 WhoRU-rec 5-2 output structures adef-rec 6-4 def-rec 6-7 ds
V Index V VPROC description of Glossary-1 -DV switch 4-1, 4-5 W WRITEREAD procedure 6-1, 6-2 Special Characters ! (exclamation point) 2-5 Software Identification (SWID) User’s Guide — 527243-004 Index -3
Special Characters Index Software Identification (SWID) User’s Guide — 527243-004 Index -4