Sharing this as it may be useful for all SPO’s out there.
Administrators of Linux machines may sometimes be required to update the Operating system of servers that are not connected to the internet. These servers may not have any internet access for a variety of reasons including:
-
They are at locatiions that have extremely slow and unusable or even no internet connections.
-
They are were purposefully disconnected from the internet for security reasons
These servers are called offline or air gapped machines.
In Cardano, stake pool operators are required to maintain an offline machine. For security reasons, this machine should never be connected to the internet.
On a regular basis (sometimes even daily), Operating System updates are released. These may include bug fixes, security updates and new features or enhancements.
-
Online machines that are Internet connected can benefit from these updates whenever the operator does regular maintenance or sometimes automatically for some updates that can be auto installed.
-
Offline machines that are not internet connected receive none of these updates. Nevertheless, they can be used for months or even years without having any updates as long as there is no need to update them.
For Cardano Stake Pool Operators, there was no real requirement to update the Operating System (OS) of their offline machine until version 1.35 required the installation of a new package (libsecp256k1). While only one new package was required, installing this package required other OS packages to be installed beforehand. These other packages were dependent on other packages to also be installed first and the cycle repeats.
Some operators are able to quickly resolve the issue by connecting their offline machine to the internet. This is not a valid solution in my opinion as it can compromise security— defeating the purpose of having an offline machine in the first place.
For this reason, I documented the steps to assist anyone needing to update an offline machine.
Options Available
As I was researching this article, I came across various other articles— many of which were written in a way that makes the reader think that their solution is the only way to update an offline machine.
Unfortunately, I soon faced issues when I tried them out. Further research and troubleshooting led me to four of the better ways to update an offline machine. They are:
-
Manual Installation
-
Apt-Offline
-
Package Managers (e.g. Synaptic)
-
Rebuild
Of course there are other ways including creating your own package repository. However, these are the methods that I recommend as they are easier and more practical to use. Each method has their advantages and disadvantages. You can do your own research on how to use the 4 options or you can check out this article that we wrote for Cardano SPOT Check which has more technical details:
Hope this helps!