How To Upgrade Offline Nodes

This article is a slight deviation from my other articles as it’s target audience is administrators and stake pool operators as opposed to ordinary users of Cardano.

Nevertheless, I decided to release it instead of just having it updated in SPOT Check as I believe it will benefit a lot of SPO’s. I myself needed a document like this just a week ago so I’m sure it will be appreciated by the technical part of our community. This will be a summary of a longer article I documented in SPOT Check. To read the full article which includes specific commands, you can go to SPOT Check at this link.

4 Options to Update Offline Nodes


Administrtors of Linux machines may sometimes be required to update the Operating system of servers that are not connected to the internet. These servers may not have any internet access for a variety of reasons including:

  • They are at locatiions that have extremely slow and unusable or even no internet connections.
  • They were purposely disconnected from the internet for security reasons

These servers are called offline or air gapped machines.

In Cardano, stake pool operators are required to maintain an offline machine. For security reasons, this machine should never be connected to the internet.

On a regular basis (sometimes even daily), Operating System updates are released. These may include bug fixes, security updates and new features or enhancements.

  • Online machines that are Internet connected can benefit from these updates whenever the operator does regular maintenance or sometimes automatically for some updates that can be auto installed
  • Offline machines that are not internet connected receive none of these updates. Nevertheless, these machines can be used for months or even years without having any updates as long as there is no need to update them

For Cardano Stake Pool Operators, there was no real requirement to update the Operating System (OS) of their offline machine until version 1.35 required the installation of a new package (libsecp256k1). While only one new package was required, installing this package required other OS packages to be installed beforehand. These other packages were dependent on other packages to also be installed first and the cycle repeats.

Some operators are able to quickly resolve the issue by connecting their offline machine to the internet. This is not a valid solution in my opinion as it can compromise security— defeating the purpose of having an offline machine in the first place

Options Available

Research and troubleshooting led me to four of the better ways to update an offline machine. They are:

  1. Manual Installation
  2. Apt-Offline
  3. Package Managers (e.g. Synaptic)
  4. Rebuild

Of course there are other ways including creating your own package repository. However, these are the methods that I recommend as they are easier and more practical to use. Each method has their advantages and disadvantages which I have fully documented in SPOT Check.

Of the options above, the most effective option I found is option 3 (Synaptic). It is not without its flaws however, so administrators should also consider option 4 (Rebuild) if a major update is required.

