Bug 620 – Globus (Simple) CA setup-gsi does not support -default

Bug 620 - Globus (Simple) CA setup-gsi does not support -default

Summary:

Globus (Simple) CA setup-gsi does not support -default

Status:	RESOLVED FIXED

Product:	Simple CA
Component:	Simple CA
Version:	2.0
Platform:	All All

Importance:	P2 normal
Target Milestone:	---
Assigned To:	Sam Lang

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2003-01-20 11:19 by Gareth Bestor
Modified:	2008-08-11 15:49 (History)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note

You need to log in before you can comment on or make changes to this bug.

Description From Gareth Bestor 2003-01-20 11:19:33

For the most part, the default Globus CA behaves the same as a regular
SimpleCA.
However, unlike regular SimpleCA's, the setup-gsi script for the
trusted_ca_42864e48 does support the -default option. As a result, the
recommended mechanism for switching between different (Simple) CA's does not
work for the Globus CA.

c279lx01:/opt/gt2/setup/globus# cd $GLOBUS_LOCATION/setup/globus 
c279lx01:/opt/gt2/setup/globus# ./setup-gsi -default
Unknown option: default
setup-gsi [

              -help

              -nonroot[=path] 
                 sets the directory that the security 
                 configuration files will be placed in.  
                 If no argument is given, the config files 
                 will be placed in $GLOBUS_LOCATION/etc/
                 and the CA files will be placed in  
                 $GLOBUS_LOCATION/share/certificates.

          ]


# diff
/home/grid/src/gt2.2.3/packages/globus_simple_ca_setup-0.12/globus_simple_ca_setup_template/setup-gsi.pl.tmpl
/home/grid/src/gt2.2.3/packages/globus_trusted_ca_42864e48_setup-0.5/setup-gsi.pl

31c31
< if( ! &GetOptions("nonroot|d:s","help!","default!") )
---
> if( ! &GetOptions("nonroot|d:s","help!") )
41c41
< my $setupdir = "$globusdir/setup/globus_simple_ca___CACERT_HASH___setup/";
---
> my $setupdir = "$globusdir/setup/globus/";
46c46
< my $ca_install_hash = "__CACERT_HASH__";
---
> my $ca_install_hash = "42864e48";
194,211c194,206
< if(defined($opt_default))
< {
<
<       system "rm -f $target_dir/grid-security.conf";
<       my $ret_value = ($? >> 8);
<       system "rm -f $target_dir/globus-user-ssl.conf";
<       $ret_value += ($? >> 8);
<       system "rm -f $target_dir/globus-host-ssl.conf";
<       $ret_value += ($? >> 8);
<
<       if($ret_value > 0) { die "\nERROR: Can't delete security config files
from $target_dir\n\n"; }
<
<       my $ret_value  =
symlink("${trusted_certs_dir}/grid-security.conf.${ca_install_hash}",   "${ta
rget_dir}/grid-security.conf");
<       $ret_value +=
symlink("${trusted_certs_dir}/globus-user-ssl.conf.${ca_install_hash}",
"${targe
t_dir}/globus-user-ssl.conf");
<       $ret_value +=
symlink("${trusted_certs_dir}/globus-host-ssl.conf.${ca_install_hash}",
"${targe
t_dir}/globus-host-ssl.conf");
<       if($ret_value < 3) { die "\nERROR: Can't create symlinks for security
config files from $trust
ed_certs_dir to $target_dir\n\n"; }
<
< }
---
> system "rm -f $target_dir/grid-security.conf";
> my $ret_value = ($? >> 8);
> system "rm -f $target_dir/globus-user-ssl.conf";
> $ret_value += ($? >> 8);
> system "rm -f $target_dir/globus-host-ssl.conf";
> $ret_value += ($? >> 8);
>
> if($ret_value > 0) { die "\nERROR: Can't delete security config files from
$target_dir\n\n"; }
>
> my $ret_value  =
symlink("${trusted_certs_dir}/grid-security.conf.${ca_install_hash}",  
"${target_d
ir}/grid-security.conf");
> $ret_value +=
symlink("${trusted_certs_dir}/globus-user-ssl.conf.${ca_install_hash}",
"${target_dir}
/globus-user-ssl.conf");
> $ret_value +=
symlink("${trusted_certs_dir}/globus-host-ssl.conf.${ca_install_hash}",
"${target_dir}
/globus-host-ssl.conf");
> if($ret_value < 3) { die "\nERROR: Can't create symlinks for security config
files from $trusted_cer
ts_dir to $target_dir\n\n"; }
220c215
< my $metadata = new Grid::GPT::Setup(package_name =>
"globus_simple_ca_${ca_install_hash}_setup");
---
> my $metadata = new Grid::GPT::Setup(package_name =>
"globus_trusted_ca_${ca_install_hash}_setup");
243,246c238
<
<               -default
<                  sets the CA being installed to be the
<                  default CA for this host.
---
>

------- Comment #1 From Sam Lang 2003-02-14 17:33:13 -------

Just committed a fix for this to the Globus CA's setup-gsi in CVS.  The new
behavior is:

if no conf files exist in /etc/grid-security:

   add symlinks from the new conf files installed in
   /etc/grid-security/certificates/*.<hash>
   to /etc/grid-security

else if old style conf files are present (not symlinked):

   move old style conf files to .../certificates and suffix them with
   hash of CA cert.  If multiple CA certs are already installed, a warning
   is displayed that conf files will be suffixed with 00000000, which
   should be changed to the correct hash by hand.

else if conf files are present and symlinked:

   don't overwite existing symlinks unless -default is specified