[Pki-devel] [PATCH] Verify Symbolic Links (Dogtag 10)
Ade Lee
alee at redhat.com
Fri Aug 24 14:54:20 UTC 2012
Couple of comments:
1. We need to think about how to handle each of the cases you have
encountered. There are a number of cases where you simply warn and exit
rather than fixing the link. I think these are open for debate, but I
suggest the following:
missing link -> (currently) add the link (suggested) add the link
link pointing to wrong place --> (currently) error (suggested) fix the link
link pointing to non-existent target --> (currently) error (suggested) fix the link
link is actually a file -> (currently) warn (suggested) warn
link is a directory or otherwise -> (currently) error (suggested) error
2. This is perhaps a stylistic comment. You spend a large number of
lines defining variables that specify paths that ultimately only ever
get used within the same function. To me, this just makes the code
harder to read. Its a lot simpler (and has no loss in generality) to
see:
[jaxrs-api.jar]=/usr/share/java/resteasy/jaxrs-api.jar
instead of:
[jaxrs-api.jar]=${resteasy_java_dir}/jaxrs-api.jar
If I need to understand what a particular link is, I can see it directly
rather than having to hunt through figuring out what {resteasy_java_dir}
is, which in turn is defined in terms of {java_dir} ...
The only reason you might want to declare variables here would be for
arch dependent links.
Ade
On Wed, 2012-08-22 at 20:21 -0700, Matthew Harmsen wrote:
> This patch addresses the issue listed below for Dogtag 10:
> * TRAC Ticket #301 - Need to modify init scripts to verify
> needed symlinks in an instance
> This patch has been tested and found to work successfully on 64-bit
> Fedora 17 with SElinux in "Permissive" mode:
> * Built and installed Dogtag 9 Packages on a 64-bit Fedora 17
> host
> * Installed and configured Dogtag 9 CA instance
> * Successfully submitted an enrollment request, approved
> enrollment request, issued certificate, and listed
> certificates
> * Built and installed Dogtag 10 Packages on the same 64-bit
> Fedora 17 host
> * Restarted Dogtag 9 CA instance (so that it was now running
> under Dogtag 10)
> * Successfully submitted an enrollment request and listed
> certificates
> * Successfully approved the enrollment request and issued a
> certificate AFTER:
> * manually shutting down the CA instance,
> * applying the CS.cfg fixes documented in "TRAC Ticket
> #303 - Dogtag 10: CS.cfg parameters for Dogtag 9
> instance running under Dogtag 10 packages . . .", and
> * restarting the CA instance)
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
More information about the Pki-devel
mailing list