[Pki-devel] [PATCH] Verify Symbolic Links (Dogtag 10)

Matthew Harmsen mharmsen at redhat.com
Tue Aug 28 04:01:27 UTC 2012 

The attached patch attempts to address these issues and adds a patch for:

  * TRAC Ticket #303 - Dogtag 10: CS.cfg parameters for Dogtag 9
    instance running under Dogtag 10 packages . . .

With the addition of the patch above, I was able to simply restart the 
server and it successfully started a Dogtag 9 CA instance running under 
the Dogtag 10 packages.

On 08/24/12 07:54, Ade Lee wrote:
> Couple of comments:
>
> 1. We need to think about how to handle each of the cases you have
> encountered.  There are a number of cases where you simply warn and exit
> rather than fixing the link.  I think these are open for debate, but I
> suggest the following:
>
> missing link -> (currently) add the link (suggested) add the link
> link pointing to wrong place --> (currently) error (suggested) fix the link
> link pointing to non-existent target --> (currently) error (suggested) fix the link
> link is actually a file -> (currently) warn (suggested) warn
> link is a directory or otherwise -> (currently) error (suggested) error
>     
> 2. This is perhaps a stylistic comment.  You spend a large number of
> lines defining variables that specify paths that ultimately only ever
> get used within the same function.  To me, this just makes the code
> harder to read.  Its a lot simpler (and has no loss in generality) to
> see:
>
> [jaxrs-api.jar]=/usr/share/java/resteasy/jaxrs-api.jar
>
> instead of:
> [jaxrs-api.jar]=${resteasy_java_dir}/jaxrs-api.jar
>
> If I need to understand what a particular link is, I can see it directly
> rather than having to hunt through figuring out what {resteasy_java_dir}
> is, which in turn is defined in terms of {java_dir} ...
>
> The only reason you might want to declare variables here would be for
> arch dependent links.
>    
> Ade
>
> On Wed, 2012-08-22 at 20:21 -0700, Matthew Harmsen wrote:
>> This patch addresses the issue listed below for Dogtag 10:
>>        * TRAC Ticket #301 - Need to modify init scripts to verify
>>          needed symlinks in an instance
>> This patch has been tested and found to work successfully on 64-bit
>> Fedora 17 with SElinux in "Permissive" mode:
>>        * Built and installed Dogtag 9 Packages on a 64-bit Fedora 17
>>          host
>>        * Installed and configured Dogtag 9 CA instance
>>        * Successfully submitted an enrollment request, approved
>>          enrollment request, issued certificate, and listed
>>          certificates
>>        * Built and installed Dogtag 10 Packages on the same 64-bit
>>          Fedora 17 host
>>        * Restarted Dogtag 9 CA instance (so that it was now running
>>          under Dogtag 10)
>>        * Successfully submitted an enrollment request and listed
>>          certificates
>>        * Successfully approved the enrollment request and issued a
>>          certificate AFTER:
>>                * manually shutting down the CA instance,
>>                * applying the CS.cfg fixes documented in "TRAC Ticket
>>                  #303 - Dogtag 10: CS.cfg parameters for Dogtag 9
>>                  instance running under Dogtag 10 packages . . .", and
>>                * restarting the CA instance)
>>
>> _______________________________________________
>> Pki-devel mailing list
>> Pki-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/pki-devel
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20120827/f696cc9e/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 20120827-Verify-symbolic-links-Dogtag-10.patch
Type: text/x-patch
Size: 44584 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20120827/f696cc9e/attachment.bin>

More information about the Pki-devel mailing list