[Pki-devel] [PATCH] Verify Symbolic Links (Dogtag 10)
Matthew Harmsen
mharmsen at redhat.com
Tue Aug 28 04:01:27 UTC 2012
The attached patch attempts to address these issues and adds a patch for:
* TRAC Ticket #303 - Dogtag 10: CS.cfg parameters for Dogtag 9
instance running under Dogtag 10 packages . . .
With the addition of the patch above, I was able to simply restart the
server and it successfully started a Dogtag 9 CA instance running under
the Dogtag 10 packages.
On 08/24/12 07:54, Ade Lee wrote:
> Couple of comments:
>
> 1. We need to think about how to handle each of the cases you have
> encountered. There are a number of cases where you simply warn and exit
> rather than fixing the link. I think these are open for debate, but I
> suggest the following:
>
> missing link -> (currently) add the link (suggested) add the link
> link pointing to wrong place --> (currently) error (suggested) fix the link
> link pointing to non-existent target --> (currently) error (suggested) fix the link
> link is actually a file -> (currently) warn (suggested) warn
> link is a directory or otherwise -> (currently) error (suggested) error
>
> 2. This is perhaps a stylistic comment. You spend a large number of
> lines defining variables that specify paths that ultimately only ever
> get used within the same function. To me, this just makes the code
> harder to read. Its a lot simpler (and has no loss in generality) to
> see:
>
> [jaxrs-api.jar]=/usr/share/java/resteasy/jaxrs-api.jar
>
> instead of:
> [jaxrs-api.jar]=${resteasy_java_dir}/jaxrs-api.jar
>
> If I need to understand what a particular link is, I can see it directly
> rather than having to hunt through figuring out what {resteasy_java_dir}
> is, which in turn is defined in terms of {java_dir} ...
>
> The only reason you might want to declare variables here would be for
> arch dependent links.
>
> Ade
>
> On Wed, 2012-08-22 at 20:21 -0700, Matthew Harmsen wrote:
>> This patch addresses the issue listed below for Dogtag 10:
>> * TRAC Ticket #301 - Need to modify init scripts to verify
>> needed symlinks in an instance
>> This patch has been tested and found to work successfully on 64-bit
>> Fedora 17 with SElinux in "Permissive" mode:
>> * Built and installed Dogtag 9 Packages on a 64-bit Fedora 17
>> host
>> * Installed and configured Dogtag 9 CA instance
>> * Successfully submitted an enrollment request, approved
>> enrollment request, issued certificate, and listed
>> certificates
>> * Built and installed Dogtag 10 Packages on the same 64-bit
>> Fedora 17 host
>> * Restarted Dogtag 9 CA instance (so that it was now running
>> under Dogtag 10)
>> * Successfully submitted an enrollment request and listed
>> certificates
>> * Successfully approved the enrollment request and issued a
>> certificate AFTER:
>> * manually shutting down the CA instance,
>> * applying the CS.cfg fixes documented in "TRAC Ticket
>> #303 - Dogtag 10: CS.cfg parameters for Dogtag 9
>> instance running under Dogtag 10 packages . . .", and
>> * restarting the CA instance)
>>
>> _______________________________________________
>> Pki-devel mailing list
>> Pki-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/pki-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20120827/f696cc9e/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 20120827-Verify-symbolic-links-Dogtag-10.patch
Type: text/x-patch
Size: 44584 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20120827/f696cc9e/attachment.bin>
More information about the Pki-devel
mailing list