[Pki-devel] [PATCH] Verify Symbolic Links (Dogtag 9)

Ade Lee alee at redhat.com
Wed Aug 29 15:14:20 UTC 2012


ack

On Tue, 2012-08-28 at 17:07 -0700, Matthew Harmsen wrote:
> The following patch attempts to address these issues.
> 
> It should be understood that this has NOT been tested with any package 
> renames/location changes that may have been checked-in this morning, and 
> as such, the data may need to be changed and tested to comply with these 
> changes.
> 
> -- Matt
> 
> On 08/28/12 07:25, Ade Lee wrote:
> > The CS.cfg logic looks fine.
> >
> > The check_symlinks() code is still a little confusing.
> >
> > You do the following check:
> >
> > target=${symlinks[${key}]}
> > # Check to make certain that the expected target exists.
> > if [ -e ${target} ]; then
> >      ....
> > else
> >      # Attempt to remove this dangling symbolic link and
> >      # issue an ERROR that the target to which the
> >      # symbolic link is expected to point does NOT exist.
> >      rm ${symlink}
> >      ....
> >
> > This is not correct.  Its not necessarily a danglng link.  The link that
> > is there may in fact point to another (wrong) target.  All you know is
> > that you cannot correct this link because the expected target does not
> > exist.
> >
> > To simplify check_links(), I suggest that you move the check for whether
> > or not the target exists and is fully resolvable into make_symlink().
> > If either fails, then error out.
> >
> > then the logic in check_symlinks() becomes simpler.
> >
> > if [ -e symlink]; then
> >      if [-h symlink]; then
> >          target = symlinks[key]
> >          current_target = `readlink symlink`
> >          if [target == current_target]; then
> >              check if exists and resolvable and chown
> >          else
> >              rm symlink
> >              make_link()
> >      elif [-f symlink]
> >          warn about debugging
> >      else
> >          error "directory or some such"
> > else
> >      make_link()
> >
> > On Mon, 2012-08-27 at 20:57 -0700, Matthew Harmsen wrote:
> >> This patch attempts to address these issues.
> >>
> >> On 08/24/12 07:54, Ade Lee wrote:
> >>> same comments as on the dogtag 10 patch.
> >>>
> >>> On Wed, 2012-08-22 at 20:26 -0700, Matthew Harmsen wrote:
> >>>> This patch addresses the issue listed below for Dogtag 9:
> >>>>         * TRAC Ticket #301 - Need to modify init scripts to verify
> >>>>           needed symlinks in an instance
> >>>> This patch has been tested and found to work successfully on 64-bit
> >>>> Fedora 16 with SElinux in "Permissive" mode:
> >>>>         * Built and installed Dogtag 9 Packages on a 64-bit Fedora 16
> >>>>           host
> >>>>         * Installed and configured Dogtag 9 CA, KRA, OCSP, TKS, RA, and
> >>>>           TPS instances
> >>>>         * Tested attached symlinks patch on all subsystems (although I
> >>>>           was unable to get the configured TPS to restart --
> >>>>           successfully applied logic from standalone test program)
> >>>> _______________________________________________
> >>>> Pki-devel mailing list
> >>>> Pki-devel at redhat.com
> >>>> https://www.redhat.com/mailman/listinfo/pki-devel
> >
> 





More information about the Pki-devel mailing list