[Pki-devel] [PATCH] Verify Symbolic Links (Dogtag 9)
Ade Lee
alee at redhat.com
Wed Aug 29 15:14:20 UTC 2012
ack
On Tue, 2012-08-28 at 17:07 -0700, Matthew Harmsen wrote:
> The following patch attempts to address these issues.
>
> It should be understood that this has NOT been tested with any package
> renames/location changes that may have been checked-in this morning, and
> as such, the data may need to be changed and tested to comply with these
> changes.
>
> -- Matt
>
> On 08/28/12 07:25, Ade Lee wrote:
> > The CS.cfg logic looks fine.
> >
> > The check_symlinks() code is still a little confusing.
> >
> > You do the following check:
> >
> > target=${symlinks[${key}]}
> > # Check to make certain that the expected target exists.
> > if [ -e ${target} ]; then
> > ....
> > else
> > # Attempt to remove this dangling symbolic link and
> > # issue an ERROR that the target to which the
> > # symbolic link is expected to point does NOT exist.
> > rm ${symlink}
> > ....
> >
> > This is not correct. Its not necessarily a danglng link. The link that
> > is there may in fact point to another (wrong) target. All you know is
> > that you cannot correct this link because the expected target does not
> > exist.
> >
> > To simplify check_links(), I suggest that you move the check for whether
> > or not the target exists and is fully resolvable into make_symlink().
> > If either fails, then error out.
> >
> > then the logic in check_symlinks() becomes simpler.
> >
> > if [ -e symlink]; then
> > if [-h symlink]; then
> > target = symlinks[key]
> > current_target = `readlink symlink`
> > if [target == current_target]; then
> > check if exists and resolvable and chown
> > else
> > rm symlink
> > make_link()
> > elif [-f symlink]
> > warn about debugging
> > else
> > error "directory or some such"
> > else
> > make_link()
> >
> > On Mon, 2012-08-27 at 20:57 -0700, Matthew Harmsen wrote:
> >> This patch attempts to address these issues.
> >>
> >> On 08/24/12 07:54, Ade Lee wrote:
> >>> same comments as on the dogtag 10 patch.
> >>>
> >>> On Wed, 2012-08-22 at 20:26 -0700, Matthew Harmsen wrote:
> >>>> This patch addresses the issue listed below for Dogtag 9:
> >>>> * TRAC Ticket #301 - Need to modify init scripts to verify
> >>>> needed symlinks in an instance
> >>>> This patch has been tested and found to work successfully on 64-bit
> >>>> Fedora 16 with SElinux in "Permissive" mode:
> >>>> * Built and installed Dogtag 9 Packages on a 64-bit Fedora 16
> >>>> host
> >>>> * Installed and configured Dogtag 9 CA, KRA, OCSP, TKS, RA, and
> >>>> TPS instances
> >>>> * Tested attached symlinks patch on all subsystems (although I
> >>>> was unable to get the configured TPS to restart --
> >>>> successfully applied logic from standalone test program)
> >>>> _______________________________________________
> >>>> Pki-devel mailing list
> >>>> Pki-devel at redhat.com
> >>>> https://www.redhat.com/mailman/listinfo/pki-devel
> >
>
More information about the Pki-devel
mailing list