[Pki-devel] [RHEL 6.6] Patches for 'pki-core' . . . (with patches attached)

Ade Lee alee at redhat.com
Thu Jun 19 14:42:40 UTC 2014 

ACK on patch for 1055080.

I assume though that at least part of this fix (switching of obnoxious
vs. inform) will be ported to 10.2, right?  Even though we will not be
setting debug level to inform in Fedora, and will be working to solve
this issue there by more judicious logging.

On the patch for 1061442 - this RFE occurred because the at some point,
it was found that the CS.cfg became corrupted - either becoming
completely blank or being truncated.  On the subsequent startup, the
server did not completely start up - but it did in fact start to a point
where the process was running.  In this case, it is likely that the now
corrupted CS.cfg file will be backed up, rendering this backup mechanism
useless.

Moreover, its human nature to attempt to restart a couple of times,
which would mean that just a single CS.cfg.bak would be overwritten.

I think that we will need to keep timestamped copies in order to prevent
this issue.  If we are worried about the proliferation of files, we can
always checksum the backup file and only backup if the checksum has not
changed.  And we'll need to document of course that the file is there.

At the very least, we need to validate the situations above ie.
1) start the server
2) cat /dev/null > CS.cfg, or truncate CS.cfg to 8192 bytes.
3) restart server
4) check backups
5) restart server again ..

Ade

On Wed, 2014-06-18 at 18:08 -0700, Matthew Harmsen wrote:
> Please review the attached patches which address the following bugs:
>       * Bugzilla Bug #1061442 - RFE - ipa-server should keep backup of
>         CS.cfg
>       * Bugzilla Bug #1055080 - Giant /var/log/pki-ca/debug
> 
> Note that these bugs are ONLY relevant to the RHEL 6 platform.
> 
> 
> The actual bugs contain the same sample SRPM which contains both of
> these patches and a spec file, and the comments in both bugs provide
> TESTING instructions for that particular patch.
> 
> 
> It would be great to have ACKs for these by this Friday, 06/20/2014,
> so that I can generate official builds of 'pki-core'.
> 
> 
> Thanks,
> -- Matt 
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel

More information about the Pki-devel mailing list