[Pki-devel] Patch for review - Fix mod_revocator shutdown on 32-bit platforms . . .

Matthew Harmsen mharmsen at redhat.com
Sat Oct 22 02:20:02 UTC 2011 

    *   *Bugzilla Bug #716355*
      <https://bugzilla.redhat.com/show_bug.cgi?id=716355> -
      mod_revocator does not shut down httpd server if expired CRL is
      fetched
    * *Bugzilla Bug #716361*
      <https://bugzilla.redhat.com/show_bug.cgi?id=716361> -
      mod_revocator does not bring down httpd server if CRLUpdate fails

Please review the attached patch (which should address both Bugzilla 
Bugs listed above):

    * https://bugzilla.redhat.com/attachment.cgi?id=529578&action=diff&context=patch&collapsed=&headers=1&format=raw





TESTING THIS PATCH ON A 32-bit RHEL 5 SYSTEM:

# date
Fri Oct 21 15:50:26 PDT 2011

# cd /var/log/httpd

# /sbin/service httpd start

# tail -f error_log
[Fri Oct 21 16:58:40 2011] [notice] core dump file size limit raised to 
4294967295 bytes
[Fri Oct 21 16:58:40 2011] [notice] SELinux policy enabled; httpd 
running as context user_u:system_r:httpd_t
[Fri Oct 21 16:58:40 2011] [notice] suEXEC mechanism enabled (wrapper: 
/usr/sbin/suexec)
[Fri Oct 21 16:58:42 2011] [notice] Digest: generating secret for digest 
authentication ...
[Fri Oct 21 16:58:42 2011] [notice] Digest: done
[Fri Oct 21 16:58:42 2011] [notice] mod_python: Creating 4 session 
mutexes based on 256 max processes and 0 max threads.
[Fri Oct 21 16:58:43 2011] [notice] Apache/2.2.3 (Red Hat) configured -- 
resuming normal operations
[Fri Oct 21 16:58:44 2011] [notice] Revocation subsystem initialized 2
[Fri Oct 21 16:58:44 2011] [notice] Revocation subsystem initialized 2
[Fri Oct 21 16:58:44 2011] [notice] Revocation subsystem initialized 2
[Fri Oct 21 16:58:44 2011] [notice] Revocation subsystem initialized 2
[Fri Oct 21 16:58:44 2011] [notice] Revocation subsystem initialized 2
[Fri Oct 21 16:58:44 2011] [notice] Revocation subsystem initialized 2
[Fri Oct 21 16:58:44 2011] [notice] Revocation subsystem initialized 2
[Fri Oct 21 16:58:44 2011] [notice] Revocation subsystem initialized 2

# date -s "Fri Sep 21 15:50:26 PDT 2012"
Fri Sep 21 15:50:26 PDT 2012

# tail -f error_log
[Fri Oct 21 16:58:40 2011] [notice] core dump file size limit raised to 
4294967295 bytes
[Fri Oct 21 16:58:40 2011] [notice] SELinux policy enabled; httpd 
running as context user_u:system_r:httpd_t
[Fri Oct 21 16:58:40 2011] [notice] suEXEC mechanism enabled (wrapper: 
/usr/sbin/suexec)
[Fri Oct 21 16:58:42 2011] [notice] Digest: generating secret for digest 
authentication ...
[Fri Oct 21 16:58:42 2011] [notice] Digest: done
[Fri Oct 21 16:58:42 2011] [notice] mod_python: Creating 4 session 
mutexes based on 256 max processes and 0 max threads.
[Fri Oct 21 16:58:43 2011] [notice] Apache/2.2.3 (Red Hat) configured -- 
resuming normal operations
[Fri Oct 21 16:58:44 2011] [notice] Revocation subsystem initialized 2
[Fri Oct 21 16:58:44 2011] [notice] Revocation subsystem initialized 2
[Fri Oct 21 16:58:44 2011] [notice] Revocation subsystem initialized 2
[Fri Oct 21 16:58:44 2011] [notice] Revocation subsystem initialized 2
[Fri Oct 21 16:58:44 2011] [notice] Revocation subsystem initialized 2
[Fri Oct 21 16:58:44 2011] [notice] Revocation subsystem initialized 2
[Fri Oct 21 16:58:44 2011] [notice] Revocation subsystem initialized 2
[Fri Oct 21 16:58:44 2011] [notice] Revocation subsystem initialized 2
[Fri Sep 21 15:50:28 2012] [error] CRL 
http://meatpie.dsdev.sjc.redhat.com:9180/ca/ee/ca/getCRL?op=getCRL&crlIssuingPoint=MasterCRL 
CN=Certificate Authority,OU=pki-ca,O=DsdevSjcRedhat Domain is outdated. 
Shutting down server pid 25012
[Fri Sep 21 15:50:29 2012] [notice] caught SIGTERM, shutting down

# /sbin/service httpd status
httpd dead but subsys locked

# /sbin/service httpd restart
Stopping httpd:                                            [FAILED]
Starting httpd:                                            [  OK  ]

# tail -f error_log
[Fri Oct 21 16:58:40 2011] [notice] core dump file size limit raised to 
4294967295 bytes
[Fri Oct 21 16:58:40 2011] [notice] SELinux policy enabled; httpd 
running as context user_u:system_r:httpd_t
[Fri Oct 21 16:58:40 2011] [notice] suEXEC mechanism enabled (wrapper: 
/usr/sbin/suexec)
[Fri Oct 21 16:58:42 2011] [notice] Digest: generating secret for digest 
authentication ...
[Fri Oct 21 16:58:42 2011] [notice] Digest: done
[Fri Oct 21 16:58:42 2011] [notice] mod_python: Creating 4 session 
mutexes based on 256 max processes and 0 max threads.
[Fri Oct 21 16:58:43 2011] [notice] Apache/2.2.3 (Red Hat) configured -- 
resuming normal operations
[Fri Oct 21 16:58:44 2011] [notice] Revocation subsystem initialized 2
[Fri Oct 21 16:58:44 2011] [notice] Revocation subsystem initialized 2
[Fri Oct 21 16:58:44 2011] [notice] Revocation subsystem initialized 2
[Fri Oct 21 16:58:44 2011] [notice] Revocation subsystem initialized 2
[Fri Oct 21 16:58:44 2011] [notice] Revocation subsystem initialized 2
[Fri Oct 21 16:58:44 2011] [notice] Revocation subsystem initialized 2
[Fri Oct 21 16:58:44 2011] [notice] Revocation subsystem initialized 2
[Fri Oct 21 16:58:44 2011] [notice] Revocation subsystem initialized 2
[Fri Sep 21 15:50:28 2012] [error] CRL 
http://meatpie.dsdev.sjc.redhat.com:9180/ca/ee/ca/getCRL?op=getCRL&crlIssuingPoint=MasterCRL 
CN=Certificate Authority,OU=pki-ca,O=DsdevSjcRedhat Domain is outdated. 
Shutting down server pid 25012
[Fri Sep 21 15:50:29 2012] [notice] caught SIGTERM, shutting down
[Fri Sep 21 15:54:30 2012] [notice] core dump file size limit raised to 
4294967295 bytes
[Fri Sep 21 15:54:30 2012] [notice] SELinux policy enabled; httpd 
running as context user_u:system_r:httpd_t
[Fri Sep 21 15:54:30 2012] [notice] suEXEC mechanism enabled (wrapper: 
/usr/sbin/suexec)
[Fri Sep 21 15:54:31 2012] [notice] Digest: generating secret for digest 
authentication ...
[Fri Sep 21 15:54:31 2012] [notice] Digest: done
[Fri Sep 21 15:54:31 2012] [notice] mod_python: Creating 4 session 
mutexes based on 256 max processes and 0 max threads.
[Fri Sep 21 15:54:32 2012] [notice] Apache/2.2.3 (Red Hat) configured -- 
resuming normal operations
[Fri Sep 21 15:54:35 2012] [error] CRL 
http://meatpie.dsdev.sjc.redhat.com:9180/ca/ee/ca/getCRL?op=getCRL&crlIssuingPoint=MasterCRL 
CN=Certificate Authority,OU=pki-ca,O=DsdevSjcRedhat Domain is outdated. 
Shutting down server pid 25059
[Fri Sep 21 15:54:39 2012] [warn] child process 25065 still did not 
exit, sending a SIGTERM
[Fri Sep 21 15:54:41 2012] [warn] child process 25065 still did not 
exit, sending a SIGTERM
[Fri Sep 21 15:54:43 2012] [warn] child process 25065 still did not 
exit, sending a SIGTERM
[Fri Sep 21 15:54:45 2012] [error] child process 25065 still did not 
exit, sending a SIGKILL
[Fri Sep 21 15:54:46 2012] [notice] caught SIGTERM, shutting down

# /sbin/service httpd status
httpd dead but subsys locked

# date -s "Fri Oct 21 15:50:26 PDT 2011"
Fri Oct 21 15:50:26 PDT 2011

# /sbin/service httpd restart
Stopping httpd:                                            [FAILED]
Starting httpd:                                            [  OK  ]

# tail -f error_log
[Fri Oct 21 16:58:40 2011] [notice] core dump file size limit raised to 
4294967295 bytes
[Fri Oct 21 16:58:40 2011] [notice] SELinux policy enabled; httpd 
running as context user_u:system_r:httpd_t
[Fri Oct 21 16:58:40 2011] [notice] suEXEC mechanism enabled (wrapper: 
/usr/sbin/suexec)
[Fri Oct 21 16:58:42 2011] [notice] Digest: generating secret for digest 
authentication ...
[Fri Oct 21 16:58:42 2011] [notice] Digest: done
[Fri Oct 21 16:58:42 2011] [notice] mod_python: Creating 4 session 
mutexes based on 256 max processes and 0 max threads.
[Fri Oct 21 16:58:43 2011] [notice] Apache/2.2.3 (Red Hat) configured -- 
resuming normal operations
[Fri Oct 21 16:58:44 2011] [notice] Revocation subsystem initialized 2
[Fri Oct 21 16:58:44 2011] [notice] Revocation subsystem initialized 2
[Fri Oct 21 16:58:44 2011] [notice] Revocation subsystem initialized 2
[Fri Oct 21 16:58:44 2011] [notice] Revocation subsystem initialized 2
[Fri Oct 21 16:58:44 2011] [notice] Revocation subsystem initialized 2
[Fri Oct 21 16:58:44 2011] [notice] Revocation subsystem initialized 2
[Fri Oct 21 16:58:44 2011] [notice] Revocation subsystem initialized 2
[Fri Oct 21 16:58:44 2011] [notice] Revocation subsystem initialized 2
[Fri Sep 21 15:50:28 2012] [error] CRL 
http://meatpie.dsdev.sjc.redhat.com:9180/ca/ee/ca/getCRL?op=getCRL&crlIssuingPoint=MasterCRL 
CN=Certificate Authority,OU=pki-ca,O=DsdevSjcRedhat Domain is outdated. 
Shutting down server pid 25012
[Fri Sep 21 15:50:29 2012] [notice] caught SIGTERM, shutting down
[Fri Sep 21 15:54:30 2012] [notice] core dump file size limit raised to 
4294967295 bytes
[Fri Sep 21 15:54:30 2012] [notice] SELinux policy enabled; httpd 
running as context user_u:system_r:httpd_t
[Fri Sep 21 15:54:30 2012] [notice] suEXEC mechanism enabled (wrapper: 
/usr/sbin/suexec)
[Fri Sep 21 15:54:31 2012] [notice] Digest: generating secret for digest 
authentication ...
[Fri Sep 21 15:54:31 2012] [notice] Digest: done
[Fri Sep 21 15:54:31 2012] [notice] mod_python: Creating 4 session 
mutexes based on 256 max processes and 0 max threads.
[Fri Sep 21 15:54:32 2012] [notice] Apache/2.2.3 (Red Hat) configured -- 
resuming normal operations
[Fri Sep 21 15:54:35 2012] [error] CRL 
http://meatpie.dsdev.sjc.redhat.com:9180/ca/ee/ca/getCRL?op=getCRL&crlIssuingPoint=MasterCRL 
CN=Certificate Authority,OU=pki-ca,O=DsdevSjcRedhat Domain is outdated. 
Shutting down server pid 25059
[Fri Sep 21 15:54:39 2012] [warn] child process 25065 still did not 
exit, sending a SIGTERM
[Fri Sep 21 15:54:41 2012] [warn] child process 25065 still did not 
exit, sending a SIGTERM
[Fri Sep 21 15:54:43 2012] [warn] child process 25065 still did not 
exit, sending a SIGTERM
[Fri Sep 21 15:54:45 2012] [error] child process 25065 still did not 
exit, sending a SIGKILL
[Fri Sep 21 15:54:46 2012] [notice] caught SIGTERM, shutting down
[Fri Oct 21 15:51:01 2011] [notice] core dump file size limit raised to 
4294967295 bytes
[Fri Oct 21 15:51:01 2011] [notice] SELinux policy enabled; httpd 
running as context user_u:system_r:httpd_t
[Fri Oct 21 15:51:01 2011] [notice] suEXEC mechanism enabled (wrapper: 
/usr/sbin/suexec)
[Fri Oct 21 15:51:03 2011] [notice] Digest: generating secret for digest 
authentication ...
[Fri Oct 21 15:51:03 2011] [notice] Digest: done
[Fri Oct 21 15:51:03 2011] [notice] mod_python: Creating 4 session 
mutexes based on 256 max processes and 0 max threads.
[Fri Oct 21 15:51:04 2011] [notice] Apache/2.2.3 (Red Hat) configured -- 
resuming normal operations
[Fri Oct 21 15:51:06 2011] [notice] Revocation subsystem initialized 2
[Fri Oct 21 15:51:06 2011] [notice] Revocation subsystem initialized 2
[Fri Oct 21 15:51:06 2011] [notice] Revocation subsystem initialized 2
[Fri Oct 21 15:51:06 2011] [notice] Revocation subsystem initialized 2
[Fri Oct 21 15:51:06 2011] [notice] Revocation subsystem initialized 2
[Fri Oct 21 15:51:06 2011] [notice] Revocation subsystem initialized 2
[Fri Oct 21 15:51:06 2011] [notice] Revocation subsystem initialized 2
[Fri Oct 21 15:51:06 2011] [notice] Revocation subsystem initialized 2

NOTE:  PATCH WAS ALSO TESTED ON A 64-BIT PLATFORM TO DETERMINE THAT NO
        REGRESSION OCCURRED.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20111021/d94765b5/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5150 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20111021/d94765b5/attachment.p7s>

More information about the Pki-devel mailing list