[Pki-devel] [PATCH] Verify Symbolic Links (Dogtag 9)

Matthew Harmsen mharmsen at redhat.com
Wed Aug 29 00:07:58 UTC 2012


The following patch attempts to address these issues.

It should be understood that this has NOT been tested with any package 
renames/location changes that may have been checked-in this morning, and 
as such, the data may need to be changed and tested to comply with these 
changes.

-- Matt

On 08/28/12 07:25, Ade Lee wrote:
> The CS.cfg logic looks fine.
>
> The check_symlinks() code is still a little confusing.
>
> You do the following check:
>
> target=${symlinks[${key}]}
> # Check to make certain that the expected target exists.
> if [ -e ${target} ]; then
>      ....
> else
>      # Attempt to remove this dangling symbolic link and
>      # issue an ERROR that the target to which the
>      # symbolic link is expected to point does NOT exist.
>      rm ${symlink}
>      ....
>
> This is not correct.  Its not necessarily a danglng link.  The link that
> is there may in fact point to another (wrong) target.  All you know is
> that you cannot correct this link because the expected target does not
> exist.
>
> To simplify check_links(), I suggest that you move the check for whether
> or not the target exists and is fully resolvable into make_symlink().
> If either fails, then error out.
>
> then the logic in check_symlinks() becomes simpler.
>
> if [ -e symlink]; then
>      if [-h symlink]; then
>          target = symlinks[key]
>          current_target = `readlink symlink`
>          if [target == current_target]; then
>              check if exists and resolvable and chown
>          else
>              rm symlink
>              make_link()
>      elif [-f symlink]
>          warn about debugging
>      else
>          error "directory or some such"
> else
>      make_link()
>
> On Mon, 2012-08-27 at 20:57 -0700, Matthew Harmsen wrote:
>> This patch attempts to address these issues.
>>
>> On 08/24/12 07:54, Ade Lee wrote:
>>> same comments as on the dogtag 10 patch.
>>>
>>> On Wed, 2012-08-22 at 20:26 -0700, Matthew Harmsen wrote:
>>>> This patch addresses the issue listed below for Dogtag 9:
>>>>         * TRAC Ticket #301 - Need to modify init scripts to verify
>>>>           needed symlinks in an instance
>>>> This patch has been tested and found to work successfully on 64-bit
>>>> Fedora 16 with SElinux in "Permissive" mode:
>>>>         * Built and installed Dogtag 9 Packages on a 64-bit Fedora 16
>>>>           host
>>>>         * Installed and configured Dogtag 9 CA, KRA, OCSP, TKS, RA, and
>>>>           TPS instances
>>>>         * Tested attached symlinks patch on all subsystems (although I
>>>>           was unable to get the configured TPS to restart --
>>>>           successfully applied logic from standalone test program)
>>>> _______________________________________________
>>>> Pki-devel mailing list
>>>> Pki-devel at redhat.com
>>>> https://www.redhat.com/mailman/listinfo/pki-devel
>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 20120828-Verify-symbolic-links-Dogtag-9.patch
Type: text/x-patch
Size: 16711 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20120828/064757b3/attachment.bin>


More information about the Pki-devel mailing list