From 645e41cbf58d48ae627381ad25a59891b2a4ef20 Mon Sep 17 00:00:00 2001 From: Matyas Selmeci Date: Mon, 5 Nov 2018 14:08:51 -0600 Subject: [PATCH 1/3] Allow missing tarball_md5sum in description (SOFTWARE-3463) _do_ barf if both tarball_md5sum and tarball_sha256sum are missing. --- lib/OSGCerts.pm | 8 ++------ sbin/osg-update-certs | 19 +++++++++---------- 2 files changed, 11 insertions(+), 16 deletions(-) diff --git a/lib/OSGCerts.pm b/lib/OSGCerts.pm index 59e451b..ad24e5a 100644 --- a/lib/OSGCerts.pm +++ b/lib/OSGCerts.pm @@ -310,15 +310,11 @@ sub fetch_ca_description { $missing_info++; } - if (!defined $description->{tarball_md5sum}) { - log_msg("Bad description: tarball_md5sum was not specified\n"); + if (!(defined $description->{tarball_md5sum} || defined $description->{tarball_sha256sum})) { + log_msg("Bad description: neither tarball_md5sum nor tarball_sha256sum were specified\n"); $missing_info++; } - if (!defined $description->{tarball_sha256sum}) { - log_msg("Description missing: tarball_sha256sum was not specified\n"); - } - if($missing_info != 0) { log_msg("The description file is incomplete.\n"); $description->{valid} = 0; diff --git a/sbin/osg-update-certs b/sbin/osg-update-certs index 08282d1..bbeb107 100755 --- a/sbin/osg-update-certs +++ b/sbin/osg-update-certs @@ -592,10 +592,12 @@ sub dump_description { " Certs version: '$description->{certsversion}'", " Version info: '$description->{versiondesc}", " Tarball: '$description->{tarball}'", - " Tarball MD5 Sum: '$description->{tarball_md5sum}'", " Timestamp: '$description->{timestamp}'"); + if (defined $description->{tarball_md5sum}) { + log_msg(" Tarball MD5 Sum: '$description->{tarball_md5sum}'") + } if (defined $description->{tarball_sha256sum}) { - log_msg(" Tarball SHA256 Sum: '$description->{tarball_sha256sum}'"), + log_msg(" Tarball SHA256 Sum: '$description->{tarball_sha256sum}'") } } @@ -624,9 +626,8 @@ sub verify_certs_tarball { my $tarball_pathname = $_[1]; - my $sha256sum = sha256sum($tarball_pathname); - if (defined $description->{tarball_sha256sum}) { + my $sha256sum = sha256sum($tarball_pathname); if ($sha256sum eq $description->{tarball_sha256sum}) { log_msg("Tarball seems uncorrupted: sha256 checksum is $sha256sum\n"); return 1; @@ -636,10 +637,8 @@ sub verify_certs_tarball { return 0; } } - - my $md5sum = md5sum($tarball_pathname); - - if($md5sum) { + elsif (defined $description->{tarball_md5sum}) { + my $md5sum = md5sum($tarball_pathname); if ($md5sum eq $description->{tarball_md5sum}) { log_msg("Tarball seems uncorrupted: MD5 checksum is $md5sum\n"); return 1; @@ -650,8 +649,8 @@ sub verify_certs_tarball { } } else { - log_msg("md5sum is unavailable, so we assume certs tarball is good."); - return 1; + log_msg("Description is broken: no checksums defined."); + return 0; } } From edd50fdf3cf54998c040ced299891aa5efb282c9 Mon Sep 17 00:00:00 2001 From: Matyas Selmeci Date: Tue, 6 Nov 2018 10:33:38 -0600 Subject: [PATCH 2/3] Update to 1.2.4 --- Makefile | 2 +- rpm/osg-ca-scripts.spec | 9 ++++++--- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/Makefile b/Makefile index c12f9a1..89a4c9b 100644 --- a/Makefile +++ b/Makefile @@ -6,7 +6,7 @@ # ------------------------------------------------------------------------------ PACKAGE := osg-ca-scripts -VERSION := 1.2.3 +VERSION := 1.2.4 # ------------------------------------------------------------------------------ diff --git a/rpm/osg-ca-scripts.spec b/rpm/osg-ca-scripts.spec index 249ebf8..3554a59 100644 --- a/rpm/osg-ca-scripts.spec +++ b/rpm/osg-ca-scripts.spec @@ -1,5 +1,5 @@ Name: osg-ca-scripts -Version: 1.2.3 +Version: 1.2.4 Release: 1%{?dist} Summary: CA Certificate helper scripts @@ -77,10 +77,13 @@ install -d $RPM_BUILD_ROOT%{_localstatedir}/lib/osg-ca-certs %dir %attr(0755,root,root) %{_localstatedir}/lib/osg-ca-certs %changelog -* Mon Apr 16 2018 Brian Lin 1.2.3-1> +* Tue Nov 06 2018 Mátyás Selmeci 1.2.4-1 +- Fix error when md5 tarball checksums are missing (SOFTWARE-3463) + +* Mon Apr 16 2018 Brian Lin 1.2.3-1 - Update references to grid.iu.edu to opensciencegrid.org -* Mon Dec 11 2017 Edgar Fajardo 1.2.2-1> +* Mon Dec 11 2017 Edgar Fajardo 1.2.2-1 - Bumping version number in the Makefile * Fri Dec 08 2017 Edgar Fajardo 1.2.1-1 From 205cd55487de5918f6c702a3c4f4381734f94b6b Mon Sep 17 00:00:00 2001 From: Matyas Selmeci Date: Tue, 6 Nov 2018 11:21:45 -0600 Subject: [PATCH 3/3] Fix osg-ca-certs-status systemd support Normally it looks for the fetch-crl-cron init script to see if it's enabled, but that file doesn't exist on a systemd install. Look for the .service file instead. --- bin/osg-ca-certs-status | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/bin/osg-ca-certs-status b/bin/osg-ca-certs-status index 2462c95..bc878ed 100755 --- a/bin/osg-ca-certs-status +++ b/bin/osg-ca-certs-status @@ -174,9 +174,16 @@ sub print_full_info { my $name = $1; chomp(my @fetch_crl_files = `rpm -ql $name`); my $init_script = (grep(m{^/etc.*init.d/fetch-crl.*-cron}, @fetch_crl_files))[0]; - my $cron_service = basename($init_script); - my $exit_status = system("/sbin/service $cron_service status >/dev/null 2>&1"); - push @installed_cron_services, $cron_service if $exit_status == 0; + my $service_file = (grep(m{^/usr/lib/systemd/system/fetch-crl-cron.service}, @fetch_crl_files))[0]; + if ($init_script) { + my $cron_service = basename($init_script); + my $exit_status = system("/sbin/service $cron_service status >/dev/null 2>&1"); + push @installed_cron_services, $cron_service if $exit_status == 0; + } + elsif ($service_file) { # systemd + my $exit_status = system("systemctl status fetch-crl-cron >/dev/null 2>&1"); + push @installed_cron_services, "fetch-crl-cron"; + } } } if (@installed_cron_services) {