Page updated: 06/09/2004
About the website

                        Valid XHTML 1.0!

 
gLite 3.0

glite-VOMS_mysql - Update to version 3.0.11-0

Date 23.04.07
Priority Normal

Description


This release upgrades VOMS from version 1.6 to version 1.7.

Here is a link to the list of bugs fixed:
http://littleblue.cnaf.infn.it/twiki/bin/view/VOMS/WebDevelopment.

And here are the release notes, for the upgrade from 1.6.x to 1.7.x:
  • The clients and APIs of VOMS 1.7.x are fully backwards compatible with VOMS 1.6.x. A simple upgrade of the RPMs is all that is necessary to upgrade them.
  • The server however requires an upgrade of the DB schema, upgrade that is performed the first time voms-admin 1.2.17 or higher is run. This means that VOMS 1.7.x requires voms-admin 1.2.17 or higher, though those versions of voms-admin may also run with VOMS 1.6.x.
  • Configuration-wise, two new ways to configure the vomsdir directory are available. Though both optional at the moment, it is highly suggested that at least option number 1 is used. The support of the old format will be removed with VOMS 1.8.x or in one year, whichever comes later.
  • New configuration options:
    1. Inside the vomsdir directory, a subdirectory for each supported VO is made, with the same name of the VO, and all and only the certificates of the servers supporting that VO are placed in it. The main directory should not contain any file, just the VO subdirs
    2. Instead of the server certificate, a new file, named <hostname>.lsc is placed in the VO subdir. This allows host admin to avoid updating the list of certificates whenever a VOMS server changes its certificate. For details od the file's format look at section 5.1.1 of the updated user guide, available here:
      https://edms.cern.ch/file/571991/1/voms-guide.pdf.

Please also have a look at the list of known issues.

This update fixes various bugs. For the full list of bugs, please see list below.

Fixed bugs

Number Description
 #10035 voms_install_replica.sgml problem
 #10830 output of voms-proxy-init --help misleading
 #12514 Specifying multiple roles
 #13675 voms-proxy-init doesn't complain about wrong parameters or junk in the command line, just silently fails
 #14026 VOMS clients to be configured with the trusted certificate subjects, not the whole certificate
 #15238 [VOMS] init script start function is unclear or incorrect
 #15239 [VOMS] init script displays incomplete usage
 #15572 [VOMS] Invalid use of '~' in looking for vomses directory
 #15700 [VOMS] Apparent bug in open() of fifo
 #16540 voms-proxy-init -hours and -valid difference
 #16576 voms-proxy-init failure leaves tmp_x509up_u$(id -u)_$$ file on failure without a debugging wish from the user
 #17362 voms-proxy-fake uses the holder's cert to sign the AC
 #17747 Errors in DB Access
 #17748 Incorrect proxy format for GT 4
 #17750 voms core logs: give explicit reason when proxy refused due to invalid crl or other problem with user's CA.
 #17831 voms-proxy-init doesn't work with single quote in DN
 #17863 voms-proxy-info man page and -help inconsistency
 #18258 voms-proxy-init failure
 #19145 voms-proxy-* commands should be able to use p12 formatted certificate
 #19230 voms-proxy-init --valid 168:00 result not clearly explained situation
 #19349 voms start script for a vo kills other vos
 #20502 A memory leak in vomsdata::Retrieve()
 #20508 simplified Java VOMS API
 #20805 voms-proxy-info showing the delegation chain
 #20984 Ip address information in logs when a proxy is requested in VOMS Server
 #21033 Signing policy verifies first tripplet with matching access_id_CA in policy files only.
 #22156 There is a possible vulnerability concerning the VOMS server
 #22832 Proxy renewal doesn't work
 #24294 Unharmonized indexing of voms_apic.h/c interface (Voms version 1.7.10)
 #24373 Exit codes for voms-proxy-init not unique.
 #24556 Seg fault in voms-proxy-info

Updated rpms

Name Version Full RPM name Description
glite-security-voms-api-cpp 1.7.16-2 glite-security-voms-api-cpp-1.7.16-2.i386.rpm glite-security-voms
glite-security-voms-clients 1.7.16-2 glite-security-voms-clients-1.7.16-2.i386.rpm glite-security-voms
glite-security-voms-config 1.7.16-2 glite-security-voms-config-1.7.16-2.i386.rpm glite-security-voms
glite-security-voms-mysql 1.1.5-1 glite-security-voms-mysql-1.1.5-1.i386.rpm glite-security-voms
glite-security-voms-server 1.7.16-2 glite-security-voms-server-1.7.16-2.i386.rpm glite-security-voms
glite-VOMS_mysql 3.0.11-0 glite-VOMS_mysql-3.0.11-0.noarch.rpm gLite VOMS Server and Admin Tools node configuration files

The RPMs can be updated using apt via

Service reconfiguration after update

Not needed.

Service restart after update

Service must be restarted.

How to apply the fix

  1. Update the RPMs (see above)
  2. Update configuration (see above)
  3. Restart the service if necessary (see above)