gLite 3.0
glite-VOMS_mysql - Update to version 3.0.11-0
This release upgrades VOMS from version 1.6 to version 1.7.
Here is a link to the list of bugs fixed:
http://littleblue.cnaf.infn.it/twiki/bin/view/VOMS/WebDevelopment.
And here are the release notes, for the upgrade from 1.6.x to 1.7.x:
glite-VOMS_mysql - Update to version 3.0.11-0
| Date | 23.04.07 |
|---|---|
| Priority | Normal |
Description
This release upgrades VOMS from version 1.6 to version 1.7.
Here is a link to the list of bugs fixed:
http://littleblue.cnaf.infn.it/twiki/bin/view/VOMS/WebDevelopment.
And here are the release notes, for the upgrade from 1.6.x to 1.7.x:
- The clients and APIs of VOMS 1.7.x are fully backwards compatible with VOMS 1.6.x. A simple upgrade of the RPMs is all that is necessary to upgrade them.
- The server however requires an upgrade of the DB schema, upgrade that is performed the first time voms-admin 1.2.17 or higher is run. This means that VOMS 1.7.x requires voms-admin 1.2.17 or higher, though those versions of voms-admin may also run with VOMS 1.6.x.
- Configuration-wise, two new ways to configure the vomsdir directory are available. Though both optional at the moment, it is highly suggested that at least option number 1 is used. The support of the old format will be removed with VOMS 1.8.x or in one year, whichever comes later.
- New configuration options:
- Inside the vomsdir directory, a subdirectory for each supported VO is made, with the same name of the VO, and all and only the certificates of the servers supporting that VO are placed in it. The main directory should not contain any file, just the VO subdirs
-
Instead of the server certificate, a new file, named <hostname>.lsc is placed in the VO subdir. This allows host admin to avoid updating the list of certificates whenever a VOMS server changes its certificate. For details od the file's format look at section 5.1.1 of the updated user guide, available here:
https://edms.cern.ch/file/571991/1/voms-guide.pdf.
Please also have a look at the list of known issues.
This update fixes various bugs. For the full list of bugs, please see list below.
Fixed bugs
| Number | Description |
|---|---|
| #10035 | voms_install_replica.sgml problem |
| #10830 | output of voms-proxy-init --help misleading |
| #12514 | Specifying multiple roles |
| #13675 | voms-proxy-init doesn't complain about wrong parameters or junk in the command line, just silently fails |
| #14026 | VOMS clients to be configured with the trusted certificate subjects, not the whole certificate |
| #15238 | [VOMS] init script start function is unclear or incorrect |
| #15239 | [VOMS] init script displays incomplete usage |
| #15572 | [VOMS] Invalid use of '~' in looking for vomses directory |
| #15700 | [VOMS] Apparent bug in open() of fifo |
| #16540 | voms-proxy-init -hours and -valid difference |
| #16576 | voms-proxy-init failure leaves tmp_x509up_u$(id -u)_$$ file on failure without a debugging wish from the user |
| #17362 | voms-proxy-fake uses the holder's cert to sign the AC |
| #17747 | Errors in DB Access |
| #17748 | Incorrect proxy format for GT 4 |
| #17750 | voms core logs: give explicit reason when proxy refused due to invalid crl or other problem with user's CA. |
| #17831 | voms-proxy-init doesn't work with single quote in DN |
| #17863 | voms-proxy-info man page and -help inconsistency |
| #18258 | voms-proxy-init failure |
| #19145 | voms-proxy-* commands should be able to use p12 formatted certificate |
| #19230 | voms-proxy-init --valid 168:00 result not clearly explained situation |
| #19349 | voms start script for a vo kills other vos |
| #20502 | A memory leak in vomsdata::Retrieve() |
| #20508 | simplified Java VOMS API |
| #20805 | voms-proxy-info showing the delegation chain |
| #20984 | Ip address information in logs when a proxy is requested in VOMS Server |
| #21033 | Signing policy verifies first tripplet with matching access_id_CA in policy files only. |
| #22156 | There is a possible vulnerability concerning the VOMS server |
| #22832 | Proxy renewal doesn't work |
| #24294 | Unharmonized indexing of voms_apic.h/c interface (Voms version 1.7.10) |
| #24373 | Exit codes for voms-proxy-init not unique. |
| #24556 | Seg fault in voms-proxy-info |
Updated rpms
| Name | Version | Full RPM name | Description |
|---|---|---|---|
| glite-security-voms-api-cpp | 1.7.16-2 | glite-security-voms-api-cpp-1.7.16-2.i386.rpm | glite-security-voms |
| glite-security-voms-clients | 1.7.16-2 | glite-security-voms-clients-1.7.16-2.i386.rpm | glite-security-voms |
| glite-security-voms-config | 1.7.16-2 | glite-security-voms-config-1.7.16-2.i386.rpm | glite-security-voms |
| glite-security-voms-mysql | 1.1.5-1 | glite-security-voms-mysql-1.1.5-1.i386.rpm | glite-security-voms |
| glite-security-voms-server | 1.7.16-2 | glite-security-voms-server-1.7.16-2.i386.rpm | glite-security-voms |
| glite-VOMS_mysql | 3.0.11-0 | glite-VOMS_mysql-3.0.11-0.noarch.rpm | gLite VOMS Server and Admin Tools node configuration files |
The RPMs can be updated using apt via
- via apt: apt-get dist-upgrade
- or via a download from:
http://glitesoft.cern.ch/EGEE/gLite/APT/R3.0/rhel30/RPMS.updates/
Service reconfiguration after update
Not needed.
Service restart after update
Service must be restarted.
How to apply the fix
- Update the RPMs (see above)
- Update configuration (see above)
- Restart the service if necessary (see above)