gLite > gLite 3.1 > glite-VOMS_oracle > Update to glite-VOMS_oracle 3.1.21-0  
 
 

 

 

gLite 3.1

glite-VOMS_oracle - Update to version 3.1.21-0


Date 25.06.2009
Priority Normal

Description



glite-AMGA_oracle, glite-AMGA_postgres, glite-CREAM, glite-FTA_oracle, glite-FTS_oracle, glite-LB, glite-LFC_mysql glite-LFC_oracle, glite-MON, glite-PX, glite-SE_dpm_disk, glite-SE_dpm_mysql, glite-UI, glite-VOBOX, glite-VOMS_mysql, glite-VOMS_oracle, glite-WMS, glite-WN, lcg-CE

New version of fetch-crl
  • Warnings and errors are now counted. If there are errors in the download or verification process for one or more CRLs, the exit status will be 1; if there are errors in the local setup or in the script invocation, the exit status will be 2.
  • The installed CRLs no longer have the textual representation of the CRL, but only the PEM data blob, thus reducing IO and memory requirements.
  • the CRL aging threshold is now set by default to 24 hours. The previous default was 0. The CRL aging threshold is set in the config file using CRL_AGING_THRESHOLD=<xx>, or with the "-a" command-line argument.
  • Default network timeouts reduced to 10 seconds (was 30) and retries to 2.
  • Added caching and conditional downloading. When CACHEDIR is set, the original downloads are preserved and wget timestamping mode enabled. When the content did not change, only the timestamp on the installed CRL is updated. If SLOPPYCRLHASHES is set, the has is calculated based on the name of the crl_url file, otherwise it is taken from the CRL itself.
  • The CACHEDIR must be exclusively writable by the user running fetch-crl.
  • Setting CACHEDIR significantly reduced the bandwidth used by fetch-crl.
  • Added RESETPATHMODE setting in sysconfig. It defines whether or not to set re-set $PATH to "/bin:/usr/bin" before start. The search for OpenSSL may be done based on the old path. yes=always replace; searchopenssl=search for openssl first and then reset; no=keep original path, whatever that me be (may be empty if called from cron) Default="yes". This replaces the hard-coded path in the tool!
  • Hidden "FORCE_OVERWRITE" option now has a regular name. This is backwards-compatible. Set FORCE_OVERWRITE=yes if you want files overwritten that have a CRL-like name and ought to have CRL content, but currently do not.


Please also have a look at the list of known issues.

This update fixes various bugs. For the full list of bugs, please see list below.

Fixed bugs

Number Description
 #28418 cron job script contains absolute path
 #29559 fetch-crl is not robust enough

Updated rpms

Name Version Full RPM name Description
fetch-crl 2.7.0-1 fetch-crl-2.7.0-1.noarch.rpm Tool for periodic retrieval of Certificate Revocation Lists
glite-VOMS_oracle 3.1.21-0 glite-VOMS_oracle-3.1.21-0.i386.rpm gLite metapackage (glite-VOMS_oracle)

The RPMs can be updated using yum via

Service reconfiguration after update

Not needed.

Service restart after update

Not needed.

How to apply the fix

  1. Update the RPMs (see above)
  2. Update configuration (see above)
  3. Restart the service if necessary (see above)