The CS.cfg logic looks fine.
The check_symlinks() code is still a little confusing.
You do the following check:
target=${symlinks[${key}]}
# Check to make certain that the expected target exists.
if [ -e ${target} ]; then
....
else
# Attempt to remove this dangling symbolic link and
# issue an ERROR that the target to which the
# symbolic link is expected to point does NOT exist.
rm ${symlink}
....
This is not correct. Its not necessarily a danglng link. The link that
is there may in fact point to another (wrong) target. All you know is
that you cannot correct this link because the expected target does not
exist.
To simplify check_links(), I suggest that you move the check for whether
or not the target exists and is fully resolvable into make_symlink().
If either fails, then error out.
then the logic in check_symlinks() becomes simpler.
if [ -e symlink]; then
if [-h symlink]; then
target = symlinks[key]
current_target = `readlink symlink`
if [target == current_target]; then
check if exists and resolvable and chown
else
rm symlink
make_link()
elif [-f symlink]
warn about debugging
else
error "directory or some such"
else
make_link()
On Mon, 2012-08-27 at 20:57 -0700, Matthew Harmsen wrote:
This patch attempts to address these issues.
On 08/24/12 07:54, Ade Lee wrote:
> same comments as on the dogtag 10 patch.
>
> On Wed, 2012-08-22 at 20:26 -0700, Matthew Harmsen wrote:
>> This patch addresses the issue listed below for Dogtag 9:
>> * TRAC Ticket #301 - Need to modify init scripts to verify
>> needed symlinks in an instance
>> This patch has been tested and found to work successfully on 64-bit
>> Fedora 16 with SElinux in "Permissive" mode:
>> * Built and installed Dogtag 9 Packages on a 64-bit Fedora 16
>> host
>> * Installed and configured Dogtag 9 CA, KRA, OCSP, TKS, RA, and
>> TPS instances
>> * Tested attached symlinks patch on all subsystems (although I
>> was unable to get the configured TPS to restart --
>> successfully applied logic from standalone test program)
>> _______________________________________________
>> Pki-devel mailing list
>> Pki-devel(a)redhat.com
>>
https://www.redhat.com/mailman/listinfo/pki-devel
>