/[pdpsoft]/nl.nikhef.pdp.fetchcrl/trunk/fetch-crl3.pl.cin
ViewVC logotype

Diff of /nl.nikhef.pdp.fetchcrl/trunk/fetch-crl3.pl.cin

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

nl.nikhef.pdp.fetchcrl/trunk/fetch-crl3.pl revision 2305 by davidg, Sun Jun 12 20:59:58 2011 UTC nl.nikhef.pdp.fetchcrl/trunk/fetch-crl3.pl.cin revision 3107 by davidg, Fri Sep 9 15:32:11 2016 UTC
# Line 25  use Getopt::Long qw(:config no_ignore_ca Line 25  use Getopt::Long qw(:config no_ignore_ca
25  use POSIX;  use POSIX;
26  eval { require LWP or die; }; $@ and die "Please install libwww-perl (LWP)\n";  eval { require LWP or die; }; $@ and die "Please install libwww-perl (LWP)\n";
27    
28    my $sccsid = '@(#)$Id$';
29    
30  # import modules that are needed but still external  # import modules that are needed but still external
31  # (the installed version may have these packages embedded in-line)  # (the installed version may have these packages embedded in-line)
32  #  #
# Line 46  use vars qw/ $log $cnf /; Line 48  use vars qw/ $log $cnf /;
48  #  #
49  ($cnf,$log) = &init_configuration();  ($cnf,$log) = &init_configuration();
50    
51    # use Net::INET6Glue if so requested (is not a default module)
52    if ( $cnf->{_}->{inet6glue} ) {
53      eval { require Net::INET6Glue::INET_is_INET6 or die; };
54      $@ and die "Please install Net::INET6Glue before enabling inet6glue config\n";
55    }
56    
57  # verify local installation sanity for loaded modules  # verify local installation sanity for loaded modules
58  $::log->getverbose > 6 and ! $use_DataDumper and  $::log->getverbose > 6 and ! $use_DataDumper and
59    $::log->err("Cannot set verbosity higher than 6 without Data::Dumper") and    $::log->err("Cannot set verbosity higher than 6 without Data::Dumper") and
# Line 59  $use_DataDumper and $::log->verb(7,Data: Line 67  $use_DataDumper and $::log->verb(7,Data:
67  # set safe path if so requested  # set safe path if so requested
68  $cnf->{_}->{path} and $ENV{"PATH"} = $cnf->{_}->{path} and  $cnf->{_}->{path} and $ENV{"PATH"} = $cnf->{_}->{path} and
69    $::log->verb(5,"Set PATH to",$ENV{"PATH"});    $::log->verb(5,"Set PATH to",$ENV{"PATH"});
70    
71    # set rcmode if present in config
72    defined $cnf->{_}->{rcmode} and do {
73      $::log->verb(4,"Setting exit status mode to ".$cnf->{_}->{rcmode});
74      $::log->setrcmode($cnf->{_}->{rcmode}) or exit($log->exitstatus);
75      $::log->verb(2,"Exit status mode is set to ".$cnf->{_}->{rcmode});
76    };
77        
78  # wait up to randomwait seconds to spread download load  # wait up to randomwait seconds to spread download load
79  $cnf->{_}->{randomwait} and do {  $cnf->{_}->{randomwait} and do {
# Line 85  $::cnf->{_}->{"infodir"} and do { Line 100  $::cnf->{_}->{"infodir"} and do {
100  };  };
101    
102  @metafiles or  @metafiles or
103    $log->err("No trust anchors to process") and exit($log->exitstatus);    $log->warn("No trust anchors to process") and exit($log->exitstatus);
104    
105  if ( $::cnf->{_}->{parallelism} ) {  if ( $::cnf->{_}->{parallelism} ) {
106    &parallel_metafiles($::cnf->{_}->{parallelism}, @metafiles);    &parallel_metafiles($::cnf->{_}->{parallelism}, @metafiles);
# Line 93  if ( $::cnf->{_}->{parallelism} ) { Line 108  if ( $::cnf->{_}->{parallelism} ) {
108    &process_metafiles( @metafiles );    &process_metafiles( @metafiles );
109  }  }
110    
111    # run any post-processing
112    if ( $::cnf->{_}->{"postexec"} ) {
113      my @args = ( $::cnf->{_}->{"postexec"},
114        "v1", "global",
115        $::cnf->{_}->{"infodir"}, $::cnf->{_}->{"cadir"}, $::cnf->{_}->{"output"} );
116      $::log->verb(2,"Executing global postscript @args");
117      my $postrc = system(@args);
118      if ( $postrc == -1 ) {
119        $::log->err("Cannot execute global postexec program: $!");
120      } elsif ( $postrc > 0 ) {
121        $::log->err("Global postexec program returned error code ".($? >> 8));
122      }
123    }
124    
125  $log->flush;  $log->flush;
126  exit($log->exitstatus);  exit($log->exitstatus);
127    
# Line 109  sub init_configuration() { Line 138  sub init_configuration() {
138    my $verbosity;    my $verbosity;
139    my $quiet=0;    my $quiet=0;
140    my $help=0;    my $help=0;
141      my $showversion=0;
142    my $debuglevel;    my $debuglevel;
143    my $parallelism=0;    my $parallelism=0;
144    my $randomwait;    my $randomwait;
145    my $nosymlinks;    my $nosymlinks;
146    my $cfgdir;    my $cfgdir;
147      my $inet6glue=0;
148      my %directives;
149    
150    $log = FCLog->new("qualified");    $log = FCLog->new("qualified");
151    
# Line 126  sub init_configuration() { Line 158  sub init_configuration() {
158      "T|httptimeout=i" => \$httptimeout,      "T|httptimeout=i" => \$httptimeout,
159      "o|output=s" => \$output,      "o|output=s" => \$output,
160      "format=s@" => \@formats,      "format=s@" => \@formats,
161        "define=s" => \%directives,
162      "v|verbose+" => \$verbosity,      "v|verbose+" => \$verbosity,
163      "h|help+" => \$help,      "h|help+" => \$help,
164        "V|version+" => \$showversion,
165      "q|quiet+" => \$quiet,      "q|quiet+" => \$quiet,
166      "d|debug+" => \$debuglevel,      "d|debug+" => \$debuglevel,
167      "p|parallelism=i" => \$parallelism,      "p|parallelism=i" => \$parallelism,
168      "nosymlinks+" => \$nosymlinks,      "nosymlinks+" => \$nosymlinks,
169      "a|agingtolerance=i" => \$agingtolerance,      "a|agingtolerance=i" => \$agingtolerance,
170      "r|randomwait=i" => \$randomwait,      "r|randomwait=i" => \$randomwait,
171        "inet6glue+" => \$inet6glue,
172      ) or &help and exit(1);      ) or &help and exit(1);
173    
174    $help and &help and exit(0);    $help and &help and exit(0);
175      $showversion and &showversion and exit(0);
176    
177    $configfile ||= ( -e "/etc/fetch-crl.conf" and "/etc/fetch-crl.conf" );    $configfile ||= ( -e "/etc/fetch-crl.conf" and "/etc/fetch-crl.conf" );
178    $configfile ||= ( -e "/etc/fetch-crl.cnf" and "/etc/fetch-crl.cnf" );    $configfile ||= ( -e "/etc/fetch-crl.cnf" and "/etc/fetch-crl.cnf" );
   ($quiet > 0) and $verbosity = -$quiet;  
179    
180    $cnf = ConfigTiny->new();    $cnf = ConfigTiny->new();
181    $configfile and    $configfile and
# Line 157  sub init_configuration() { Line 192  sub init_configuration() {
192      close $dh;      close $dh;
193    }    }
194    
195      # add defined from the command line to the configuration, to the
196      # main section _ thereof unless there is a colon in the key
197      foreach my $k ( keys %directives ) {
198        my $section ="_";
199        my $dvalue = $directives{$k};
200        if ( $k =~ m/(\w+):(.*)/ ) {
201          $section = $1;
202          $k=$2;
203        }
204        $cnf->{$section}->{$k} = $dvalue;
205      }
206    
207    # command-line option overrides    # command-line option overrides
208    $cnf->{_}->{agingtolerance} = $agingtolerance if defined $agingtolerance;    $cnf->{_}->{agingtolerance} = $agingtolerance if defined $agingtolerance;
209    $cnf->{_}->{infodir}        = $infodir if defined $infodir;    $cnf->{_}->{infodir}        = $infodir if defined $infodir;
# Line 170  sub init_configuration() { Line 217  sub init_configuration() {
217    $cnf->{_}->{parallelism}    = $parallelism if $parallelism;    $cnf->{_}->{parallelism}    = $parallelism if $parallelism;
218    $cnf->{_}->{randomwait}     = $randomwait if defined $randomwait;    $cnf->{_}->{randomwait}     = $randomwait if defined $randomwait;
219    $cnf->{_}->{nosymlinks}     = $nosymlinks if defined $nosymlinks;    $cnf->{_}->{nosymlinks}     = $nosymlinks if defined $nosymlinks;
220      $cnf->{_}->{inet6glue}      = $inet6glue if $inet6glue;
221    
222      # deal with interaction of verbosity in logfile and quiet option
223      # since a noquiet config option can cancel it
224      if ( not defined $cnf->{_}->{noquiet} ) {
225        if ( $quiet == 1) { $cnf->{_}->{verbosity} = -1; }
226      } else {
227        if ( $quiet >= 2) { $cnf->{_}->{verbosity} = -1; }
228      }
229    
230    # key default values    # key default values
231    defined $cnf->{_}->{version}  or $cnf->{_}->{version}    = "3+";    defined $cnf->{_}->{version}  or $cnf->{_}->{version}    = "3+";
# Line 183  sub init_configuration() { Line 239  sub init_configuration() {
239    defined $cnf->{_}->{formats}  or $cnf->{_}->{formats}    = "openssl";    defined $cnf->{_}->{formats}  or $cnf->{_}->{formats}    = "openssl";
240    defined $cnf->{_}->{opensslmode} or $cnf->{_}->{opensslmode} = "dual";    defined $cnf->{_}->{opensslmode} or $cnf->{_}->{opensslmode} = "dual";
241    defined $cnf->{_}->{httptimeout} or $cnf->{_}->{httptimeout} = 120;    defined $cnf->{_}->{httptimeout} or $cnf->{_}->{httptimeout} = 120;
242      defined $cnf->{_}->{expirestolerance} or $cnf->{_}->{expirestolerance} = (7*60*60); # at least 7 hrs should nextUpdate be beyond the cache FreshUntil
243      defined $cnf->{_}->{maxcachetime} or $cnf->{_}->{maxcachetime} = (4*24*60*60); # arbitrarily set it at 4 days
244    defined $cnf->{_}->{nametemplate_der} or    defined $cnf->{_}->{nametemplate_der} or
245      $cnf->{_}->{nametemplate_der} = "\@ANCHORNAME\@.\@R\@.crl";      $cnf->{_}->{nametemplate_der} = "\@ANCHORNAME\@.\@R\@.crl";
246    defined $cnf->{_}->{nametemplate_pem} or    defined $cnf->{_}->{nametemplate_pem} or
# Line 196  sub init_configuration() { Line 254  sub init_configuration() {
254    $cnf->{_}->{nosymlinks}     ||= 0;    $cnf->{_}->{nosymlinks}     ||= 0;
255    $cnf->{_}->{verbosity}      ||= 0;    $cnf->{_}->{verbosity}      ||= 0;
256    $cnf->{_}->{debuglevel}     ||= 0;    $cnf->{_}->{debuglevel}     ||= 0;
257      $cnf->{_}->{inet6glue}      ||= 0;
258    
259    $cnf->{_}->{stateless} and delete $cnf->{_}->{statedir};    $cnf->{_}->{stateless} and delete $cnf->{_}->{statedir};
260    
# Line 227  sub init_configuration() { Line 286  sub init_configuration() {
286  # ###########################################################################  # ###########################################################################
287  #  #
288  #  #
289    sub showversion() {
290      (my $name = $0) =~ s/.*\///;
291      print "$name version @VERSION@\n";
292      return 1;
293    }
294    
295  sub help() {  sub help() {
296    (my $name = $0) =~ s/.*\///;    (my $name = $0) =~ s/.*\///;
297  print <<EOHELP;  print <<EOHELP;
# Line 273  Options: Line 338  Options:
338   -h | --help   -h | --help
339          This help text          This help text
340    
341    Version: @VERSION@
342  EOHELP  EOHELP
343    
344    return 1;    return 1;
# Line 289  sub process_metafiles(@) { Line 355  sub process_metafiles(@) {
355        $cnf->{_}->{"infodir"} and $ta->setInfodir($cnf->{_}->{"infodir"});        $cnf->{_}->{"infodir"} and $ta->setInfodir($cnf->{_}->{"infodir"});
356        $ta->loadAnchor($f) or next;        $ta->loadAnchor($f) or next;
357        $ta->saveLogMode() and $ta->setLogMode();        $ta->saveLogMode() and $ta->setLogMode();
       $ta->loadCAfiles() or next;  
358        $ta->loadState() or next;        $ta->loadState() or next;
359        $ta->retrieve or next;  
360          # using the HASH in the CA filename templates requires the CRL
361          # is retrieved first to determinte the hash
362          if ( $cnf->{_}->{"catemplate"} =~ /\@HASH\@/ ) {
363            $ta->retrieve or next;
364            $ta->loadCAfiles() or next;
365          } else {
366            $ta->loadCAfiles() or next;
367            $ta->retrieve or next;
368          }
369    
370        $ta->verifyAndConvertCRLs or next;        $ta->verifyAndConvertCRLs or next;
371            
372        my $writer = CRLWriter->new($ta);        my $writer = CRLWriter->new($ta);
373        $writer->writeall() or next;        $writer->writeall() or next;
374        $ta->saveState() or next;        $ta->saveState() or next;
375    
376          if ( $::cnf->{$ta->{"alias"}}->{"postexec"} ) {
377            my @args = ( $::cnf->{$ta->{"alias"}}->{"postexec"},
378              "v1", "ta",
379              $ta->{"alias"}, $ta->{"filename"}, $::cnf->{_}->{"cadir"}, $::cnf->{_}->{"output"} );
380            $::log->verb(2,"Executing postscript for ".$ta->{"alias"}.": @args");
381            my $postrc = system(@args);
382            if ( $postrc == -1 ) {
383              $::log->err("Cannot execute postexec program for".$ta->{"alias"}.": $!");
384            } elsif ( $postrc > 0 ) {
385              $::log->err("postexec program for ".$ta->{"alias"}." returned error code ".($? >> 8));
386            }
387          }
388        $ta->restoreLogMode();        $ta->restoreLogMode();
389    }    }
390    

Legend:
Removed from v.2305  
changed lines
  Added in v.3107

grid.support@nikhef.nl
ViewVC Help
Powered by ViewVC 1.1.28