/[pdpsoft]/nl.nikhef.pdp.fetchcrl/trunk/fetch-crl3.pl.cin
ViewVC logotype

Diff of /nl.nikhef.pdp.fetchcrl/trunk/fetch-crl3.pl.cin

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

trunk/fetchcrl/fetch-crl3.pl revision 1767 by davidg, Fri Jun 11 19:44:35 2010 UTC nl.nikhef.pdp.fetchcrl/trunk/fetch-crl3.pl revision 2604 by davidg, Mon Feb 25 11:59:39 2013 UTC
# Line 46  use vars qw/ $log $cnf /; Line 46  use vars qw/ $log $cnf /;
46  #  #
47  ($cnf,$log) = &init_configuration();  ($cnf,$log) = &init_configuration();
48    
49    # use Net::INET6Glue if so requested (is not a default module)
50    if ( $cnf->{_}->{inet6glue} ) {
51      eval { require Net::INET6Glue or die; };
52      $@ and die "Please install Net::INET6Glue before enabling inet6glue config\n";
53    }
54    
55  # verify local installation sanity for loaded modules  # verify local installation sanity for loaded modules
56  $::log->getverbose > 6 and ! $use_DataDumper and  $::log->getverbose > 6 and ! $use_DataDumper and
57    $::log->err("Cannot set verbosity higher than 6 without Data::Dumper") and    $::log->err("Cannot set verbosity higher than 6 without Data::Dumper") and
# Line 78  $::cnf->{_}->{"infodir"} and do { Line 84  $::cnf->{_}->{"infodir"} and do {
84    foreach my $fn (    foreach my $fn (
85        map { glob ( $::cnf->{_}->{"infodir"} . "/$_" ); } "*.info", "*.crl_url"        map { glob ( $::cnf->{_}->{"infodir"} . "/$_" ); } "*.info", "*.crl_url"
86      ) {      ) {
87        next if $::cnf->{_}->{nosymlinks} and -l $fn;
88      $fn =~ /.*\/([^\/]+)(\.crl_url|\.info)$/;      $fn =~ /.*\/([^\/]+)(\.crl_url|\.info)$/;
89      push @metafiles, $1 unless grep /$1/,@metafiles or not defined $1;      push @metafiles, $1 unless grep /^$1$/,@metafiles or not defined $1;
90    }    }
91  };  };
92    
# Line 111  sub init_configuration() { Line 118  sub init_configuration() {
118    my $debuglevel;    my $debuglevel;
119    my $parallelism=0;    my $parallelism=0;
120    my $randomwait;    my $randomwait;
121      my $nosymlinks;
122      my $cfgdir;
123      my $inet6glue=0;
124    
125    $log = FCLog->new("qualified");    $log = FCLog->new("qualified");
126    
# Line 119  sub init_configuration() { Line 129  sub init_configuration() {
129      "l|infodir=s" => \$infodir,      "l|infodir=s" => \$infodir,
130      "cadir=s" => \$cadir,      "cadir=s" => \$cadir,
131      "s|statedir=s" => \$statedir,      "s|statedir=s" => \$statedir,
132        "cfgdir=s" => \$cfgdir,
133      "T|httptimeout=i" => \$httptimeout,      "T|httptimeout=i" => \$httptimeout,
134      "o|output=s" => \$output,      "o|output=s" => \$output,
135      "format=s@" => \@formats,      "format=s@" => \@formats,
# Line 127  sub init_configuration() { Line 138  sub init_configuration() {
138      "q|quiet+" => \$quiet,      "q|quiet+" => \$quiet,
139      "d|debug+" => \$debuglevel,      "d|debug+" => \$debuglevel,
140      "p|parallelism=i" => \$parallelism,      "p|parallelism=i" => \$parallelism,
141        "nosymlinks+" => \$nosymlinks,
142      "a|agingtolerance=i" => \$agingtolerance,      "a|agingtolerance=i" => \$agingtolerance,
143      "r|randomwait=i" => \$randomwait,      "r|randomwait=i" => \$randomwait,
144        "inet6glue+" => \$inet6glue,
145      ) or &help and exit(1);      ) or &help and exit(1);
146    
147    $help and &help and exit(0);    $help and &help and exit(0);
148    
149      $configfile ||= ( -e "/etc/fetch-crl.conf" and "/etc/fetch-crl.conf" );
150    $configfile ||= ( -e "/etc/fetch-crl.cnf" and "/etc/fetch-crl.cnf" );    $configfile ||= ( -e "/etc/fetch-crl.cnf" and "/etc/fetch-crl.cnf" );
   ($quiet > 0) and $verbosity = -$quiet;  
151    
152    $cnf = ConfigTiny->new();    $cnf = ConfigTiny->new();
153    $configfile and    $configfile and
154      $cnf->read($configfile) || die "Invalid config file $configfile:\n  " .      $cnf->read($configfile) || die "Invalid config file $configfile:\n  " .
155                                     $cnf->errstr . "\n";                                     $cnf->errstr . "\n";
156    
157      ( defined $cnf->{_}->{cfgdir} and $cfgdir = $cnf->{_}->{cfgdir} )
158        unless defined $cfgdir;
159      $cfgdir ||= "/etc/fetch-crl.d";
160      if ( defined $cfgdir and -d $cfgdir and opendir(my $dh,$cfgdir) ) {
161        while ( my $fn = readdir $dh ) {
162          -f "$cfgdir/$fn" and -r "$cfgdir/$fn" and $cnf->read("$cfgdir/$fn");
163        }
164        close $dh;
165      }
166    
167    # command-line option overrides    # command-line option overrides
168    $cnf->{_}->{agingtolerance} = $agingtolerance if defined $agingtolerance;    $cnf->{_}->{agingtolerance} = $agingtolerance if defined $agingtolerance;
169    $cnf->{_}->{infodir}        = $infodir if defined $infodir;    $cnf->{_}->{infodir}        = $infodir if defined $infodir;
# Line 150  sub init_configuration() { Line 173  sub init_configuration() {
173    $cnf->{_}->{verbosity}      = $verbosity if defined $verbosity;    $cnf->{_}->{verbosity}      = $verbosity if defined $verbosity;
174    $cnf->{_}->{debuglevel}     = $debuglevel if defined $debuglevel;    $cnf->{_}->{debuglevel}     = $debuglevel if defined $debuglevel;
175    $cnf->{_}->{output}         = $output if defined $output;    $cnf->{_}->{output}         = $output if defined $output;
176    $cnf->{_}->{formats}        = join "&",@formats if @formats;    $cnf->{_}->{formats}        = join "\001",@formats if @formats;
177    $cnf->{_}->{parallelism}    = $parallelism if $parallelism;    $cnf->{_}->{parallelism}    = $parallelism if $parallelism;
178    $cnf->{_}->{randomwait}     = $randomwait if defined $randomwait;    $cnf->{_}->{randomwait}     = $randomwait if defined $randomwait;
179      $cnf->{_}->{nosymlinks}     = $nosymlinks if defined $nosymlinks;
180      $cnf->{_}->{inet6glue}      = $inet6glue if $inet6glue;
181    
182      # deal with interaction of verbosity in logfile and quiet option
183      # since a noquiet config option can cancel it
184      if ( not defined $cnf->{_}->{noquiet} ) {
185        if ( $quiet == 1) { $cnf->{_}->{verbosity} = -1; }
186      } else {
187        if ( $quiet >= 2) { $cnf->{_}->{verbosity} = -1; }
188      }
189    
190    # key default values    # key default values
191    defined $cnf->{_}->{version}  or $cnf->{_}->{version}    = "3+";    defined $cnf->{_}->{version}  or $cnf->{_}->{version}    = "3+";
# Line 171  sub init_configuration() { Line 204  sub init_configuration() {
204    defined $cnf->{_}->{nametemplate_pem} or    defined $cnf->{_}->{nametemplate_pem} or
205      $cnf->{_}->{nametemplate_pem} = "\@ANCHORNAME\@.\@R\@.crl.pem";      $cnf->{_}->{nametemplate_pem} = "\@ANCHORNAME\@.\@R\@.crl.pem";
206    defined $cnf->{_}->{catemplate} or    defined $cnf->{_}->{catemplate} or
207      $cnf->{_}->{catemplate} = "\@ALIAS\@.pem&".      $cnf->{_}->{catemplate} = "\@ALIAS\@.pem\001".
208                                "\@ALIAS\@.\@R\@&\@ANCHORNAME\@.\@R\@";                                "\@ALIAS\@.\@R\@\001\@ANCHORNAME\@.\@R\@";
209    
210    $cnf->{_}->{nonssverify}    ||= 0;    $cnf->{_}->{nonssverify}    ||= 0;
211    $cnf->{_}->{nocache}        ||= 0;    $cnf->{_}->{nocache}        ||= 0;
212      $cnf->{_}->{nosymlinks}     ||= 0;
213    $cnf->{_}->{verbosity}      ||= 0;    $cnf->{_}->{verbosity}      ||= 0;
214    $cnf->{_}->{debuglevel}     ||= 0;    $cnf->{_}->{debuglevel}     ||= 0;
215      $cnf->{_}->{inet6glue}      ||= 0;
216    
217    $cnf->{_}->{stateless} and delete $cnf->{_}->{statedir};    $cnf->{_}->{stateless} and delete $cnf->{_}->{statedir};
218    
219    # expand array keys in config    # expand array keys in config
220    defined $cnf->{_}->{formats} and    defined $cnf->{_}->{formats} and
221      @{$cnf->{_}->{formats_}} = split(/[&;,\s]+/,$cnf->{_}->{formats});      @{$cnf->{_}->{formats_}} = split(/[\001;,\s]+/,$cnf->{_}->{formats});
222    
223    # sanity check on configuration    # sanity check on configuration
224    $cnf->{_}->{statedir} and ! -d $cnf->{_}->{statedir} and    $cnf->{_}->{statedir} and ! -d $cnf->{_}->{statedir} and
# Line 194  sub init_configuration() { Line 229  sub init_configuration() {
229    # initialize logging    # initialize logging
230    $log->flush;    $log->flush;
231    $cnf->{_}->{logmode} and $log->destremove("qualified") and do {    $cnf->{_}->{logmode} and $log->destremove("qualified") and do {
232      foreach ( split(/[,&]+/,$cnf->{_}->{logmode}) ) {      foreach ( split(/[,\001]+/,$cnf->{_}->{logmode}) ) {
233        if ( /^syslog$/ ) { $log->destadd($_,$cnf->{_}->{syslogfacility}); }        if ( /^syslog$/ ) { $log->destadd($_,$cnf->{_}->{syslogfacility}); }
234        elsif ( /^(direct|qualified|cache)$/ ) { $log->destadd($_); }        elsif ( /^(direct|qualified|cache)$/ ) { $log->destadd($_); }
235        else { die "Invalid log destination $_, exiting.\n"; }        else { die "Invalid log destination $_, exiting.\n"; }
# Line 218  files. It will install these for use wit Line 253  files. It will install these for use wit
253    
254  Usage: $name [-c|--config configfile] [-l|--infodir path]  Usage: $name [-c|--config configfile] [-l|--infodir path]
255    [--cadir path] [-s|--statedir path] [-o|--output path] [--format \@formats]    [--cadir path] [-s|--statedir path] [-o|--output path] [--format \@formats]
256    [-T|--httptimeout seconds] [-p|--parallelism n]    [-T|--httptimeout seconds] [-p|--parallelism n] [--nosymlinks]
257    [-a|--agingtolerance hours] [-r|--randomwait seconds]    [-a|--agingtolerance hours] [-r|--randomwait seconds]
258    [-v|--verbose] [-h|--help] [-q|--quiet] [-d|--debug level]    [-v|--verbose] [-h|--help] [-q|--quiet] [-d|--debug level]
259    
260  Options:  Options:
261   -c | --config path   -c | --config path
262          Read configuration data from path, default: /etc/fetch-crl.cnf          Read configuration data from path, default: /etc/fetch-crl.conf
263   -l | --infodir path   -l | --infodir path
264          Location of the trust anchor meta-data files (crl_url or info),          Location of the trust anchor meta-data files (crl_url or info),
265          default: /etc/grid-security/certificates          default: /etc/grid-security/certificates
# Line 238  Options: Line 273  Options:
273          Location of the CRLs written (global default, defaults to infodir          Location of the CRLs written (global default, defaults to infodir
274   --format \@formats   --format \@formats
275          Format(s) in which the CRLs will be written (openssl, pem, der, nss)          Format(s) in which the CRLs will be written (openssl, pem, der, nss)
276     --nosymlinks
277            Do not include meta-data files that are symlinks
278   -v | --verbose   -v | --verbose
279          Become more talkative          Become more talkative
280   -q | --quiet   -q | --quiet
# Line 269  sub process_metafiles(@) { Line 306  sub process_metafiles(@) {
306        $cnf->{_}->{"infodir"} and $ta->setInfodir($cnf->{_}->{"infodir"});        $cnf->{_}->{"infodir"} and $ta->setInfodir($cnf->{_}->{"infodir"});
307        $ta->loadAnchor($f) or next;        $ta->loadAnchor($f) or next;
308        $ta->saveLogMode() and $ta->setLogMode();        $ta->saveLogMode() and $ta->setLogMode();
       $ta->loadCAfiles() or next;  
309        $ta->loadState() or next;        $ta->loadState() or next;
310        $ta->retrieve or next;  
311          # using the HASH in the CA filename templates requires the CRL
312          # is retrieved first to determinte the hash
313          if ( $cnf->{_}->{"catemplate"} =~ /\@HASH\@/ ) {
314            $ta->retrieve or next;
315            $ta->loadCAfiles() or next;
316          } else {
317            $ta->loadCAfiles() or next;
318            $ta->retrieve or next;
319          }
320    
321        $ta->verifyAndConvertCRLs or next;        $ta->verifyAndConvertCRLs or next;
322            
323        my $writer = CRLWriter->new($ta);        my $writer = CRLWriter->new($ta);

Legend:
Removed from v.1767  
changed lines
  Added in v.2604

grid.support@nikhef.nl
ViewVC Help
Powered by ViewVC 1.1.28