/[pdpsoft]/nl.nikhef.pdp.fetchcrl/trunk/fetch-crl3.pl.cin
ViewVC logotype

Diff of /nl.nikhef.pdp.fetchcrl/trunk/fetch-crl3.pl.cin

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

trunk/fetchcrl/fetch-crl3.pl revision 1759 by davidg, Fri Jun 11 15:41:40 2010 UTC nl.nikhef.pdp.fetchcrl/trunk/fetch-crl3.pl.cin revision 2691 by davidg, Tue Mar 4 16:33:30 2014 UTC
# Line 25  use Getopt::Long qw(:config no_ignore_ca Line 25  use Getopt::Long qw(:config no_ignore_ca
25  use POSIX;  use POSIX;
26  eval { require LWP or die; }; $@ and die "Please install libwww-perl (LWP)\n";  eval { require LWP or die; }; $@ and die "Please install libwww-perl (LWP)\n";
27    
28    my $sccsid = '@(#)$Id$';
29    
30  # import modules that are needed but still external  # import modules that are needed but still external
31  # (the installed version may have these packages embedded in-line)  # (the installed version may have these packages embedded in-line)
32  #  #
# Line 46  use vars qw/ $log $cnf /; Line 48  use vars qw/ $log $cnf /;
48  #  #
49  ($cnf,$log) = &init_configuration();  ($cnf,$log) = &init_configuration();
50    
51    # use Net::INET6Glue if so requested (is not a default module)
52    if ( $cnf->{_}->{inet6glue} ) {
53      eval { require Net::INET6Glue::INET_is_INET6 or die; };
54      $@ and die "Please install Net::INET6Glue before enabling inet6glue config\n";
55    }
56    
57  # verify local installation sanity for loaded modules  # verify local installation sanity for loaded modules
58  $::log->getverbose > 6 and ! $use_DataDumper and  $::log->getverbose > 6 and ! $use_DataDumper and
59    $::log->err("Cannot set verbosity higher than 6 without Data::Dumper") and    $::log->err("Cannot set verbosity higher than 6 without Data::Dumper") and
# Line 59  $use_DataDumper and $::log->verb(7,Data: Line 67  $use_DataDumper and $::log->verb(7,Data:
67  # set safe path if so requested  # set safe path if so requested
68  $cnf->{_}->{path} and $ENV{"PATH"} = $cnf->{_}->{path} and  $cnf->{_}->{path} and $ENV{"PATH"} = $cnf->{_}->{path} and
69    $::log->verb(5,"Set PATH to",$ENV{"PATH"});    $::log->verb(5,"Set PATH to",$ENV{"PATH"});
70    
71    # set rcmode if present in config
72    defined $cnf->{_}->{rcmode} and do {
73      $::log->err("Invalid return code mode set (must be 0 or 1)")
74        if ( $cnf->{_}->{rcmode} != 0 && $cnf->{_}->{rcmode} != 1 );
75      $::log->verb(2,"Exit status mode is set to ".$cnf->{_}->{rcmode});
76      $::log->setrcmode($cnf->{_}->{rcmode});
77    };
78        
79  # wait up to randomwait seconds to spread download load  # wait up to randomwait seconds to spread download load
80  $cnf->{_}->{randomwait} and do {  $cnf->{_}->{randomwait} and do {
# Line 78  $::cnf->{_}->{"infodir"} and do { Line 94  $::cnf->{_}->{"infodir"} and do {
94    foreach my $fn (    foreach my $fn (
95        map { glob ( $::cnf->{_}->{"infodir"} . "/$_" ); } "*.info", "*.crl_url"        map { glob ( $::cnf->{_}->{"infodir"} . "/$_" ); } "*.info", "*.crl_url"
96      ) {      ) {
97        next if $::cnf->{_}->{nosymlinks} and -l $fn;
98      $fn =~ /.*\/([^\/]+)(\.crl_url|\.info)$/;      $fn =~ /.*\/([^\/]+)(\.crl_url|\.info)$/;
99      push @metafiles, $1 unless grep /$1/,@metafiles or not defined $1;      push @metafiles, $1 unless grep /^$1$/,@metafiles or not defined $1;
100    }    }
101  };  };
102    
# Line 108  sub init_configuration() { Line 125  sub init_configuration() {
125    my $verbosity;    my $verbosity;
126    my $quiet=0;    my $quiet=0;
127    my $help=0;    my $help=0;
128      my $showversion=0;
129    my $debuglevel;    my $debuglevel;
130    my $parallelism=0;    my $parallelism=0;
131    my $randomwait;    my $randomwait;
132      my $nosymlinks;
133      my $cfgdir;
134      my $inet6glue=0;
135    
136    $log = FCLog->new("qualified");    $log = FCLog->new("qualified");
137    
# Line 119  sub init_configuration() { Line 140  sub init_configuration() {
140      "l|infodir=s" => \$infodir,      "l|infodir=s" => \$infodir,
141      "cadir=s" => \$cadir,      "cadir=s" => \$cadir,
142      "s|statedir=s" => \$statedir,      "s|statedir=s" => \$statedir,
143        "cfgdir=s" => \$cfgdir,
144      "T|httptimeout=i" => \$httptimeout,      "T|httptimeout=i" => \$httptimeout,
145      "o|output=s" => \$output,      "o|output=s" => \$output,
146      "format=s@" => \@formats,      "format=s@" => \@formats,
147      "v|verbose+" => \$verbosity,      "v|verbose+" => \$verbosity,
148      "h|help+" => \$help,      "h|help+" => \$help,
149        "V|version+" => \$showversion,
150      "q|quiet+" => \$quiet,      "q|quiet+" => \$quiet,
151      "d|debug+" => \$debuglevel,      "d|debug+" => \$debuglevel,
152      "p|parallelism=i" => \$parallelism,      "p|parallelism=i" => \$parallelism,
153        "nosymlinks+" => \$nosymlinks,
154      "a|agingtolerance=i" => \$agingtolerance,      "a|agingtolerance=i" => \$agingtolerance,
155      "r|randomwait=i" => \$randomwait,      "r|randomwait=i" => \$randomwait,
156        "inet6glue+" => \$inet6glue,
157      ) or &help and exit(1);      ) or &help and exit(1);
158    
159    $help and &help and exit(0);    $help and &help and exit(0);
160      $showversion and &showversion and exit(0);
161    
162      $configfile ||= ( -e "/etc/fetch-crl.conf" and "/etc/fetch-crl.conf" );
163    $configfile ||= ( -e "/etc/fetch-crl.cnf" and "/etc/fetch-crl.cnf" );    $configfile ||= ( -e "/etc/fetch-crl.cnf" and "/etc/fetch-crl.cnf" );
   ($quiet > 0) and $verbosity = -$quiet;  
164    
165    $cnf = ConfigTiny->new();    $cnf = ConfigTiny->new();
166    $configfile and    $configfile and
167      $cnf->read($configfile) || die "Invalid config file $configfile:\n  " .      $cnf->read($configfile) || die "Invalid config file $configfile:\n  " .
168                                     $cnf->errstr . "\n";                                     $cnf->errstr . "\n";
169    
170      ( defined $cnf->{_}->{cfgdir} and $cfgdir = $cnf->{_}->{cfgdir} )
171        unless defined $cfgdir;
172      $cfgdir ||= "/etc/fetch-crl.d";
173      if ( defined $cfgdir and -d $cfgdir and opendir(my $dh,$cfgdir) ) {
174        while ( my $fn = readdir $dh ) {
175          -f "$cfgdir/$fn" and -r "$cfgdir/$fn" and $cnf->read("$cfgdir/$fn");
176        }
177        close $dh;
178      }
179    
180    # command-line option overrides    # command-line option overrides
181    $cnf->{_}->{agingtolerance} = $agingtolerance if defined $agingtolerance;    $cnf->{_}->{agingtolerance} = $agingtolerance if defined $agingtolerance;
182    $cnf->{_}->{infodir}        = $infodir if defined $infodir;    $cnf->{_}->{infodir}        = $infodir if defined $infodir;
# Line 150  sub init_configuration() { Line 186  sub init_configuration() {
186    $cnf->{_}->{verbosity}      = $verbosity if defined $verbosity;    $cnf->{_}->{verbosity}      = $verbosity if defined $verbosity;
187    $cnf->{_}->{debuglevel}     = $debuglevel if defined $debuglevel;    $cnf->{_}->{debuglevel}     = $debuglevel if defined $debuglevel;
188    $cnf->{_}->{output}         = $output if defined $output;    $cnf->{_}->{output}         = $output if defined $output;
189    $cnf->{_}->{formats}        = join "&",@formats if @formats;    $cnf->{_}->{formats}        = join "\001",@formats if @formats;
190    $cnf->{_}->{parallelism}    = $parallelism if $parallelism;    $cnf->{_}->{parallelism}    = $parallelism if $parallelism;
191    $cnf->{_}->{randomwait}     = $randomwait if defined $randomwait;    $cnf->{_}->{randomwait}     = $randomwait if defined $randomwait;
192      $cnf->{_}->{nosymlinks}     = $nosymlinks if defined $nosymlinks;
193      $cnf->{_}->{inet6glue}      = $inet6glue if $inet6glue;
194    
195      # deal with interaction of verbosity in logfile and quiet option
196      # since a noquiet config option can cancel it
197      if ( not defined $cnf->{_}->{noquiet} ) {
198        if ( $quiet == 1) { $cnf->{_}->{verbosity} = -1; }
199      } else {
200        if ( $quiet >= 2) { $cnf->{_}->{verbosity} = -1; }
201      }
202    
203    # key default values    # key default values
204    defined $cnf->{_}->{version}  or $cnf->{_}->{version}    = "3+";    defined $cnf->{_}->{version}  or $cnf->{_}->{version}    = "3+";
# Line 171  sub init_configuration() { Line 217  sub init_configuration() {
217    defined $cnf->{_}->{nametemplate_pem} or    defined $cnf->{_}->{nametemplate_pem} or
218      $cnf->{_}->{nametemplate_pem} = "\@ANCHORNAME\@.\@R\@.crl.pem";      $cnf->{_}->{nametemplate_pem} = "\@ANCHORNAME\@.\@R\@.crl.pem";
219    defined $cnf->{_}->{catemplate} or    defined $cnf->{_}->{catemplate} or
220      $cnf->{_}->{catemplate} = "\@ALIAS\@.pem&".      $cnf->{_}->{catemplate} = "\@ALIAS\@.pem\001".
221                                "\@ALIAS\@.\@R\@&\@ANCHORNAME\@.\@R\@";                                "\@ALIAS\@.\@R\@\001\@ANCHORNAME\@.\@R\@";
222    
223    $cnf->{_}->{nonssverify}    ||= 0;    $cnf->{_}->{nonssverify}    ||= 0;
224    $cnf->{_}->{nocache}        ||= 0;    $cnf->{_}->{nocache}        ||= 0;
225      $cnf->{_}->{nosymlinks}     ||= 0;
226    $cnf->{_}->{verbosity}      ||= 0;    $cnf->{_}->{verbosity}      ||= 0;
227    $cnf->{_}->{debuglevel}     ||= 0;    $cnf->{_}->{debuglevel}     ||= 0;
228      $cnf->{_}->{inet6glue}      ||= 0;
229    
230    $cnf->{_}->{stateless} and delete $cnf->{_}->{statedir};    $cnf->{_}->{stateless} and delete $cnf->{_}->{statedir};
231    
232    # expand array keys in config    # expand array keys in config
233    defined $cnf->{_}->{formats} and    defined $cnf->{_}->{formats} and
234      @{$cnf->{_}->{formats_}} = split(/[&;,\s]+/,$cnf->{_}->{formats});      @{$cnf->{_}->{formats_}} = split(/[\001;,\s]+/,$cnf->{_}->{formats});
235    
236    # sanity check on configuration    # sanity check on configuration
237    $cnf->{_}->{statedir} and ! -d $cnf->{_}->{statedir} and    $cnf->{_}->{statedir} and ! -d $cnf->{_}->{statedir} and
238      die "Invalid state directory " . $cnf->{_}->{statedir} . "\n";      die "Invalid state directory " . $cnf->{_}->{statedir} . "\n";
   $cnf->{_}->{cadir} ||= ".";  
239    $cnf->{_}->{infodir} and ! -d $cnf->{_}->{infodir} and    $cnf->{_}->{infodir} and ! -d $cnf->{_}->{infodir} and
240      die "Invalid meta-data directory ".$cnf->{_}->{infodir}."\n";      die "Invalid meta-data directory ".$cnf->{_}->{infodir}."\n";
241    
242    # initialize logging    # initialize logging
243    $log->flush;    $log->flush;
244    $cnf->{_}->{logmode} and $log->destremove("qualified") and do {    $cnf->{_}->{logmode} and $log->destremove("qualified") and do {
245      foreach ( split(/[,&]+/,$cnf->{_}->{logmode}) ) {      foreach ( split(/[,\001]+/,$cnf->{_}->{logmode}) ) {
246        if ( /^syslog$/ ) { $log->destadd($_,$cnf->{_}->{syslogfacility}); }        if ( /^syslog$/ ) { $log->destadd($_,$cnf->{_}->{syslogfacility}); }
247        elsif ( /^(direct|qualified|cache)$/ ) { $log->destadd($_); }        elsif ( /^(direct|qualified|cache)$/ ) { $log->destadd($_); }
248        else { die "Invalid log destination $_, exiting.\n"; }        else { die "Invalid log destination $_, exiting.\n"; }
# Line 210  sub init_configuration() { Line 257  sub init_configuration() {
257  # ###########################################################################  # ###########################################################################
258  #  #
259  #  #
260    sub showversion() {
261      (my $name = $0) =~ s/.*\///;
262      print "$name version @VERSION@\n";
263      return 1;
264    }
265    
266  sub help() {  sub help() {
267    (my $name = $0) =~ s/.*\///;    (my $name = $0) =~ s/.*\///;
268  print <<EOHELP;  print <<EOHELP;
# Line 219  files. It will install these for use wit Line 272  files. It will install these for use wit
272    
273  Usage: $name [-c|--config configfile] [-l|--infodir path]  Usage: $name [-c|--config configfile] [-l|--infodir path]
274    [--cadir path] [-s|--statedir path] [-o|--output path] [--format \@formats]    [--cadir path] [-s|--statedir path] [-o|--output path] [--format \@formats]
275    [-T|--httptimeout seconds] [-p|--parallelism n]    [-T|--httptimeout seconds] [-p|--parallelism n] [--nosymlinks]
276    [-a|--agingtolerance hours] [-r|--randomwait seconds]    [-a|--agingtolerance hours] [-r|--randomwait seconds]
277    [-v|--verbose] [-h|--help] [-q|--quiet] [-d|--debug level]    [-v|--verbose] [-h|--help] [-q|--quiet] [-d|--debug level]
278    
279  Options:  Options:
280   -c | --config path   -c | --config path
281          Read configuration data from path, default: /etc/fetch-crl.cnf          Read configuration data from path, default: /etc/fetch-crl.conf
282   -l | --infodir path   -l | --infodir path
283          Location of the trust anchor meta-data files (crl_url or info),          Location of the trust anchor meta-data files (crl_url or info),
284          default: /etc/grid-security/certificates          default: /etc/grid-security/certificates
# Line 239  Options: Line 292  Options:
292          Location of the CRLs written (global default, defaults to infodir          Location of the CRLs written (global default, defaults to infodir
293   --format \@formats   --format \@formats
294          Format(s) in which the CRLs will be written (openssl, pem, der, nss)          Format(s) in which the CRLs will be written (openssl, pem, der, nss)
295     --nosymlinks
296            Do not include meta-data files that are symlinks
297   -v | --verbose   -v | --verbose
298          Become more talkative          Become more talkative
299   -q | --quiet   -q | --quiet
# Line 254  Options: Line 309  Options:
309   -h | --help   -h | --help
310          This help text          This help text
311    
312    Version: @VERSION@
313  EOHELP  EOHELP
314    
315    return 1;    return 1;
# Line 270  sub process_metafiles(@) { Line 326  sub process_metafiles(@) {
326        $cnf->{_}->{"infodir"} and $ta->setInfodir($cnf->{_}->{"infodir"});        $cnf->{_}->{"infodir"} and $ta->setInfodir($cnf->{_}->{"infodir"});
327        $ta->loadAnchor($f) or next;        $ta->loadAnchor($f) or next;
328        $ta->saveLogMode() and $ta->setLogMode();        $ta->saveLogMode() and $ta->setLogMode();
       $ta->loadCAfiles() or next;  
329        $ta->loadState() or next;        $ta->loadState() or next;
330        $ta->retrieve or next;  
331          # using the HASH in the CA filename templates requires the CRL
332          # is retrieved first to determinte the hash
333          if ( $cnf->{_}->{"catemplate"} =~ /\@HASH\@/ ) {
334            $ta->retrieve or next;
335            $ta->loadCAfiles() or next;
336          } else {
337            $ta->loadCAfiles() or next;
338            $ta->retrieve or next;
339          }
340    
341        $ta->verifyAndConvertCRLs or next;        $ta->verifyAndConvertCRLs or next;
342            
343        my $writer = CRLWriter->new($ta);        my $writer = CRLWriter->new($ta);

Legend:
Removed from v.1759  
changed lines
  Added in v.2691

grid.support@nikhef.nl
ViewVC Help
Powered by ViewVC 1.1.28