Certification Report for Patch 4413 (GridSite 1.1.21, SLC4, 32-bit)

Origins

Build Report http://etics-repository.cern.ch/repository/reports/id/956f804f-a036-4069-995e-e1964b76e9e7/slc4_ia32_gcc346/-/reports/index.html
YUM repo file http://etics-repository.cern.ch/repository/pm/registered/repomd/id/956f804f-a036-4069-995e-e1964b76e9e7/slc4_ia32_gcc346/etics-registered-build-by-id-protect.repo
Patch https://savannah.cern.ch/patch/?4413
Components org.gridsite subsystem
Status Certified

Clean installation

Environment

Clean SLC4 installation according to gLite guidelines (CA certificates, ...). Apache WebServer and mod_ssl installed by calling yum -y install httpd mod_ssl

Process

yum -c http://etics-repository.cern.ch/repository/pm/registered/repomd/id/956f804f-a036-4069-995e-e1964b76e9e7/slc4_ia32_gcc346/etics-registered-build-by-id-protect.repo install -y gridsite-apache gridsite-commands gridsite-debuginfo gridsite-devel gridsite-gsexec gridsite-shared
yum install -y httpd mod_ssl
sed -e '1,$s!/usr/lib/httpd/modules/!modules/!' /usr/share/doc/gridsite-*/httpd-webserver.conf | sed 's!/var/www/html!/var/www/htdocs!' | sed "s/FULL.SERVER.NAME/$(hostname -f)/" | sed "s/\(GridSiteGSIProxyLimit\)/# \1/"> /tmp/httpd-webserver.conf
echo "AddHandler cgi-script .cgi" >> /tmp/httpd-webserver.conf
echo "ScriptAlias /gridsite-delegation.cgi /usr/sbin/gridsite-delegation.cgi" >> /tmp/httpd-webserver.conf
mkdir /var/www/htdocs
httpd -f /tmp/httpd-webserver.conf

Full output of the installation

[root@forkys-sl34 ~]# yum -c http://etics-repository.cern.ch/repository/pm/registered/repomd/id/956f804f-a036-4069-995e-e1964b76e9e7/slc4_ia32_gcc346/etics-registered-build-by-id-protect.repo install -y gridsite-apache gridsite-commands gridsite-debuginfo gridsite-devel gridsite-gsexec gridsite-shared
Setting up Install Process
Setting up repositories
dag                       100% |=========================| 1.1 kB    00:00     
eurogridpma               100% |=========================|  951 B    00:00     
ETICS-registered-build-95 100% |=========================|  764 B    00:00     
sl-errata                 100% |=========================| 1.9 kB    00:00     
sl-base                   100% |=========================| 1.1 kB    00:00     
Reading repository metadata in from local files
primary.xml.gz            100% |=========================| 2.2 kB    00:00     
ETICS-regi: ################################################## 6/6
Added 6 new packages, deleted 0 old in 0.02 seconds
Parsing package install arguments
Resolving Dependencies
--> Populating transaction set with selected packages. Please wait.
---> Downloading header for gridsite-shared to pack into transaction set.
gridsite-shared-1.1.21-1. 100% |=========================| 6.1 kB    00:00     
---> Package gridsite-shared.i386 0:1.1.21-1.slc4 set to be updated
---> Downloading header for gridsite-debuginfo to pack into transaction set.
gridsite-debuginfo-1.1.21 100% |=========================| 3.0 kB    00:00     
---> Package gridsite-debuginfo.i386 0:1.1.21-1.slc4 set to be updated
---> Downloading header for gridsite-commands to pack into transaction set.
gridsite-commands-1.1.21- 100% |=========================| 4.2 kB    00:00     
---> Package gridsite-commands.i386 0:1.1.21-1.slc4 set to be updated
---> Downloading header for gridsite-devel to pack into transaction set.
gridsite-devel-1.1.21-1.s 100% |=========================| 1.9 kB    00:00     
---> Package gridsite-devel.i386 0:1.1.21-1.slc4 set to be updated
---> Downloading header for gridsite-gsexec to pack into transaction set.
gridsite-gsexec-1.1.21-1. 100% |=========================| 2.2 kB    00:00     
---> Package gridsite-gsexec.i386 0:1.1.21-1.slc4 set to be updated
---> Downloading header for gridsite-apache to pack into transaction set.
gridsite-apache-1.1.21-1. 100% |=========================| 2.7 kB    00:00     
---> Package gridsite-apache.i386 0:1.1.21-1.slc4 set to be updated
--> Running transaction check

Dependencies Resolved

=============================================================================
 Package                 Arch       Version          Repository        Size 
=============================================================================
Installing:
 gridsite-apache         i386       1.1.21-1.slc4    ETICS-registered-build-956f804f-a036-4069-995e-e1964b76e9e7-slc4_ia32_gcc346   86 k
 gridsite-commands       i386       1.1.21-1.slc4    ETICS-registered-build-956f804f-a036-4069-995e-e1964b76e9e7-slc4_ia32_gcc346   46 k
 gridsite-debuginfo      i386       1.1.21-1.slc4    ETICS-registered-build-956f804f-a036-4069-995e-e1964b76e9e7-slc4_ia32_gcc346  201 k
 gridsite-devel          i386       1.1.21-1.slc4    ETICS-registered-build-956f804f-a036-4069-995e-e1964b76e9e7-slc4_ia32_gcc346   44 k
 gridsite-gsexec         i386       1.1.21-1.slc4    ETICS-registered-build-956f804f-a036-4069-995e-e1964b76e9e7-slc4_ia32_gcc346   11 k
 gridsite-shared         i386       1.1.21-1.slc4    ETICS-registered-build-956f804f-a036-4069-995e-e1964b76e9e7-slc4_ia32_gcc346   76 k

Transaction Summary
=============================================================================
Install      6 Package(s)         
Update       0 Package(s)         
Remove       0 Package(s)         
Total download size: 464 k
Downloading Packages:
(1/6): gridsite-shared-1.1.21-1.slc4.i386.rpm                    76 kB 00:00 
(2/6): gridsite-debuginfo-1.1.21-1.slc4.i386.rpm                201 kB 00:00 
(3/6): gridsite-commands-1.1.21-1.slc4.i386.rpm                  46 kB 00:00 
(4/6): gridsite-devel-1.1.21-1.slc4.i386.rpm                     44 kB 00:00 
(5/6): gridsite-gsexec-1.1.21-1.slc4.i386.rpm                    11 kB 00:00 
(6/6): gridsite-apache-1.1.21-1.slc4.i386.rpm                    86 kB 00:00 
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing: gridsite-shared              ######################### [1/6] 
  Installing: gridsite-debuginfo           ######################### [2/6] 
  Installing: gridsite-commands            ######################### [3/6] 
  Installing: gridsite-devel               ######################### [4/6] 
warning: group apache does not exist - using root
  Installing: gridsite-gsexec              ######################### [5/6] 
  Installing: gridsite-apache              ######################### [6/6] 

Installed: gridsite-apache.i386 0:1.1.21-1.slc4 gridsite-commands.i386 0:1.1.21-1.slc4 gridsite-debuginfo.i386 0:1.1.21-1.slc4 gridsite-devel.i386 0:1.1.21-1.slc4 gridsite-gsexec.i386 0:1.1.21-1.slc4 gridsite-shared.i386 0:1.1.21-1.slc4
Complete!
[root@forkys-sl34 ~]# yum install -y httpd mod_ssl
Loading "kernel-module" plugin
Setting up Install Process
Setting up repositories
Reading repository metadata in from local files
Parsing package install arguments
Resolving Dependencies
--> Populating transaction set with selected packages. Please wait.
---> Downloading header for httpd to pack into transaction set.
httpd-2.0.52-41.sl4.7.i38 100% |=========================|  65 kB    00:00     
---> Package httpd.i386 0:2.0.52-41.sl4.7 set to be updated
---> Downloading header for mod_ssl to pack into transaction set.
mod_ssl-2.0.52-41.sl4.7.i 100% |=========================|  27 kB    00:00     
---> Package mod_ssl.i386 1:2.0.52-41.sl4.7 set to be updated
--> Running transaction check
--> Processing Dependency: httpd-suexec for package: httpd
--> Processing Dependency: libaprutil-0.so.0 for package: httpd
--> Processing Dependency: libnal.so.1 for package: mod_ssl
--> Processing Dependency: libdistcache.so.1 for package: mod_ssl
--> Processing Dependency: libapr-0.so.0 for package: httpd
--> Processing Dependency: apr >= 0.9.4-24.2 for package: httpd
--> Restarting Dependency Resolution with new changes.
--> Populating transaction set with selected packages. Please wait.
---> Downloading header for distcache to pack into transaction set.
distcache-1.4.5-6.i386.rp 100% |=========================| 7.1 kB    00:00     
---> Package distcache.i386 0:1.4.5-6 set to be updated
---> Downloading header for httpd-suexec to pack into transaction set.
httpd-suexec-2.0.52-41.sl 100% |=========================|  25 kB    00:00     
---> Package httpd-suexec.i386 0:2.0.52-41.sl4.7 set to be updated
---> Downloading header for apr to pack into transaction set.
apr-0.9.4-24.9.2.sl4.1.i3 100% |=========================| 7.8 kB    00:00     
---> Package apr.i386 0:0.9.4-24.9.2.sl4.1 set to be updated
---> Downloading header for apr-util to pack into transaction set.
apr-util-0.9.4-22.el4_8.2 100% |=========================| 5.5 kB    00:00     
---> Package apr-util.i386 0:0.9.4-22.el4_8.2 set to be updated
--> Running transaction check
Beginning Kernel Module Plugin
Finished Kernel Module Plugin

Dependencies Resolved

=============================================================================
 Package                 Arch       Version          Repository        Size 
=============================================================================
Installing:
 httpd                   i386       2.0.52-41.sl4.7  sl-errata         903 k
 mod_ssl                 i386       1:2.0.52-41.sl4.7  sl-errata         102 k
Installing for dependencies:
 apr                     i386       0.9.4-24.9.2.sl4.1  sl-errata          94 k
 apr-util                i386       0.9.4-22.el4_8.2  sl-errata          52 k
 distcache               i386       1.4.5-6          sl-base           111 k
 httpd-suexec            i386       2.0.52-41.sl4.7  sl-errata          31 k

Transaction Summary
=============================================================================
Install      6 Package(s)         
Update       0 Package(s)         
Remove       0 Package(s)         
Total download size: 1.3 M
Downloading Packages:
(1/6): httpd-2.0.52-41.sl 100% |=========================| 903 kB    00:02     
(2/6): distcache-1.4.5-6. 100% |=========================| 111 kB    00:00     
(3/6): httpd-suexec-2.0.5 100% |=========================|  31 kB    00:00     
(4/6): apr-0.9.4-24.9.2.s 100% |=========================|  94 kB    00:00     
(5/6): mod_ssl-2.0.52-41. 100% |=========================| 102 kB    00:00     
(6/6): apr-util-0.9.4-22. 100% |=========================|  52 kB    00:00     
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing: apr                          ######################### [1/6] 
  Installing: apr-util                     ######################### [2/6] 
  Installing: distcache                    ######################### [3/6] 
  Installing: httpd                        ######################### [4/6] 
  Installing: httpd-suexec                 ######################### [5/6] 
  Installing: mod_ssl                      ######################### [6/6] 

Installed: httpd.i386 0:2.0.52-41.sl4.7 mod_ssl.i386 1:2.0.52-41.sl4.7
Dependency Installed: apr.i386 0:0.9.4-24.9.2.sl4.1 apr-util.i386 0:0.9.4-22.el4_8.2 distcache.i386 0:1.4.5-6 httpd-suexec.i386 0:2.0.52-41.sl4.7
Complete!
[root@forkys-sl34 ~]# sed -e '1,$s!/usr/lib/httpd/modules/!modules/!' /usr/share/doc/gridsite-*/httpd-webserver.conf | sed 's!/var/www/html!/var/www/htdocs!' | sed "s/FULL.SERVER.NAME/$(hostname -f)/" | sed "s/\(GridSiteGSIProxyLimit\)/# \1/"> /tmp/httpd-webserver.conf
[root@forkys-sl34 ~]# echo "AddHandler cgi-script .cgi" >> /tmp/httpd-webserver.conf
[root@forkys-sl34 ~]# echo "ScriptAlias /gridsite-delegation.cgi /usr/sbin/gridsite-delegation.cgi" >> /tmp/httpd-webserver.conf
[root@forkys-sl34 ~]# mkdir /var/www/htdocs
[root@forkys-sl34 ~]# httpd -f /tmp/httpd-webserver.conf
[root@forkys-sl34 ~]# 

Tests

Ping Tests

Process:

cvs -d:pserver:anonymous@glite.cvs.cern.ch:/cvs/glite co org.glite.testsuites.ctb/gridsite
cd org.glite.testsuites.ctb/gridsite/tests
./ping-remote.sh `hostname -f` --html

Output:

[root@forkys-sl34 tests]# ./ping-remote.sh `hostname -f` --html
Oct 06 15:13:53 forkys-sl34 ping-remote.sh:    start
Testing if all binaries are available   done
Testing ping to Apache server forkys-sl34.zcu.cz   done
Testing Apache server at forkys-sl34.zcu.cz:443   done
Oct 06 15:13:56 forkys-sl34 ping-remote.sh:    end

TestPlan Tests

https://twiki.cern.ch/twiki/bin/view/EGEE/GridSiteTestPlan

READ (Read Permissions)

[root@forkys-sl34 tests]# cat >/var/www/htdocs/test.html <<EOF
> <html><body><h1>Hello Grid</h1></body></html>
> EOF
[root@forkys-sl34 tests]# code=`curl --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --output /dev/null --silent --write-out '%{http_code}\n'  https://$(hostname -f)/test.html`
[root@forkys-sl34 tests]# [ "$code" = "403" ] && echo "OK"
OK
[root@forkys-sl34 tests]# 
[root@forkys-sl34 tests]# cat >/var/www/htdocs/.gacl <<EOF
> <gacl>
>   <entry>
>     <any-user/>
>       <allow><read/></allow>
>   </entry>
> </gacl>
> EOF
[root@forkys-sl34 tests]# 
[root@forkys-sl34 tests]# code=`curl --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --output /dev/null --silent --write-out '%{http_code}\n'  https://$(hostname -f)/test.html`
[root@forkys-sl34 tests]# [ "$code" = "200" ] && echo "OK"
OK
[root@forkys-sl34 tests]# 

Get index (list & read permissions)

[root@forkys-sl34 tests]# code=`curl --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --output /dev/null --silent --write-out '%{http_code}\n' \
> https://$(hostname -f)/`
[root@forkys-sl34 tests]# [ "$code" = "403" ] && echo "OK"
OK
[root@forkys-sl34 tests]# 
[root@forkys-sl34 tests]# cat >/var/www/htdocs/.gacl <<EOF
> <gacl>
>   <entry>
>     <person>
>       <dn>`openssl x509 -noout -subject -in /etc/grid-security/hostcert.pem | sed -e 's/^subject= //'`</dn>
>     </person>
>     <allow><read/><list/></allow>
>   </entry>
> </gacl>
> EOF
[root@forkys-sl34 tests]# 
[root@forkys-sl34 tests]# code=`curl --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --output /dev/null --silent --write-out '%{http_code}\n' \
> https://$(hostname -f)/`
[root@forkys-sl34 tests]# [ "$code" = "200" ] && echo "OK"
OK
[root@forkys-sl34 tests]# 

WRITE & DELETE (write permissions)

[root@forkys-sl34 tests]# rm -f /var/www/htdocs/.gacl /var/www/htdocs/test.txt
[root@forkys-sl34 tests]# date > /tmp/test.txt
[root@forkys-sl34 tests]# chown apache /var/www/htdocs/
[root@forkys-sl34 tests]# code=`curl --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --output /dev/null --silent --write-out '%{http_code}\n' \
> --upload-file /tmp/test.txt https://$(hostname -f)/test.txt`
[root@forkys-sl34 tests]# [ "$code" = "403" ] && echo "OK"
OK
[root@forkys-sl34 tests]# 
[root@forkys-sl34 tests]# cat >/var/www/htdocs/.gacl <<EOF
> <gacl>
>   <entry>
>     <person>
>       <dn>`openssl x509 -noout -subject -in /etc/grid-security/hostcert.pem | sed -e 's/^subject= //'`</dn>
>     </person>
>     <allow><write/></allow>
>   </entry>
> </gacl>
> EOF
[root@forkys-sl34 tests]# 
[root@forkys-sl34 tests]# code=`curl --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --output /dev/null --silent --write-out '%{http_code}\n' \
> --upload-file /tmp/test.txt https://$(hostname -f)/test.txt`
[root@forkys-sl34 tests]# cmp -s /tmp/test.txt /var/www/htdocs/test.txt
[root@forkys-sl34 tests]# [ $? -eq 0 -a "$code" = "201" ] && echo "OK"
OK
[root@forkys-sl34 tests]# 
[root@forkys-sl34 tests]# mv  /var/www/htdocs/.gacl /var/www/htdocs/.gacl.bak
[root@forkys-sl34 tests]# code=`curl --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --output /dev/null --silent --write-out '%{http_code}\n' \
> -X DELETE https://$(hostname -f)/test.txt`
[root@forkys-sl34 tests]# [ "$code" = "403" ] && echo "OK"
OK
[root@forkys-sl34 tests]# 
[root@forkys-sl34 tests]# mv /var/www/htdocs/.gacl.bak /var/www/htdocs/.gacl
[root@forkys-sl34 tests]# 
[root@forkys-sl34 tests]# code=`curl --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --output /dev/null --silent --write-out '%{http_code}\n' \
> -X DELETE https://$(hostname -f)/test.txt`
[root@forkys-sl34 tests]# [ "$code" = "200" ] && echo "OK"
OK
[root@forkys-sl34 tests]# chown root /var/www/htdocs
[root@forkys-sl34 tests]# 

Check the attributes and passed on to the environment

[root@forkys-sl34 tests]# cat >/var/www/htdocs/.gacl <<EOF
> <gacl>
>   <entry>
>     <person>
>       <dn>`openssl x509 -noout -subject -in /etc/grid-security/hostcert.pem | sed -e 's/^subject= //'`</dn>
>     </person>
>     <allow><read/></allow>
>   </entry>
> </gacl>
> EOF
[root@forkys-sl34 tests]# cat >/var/www/htdocs/test.cgi <<EOF
> #!/bin/sh                                                                                                                                    
> echo 'Content-type: text/plain'                                                                                                              
> echo                                                                                                                                         
> printenv
> EOF
[root@forkys-sl34 tests]# chmod +x /var/www/htdocs/test.cgi
[root@forkys-sl34 tests]# code=`curl --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --output /tmp/gridsite.log --silent --write-out '%{http_code}\n'  https://$(hostname -f)/test.cgi`
[root@forkys-sl34 tests]# [ "$code" = "200" ] && echo "OK"
OK
[root@forkys-sl34 tests]# grep "^GRST_" /tmp/gridsite.log 2>/dev/null
GRST_ACL_FORMAT=GACL
GRST_DN_LISTS=/etc/grid-security/dn-lists/:/var/www/htdocs/dn-lists/
GRST_DISK_MODE=0x0600
GRST_HEAD_FILE=gridsitehead.txt
GRST_PERM=1
GRST_CRED_0=X509USER 1265031720 1298988720 0 /DC=cz/DC=cesnet-ca/O=University of West Bohemia/CN=forkys.zcu.cz
GRST_EDITABLE= txt shtml html htm css js php jsp 
GRST_GSIPROXY_LIMIT=1
GRST_DN_LISTS_URI=/dn-lists/
GRST_FOOT_FILE=gridsitefoot.txt
GRST_DIR_PATH=/var/www/htdocs
GRST_ADMIN_FILE=gridsite-admin.cgi
[root@forkys-sl34 tests]# [ $? -eq 0 ] && echo "OK"
OK
[root@forkys-sl34 tests]# 

Test the basic commands (htcp, htls, htmkdir, htmv, htrm)

[root@forkys-sl34 tests]# cat >/var/www/htdocs/.gacl <<EOF
> <gacl>
>   <entry>
>     <person>
>       <dn>`openssl x509 -noout -subject -in /etc/grid-security/hostcert.pem | sed -e 's/^subject= //'`</dn>
>     </person>
>     <allow><read/><write/><list/></allow>
>   </entry>
> </gacl>
> EOF
[root@forkys-sl34 tests]# 
[root@forkys-sl34 tests]# chown apache /var/www/htdocs/
[root@forkys-sl34 tests]# 
[root@forkys-sl34 tests]# date > /tmp/test.txt
[root@forkys-sl34 tests]# htcp --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates/ /tmp/test.txt https://$(hostname -f)/
[root@forkys-sl34 tests]# [ $? -eq 0 ] && echo "OK"
OK
[root@forkys-sl34 tests]# htls --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates/ https://$(hostname -f)/test.txt > /dev/null
[root@forkys-sl34 tests]# [ $? -eq 0 ] && echo "OK"
OK
[root@forkys-sl34 tests]# htmv --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates/ https://$(hostname -f)/test.txt https://$(hostname -f)/test2.txt
[root@forkys-sl34 tests]# [ $? -eq 0 ] && echo "OK"
OK
[root@forkys-sl34 tests]# htcp --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates/ https://$(hostname -f)/test2.txt /tmp
[root@forkys-sl34 tests]# [ $? -eq 0 ] && echo "OK"
OK
[root@forkys-sl34 tests]# htrm --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates/ https://$(hostname -f)/test2.txt
[root@forkys-sl34 tests]# [ $? -eq 0 ] && echo "OK"
OK
[root@forkys-sl34 tests]# htls --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates/ https://$(hostname -f)/test2.txt 2> /dev/null
[root@forkys-sl34 tests]# [ $? -eq 22 ] && echo "OK"
OK
[root@forkys-sl34 tests]# htls --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates/ https://$(hostname -f)/ > /dev/null
[root@forkys-sl34 tests]# [ $? -eq 0 ] && echo "OK"
OK
[root@forkys-sl34 tests]# cmp /tmp/test.txt /tmp/test2.txt
[root@forkys-sl34 tests]# [ $? -eq 0 ] && echo "OK"
OK
[root@forkys-sl34 tests]# 
[root@forkys-sl34 tests]# chown root /var/www/htdocs/
[root@forkys-sl34 tests]# 

Test proxy delegation (see also DelegationTestPlan) (XXX Disable the gridsite module?)

N/A

Utilities not available gridsite for gLite 3.1.

Upgrade from production

Environment

Clean SLC4 installation according to gLite guidelines (CA certificates, ...). Fully updated. Apache WebServer and mod_ssl installed by calling yum -y install httpd mod_ssl

Process

On a clean, up-to-date system:
cat > list.txt <<EOF
http://linuxsoft.cern.ch/EGEE/gLite/R3.1/generic/sl4/i386/RPMS.updates/gridsite-apache-1.1.20-8.i386.rpm
http://eticssoft.web.cern.ch/eticssoft/repository/org.glite/org.gridsite.core/1.1.20/slc4_ia32_gcc346/gridsite-commands-1.1.20-8.i386.rpm
http://eticssoft.web.cern.ch/eticssoft/repository/org.glite/org.gridsite.core/1.1.20/slc4_ia32_gcc346/gridsite-debuginfo-1.1.20-8.i386.rpm
http://eticssoft.web.cern.ch/eticssoft/repository/org.glite/org.gridsite.core/1.1.20/slc4_ia32_gcc346/gridsite-devel-1.1.20-8.i386.rpm
http://eticssoft.web.cern.ch/eticssoft/repository/org.glite/org.gridsite.core/1.1.20/slc4_ia32_gcc346/gridsite-gsexec-1.1.20-8.i386.rpm
http://linuxsoft.cern.ch/EGEE/gLite/R3.1/generic/sl4/i386/RPMS.updates/gridsite-shared-1.1.20-8.i386.rpm
EOF
mkdir /var/cache/glite-local
cd /var/cache/glite-local
wget -i ~/list.txt
createrepo .
cd
cat > glite-local.repo <<EOF
[main]
[glite-local]
name=Local glite RPMS repository
baseurl=file:///var/cache/glite-local
enabled=1
EOF
yum -c glite-local.repo install -y gridsite-apache gridsite-commands gridsite-debuginfo gridsite-devel gridsite-gsexec gridsite-shared

yum -c http://etics-repository.cern.ch/repository/pm/registered/repomd/id/956f804f-a036-4069-995e-e1964b76e9e7/slc4_ia32_gcc346/etics-registered-build-by-id-protect.repo upgrade -y
yum install -y httpd mod_ssl
sed -e '1,$s!/usr/lib/httpd/modules/!modules/!' /usr/share/doc/gridsite-*/httpd-webserver.conf | sed 's!/var/www/html!/var/www/htdocs!' | sed "s/FULL.SERVER.NAME/$(hostname -f)/" | sed "s/\(GridSiteGSIProxyLimit\)/# \1/"> /tmp/httpd-webserver.conf
echo "AddHandler cgi-script .cgi" >> /tmp/httpd-webserver.conf
echo "ScriptAlias /gridsite-delegation.cgi /usr/sbin/gridsite-delegation.cgi" >> /tmp/httpd-webserver.conf
mkdir /var/www/htdocs
httpd -f /tmp/httpd-webserver.conf

Full output of the installation

[root@forkys-sl34 ~]# cat > list.txt <<EOF
> http://linuxsoft.cern.ch/EGEE/gLite/R3.1/generic/sl4/i386/RPMS.updates/gridsite-apache-1.1.20-8.i386.rpm
> http://eticssoft.web.cern.ch/eticssoft/repository/org.glite/org.gridsite.core/1.1.20/slc4_ia32_gcc346/gridsite-commands-1.1.20-8.i386.rpm
> http://eticssoft.web.cern.ch/eticssoft/repository/org.glite/org.gridsite.core/1.1.20/slc4_ia32_gcc346/gridsite-debuginfo-1.1.20-8.i386.rpm
> http://eticssoft.web.cern.ch/eticssoft/repository/org.glite/org.gridsite.core/1.1.20/slc4_ia32_gcc346/gridsite-devel-1.1.20-8.i386.rpm
> http://eticssoft.web.cern.ch/eticssoft/repository/org.glite/org.gridsite.core/1.1.20/slc4_ia32_gcc346/gridsite-gsexec-1.1.20-8.i386.rpm
> http://linuxsoft.cern.ch/EGEE/gLite/R3.1/generic/sl4/i386/RPMS.updates/gridsite-shared-1.1.20-8.i386.rpm
> EOF
[root@forkys-sl34 ~]# mkdir /var/cache/glite-local
[root@forkys-sl34 ~]# cd /var/cache/glite-local
[root@forkys-sl34 glite-local]# wget -i ~/list.txt
--15:47:45--  http://linuxsoft.cern.ch/EGEE/gLite/R3.1/generic/sl4/i386/RPMS.updates/gridsite-apache-1.1.20-8.i386.rpm
           => `gridsite-apache-1.1.20-8.i386.rpm'
Resolving linuxsoft.cern.ch... 137.138.128.221, 137.138.45.93
Connecting to linuxsoft.cern.ch|137.138.128.221|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 87,990 (86K) [application/x-rpm]

100%[====================================>] 87,990        --.--K/s             

15:47:45 (919.82 KB/s) - `gridsite-apache-1.1.20-8.i386.rpm' saved [87990/87990]

--15:47:45--  http://eticssoft.web.cern.ch/eticssoft/repository/org.glite/org.gridsite.core/1.1.20/slc4_ia32_gcc346/gridsite-commands-1.1.20-8.i386.rpm
           => `gridsite-commands-1.1.20-8.i386.rpm'
Resolving eticssoft.web.cern.ch... 137.138.143.225, 137.138.142.195
Connecting to eticssoft.web.cern.ch|137.138.143.225|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 46,743 (46K) [application/x-rpm]

100%[====================================>] 46,743        --.--K/s             

15:47:45 (628.89 KB/s) - `gridsite-commands-1.1.20-8.i386.rpm' saved [46743/46743]

--15:47:45--  http://eticssoft.web.cern.ch/eticssoft/repository/org.glite/org.gridsite.core/1.1.20/slc4_ia32_gcc346/gridsite-debuginfo-1.1.20-8.i386.rpm
           => `gridsite-debuginfo-1.1.20-8.i386.rpm'
Connecting to eticssoft.web.cern.ch|137.138.143.225|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 205,443 (201K) [application/x-rpm]

100%[====================================>] 205,443       --.--K/s             

15:47:45 (1.47 MB/s) - `gridsite-debuginfo-1.1.20-8.i386.rpm' saved [205443/205443]

--15:47:45--  http://eticssoft.web.cern.ch/eticssoft/repository/org.glite/org.gridsite.core/1.1.20/slc4_ia32_gcc346/gridsite-devel-1.1.20-8.i386.rpm
           => `gridsite-devel-1.1.20-8.i386.rpm'
Connecting to eticssoft.web.cern.ch|137.138.143.225|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 44,333 (43K) [application/x-rpm]

100%[====================================>] 44,333        --.--K/s             

15:47:45 (761.25 KB/s) - `gridsite-devel-1.1.20-8.i386.rpm' saved [44333/44333]

--15:47:45--  http://eticssoft.web.cern.ch/eticssoft/repository/org.glite/org.gridsite.core/1.1.20/slc4_ia32_gcc346/gridsite-gsexec-1.1.20-8.i386.rpm
           => `gridsite-gsexec-1.1.20-8.i386.rpm'
Connecting to eticssoft.web.cern.ch|137.138.143.225|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 11,502 (11K) [application/x-rpm]

100%[====================================>] 11,502        --.--K/s             

15:47:45 (614.40 KB/s) - `gridsite-gsexec-1.1.20-8.i386.rpm' saved [11502/11502]

--15:47:45--  http://linuxsoft.cern.ch/EGEE/gLite/R3.1/generic/sl4/i386/RPMS.updates/gridsite-shared-1.1.20-8.i386.rpm
           => `gridsite-shared-1.1.20-8.i386.rpm'
Reusing existing connection to linuxsoft.cern.ch:80.
HTTP request sent, awaiting response... 200 OK
Length: 77,311 (75K) [application/x-rpm]

100%[====================================>] 77,311        --.--K/s             

15:47:45 (1.25 MB/s) - `gridsite-shared-1.1.20-8.i386.rpm' saved [77311/77311]


FINISHED --15:47:45--
Downloaded: 473,322 bytes in 6 files
[root@forkys-sl34 glite-local]# createrepo .
6/6 - gridsite-debuginfo-1.1.20-8.i386.rpm                                      
Saving Primary metadata
Saving file lists metadata
Saving other metadata
[root@forkys-sl34 glite-local]# cd
[root@forkys-sl34 ~]# cat > glite-local.repo <<EOF
> [main]
> [glite-local]
> name=Local glite RPMS repository
> baseurl=file:///var/cache/glite-local
> enabled=1
> EOF
[root@forkys-sl34 ~]# yum -c glite-local.repo install -y gridsite-apache gridsite-commands gridsite-debuginfo gridsite-devel gridsite-gsexec gridsite-shared
Setting up Install Process
Setting up repositories
glite-local               100% |=========================|  951 B    00:00     
Reading repository metadata in from local files
primary.xml.gz            100% |=========================| 2.1 kB    00:00     
glite-loca: ################################################## 6/6
Added 6 new packages, deleted 0 old in 0.02 seconds
Parsing package install arguments
Resolving Dependencies
--> Populating transaction set with selected packages. Please wait.
---> Downloading header for gridsite-debuginfo to pack into transaction set.
gridsite-debuginfo-1.1.20 100% |=========================| 3.0 kB    00:00     
---> Package gridsite-debuginfo.i386 0:1.1.20-8 set to be updated
---> Downloading header for gridsite-devel to pack into transaction set.
gridsite-devel-1.1.20-8.i 100% |=========================| 1.9 kB    00:00     
---> Package gridsite-devel.i386 0:1.1.20-8 set to be updated
---> Downloading header for gridsite-commands to pack into transaction set.
gridsite-commands-1.1.20- 100% |=========================| 4.1 kB    00:00     
---> Package gridsite-commands.i386 0:1.1.20-8 set to be updated
---> Downloading header for gridsite-gsexec to pack into transaction set.
gridsite-gsexec-1.1.20-8. 100% |=========================| 2.2 kB    00:00     
---> Package gridsite-gsexec.i386 0:1.1.20-8 set to be updated
---> Downloading header for gridsite-apache to pack into transaction set.
gridsite-apache-1.1.20-8. 100% |=========================| 2.7 kB    00:00     
---> Package gridsite-apache.i386 0:1.1.20-8 set to be updated
---> Downloading header for gridsite-shared to pack into transaction set.
gridsite-shared-1.1.20-8. 100% |=========================| 6.1 kB    00:00     
---> Package gridsite-shared.i386 0:1.1.20-8 set to be updated
--> Running transaction check

Dependencies Resolved

=============================================================================
 Package                 Arch       Version          Repository        Size 
=============================================================================
Installing:
 gridsite-apache         i386       1.1.20-8         glite-local        86 k
 gridsite-commands       i386       1.1.20-8         glite-local        46 k
 gridsite-debuginfo      i386       1.1.20-8         glite-local       201 k
 gridsite-devel          i386       1.1.20-8         glite-local        43 k
 gridsite-gsexec         i386       1.1.20-8         glite-local        11 k
 gridsite-shared         i386       1.1.20-8         glite-local        75 k

Transaction Summary
=============================================================================
Install      6 Package(s)         
Update       0 Package(s)         
Remove       0 Package(s)         
Total download size: 462 k
Downloading Packages:
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing: gridsite-shared              ######################### [1/6] 
  Installing: gridsite-debuginfo           ######################### [2/6] 
  Installing: gridsite-devel               ######################### [3/6] 
  Installing: gridsite-commands            ######################### [4/6] 
warning: group apache does not exist - using root
  Installing: gridsite-gsexec              ######################### [5/6] 
  Installing: gridsite-apache              ######################### [6/6] 

Installed: gridsite-apache.i386 0:1.1.20-8 gridsite-commands.i386 0:1.1.20-8 gridsite-debuginfo.i386 0:1.1.20-8 gridsite-devel.i386 0:1.1.20-8 gridsite-gsexec.i386 0:1.1.20-8 gridsite-shared.i386 0:1.1.20-8
Complete!
[root@forkys-sl34 ~]# 
[root@forkys-sl34 ~]# 
[root@forkys-sl34 ~]# yum -c http://etics-repository.cern.ch/repository/pm/registered/repomd/id/956f804f-a036-4069-995e-e1964b76e9e7/slc4_ia32_gcc346/etics-registered-build-by-id-protect.repo upgrade -y
Setting up Upgrade Process
Setting up repositories
ETICS-registered-build-95 100% |=========================|  764 B    00:00     
Reading repository metadata in from local files
primary.xml.gz            100% |=========================| 2.2 kB    00:00     
ETICS-regi: ################################################## 6/6
Added 6 new packages, deleted 0 old in 0.02 seconds
Resolving Dependencies
--> Populating transaction set with selected packages. Please wait.
---> Downloading header for gridsite-shared to pack into transaction set.
gridsite-shared-1.1.21-1. 100% |=========================| 6.1 kB    00:00     
---> Package gridsite-shared.i386 0:1.1.21-1.slc4 set to be updated
---> Downloading header for gridsite-debuginfo to pack into transaction set.
gridsite-debuginfo-1.1.21 100% |=========================| 3.0 kB    00:00     
---> Package gridsite-debuginfo.i386 0:1.1.21-1.slc4 set to be updated
---> Downloading header for gridsite-commands to pack into transaction set.
gridsite-commands-1.1.21- 100% |=========================| 4.2 kB    00:00     
---> Package gridsite-commands.i386 0:1.1.21-1.slc4 set to be updated
---> Downloading header for gridsite-devel to pack into transaction set.
gridsite-devel-1.1.21-1.s 100% |=========================| 1.9 kB    00:00     
---> Package gridsite-devel.i386 0:1.1.21-1.slc4 set to be updated
---> Downloading header for gridsite-gsexec to pack into transaction set.
gridsite-gsexec-1.1.21-1. 100% |=========================| 2.2 kB    00:00     
---> Package gridsite-gsexec.i386 0:1.1.21-1.slc4 set to be updated
---> Downloading header for gridsite-apache to pack into transaction set.
gridsite-apache-1.1.21-1. 100% |=========================| 2.7 kB    00:00     
---> Package gridsite-apache.i386 0:1.1.21-1.slc4 set to be updated
--> Running transaction check

Dependencies Resolved

=============================================================================
 Package                 Arch       Version          Repository        Size 
=============================================================================
Updating:
 gridsite-apache         i386       1.1.21-1.slc4    ETICS-registered-build-956f804f-a036-4069-995e-e1964b76e9e7-slc4_ia32_gcc346   86 k
 gridsite-commands       i386       1.1.21-1.slc4    ETICS-registered-build-956f804f-a036-4069-995e-e1964b76e9e7-slc4_ia32_gcc346   46 k
 gridsite-debuginfo      i386       1.1.21-1.slc4    ETICS-registered-build-956f804f-a036-4069-995e-e1964b76e9e7-slc4_ia32_gcc346  201 k
 gridsite-devel          i386       1.1.21-1.slc4    ETICS-registered-build-956f804f-a036-4069-995e-e1964b76e9e7-slc4_ia32_gcc346   44 k
 gridsite-gsexec         i386       1.1.21-1.slc4    ETICS-registered-build-956f804f-a036-4069-995e-e1964b76e9e7-slc4_ia32_gcc346   11 k
 gridsite-shared         i386       1.1.21-1.slc4    ETICS-registered-build-956f804f-a036-4069-995e-e1964b76e9e7-slc4_ia32_gcc346   76 k

Transaction Summary
=============================================================================
Install      0 Package(s)         
Update       6 Package(s)         
Remove       0 Package(s)         
Total download size: 464 k
Downloading Packages:
(1/6): gridsite-shared-1.1.21-1.slc4.i386.rpm                    76 kB 00:00 
(2/6): gridsite-debuginfo-1.1.21-1.slc4.i386.rpm                201 kB 00:00 
(3/6): gridsite-commands-1.1.21-1.slc4.i386.rpm                  46 kB 00:00 
(4/6): gridsite-devel-1.1.21-1.slc4.i386.rpm                     44 kB 00:00 
(5/6): gridsite-gsexec-1.1.21-1.slc4.i386.rpm                    11 kB 00:00 
(6/6): gridsite-apache-1.1.21-1.slc4.i386.rpm                    86 kB 00:00 
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Updating  : gridsite-shared              ####################### [ 1/12] 
  Updating  : gridsite-debuginfo           ####################### [ 2/12] 
  Updating  : gridsite-commands            ####################### [ 3/12] 
  Updating  : gridsite-devel               ####################### [ 4/12] 
warning: group apache does not exist - using root
  Updating  : gridsite-gsexec              ####################### [ 5/12] 
  Updating  : gridsite-apache              ####################### [ 6/12] 
  Cleanup   : gridsite-shared              ####################### [ 7/12]
  Cleanup   : gridsite-debuginfo           ####################### [ 8/12]
  Cleanup   : gridsite-commands            ####################### [ 9/12]
  Cleanup   : gridsite-devel               ####################### [10/12]
  Cleanup   : gridsite-gsexec              ####################### [11/12]
  Cleanup   : gridsite-apache              ####################### [12/12]

Updated: gridsite-apache.i386 0:1.1.21-1.slc4 gridsite-commands.i386 0:1.1.21-1.slc4 gridsite-debuginfo.i386 0:1.1.21-1.slc4 gridsite-devel.i386 0:1.1.21-1.slc4 gridsite-gsexec.i386 0:1.1.21-1.slc4 gridsite-shared.i386 0:1.1.21-1.slc4
Complete!
[root@forkys-sl34 ~]# yum install -y httpd mod_ssl
Loading "kernel-module" plugin
Setting up Install Process
Setting up repositories
Reading repository metadata in from local files
Parsing package install arguments
Resolving Dependencies
--> Populating transaction set with selected packages. Please wait.
---> Downloading header for httpd to pack into transaction set.
httpd-2.0.52-41.sl4.7.i38 100% |=========================|  65 kB    00:00     
---> Package httpd.i386 0:2.0.52-41.sl4.7 set to be updated
---> Downloading header for mod_ssl to pack into transaction set.
mod_ssl-2.0.52-41.sl4.7.i 100% |=========================|  27 kB    00:00     
---> Package mod_ssl.i386 1:2.0.52-41.sl4.7 set to be updated
--> Running transaction check
--> Processing Dependency: httpd-suexec for package: httpd
--> Processing Dependency: libaprutil-0.so.0 for package: httpd
--> Processing Dependency: libnal.so.1 for package: mod_ssl
--> Processing Dependency: libdistcache.so.1 for package: mod_ssl
--> Processing Dependency: libapr-0.so.0 for package: httpd
--> Processing Dependency: apr >= 0.9.4-24.2 for package: httpd
--> Restarting Dependency Resolution with new changes.
--> Populating transaction set with selected packages. Please wait.
---> Downloading header for distcache to pack into transaction set.
distcache-1.4.5-6.i386.rp 100% |=========================| 7.1 kB    00:00     
---> Package distcache.i386 0:1.4.5-6 set to be updated
---> Downloading header for httpd-suexec to pack into transaction set.
httpd-suexec-2.0.52-41.sl 100% |=========================|  25 kB    00:00     
---> Package httpd-suexec.i386 0:2.0.52-41.sl4.7 set to be updated
---> Downloading header for apr to pack into transaction set.
apr-0.9.4-24.9.2.sl4.1.i3 100% |=========================| 7.8 kB    00:00     
---> Package apr.i386 0:0.9.4-24.9.2.sl4.1 set to be updated
---> Downloading header for apr-util to pack into transaction set.
apr-util-0.9.4-22.el4_8.2 100% |=========================| 5.5 kB    00:00     
---> Package apr-util.i386 0:0.9.4-22.el4_8.2 set to be updated
--> Running transaction check
Beginning Kernel Module Plugin
Finished Kernel Module Plugin

Dependencies Resolved

=============================================================================
 Package                 Arch       Version          Repository        Size 
=============================================================================
Installing:
 httpd                   i386       2.0.52-41.sl4.7  sl-errata         903 k
 mod_ssl                 i386       1:2.0.52-41.sl4.7  sl-errata         102 k
Installing for dependencies:
 apr                     i386       0.9.4-24.9.2.sl4.1  sl-errata          94 k
 apr-util                i386       0.9.4-22.el4_8.2  sl-errata          52 k
 distcache               i386       1.4.5-6          sl-base           111 k
 httpd-suexec            i386       2.0.52-41.sl4.7  sl-errata          31 k

Transaction Summary
=============================================================================
Install      6 Package(s)         
Update       0 Package(s)         
Remove       0 Package(s)         
Total download size: 1.3 M
Downloading Packages:
(1/6): httpd-2.0.52-41.sl 100% |=========================| 903 kB    00:02     
(2/6): distcache-1.4.5-6. 100% |=========================| 111 kB    00:00     
(3/6): httpd-suexec-2.0.5 100% |=========================|  31 kB    00:00     
(4/6): apr-0.9.4-24.9.2.s 100% |=========================|  94 kB    00:00     
(5/6): mod_ssl-2.0.52-41. 100% |=========================| 102 kB    00:00     
(6/6): apr-util-0.9.4-22. 100% |=========================|  52 kB    00:00     
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing: apr                          ######################### [1/6] 
  Installing: apr-util                     ######################### [2/6] 
  Installing: distcache                    ######################### [3/6] 
  Installing: httpd                        ######################### [4/6] 
  Installing: httpd-suexec                 ######################### [5/6] 
  Installing: mod_ssl                      ######################### [6/6] 

Installed: httpd.i386 0:2.0.52-41.sl4.7 mod_ssl.i386 1:2.0.52-41.sl4.7
Dependency Installed: apr.i386 0:0.9.4-24.9.2.sl4.1 apr-util.i386 0:0.9.4-22.el4_8.2 distcache.i386 0:1.4.5-6 httpd-suexec.i386 0:2.0.52-41.sl4.7
Complete!
[root@forkys-sl34 ~]# sed -e '1,$s!/usr/lib/httpd/modules/!modules/!' /usr/share/doc/gridsite-*/httpd-webserver.conf | sed 's!/var/www/html!/var/www/htdocs!' | sed "s/FULL.SERVER.NAME/$(hostname -f)/" | sed "s/\(GridSiteGSIProxyLimit\)/# \1/"> /tmp/httpd-webserver.conf
[root@forkys-sl34 ~]# echo "AddHandler cgi-script .cgi" >> /tmp/httpd-webserver.conf
[root@forkys-sl34 ~]# echo "ScriptAlias /gridsite-delegation.cgi /usr/sbin/gridsite-delegation.cgi" >> /tmp/httpd-webserver.conf
[root@forkys-sl34 ~]# mkdir /var/www/htdocs
[root@forkys-sl34 ~]# httpd -f /tmp/httpd-webserver.conf
[root@forkys-sl34 ~]# 

Tests

Ping Tests

[root@forkys-sl34 tests]# ./ping-remote.sh `hostname -f` --html
Oct 06 17:17:25 forkys-sl34 ping-remote.sh:    start
Testing if all binaries are available   done
Testing ping to Apache server forkys-sl34.zcu.cz   done
Testing Apache server at forkys-sl34.zcu.cz:443   done
Oct 06 17:17:27 forkys-sl34 ping-remote.sh:    end

TestPlan Tests

https://twiki.cern.ch/twiki/bin/view/EGEE/GridSiteTestPlan

READ (Read Permissions)

[root@forkys-sl34 ~]# cat >/var/www/htdocs/test.html <<EOF
> <html><body><h1>Hello Grid</h1></body></html>
> EOF
[root@forkys-sl34 ~]# code=`curl --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --output /dev/null --silent --write-out '%{http_code}\n'  https://$(hostname -f)/test.html`
[root@forkys-sl34 ~]# [ "$code" = "403" ] && echo "OK"
OK
[root@forkys-sl34 ~]# 
[root@forkys-sl34 ~]# cat >/var/www/htdocs/.gacl <<EOF
> <gacl>
>   <entry>
>     <any-user/>
>       <allow><read/></allow>
>   </entry>
> </gacl>
> EOF
[root@forkys-sl34 ~]# 
[root@forkys-sl34 ~]# code=`curl --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --output /dev/null --silent --write-out '%{http_code}\n'  https://$(hostname -f)/test.html`
[root@forkys-sl34 ~]# [ "$code" = "200" ] && echo "OK"
OK
[root@forkys-sl34 ~]# 

Get index (list & read permissions)

[root@forkys-sl34 ~]# code=`curl --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --output /dev/null --silent --write-out '%{http_code}\n' \
> https://$(hostname -f)/`
[root@forkys-sl34 ~]# [ "$code" = "403" ] && echo "OK"
OK
[root@forkys-sl34 ~]# 
[root@forkys-sl34 ~]# cat >/var/www/htdocs/.gacl <<EOF
> <gacl>
>   <entry>
>     <person>
>       <dn>`openssl x509 -noout -subject -in /etc/grid-security/hostcert.pem | sed -e 's/^subject= //'`</dn>
>     </person>
>     <allow><read/><list/></allow>
>   </entry>
> </gacl>
> EOF
[root@forkys-sl34 ~]# 
[root@forkys-sl34 ~]# code=`curl --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --output /dev/null --silent --write-out '%{http_code}\n' \
> https://$(hostname -f)/`
[root@forkys-sl34 ~]# [ "$code" = "200" ] && echo "OK"
OK
[root@forkys-sl34 ~]# 

WRITE & DELETE (write permissions)

[root@forkys-sl34 ~]# rm -f /var/www/htdocs/.gacl /var/www/htdocs/test.txt
[root@forkys-sl34 ~]# date > /tmp/test.txt
[root@forkys-sl34 ~]# chown apache /var/www/htdocs/
[root@forkys-sl34 ~]# code=`curl --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --output /dev/null --silent --write-out '%{http_code}\n' \
> --upload-file /tmp/test.txt https://$(hostname -f)/test.txt`
[root@forkys-sl34 ~]# [ "$code" = "403" ] && echo "OK"
OK
[root@forkys-sl34 ~]# 
[root@forkys-sl34 ~]# cat >/var/www/htdocs/.gacl <<EOF
> <gacl>
>   <entry>
>     <person>
>       <dn>`openssl x509 -noout -subject -in /etc/grid-security/hostcert.pem | sed -e 's/^subject= //'`</dn>
>     </person>
>     <allow><write/></allow>
>   </entry>
> </gacl>
> EOF
[root@forkys-sl34 ~]# 
[root@forkys-sl34 ~]# code=`curl --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --output /dev/null --silent --write-out '%{http_code}\n' \
> --upload-file /tmp/test.txt https://$(hostname -f)/test.txt`
[root@forkys-sl34 ~]# cmp -s /tmp/test.txt /var/www/htdocs/test.txt
[root@forkys-sl34 ~]# [ $? -eq 0 -a "$code" = "201" ] && echo "OK"
OK
[root@forkys-sl34 ~]# 
[root@forkys-sl34 ~]# mv  /var/www/htdocs/.gacl /var/www/htdocs/.gacl.bak
[root@forkys-sl34 ~]# code=`curl --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --output /dev/null --silent --write-out '%{http_code}\n' \
> -X DELETE https://$(hostname -f)/test.txt`
[root@forkys-sl34 ~]# [ "$code" = "403" ] && echo "OK"
OK
[root@forkys-sl34 ~]# 
[root@forkys-sl34 ~]# mv /var/www/htdocs/.gacl.bak /var/www/htdocs/.gacl
[root@forkys-sl34 ~]# 
[root@forkys-sl34 ~]# code=`curl --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --output /dev/null --silent --write-out '%{http_code}\n' \
> -X DELETE https://$(hostname -f)/test.txt`
[root@forkys-sl34 ~]# [ "$code" = "200" ] && echo "OK"
OK
[root@forkys-sl34 ~]# chown root /var/www/htdocs
[root@forkys-sl34 ~]# 

Check the attributes and passed on to the environment

[root@forkys-sl34 ~]# cat >/var/www/htdocs/.gacl <<EOF
> <gacl>
>   <entry>
>     <person>
>       <dn>`openssl x509 -noout -subject -in /etc/grid-security/hostcert.pem | sed -e 's/^subject= //'`</dn>
>     </person>
>     <allow><read/></allow>
>   </entry>
> </gacl>
> EOF
[root@forkys-sl34 ~]# cat >/var/www/htdocs/test.cgi <<EOF
> #!/bin/sh                                                                                                                                    
> echo 'Content-type: text/plain'                                                                                                              
> echo                                                                                                                                         
> printenv
> EOF
[root@forkys-sl34 ~]# chmod +x /var/www/htdocs/test.cgi
[root@forkys-sl34 ~]# code=`curl --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --output /tmp/gridsite.log --silent --write-out '%{http_code}\n'  https://$(hostname -f)/test.cgi`
[root@forkys-sl34 ~]# [ "$code" = "200" ] && echo "OK"
OK
[root@forkys-sl34 ~]# grep "^GRST_" /tmp/gridsite.log 2>/dev/null
GRST_ACL_FORMAT=GACL
GRST_DN_LISTS=/etc/grid-security/dn-lists/:/var/www/htdocs/dn-lists/
GRST_DISK_MODE=0x0600
GRST_HEAD_FILE=gridsitehead.txt
GRST_PERM=1
GRST_CRED_0=X509USER 1265031720 1298988720 0 /DC=cz/DC=cesnet-ca/O=University of West Bohemia/CN=forkys.zcu.cz
GRST_EDITABLE= txt shtml html htm css js php jsp 
GRST_GSIPROXY_LIMIT=1
GRST_DN_LISTS_URI=/dn-lists/
GRST_FOOT_FILE=gridsitefoot.txt
GRST_DIR_PATH=/var/www/htdocs
GRST_ADMIN_FILE=gridsite-admin.cgi
[root@forkys-sl34 ~]# [ $? -eq 0 ] && echo "OK"
OK
[root@forkys-sl34 ~]# 

Test the basic commands (htcp, htls, htmkdir, htmv, htrm)

[root@forkys-sl34 ~]# cat >/var/www/htdocs/.gacl <<EOF
> <gacl>
>   <entry>
>     <person>
>       <dn>`openssl x509 -noout -subject -in /etc/grid-security/hostcert.pem | sed -e 's/^subject= //'`</dn>
>     </person>
>     <allow><read/><write/><list/></allow>
>   </entry>
> </gacl>
> EOF
[root@forkys-sl34 ~]# 
[root@forkys-sl34 ~]# chown apache /var/www/htdocs/
[root@forkys-sl34 ~]# 
[root@forkys-sl34 ~]# date > /tmp/test.txt
[root@forkys-sl34 ~]# htcp --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates/ /tmp/test.txt https://$(hostname -f)/
[root@forkys-sl34 ~]# [ $? -eq 0 ] && echo "OK"
OK
[root@forkys-sl34 ~]# htls --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates/ https://$(hostname -f)/test.txt > /dev/null
[root@forkys-sl34 ~]# [ $? -eq 0 ] && echo "OK"
OK
[root@forkys-sl34 ~]# htmv --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates/ https://$(hostname -f)/test.txt https://$(hostname -f)/test2.txt
[root@forkys-sl34 ~]# [ $? -eq 0 ] && echo "OK"
OK
[root@forkys-sl34 ~]# htcp --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates/ https://$(hostname -f)/test2.txt /tmp
[root@forkys-sl34 ~]# [ $? -eq 0 ] && echo "OK"
OK
[root@forkys-sl34 ~]# htrm --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates/ https://$(hostname -f)/test2.txt
[root@forkys-sl34 ~]# [ $? -eq 0 ] && echo "OK"
OK
[root@forkys-sl34 ~]# htls --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates/ https://$(hostname -f)/test2.txt 2> /dev/null
[root@forkys-sl34 ~]# [ $? -eq 22 ] && echo "OK"
OK
[root@forkys-sl34 ~]# htls --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates/ https://$(hostname -f)/ > /dev/null
[root@forkys-sl34 ~]# [ $? -eq 0 ] && echo "OK"
OK
[root@forkys-sl34 ~]# cmp /tmp/test.txt /tmp/test2.txt
[root@forkys-sl34 ~]# [ $? -eq 0 ] && echo "OK"
OK
[root@forkys-sl34 ~]# 
[root@forkys-sl34 ~]# chown root /var/www/htdocs/
[root@forkys-sl34 ~]# 

Test proxy delegation

N/A

Utilities not available in gridsite for gLite 3.1.

Review of Linked Bugs

#72185 – gridsite hardcodes md5 as the signature algorithm

Grant access to the test.cgi above to be to <any-user> and create a VOMS proxy. Make sure the VOMS AC is signed using SHA1 and verify it gets accepted by GridSite.

ui1.egee.cesnet.cz$ voms-proxy-info -fqan -acissuer
/C=IT/O=INFN/OU=Host/L=CNAF/CN=emitestbed07.cnaf.infn.it
/emitest/Role=NULL/Capability=NULL
ui1.egee.cesnet.cz$ openssl asn1parse -offset 475 -in /tmp/x509up_u202 |grep -A 2 emitestbed07
31235:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:asn1_lib.c:140:
  211:d=6  hl=2 l=  25 prim: PRINTABLESTRING   :emitestbed07.cnaf.infn.it
  238:d=0  hl=2 l=  13 cons: SEQUENCE          
  240:d=1  hl=2 l=   9 prim: OBJECT            :sha1WithRSAEncryption
ui1.egee.cesnet.cz$ curl --cert /tmp/x509up_u202 --key /tmp/x509up_u202 --capath /etc/grid-security/certificates --silent https://forkys-sl34.zcu.cz/test.cgi|grep GRST_CRED_2
GRST_CRED_2=VOMS 1286442405 1286485591 0 /emitest/Role=NULL/Capability=NULL
Fix certified
Edit | Attach | Watch | Print version | History: r6 < r5 < r4 < r3 < r2 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r6 - 2010-10-07 - ZdenekSustr
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    EGEE All webs login

This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright & by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Ask a support question or Send feedback