Certification report for patches 3965 and 3966

Author(s): Dennis van Dok, dennisvd@nikhef.nl

Patches: https://savannah.cern.ch/patch/index.php?3965 and https://savannah.cern.ch/patch/index.php?3966

These patches provide an update to gridsite after a mod_ssl security fix caused the Apache httpd to crash with a segmentation fault due to a changed internal data structure. The patches are for i386 and x86_64 respectively, and were certified together.

Outcome: Certified

Clean installation

Installated a clean virtual machine (put.nikhef.nl) with CentOS 4, i386, and 512 Mb of memory and base packages only. Patch 3966 was tested on a re-installation of this machine, but with a x86_64 architecture. The test procedure remained largely the same.

After the installation of the LCG-CA distribution, and host certificate, installed httpd

In the i386 case:

  =============================================================================
   Package                 Arch       Version          Repository        Size 
  =============================================================================
  Installing:
   httpd                   i386       2.0.52-41.ent.7.centos4  updates           903 k
  Installing for dependencies:
   apr                     i386       0.9.4-24.9.el4_8.2  updates            93 k
   apr-util                i386       0.9.4-22.el4_8.2  updates            52 k
   file                    i386       4.10-8.el4       base              259 k
   httpd-suexec            i386       2.0.52-41.ent.7.centos4  updates            31 k
   mailcap                 noarch     2.1.17-1         base               14 k
  

In the x86_64 case:

   =============================================================================
   Package                 Arch       Version          Repository        Size 
   =============================================================================
   Installing:
    httpd                   x86_64     2.0.52-41.ent.7.centos4  updates           956 k
    mod_ssl                 x86_64     1:2.0.52-41.ent.7.centos4  updates           107 k
   Installing for dependencies:
    apr                     x86_64     0.9.4-24.9.el4_8.2  updates            98 k
    apr-util                x86_64     0.9.4-22.el4_8.2  updates            56 k
    distcache               x86_64     1.4.5-6          base              121 k
    file                    x86_64     4.10-8.el4       base              264 k
    httpd-suexec            x86_64     2.0.52-41.ent.7.centos4  updates            32 k
    mailcap                 noarch     2.1.17-1         base               14 k
    make                    x86_64     1:3.80-7.EL4     base              345 k
   Updating for dependencies:
    openssl                 x86_64     0.9.7a-43.17.el4_8.5  updates           1.2 M
 

On i386, I installed the current gLite production gridsite from http://linuxsoft.cern.ch/EGEE/gLite/R3.1/glite-WMS/sl4/i386/RPMS.release/gridsite-apache-1.1.18.1-1.i386.rpm and http://linuxsoft.cern.ch/EGEE/gLite/R3.1/glite-WMS/sl4/i386/RPMS.release/gridsite-shared-1.1.18.1-1.i386.rpm.

  =============================================================================
   Package                 Arch       Version          Repository        Size 
  =============================================================================
  Installing:
   gridsite-apache         i386       1.1.18.1-1       gridsite-apache-1.1.18.1-1.i386.rpm  209 k
   gridsite-shared         i386       1.1.18.1-1       gridsite-shared-1.1.18.1-1.i386.rpm  227 k
  Installing for dependencies:
   curl                    i386       7.12.1-11.1.el4_8.2  updates           231 k
   libidn                  i386       0.5.6-1          base              169 k

On x86_64, I installed gridsite-shared and gridsite-apache from http://glite.web.cern.ch/glite/packages/R3.1/x86_64/deployment/glite-SE_dpm_mysql/3.1.25-0/glite-SE_dpm_mysql-3.1.25-0.html.

    =============================================================================
     Package                 Arch       Version          Repository        Size 
    =============================================================================
    Installing:
     gridsite-apache         x86_64     1.1.19-1         gridsite-apache-1.1.19-1.x86_64.rpm  248 k
     gridsite-shared         x86_64     1.1.19-1         gridsite-shared-1.1.19-1.x86_64.rpm  251 k
    Installing for dependencies:
     curl                    x86_64     7.12.1-11.1.el4_8.3  updates           234 k
     libidn                  x86_64     0.5.6-1          base              171 k

Test report

Gridsite comes with an example httpd webserver configuration (/usr/share/doc/gridsite-1.1.xx/httpd-webserver.conf) that requires minimal changes to use in a test. Only the ServerName needs to be set, and in the x86_64 case, the paths to the loaded modules had to be fixed to point to /usr/lib64 instead of /usr/lib.

Starting httpd now results in a crash, thus reproducing the problem.

# httpd
Segmentation fault

Installation of the updated gridsite-apache and gridsite-shared RPMs as listed in the respective patches resulted in succes.

# rpm -U gridsite-apache-1.1.20-2.x86_64.rpm gridsite-shared-1.1.20-2.x86_64.rpm 
# /etc/init.d/httpd start
Starting httpd:                                            [  OK  ]

A simple interaction test on https://put.nikhef.nl:443/ showed that the webserver now worked.

Additional tests on i386

In the i386 case, I also tested a basic installation of a production gLite 3.1 WMS. After a clean installation of the machine (CentOS 4, i386), the YAIM run resulted in an error:

ABORT: Service glite-wms-wmproxy failed to start!
ERROR: Error during the execution of function: config_glite_wms

Again, the installation of the gridsite packages from the patch resulted in success.

-- DVanDok - 09-Apr-2010