Fix bugs reported by Gary when he tried to use initsite on a new

elabinelab.

protogeni/scripts/gencrl.in

@@ -133,6 +133,9 @@ if (-e $CRLPEM) {
     print "$crlcreated, $expires, $diff, $force\n"
 	if ($debug);
 }
+else {
+    $force = 1;
+}
 
 #
 # Find all revoked certificates. We want to create an index.txt file. 

protogeni/scripts/getcacerts.in

@@ -16,8 +16,9 @@ sub usage()
     print "Usage: getcacerts [-l]\n";
     exit(1);
 }
-my $optlist = "l";
+my $optlist = "lp";
 my $nolog   = 0;
+my $nopost  = 0;
 
 #
 # Configure variables
@@ -29,7 +30,8 @@ my $PGENIDOMAIN   = "@PROTOGENI_DOMAIN@";
 my $PGENISUPPORT  = @PROTOGENI_SUPPORT@;
 my $TBBASE        = "@TBBASE@";
 my $FETCH	  = "/usr/bin/fetch";
-my $POSCRL        = "$TB/sbin/protogeni/postcrl";
+my $POSTCRL       = "$TB/sbin/protogeni/postcrl";
+my $GENCRL        = "$TB/sbin/protogeni/gencrl";
 my $LOCALCRL      = "$TB/ssl/crl.pem";
 
 # un-taint path
@@ -64,6 +66,9 @@ if (! getopts($optlist, \%options)) {
 if (defined($options{"l"})) {
     $nolog  = 1;
 }
+if (defined($options{"p"})) {
+    $nopost  = 1;
+}
 my $restartapache = 0;
 
 # Record output in case of error.
@@ -79,8 +84,14 @@ mkdir("/tmp/genicacerts.$$", 0755) or
 # uptodate since our post does not cause Utah to regen the bundle.
 # (just making sure we get a new version posted every night).
 #
-system($POSTCRL) >= 0
-    or fatal("Could not post new CRL!");
+if ($nopost) {
+    system($GENCRL) >= 0
+	or fatal("Could not generate new CRL!");
+}
+else {
+    system($POSTCRL) >= 0
+	or fatal("Could not post new CRL!");
+}
 
 #
 # Fetch the ca bundle from Utah. These are public keys ...

protogeni/scripts/initsite.in

@@ -41,6 +41,7 @@ my $MKCERTS	  = "$TB/sbin/protogeni/createcerts";
 my $ADDAUTHORITY  = "$TB/sbin/protogeni/addauthority";
 my $GETCACERTS    = "$TB/sbin/protogeni/getcacerts";
 my $POSTCRL       = "$TB/sbin/protogeni/postcrl";
+my $GENCRL        = "$TB/sbin/protogeni/gencrl";
 my $GENCRLBUNDLE  = "$TB/sbin/protogeni/gencrlbundle";
 my $MKSYSCERT	  = "$TB/sbin/mksyscert";
 my $MKUSERCERT	  = "$TB/sbin/mkusercert";
@@ -125,16 +126,19 @@ if (! -e "$TB/etc/.federated") {
 #
 # Packages.
 #
-my %packlist = ("p5-Frontier-RPC" => "/usr/ports/net/p5-Frontier-RPC",
+my %packlist = ("libxml2-2.6.26"  => "/usr/ports/textproc/libxml2",
+		"p5-Frontier-RPC" => "/usr/ports/net/p5-Frontier-RPC",
 		"p5-XML-LibXML"   => "/usr/ports/textproc/p5-XML-LibXML",
 		"xmlsec1"         => "/usr/ports/security/xmlsec1",
 		"p5-Crypt-SSLeay" => "/usr/ports/security/p5-Crypt-SSLeay"
 		);
 my $needpkgs = 0;
 
-foreach my $pkgname (keys(%packlist)) {
+foreach my $pkgname (sort(keys(%packlist))) {
     my $pkgdir = $packlist{$pkgname};
     
+    print STDERR "Checking for package $pkgname\n";
+
     next
 	if (system("$PKG_INFO -E '${pkgname}*' >/dev/null") == 0);
 
@@ -151,11 +155,16 @@ if ($needpkgs) {
 # interface. A bundle of CA certs from the trusted roots (emulabs) will
 # be used. This bundle will periodically update as sites come online.
 #
+if (! -e "$TB/etc/genica.bundle") {
+    system("/bin/cp $TB/etc/emulab.pem $TB/etc/genica.bundle") == 0
+	or fatal("Could not initialize $TB/etc/genica.bundle");
+}
+if (! -e "$TB/etc/genicrl.bundle") {
+    system("/usr/bin/touch $TB/etc/genicrl.bundle") == 0
+	or fatal("Could not initialize $TB/etc/genicrl.bundle");
+}
+
 if ($asch) {
-    if (! -e "$TB/etc/genica.bundle") {
-	system("/bin/cp $TB/etc/emulab.pem $TB/etc/genica.bundle") == 0
-	    or fatal("Could not initialize $TB/etc/genica.bundle");
-    }
     if (! -e "$TB/www/genica.bundle") {
 	system("/bin/cp $TB/etc/emulab.pem $TB/www/genica.bundle") == 0
 	    or fatal("Could not initialize $TB/www/genica.bundle");
@@ -198,9 +207,9 @@ if (system("egrep -q -s 'DPGENI' /etc/rc.conf")) {
     print "Please add 'apache_flags=\"-DSSL -DPGENI\"' to /etc/rc.conf\n";
     $restartapache++;
 }
-if ($asch && $restartapache) {
+if ($restartapache) {
     print "Then restart apache:\n";
-    print "    sudo /usr/local/etc/rc.d/apache restart\n";
+    print "    sudo /usr/local/etc/rc.d/apache.sh restart\n";
     print "Then rerun this script\n";
     exit(1);
 }
@@ -212,7 +221,7 @@ if ($asch && $restartapache) {
 # This script restarts apache.
 #
 if (!$asch) {
-    system("$GETCACERTS -l") == 0
+    system("$GETCACERTS -l -p") == 0
 	or fatal("Could not get CA bundle from Utah");
 
     #
@@ -221,7 +230,7 @@ if (!$asch) {
     #
     if (system("egrep -q -s '$GETCACERTS' /etc/crontab")) {
 	print "Please add this line to /etc/crontab:\n\n";
-	print "13  *  *  *	*  root  $GETCACERTS\n\n";
+	print "13  4  *  *	*  root  $GETCACERTS\n\n";
 	print "Then rerun this script\n";
 	exit(1);
     }
@@ -233,7 +242,7 @@ else {
     #
     if (system("egrep -q -s '$GENCRLBUNDLE' /etc/crontab")) {
 	print "Please add this line to /etc/crontab:\n\n";
-	print "10  *  *  *  *  root  $GENCRLBUNDLE\n\n";
+	print "10  4  *  *  *  root  $GENCRLBUNDLE\n\n";
 	print "Then rerun this script\n";
 	exit(1);
     }
@@ -244,7 +253,7 @@ else {
 #
 my $geniuser = User->Lookup($geniuserid);
 if (!defined($geniuser)) {
-    fatal("Need to do an install")
+    fatal("Need to do an install in the protogeni/etc directory.")
 	if (! -e "$TB/etc/protogeni/geniuser.xml");
 
     print "Creating Geni pseudo user ...\n";
@@ -256,12 +265,6 @@ if (!defined($geniuser)) {
     fatal("Could not verify geni user")
 	if ($?);
 
-    # Create an encrypted certificate for the test scripts.
-    my $passwd = substr(TBGenSecretKey(), 0, 10);
-    system("$SUDO -u $PROTOUSER $WAP $MKUSERCERT -p '$passwd' $geniuserid");
-    fatal("Could not create encrypted certificate for geni user")
-	if ($?);
-
     $geniuser = User->Lookup($geniuserid);    
     fatal("Could not lookup $geniuserid")
 	if (!defined($geniuser));
@@ -283,6 +286,12 @@ if (!defined($geniproj)) {
     $geniproj = Project->Lookup($geniprojid);
     fatal("Could not lookup $geniprojid")
 	if (!defined($geniproj));
+
+    # Create an encrypted certificate for the test scripts.
+    my $passwd = substr(TBGenSecretKey(), 0, 10);
+    system("$SUDO -u $PROTOUSER $WAP $MKUSERCERT -p '$passwd' $geniuserid");
+    fatal("Could not create encrypted certificate for geni user")
+	if ($?);
 }
 $geniuser->Refresh();
 $geniproj->Refresh();