Fix the directory for SWIG, it seems to have moved. For now, we'll
stay with version 1.1, since we haven't tested the new version (1.3)
yet.

Bump revision.

Also, add more interfaces to be re-numbered for Rayford from aero.

is correct.

* Download the eventkey with new tmcd call.

* Pass -k option to various agents so that they can verify the HMACs
  in the incoming notifications.

* Change program agent; The list of agents from tmcd now includes the
  command, which is written to a config file for the program-agent to
  read in. The command string in the event is now ignored.

* Build the local proxy for linux, and add the goo to start the local
  elvind and use the proxy. It has been this way on FreeBSD for a
  while, but I never got it installed for Linux before now.

is to add HMACs to events to ensure they that events cannot be
injected into an experiment by an unauthorized client.

* The frontend now generates a secret key for each experiment and
  stores that into a file and in the DB.

* Each of the event clients, as well as the event producers
  (scheduler, tevc) have a new -k option to specify the name of the
  file. Two new event library functions were added for clients to give
  the key:

    event_handle_t
    event_register_withkeyfile(char *name, int threaded, char *keyfile);

    event_handle_t
    event_register_withkeydata(char *name, int threaded,
	   		       unsigned char *keydata, int keylen);

* When the library is in possesion of a key, it will generate an HMAC
  and attach it to outgoing notifications. A client receiving a
  notification will compute an HMAC and compare it against the HMAC in
  the notification. If they do not compare, the notification is
  dropped with a warning message printed (the client callback never
  gets the notification). If the client has not provided a key, then
  the HMAC in the incoming notification is ignored.

* The scheduler also takes a -k option, and will compute HMACs for all
  of the static events ahead of time. That keeps it off the critical
  path.

* The tevc client also takes a -k option. However, tevc will always
  try to find the keyfile (default path) so that it can attach the
  HMAC to dynamic events before sending them to the scheduler (which
  will check to make sure it matches). The scheduler will not accept
  dynamic events without unless the HMAC is present and matches.

* I have rebuilt the elvin librarys, removing all of the X goop and
  the SSL goop. Smaller binaries. So, I had to add -lcrypto to all of
  the client makefiles to that programs link.

* The program-agent got a few more changes. The command string is no
  longer passed inside the event; it comes in when the program agent
  is started, via a config file generated from tmcd data. This gets
  rid of our mostly insecure remote execution facility.

* Generate a shared secret key for the event system. This key is
  stored into the DB, and passed to the node via tmcd. It is also
  stashed into a file in the experiment directory (can be accessed
  only by the project/group members). The key is used to attach a
  HMAC (hashed message authentication) to each event, which is checked
  by the receivers to ensure that the event is not bogus. More details
  on this later when I commit the event library/client changes.

* Added "virt_programs" table to store info about each program object
  defined by the user. The intent is to no longer send the command
  string in the event, but to fix it in the DB, and transfer it via
  tmcd. This removes our "remote execution facility" which was always
  a bad idea (we have ssh for that, and that is a lot more secure then
  the event system!).

  Note that for the time being we need to continue send the command in
  the event because of old images, but the new images will now ignore
  that part of the event.

in the php extensions directory, and the following two lines were
added to /usr/local/etc/php.ini:

	extension_dir = /usr/local/lib/php/20020429/
	extension="apc.so"

The new version is a little odd in that it is more difficult to clear
the cache, which we must do when we install new pages. Rather then
jump through too many hoops, I added a simple clearapc.php page, which
does nothing but make the call from within the webserver. I have
hooked this into the make install target using wget. If you care to
see what is currently in the cache, you can load this page:

	https://www.emulab.net/apc.php

which gives a non-pretty print dump of the cache. To clear the cache
from your web browser:

	https://www.emulab.net/clearapc.php

when trying to renew any node.  Needs further review later.

really eats the CPU!

1) properly disable alarm before exiting ForkCmd
   - this was causing SIGALRM to get sent when it shouldn't have, and
     probably caused the renewal failures.
   - was introduced accidentally yesterday when I unwittingly committed
     some beta libplab code along with the rootball version string fix.

2) Changed semantics of the renew daemon s.t. it only sends a single message
   for each invocation of the renewal loop - summarizes the ones that failed.

The rest of the code I committed accidentally yesterday seems to be working
just fine.  It all looks sane on perusal.

without them. But, use the 'inline' disposition instead of
'attachment', which seems to allow Mozilla et al to run them w/o
a dialog box. IE still pops one up, though.

Also, change the extension of the ssh files to tbssh - tbc conflicts
with other stuff under Windows.

getting confused by canfail code.

the new interfaces.

does not reduce the number of nodes required by the number of already
allocated nodes. Even so, the test is fuzzy and assign might fail
anyway cause of node type requirements.

autoconf.

temporary changes to avoid user confusion.

* Show just the batchstate variable to mere users.

* Change the label we print from "terminating" to "swapping" and from
  "paused" to "swapped".

When I get some time I will make these changes in the DB and we can
take out the little bit of code that changes the labels.

proper error.

Will just put this in the sup tree for now.

work; do not run it yet since the rest of the support is not in place.

For now, put it first to reflect writing order and new-ness.
Later, reorder by publishing date.