image_permissions stores access info for images. You can share an
image with a user or a group (project), and you can specify write
access to allow updating the image in place. Note that write access
does not allow the descriptor to be modified, only the image itself.
Well, that is how it will be after Mike changes mfrisbeed.

The front end script to modify permissions is grantimage:

	boss> grantimage -u stoller -w tbres,myimage
	boss> grantimage -u stoller -w tbres,myimage

which grants write access to stoller. Or:

	boss> grantimage -g testbed,testbed tbres,myimage

which grants access to the testbed project. Notice that you can
specify subgroups this way.

	boss> grantimage -l tbres,myimage

will give you a list of current permissions. To revoke, just add -r
option:

	boss> grantimage -g testbed,testbed -r tbres,myimage

Who is allowed to grant access to an image? 1) An adminstrator of
course, 2) the image creator, and 3) any group_root in the group that
the image belongs to. Being granted access to use an image does not
confer permission to grant access to others.

One last task; while the web interface displays the permissions, there
is no web interface to modify the permissions; users will still have
to ask us for now.

We were doing this just in the CONFIG_SINGLENET case, but we have to
do this even when the experiment has a private cnet since the inner
dhcpd has to respond to PXE boots on the real control net.

[ this is a re-commit of a faulty earlier commit. ]

When downloading an image, start the frisbeed process with the minimum set of
gids necessary to access the image. This includes the unix gid of the
project that the image is in and, optionally, the unix gid of the project
subgroup if the image is part of one.

Previously, we just use the gid set of the uid of the swapper of the
experiment. Not only was this excessive, but it might also not include the
gids needed in the case of a "global" image that is not in the world-readable
/usr/testbed/images directory.

This reverts commit fc89eb38.

Checked in a bunch of crap that was unrelated.

When downloading an image, start the frisbeed process with the minimum set of
gids necessary to access the image. This includes the unix gid of the
project that the image is in and, optionally, the unix gid of the project
subgroup if the image is part of one.

Previously, we just use the gid set of the uid of the swapper of the
experiment. Not only was this excessive, but it might also not include the
gids needed in the case of a "global" image that is not in the world-readable
/usr/testbed/images directory.

Subtle: if your elabinelab uses a VM for ops, then there will be no
myops.eid.pid.emulab.net DNS alias created outside (since there is no actual
ops node in the topo) and thus the inner ops cannot be used as a proxy for
ssh'ing to the unroutable inner nodes. In that case we use the inner boss
instead.

The former will filter out the bogus NULLs we occasionally see.

Per-repository 'keywords' may now be configured by setting the
hooks.gitmail.keyword option.  One X-Git-Repo-Keyword header is added
to commit mails for each keyword specified.

The primary use case for this is to configure related repositories
with the same keyword(s), so that commit mails for those repositories
can be filtered with a single rule rather than one for each
repository.

use this path when setting up the vlan, instead of recomputing the set
of trunks that are need. Assign does a much better job of this, so
throwing the info away is bad.

But, if there is no switch path, we still have to be careful cause the
switch infrastructure might have loops, and the existing algorithm did
not take that into account. And in fact, Utah has loops and this was
causing grief. I added a simple spanning tree function (Prim's Greedy)
to calculate a loop free set of trunks.

An added complication is if the vlans are modified on the command
line, and the there is a switch path in the DB. In this case we have
to throw that away, and revert to dumb loop free calculation.

Note that we also have to store the switch path in the vlans table,
since for swapmod/synctables, we need to know how to undo stale vlans
(which are no longer in the lans table).

actual switch details.

lans.

loopfree path from a set of trunk links.

Silly place for this, but I need it in libvtop.

table, and is a lan attribute).

will be subsumed by the NewMapper feature when that is exported to all
sites, which will happen soon.

context instead.

flag that says to reregister certs and resources. This is used from an
update script (21) that updates the certificates with a new URL that
uses http on a different port then 443.

variables for easier config in apache and protgeni code. The port
defaults to 12369, RPCNAME to $WWWHOST, and the URL is derived from
those two.

running on a different port. This will solve the problem with ssl
renegotiation since at some point, we can turn that off (remove the
protogeni stuff) from the main https virtual server. This one runs on
a different port, and can in fact be a distinct IP addresse, but that
is not really necessary.

Instead, lets use the created field, and age out authorities and
components if they get too stale. This will help to keep sites from
getting too far out of date with respect to the clearinghouse.

Also, the URL for the certificates now comes from configure: PROTOGENI_URL