in which it will later run. Now setting up and protogeni during the
install.

* Split all of the certificate stuff out of initsite into initcerts so
  that it can be run independently, and when updating the IP/domain of
  a site.

* Redo initsite in terms of libinstall. Fully automated now, no user
  intervention needed.

* Regarding above statement, the new site no longer has to email the
  new CA certificate to us; a new web page is exported from the
  clearing house website that allows a new CA to be "provisionally"
  accepted; the new CA will be allowed to register their new protogeni
  certificates, but otherwise will have no access to anything else
  until someone at the ClearingHouse moves them from the unapproved to
  the approved column. 

* New script called "cacontrol" that should be used from now on to
  manage the CA certificates. Also called from the web interface to
  provisionally install a new CA certificate into an "unapproved"
  bundle that is not distributed to other protogeni sites. Otherwise,
  cacontrol should be used as follows:

	boss$ perl cacontrol -h
	Usage: cacontrol [-a] [-n] [-d] <certfile>
	       cacontrol [-n] [-d] -c <commonname>
	       cacontrol [-n] [-d] -r <commonname>
	Options
	  -n     - Impotent mode; do not do anything for real
	  -d     - Turn on debugging.
	  -a     - Add certificate to approved list instead.
	  -c     - Move certificate (commonname) to approved list.
	  -r     - Remove certificate with given commonname.

  In the first form, add a new CA certificate to the unapproved list
  (this is the entrypoint used by the web page mentioned above). If
  you add the -a option, it goes right into the approved bundle
  (approved means it goes into the xmlsec directory and is exported to
  other sites).

  The second form is used to move a CA from the unapproved column to
  the approved colum.

  The third form is used to delete a CA certificate.

  NO MORE HAND EDITING OF THE FILES!

instead.

Remove hardwired references to Utah and use new configure variables
instead.

Get rid of restart apache stuff; new installation page has the admon
shutdown the testbed and turn off apache.

Get rid ClearingHouse calls when we are the ClearingHouse. 

Minor bug fixes.

adding them to the local SA DB).

Making crossdomain more permissive like this allows us to host the flash client on www.emulab.net which has a CA-certified certificate.

is we store the URNs).

 "p5-Crypt-OpenSSL-X509" => "/usr/ports/security/p5-Crypt-OpenSSL-X509",
 "p5-Crypt-X509"         => "/usr/ports/security/p5-Crypt-X509"

Ensure that version 1.70 or later of the p5-XML-LibXML library is installed. There is a pretty nasty bug in earlier versions.

comments (which are now out of date) if you only do it once.

communication with the clearinghouse, and modifications to the
certificate format (put the URN in subjectAltName and move any
URL to a private OID under subjectInfoAccess).

Added code to create www/crossdomain.xml and www/protogeni/crossdomain.xml. The former allows flash clients to use the latter. The latter allows flash clients to access the xmlrpc interface if they hail from boss, ops or *.protogeni.net

before a ticket is redeemed.

to the Geni Public License at http://www.geni.net/docs/GENIPubLic.pdf,
whose expansion at this time is:

-----
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and/or hardware specification (the "Work") to
deal in the Work without restriction, including without limitation the
rights to use, copy, modify, merge, publish, distribute, sublicense,
and/or sell copies of the Work, and to permit persons to whom the Work
is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Work.

THE WORK IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE WORK OR THE USE OR OTHER DEALINGS
IN THE WORK.

the proper unique_subject line in it.