Commit 8800ae88 authored by Gary Wong's avatar Gary Wong

Merge changes from trunk.

parent 4aa4e46d
SOURCE_PATH = $(PWD)/source
TARGET_PATH = $(PWD)/target
TARGET_BUILD_PATH = $(PWD)/build
SCRIPTS_PATH = $(PWD)/scripts
INITRAMFS_PATH = $(PWD)/initramfs.tmp
BUILDROOT_PATH = $(PWD)/buildroot
FAKEROOT_ENVIRONMENT = $(PWD)/fs_fakeroot.env
STAGING_DIR = $(PWD)/buildroot/build_i386/staging_dir
INITRAMFS = $(PWD)/initramfs.gz
BOOT_PATH = $(PWD)/boot
MODULES := busybox zlib linux dropbear testbed hdparm target_template sudo e2fsprogs openssl wget perl
INSTALL_MODULES := $(addsuffix -install,$(MODULES))
EXTRACT_MODULES := $(addsuffix -extract,$(MODULES))
PATCH_MODULES := $(addsuffix -patch,$(MODULES))
CLEAN_MODULES := $(addsuffix -clean,$(MODULES))
.PHONY: all clean install root-template-install devices \
root-base root-install $(MODULES) $(INSTALL_MODULES) \
$(CLEAN_MODULES) initramfs
all: $(MODULES)
install: uclibc-install $(INSTALL_MODULES)
clean:
rm -rf $(TARGET_PATH)
rm -f $(FAKEROOT_ENVIRONMENT)
rm -rf $(INITRAMFS_PATH)
rm -f $(INITRAMFS)
rm -rf $(TARGET_BUILD_PATH)
rm -rf $(BOOT_PATH)
$(MODULES):
$(MAKE) -C $(SOURCE_PATH)/$@ all
$(CLEAN_MODULES):
$(MAKE) -C $(SOURCE_PATH)/$(subst -clean,,$@) clean
$(EXTRACT_MODULES):
$(MAKE) -C $(SOURCE_PATH)/$(subst -extract,,$@) extract
$(PATCH_MODULES):
$(MAKE) -C $(SOURCE_PATH)/$(subst -patch,,$@) patch
$(INSTALL_MODULES):
$(MAKE) -C $(SOURCE_PATH)/$(subst -install,,$@) install
$(TARGET_PATH)/lib/libc.so.0:
mkdir -p $(TARGET_PATH)/lib
cp -dpR $(BUILDROOT_PATH)/project_build_i386/uclibc/root/lib/* $(TARGET_PATH)/lib
uclibc-install: $(TARGET_PATH)/lib/libc.so.0
$(FAKEROOT_ENVIRONMENT):
touch $@
devices: $(FAKEROOT_ENVIRONMENT)
rm -rf $(TARGET_PATH)/dev
$(STAGING_DIR)/usr/bin/fakeroot -s $(FAKEROOT_ENVIRONMENT) \
-i $(FAKEROOT_ENVIRONMENT) \
$(SCRIPTS_PATH)/makedevs.sh \
$(SCRIPTS_PATH)/devices $(TARGET_PATH)
permissions: $(FAKEROOT_ENVIRONMENT) devices target-install
$(STAGING_DIR)/usr/bin/fakeroot -s $(FAKEROOT_ENVIRONMENT) \
-i $(FAKEROOT_ENVIRONMENT) \
$(SCRIPTS_PATH)/fixperms.sh $(TARGET_PATH)
initramfs: install
rm -rf $(INITRAMFS_PATH)
cp -dpR $(TARGET_PATH) $(INITRAMFS_PATH)
cat /dev/null > $(FAKEROOT_ENVIRONMENT)
rm -rf $(INITRAMFS_PATH)/dev
$(STAGING_DIR)/usr/bin/fakeroot -s $(FAKEROOT_ENVIRONMENT) \
-i $(FAKEROOT_ENVIRONMENT) \
$(SCRIPTS_PATH)/makedevs.sh \
$(SCRIPTS_PATH)/devices $(INITRAMFS_PATH)
$(STAGING_DIR)/usr/bin/fakeroot -s $(FAKEROOT_ENVIRONMENT) \
-i $(FAKEROOT_ENVIRONMENT) \
$(SCRIPTS_PATH)/fixperms.sh $(INITRAMFS_PATH)
$(STAGING_DIR)/usr/bin/fakeroot -i $(FAKEROOT_ENVIRONMENT) \
$(SCRIPTS_PATH)/gen_initramfs.sh $(INITRAMFS_PATH) $(INITRAMFS)
rm -f $(FAKEROOT_ENVIRONMENT)
rm -rf $(INITRAMFS_PATH)
This diff is collapsed.
#!/bin/sh
#
# Start frisbee
#
udhcpc_opts="-q"
LOCKDIR=/var/lock/udhcpc.lock
SUCCESS_FLAG=/var/state/found_controlnet
start() {
local do_frisbee=0
for token in `cat /proc/cmdline`; do
if [ "$token" = "frisbee=yes" ]; then
do_frisbee=1
break
fi
done
[ $do_frisbee -eq 0 ] && exit 0
echo "Starting frisbee..."
/etc/testbed/rc.frisbee
return $rc
}
stop() {
:
}
restart() {
:
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart|reload)
restart
;;
*)
echo $"Usage: $0 {start|stop|restart}"
exit 1
esac
exit $?
include ../../variables.mk
BUILDROOT := $(PWD)/$(BUILDROOT)
PROGS := imageunzip imagezip frisbee growdisk tmcc binoffset groklilo
BUILD_TARGETS := $(PROGS)
INSTALL_TARGETS := $(addsuffix -install,$(PROGS))
.PHONY: clean
.PHONY: $(BUILD_TARGETS) all
.PHONY: $(INSTALL_TARGETS) script-install install
TESTBED_PATH = /home/rdjackso/testbed
TESTBED_BUILD_PATH = $(TARGET_BUILD_PATH)/testbed
TMCD_PATH = $(TESTBED_PATH)/tmcd
GROKLILO_PATH = $(TESTBED_PATH)/cdrom/groklilo
GROWDISK_PATH = $(TESTBED_PATH)/os/growdisk
TESTBEDOBJ_PATH = /home/rdjackso/testbed-obj
FRISBEE_PATH = $(TESTBED_PATH)/os/frisbee.redux
BINOFFSET_PATH = $(TESTBED_PATH)/tools/binoffset
IMAGEZIP_PATH = $(TESTBED_PATH)/os/imagezip
TMCD_OBJ_PATH = $(TESTBEDOBJ_PATH)/tmcd
TMCC_OBJ_PATH = $(TARGET_BUILD_PATH)/tmcc
CFLAGS = -Os
INSTALLED_BINS := $(addprefix $(TARGET_PATH)/usr/, \
$(addprefix bin/, binoffset imagezip imageunzip tmcc frisbee) \
$(addprefix sbin/, groklilo growdisk))
all: $(BUILD_TARGETS)
# Use GNU make's second-expansion feature to simplify the installed binary targets.
# This target needs to be declared here, so do not move it.
.SECONDEXPANSION:
$(BUILD_TARGETS): $(TESTBED_BUILD_PATH)/$$@
# Install all of the compiled binaries. Put them in sane locations like
# /usr/bin and /usr/sbin, but put symlinks for them in $BINDIR for
# compatibility.
$(INSTALLED_BINS): $(TESTBED_BUILD_PATH)/$$(notdir $$@)
mkdir -p $(dir $@)
install -m 755 $< $@
mkdir -p $(TARGET_PATH)/etc/testbed
ln -sf $(subst $(TARGET_PATH),,$@) $(TARGET_PATH)/etc/testbed
script-install:
mkdir -p $(TARGET_PATH)/etc/testbed
ln -sf $(TARGET_PATH)/etc/testbed $(TARGET_PATH)/etc/emulab
install -m 755 $(TMCD_PATH)/linux/control_interface $(TARGET_PATH)/etc/testbed
install -m 755 $(TMCD_PATH)/linux/rc.frisbee $(TARGET_PATH)/etc/testbed
install -m 755 $(TMCD_PATH)/linux/rc.ipod $(TARGET_PATH)/etc/testbed
install -m 755 $(TMCD_PATH)/linux/slicefix $(TARGET_PATH)/etc/testbed
install -m 755 $(TMCD_PATH)/linux/freebsd_to_linux_disk $(TARGET_PATH)/etc/testbed
install -m 755 $(TMCD_PATH)/linux/check_disklabel $(TARGET_PATH)/etc/testbed
install -m 755 $(TMCD_PATH)/linux/remap_ide_disks $(TARGET_PATH)/etc/testbed
install -m 755 $(TMCD_PATH)/linux/get_edd_map $(TARGET_PATH)/etc/testbed
install -m 755 $(TMCD_PATH)/linux/extract_kernel_version $(TARGET_PATH)/etc/testbed
install -m 755 $(TMCD_PATH)/linux/guess_linux_root_device $(TARGET_PATH)/etc/testbed
install -m 755 $(TESTBED_PATH)/install/newclient $(TARGET_PATH)/etc/testbed
install -m 755 $(TMCD_PATH)/common/paths.sh $(TARGET_PATH)/etc/emulab
imageunzip-install: $(TARGET_PATH)/usr/bin/imageunzip
imagezip-install: $(TARGET_PATH)/usr/bin/imagezip
frisbee-install: $(TARGET_PATH)/usr/bin/frisbee
growdisk-install: $(TARGET_PATH)/usr/sbin/growdisk
binoffset-install: $(TARGET_PATH)/usr/bin/binoffset
groklilo-install: $(TARGET_PATH)/usr/sbin/groklilo
tmcc-install: $(TARGET_PATH)/usr/bin/tmcc
clean:
rm -rf $(TESTBED_BUILD_PATH)
install: $(INSTALL_TARGETS) script-install
$(TESTBED_BUILD_PATH)/groklilo:
mkdir -p $(TESTBED_BUILD_PATH)
PATH=$(STAGING_DIR)/usr/bin:$(PATH) \
$(CROSS_COMPILER_PREFIX)gcc \
-o $@ \
$(GROKLILO_PATH)/groklilo.c
$(STRIPCMD) --strip-unneeded $@
$(TESTBED_BUILD_PATH)/binoffset:
mkdir -p $(TESTBED_BUILD_PATH)
PATH=$(STAGING_DIR)/usr/bin:$(PATH) \
$(CROSS_COMPILER_PREFIX)gcc \
-o $@ \
$(BINOFFSET_PATH)/binoffset.c
$(STRIPCMD) --strip-unneeded $@
$(TESTBED_BUILD_PATH)/growdisk:
mkdir -p $(TESTBED_BUILD_PATH)
PATH=$(STAGING_DIR)/usr/bin:$(PATH) \
$(CROSS_COMPILER_PREFIX)gcc \
-o $@ \
-I $(TESTBED_PATH)/os/imagezip \
-Os \
$(GROWDISK_PATH)/growdisk.c
$(STRIPCMD) --strip-unneeded $@
# ARGH! tmcc wants to link against libtb just for the errorc function in libtb/log.c.
# libtb in turn wants libmysql. There's no point building all of libtb and its
# required libs under uclibc, so I'm going to skip the testbed makefiles and
# build tmcc here. Note that you must still configure the object tree with the
# tbdefs file you want, since we need config.h.
#$(TESTBED_BUILD_PATH)/tmcc:
# mkdir -p $(TMCC_OBJ_PATH)
# PATH=$(STAGING_DIR)/usr/bin:$(PATH) \
# $(CROSS_COMPILER_PREFIX)gcc \
# -DWITHSSL \
# -o $@ \
# -I$(TESTBEDOBJ_PATH) \
# -I$(TESTBED_PATH)/lib/libtb \
# -Os \
# -lssl \
# $(TESTBED_PATH)/tmcd/tmcc.c \
# $(TESTBED_PATH)/tmcd/ssl.c \
# $(TESTBED_PATH)/lib/libtb/log.c
# $(STRIPCMD) --strip-unneeded $@
$(TESTBED_BUILD_PATH)/tmcc:
mkdir -p $(TESTBED_BUILD_PATH)
PATH=$(STAGING_DIR)/usr/bin:$(PATH) \
$(CROSS_COMPILER_PREFIX)gcc \
-o $@ \
-I$(TESTBEDOBJ_PATH) \
-I$(TESTBED_PATH)/lib/libtb \
-Os \
$(TESTBED_PATH)/tmcd/tmcc.c \
$(TESTBED_PATH)/lib/libtb/log.c
$(STRIPCMD) --strip-unneeded $@
$(MAKE) -C $(TMCD_PATH) \
CC=$(CROSS_COMPILER_PREFIX)gcc \
CFLAGS="$(CFLAGS) -I$(TESTBEDOBJ_PATH)" \
PATH=$(STAGING_DIR)/usr/bin:$(PATH) tmcc
$(TESTBED_BUILD_PATH)/frisbee: $(SYSROOT_ZLIB_SHARED)
PATH=$(STAGING_DIR)/usr/bin:$(PATH) \
$(MAKE) -C $(FRISBEE_PATH) -f Makefile-linux.sa \
CC=$(CROSS_COMPILER_PREFIX)gcc \
PATH=$(STAGING_DIR)/usr/bin:$(PATH) frisbee
mkdir -p $(dir $@)
mv $(FRISBEE_PATH)/frisbee $@
$(MAKE) -C $(FRISBEE_PATH) -f Makefile-linux.sa clean
$(STRIPCMD) --strip-unneeded $@
$(TESTBED_BUILD_PATH)/imageunzip: $(SYSROOT_ZLIB_SHARED)
PATH=$(STAGING_DIR)/usr/bin:$(PATH) \
$(MAKE) -C $(IMAGEZIP_PATH) -f Makefile-linux.sa \
CC=$(CROSS_COMPILER_PREFIX)gcc \
imageunzip
mkdir -p $(dir $@)
mv $(IMAGEZIP_PATH)/imageunzip $@
$(MAKE) -C $(IMAGEZIP_PATH) -f Makefile-linux.sa clean
$(STRIPCMD) --strip-unneeded $@
$(TESTBED_BUILD_PATH)/imagezip: $(SYSROOT_ZLIB_SHARED)
PATH=$(STAGING_DIR)/usr/bin:$(PATH) \
$(MAKE) -C $(IMAGEZIP_PATH) -f Makefile-linux.sa \
CC=$(CROSS_COMPILER_PREFIX)gcc \
PATH=$(STAGING_DIR)/usr/bin:$(PATH) imagezip
mkdir -p $(dir $@)
mv $(IMAGEZIP_PATH)/imagezip $@
$(MAKE) -C $(IMAGEZIP_PATH) -f Makefile-linux.sa clean
$(STRIPCMD) --strip-unneeded $@
#!/usr/bin/perl -w
#
# EMULAB-COPYRIGHT
# Copyright (c) 2008 University of Utah and the Flux Group.
# All rights reserved.
#
use strict;
use English;
use Getopt::Std;
#
# Generate a CRL certificate.
#
sub usage()
{
print "Usage: gencrl [-f]\n";
exit(1);
}
my $optlist = "df";
my $debug = 0;
my $force = 0;
#
# Configure variables
#
my $TB = "@prefix@";
my $TBOPS = "@TBOPSEMAIL@";
my $TBLOGS = "@TBLOGSEMAIL@";
my $PGENIDOMAIN = "@PROTOGENI_DOMAIN@";
my $PGENISUPPORT = @PROTOGENI_SUPPORT@;
my $TBBASE = "@TBBASE@";
my $SSLDIR = "$TB/lib/ssl";
my $CACONFIG = "$SSLDIR/ca.cnf";
my $EMULAB_CERT = "$TB/etc/emulab.pem";
my $EMULAB_KEY = "$TB/etc/emulab.key";
my $OPENSSL = "/usr/bin/openssl";
my $WORKDIR = "$TB/ssl";
my $CRLPEM = "crl.pem";
my $CRLDAYS = 30;
# Locals
my $crlcreated = 0; # Last update in seconds. 0 effectively forces regeneration.
my $regen = 0; # If anyting has changed or if crl is about to expire.
# un-taint path
$ENV{'PATH'} = '/bin:/usr/bin:/usr/local/bin:/usr/site/bin';
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
# Protos
sub fatal($);
#
# Turn off line buffering on output
#
$| = 1;
# Load the Testbed support stuff.
use lib "@prefix@/lib";
use libdb;
use libtestbed;
use POSIX qw(strftime);
use Date::Parse;
use Time::Local;
if ($UID != 0) {
fatal("Must be root to run this script\n");
}
#
# Check args.
#
my %options = ();
if (! getopts($optlist, \%options)) {
usage();
}
if (defined($options{"f"})) {
$force = 1;
}
if (defined($options{"d"})) {
$debug = 1;
}
#
# CD to the workdir, and then serialize on the lock file since there is
# some shared goop that the ssl tools muck with (serial number, index, etc.).
#
chdir("$WORKDIR") or
fatal("Could not chdir to $WORKDIR: $!");
TBScriptLock("mkusercert") == 0 or
fatal("Could not get the lock!");
#
# If the crl exists and not in force mode, see how old it is. If less
# than 1/2 the distance to expiration, then do not bother to regen if
# there no one has expired since the last time (revoked field in the
# certs table).
#
if (-e $CRLPEM) {
my $lastupdate = `$OPENSSL crl -noout -lastupdate -in $CRLPEM`;
chomp($lastupdate);
if (! (defined($lastupdate) && ($lastupdate =~ /^lastupdate/i))) {
fatal("Could not parse the lastupdate field from CRL file");
}
$lastupdate =~ s/^lastupdate=//i;
$crlcreated = timegm(strptime($lastupdate));
if (!defined($crlcreated)) {
fatal("Could not convert lastupdate field from CRL file to gmtime");
}
$crlcreated = timegm(strptime($lastupdate));
#
# Get expiration time
#
my $expires = `$OPENSSL crl -noout -nextupdate -in $CRLPEM`;
chomp($expires);
if (! (defined($expires) && ($expires =~ /^nextupdate/i))) {
fatal("Could not parse the nextupdate field from CRL file");
}
$expires =~ s/^nextupdate=//i;
$expires = timegm(strptime($expires));
if (!defined($expires)) {
fatal("Could not convert nextupdate field from CRL file to gmtime");
}
my $diff = $expires - $crlcreated;
if ($diff <= 0 ||
$diff < ($CRLDAYS * 3600 * 24) / 2) {
$force = 1;
}
print "$crlcreated, $expires, $diff, $force\n"
if ($debug);
}
else {
$force = 1;
}
#
# Find all revoked certificates. We want to create an index.txt file.
#
my $query_result =
DBQueryWarn("select idx,DN,UNIX_TIMESTAMP(created), ".
" UNIX_TIMESTAMP(revoked) ".
" from user_sslcerts ".
"where encrypted=1 and revoked is not null");
if (!$query_result) {
fatal("Could not get the crl list from the DB");
}
my @list = ();
while (my ($idx,$dn,$created,$revoked) = $query_result->fetchrow_array()) {
chomp($dn);
my $string = "R\t";
$string .= POSIX::strftime("%y%m%d%H%M%SZ", gmtime($created)) . "\t";
$string .= POSIX::strftime("%y%m%d%H%M%SZ", gmtime($revoked)) . "\t";
$string .= sprintf("%08x\t", $idx);
$string .= "unknown\t$dn\n";
push(@list, $string);
if ($debug) {
print STDERR "$created, $revoked\n";
}
# if this was revoked since last CRL, we really do need to regen,
$regen++
if ($revoked >= $crlcreated);
}
if (! ($regen || $force)) {
print STDERR "No reason to regenerate. Exiting ...\n";
# exit value important; tells caller nothing changed.
exit(1);
}
open(CRL, ">crl.txt")
or fatal("Could not create new crl.txt file");
foreach my $string (@list) {
print CRL $string;
}
close(CRL);
# This file needs to exist. Not sure why. Not documented.
if (!-e "crl.txt.attr") {
system("echo 'unique_subject = no' > crl.txt.attr");
}
#
# Generate the CRL certificate.
#
system("$OPENSSL ca -gencrl -name CA_crl -crldays $CRLDAYS -config $CACONFIG ".
" -out $CRLPEM -cert $EMULAB_CERT -keyfile $EMULAB_KEY") == 0
or fatal("Could not sign certificate request");
TBScriptUnlock();
exit(0);
sub fatal($)
{
my ($msg) = @_;
SENDMAIL($TBOPS, "Could not generate CRL", $msg);
TBScriptUnlock();
print STDERR "*** $0:\n".
" $msg\n";
# exit value important.
exit(-1);
}
#!/usr/bin/perl -w
#
# EMULAB-COPYRIGHT
# Copyright (c) 2008 University of Utah and the Flux Group.
# All rights reserved.
#
use strict;
use English;
use Getopt::Std;
#
# Get and install the CRL
#
sub usage()
{
print "Usage: getcacerts [-l]\n";
exit(1);
}
my $optlist = "lp";
my $nolog = 0;
my $nopost = 0;
#
# Configure variables
#
my $TB = "@prefix@";
my $TBOPS = "@TBOPSEMAIL@";
my $TBLOGS = "@TBLOGSEMAIL@";
my $PGENIDOMAIN = "@PROTOGENI_DOMAIN@";
my $PGENISUPPORT = @PROTOGENI_SUPPORT@;
my $TBBASE = "@TBBASE@";
my $FETCH = "/usr/bin/fetch";
my $POSTCRL = "$TB/sbin/protogeni/postcrl";
my $GENCRL = "$TB/sbin/protogeni/gencrl";
my $LOCALCRL = "$TB/ssl/crl.pem";
# un-taint path
$ENV{'PATH'} = '/bin:/usr/bin:/usr/local/bin:/usr/site/bin';
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
# Protos
sub fatal($);
#
# Turn off line buffering on output
#
$| = 1;
# Load the Testbed support stuff.
use lib "@prefix@/lib";
use libdb;
use libtestbed;
use libaudit;
if ($UID != 0) {
fatal("Must be root to run this script\n");
}
#
# Check args.
#
my %options = ();
if (! getopts($optlist, \%options)) {
usage();
}
if (defined($options{"l"})) {
$nolog = 1;
}
if (defined($options{"p"})) {
$nopost = 1;
}
my $restartapache = 0;
# Record output in case of error.
LogStart(0)
if (!$nolog);
mkdir("/tmp/genicacerts.$$", 0755) or
fatal("Could not mkdircacerts tmp dir");
#
# Post a new CRL. This generates a new local CRL file as well, to
# concate with whatever get from Utah, which will probably not be
# uptodate since our post does not cause Utah to regen the bundle.
# (just making sure we get a new version posted every night).
#
if ($nopost) {
system($GENCRL) >= 0
or fatal("Could not generate new CRL!");
}
else {
system($POSTCRL) >= 0
or fatal("Could not post new CRL!");
}
#
# Fetch the ca bundle from Utah. These are public keys ...
#
system("$FETCH -q -o /tmp/genica.bundle.$$ ".
" http://boss.emulab.net/genica.bundle") == 0
or fatal("Could not fetch genica bundle from Utah");
#
# Fetch the crl bundle from Utah. These are public keys ...
#
system("$FETCH -q -o /tmp/genicrl.bundle.$$ ".
" http://boss.emulab.net/genicrl.bundle") == 0
or fatal("Could not fetch genicrl bundle from Utah");
#
# Split up the certs.
#
my @certs = ();
my $certstr;
open(BUNDLE, "/tmp/genica.bundle.$$")
or fatal("Could not open /tmp/genica.bundle.$$ for reading");
while (<BUNDLE>) {
if ($_ =~ /^-----BEGIN CERT/) {
$certstr = $_;
next;
}
if ($_ =~ /^-----END CERT/) {
$certstr .= $_;
push(@certs, $certstr);
$certstr = undef;
next;
}
if ($certstr) {
$certstr .= $_;
next;
}
}
#
# If the file is properly terminated, there should be no certificate in
# progress. Hopefully the file is not trashed at a boundry. We do this
# before the diff to make sure the file is reasonable.
#
fatal("Trashed bundle file")
if ($certstr);
close(BUNDLE);
#
# Go no further if the file is exactly the same as last time.
#
system("/usr/bin/diff -q $TB/etc/genica.bundle /tmp/genica.bundle.$$");
if ($?) {
my $idx = 0;
while (@certs) {
my $cert = pop(@certs);
open(CERT, ">/tmp/genicacerts.$$/$idx.pem")
or fatal("Could not open pem file in /tmp/genicacerts.$$");
print CERT $cert;
close(CERT);
$idx++;
}
if (-e "$TB/etc/genica.bundle.old") {
unlink("$TB/etc/genica.bundle.old") or
fatal("Could not remove old genica bundle");
}
if (-e "$TB/etc/genica.bundle") {
system("/bin/cp $TB/etc/genica.bundle $TB/etc/genica.bundle.old") == 0
or fatal("Could not save off $TB/etc/genica.bundle");
}
if (-e "$TB/etc/genicacerts.old") {
system("/bin/rm -rf $TB/etc/genicacerts.old") == 0
or fatal("Could not remove old genicacerts directory");
}
if (-e "$TB/etc/genicacerts") {
system("/bin/mv $TB/etc/genicacerts $TB/etc/genicacerts.old") == 0
or fatal("Could not save off genicacerts directory");
}
system("/bin/mv /tmp/genica.bundle.$$ $TB/etc/genica.bundle") == 0
or fatal("Could not mv /tmp/genica.bundle.$$ $TB/etc/genica.bundle");
system("/bin/mv /tmp/genicacerts.$$ $TB/etc/genicacerts") == 0
or fatal("Could not mv /tmp/genicacerts.$$ to $TB/etc/genicacerts");
$restartapache = 1;
}
#
# Prepend the local/latest CRL with what we got from Utah.
#
system("/bin/cat $LOCALCRL /tmp/genicrl.bundle.$$ > /tmp/genicrl.combined.$$") == 0
or fatal("Could not concate with local CRL");
system("/bin/mv /tmp/genicrl.combined.$$ /tmp/genicrl.bundle.$$") == 0
or fatal("Could not rename the combined CRL file");
# Also do diff for the crl bundle
system("/usr/bin/diff -q $TB/etc/genicrl.bundle /tmp/genicrl.bundle.$$");
if ($?) {
if (-e "$TB/etc/genicrl.bundle.old") {
unlink("$TB/etc/genicrl.bundle.old") or
fatal("Could not remove old genicrl bundle");
}
if (-e "$TB/etc/genicrl.bundle") {
system("/bin/cp $TB/etc/genicrl.bundle $TB/etc/genicrl.bundle.old") == 0
or fatal("Could not save off $TB/etc/genicrl.bundle");
}
system("/bin/mv /tmp/genicrl.bundle.$$ $TB/etc/genicrl.bundle") == 0
or fatal("Could not mv /tmp/genicrl.bundle.$$ $TB/etc/genicrl.bundle");
$restartapache = 1;
}
if ($restartapache) {
system("/usr/local/etc/rc.d/apache.sh restart") == 0
or fatal("Could not restart apache!");
}