fetch-crl

When I inherited the current setup this was the cron tab for dguser:
(note to self: do "export EDITOR=/usr/bin/emacs" before typing "crontab -e", otherwise I end up with vim or so)

36 18,0,6,12 * * * /vols/grid/glite/wn/current/edg/etc/cron/edg-fetch-crl-cron >> /vols/grid/glite/wn/current/edg/var/log/edg-fetch -crl-cron.log 2>&1
22 23,5,11,17 * * * /vols/grid/glite/wn/3.0.5/glite/libexec/fetch-crl.sh >> /vols/grid/glite/wn/3.0.5/edg/var/log/fetch-crl-cron.log 2>&1
1 4,10,16,22 * * * /vols/grid/glite/ui/3.1.15/glite/libexec/fetch-crl.sh >> /vols/grid/glite/ui/3.1.15/external/var/log/fetch-crl-cron.log 2>&1

Beautiful, innit ? All three functions exist and all three are writing to the same directory. At least we get our crls updated often enough ....

A closer look at the first entry:
more /vols/grid/glite/wn/current/edg/etc/cron/edg-fetch-crl-cron
[snip]

$para{EDG_LOCATION}="/vols/grid/glite/wn/current/edg";
$para{X509_CERT_DIR}="/vols/grid/glite/wn/current/etc/grid-security/certificates";
[etc] /vols/grid/glite/wn/current/ is a link to /vols/grid/glite/wn/3.0.0/
and /vols/grid/glite/wn/current/etc/grid-security/certificates is a link to the standard /vols/grid/glite/certificates As far as I can tell all three cron jobs are writing to
/vols/grid/glite/certificates

Now why did it give up making new cron jobs ?
The function that deals with this in YAIM in config_crl. It has a test at the beginning:
if (echo "${NODE_TYPE_LIST}" | grep -qE 'TAR|tar') && ( central_certs); then
return 0
fi
where central_certs check if /etc/grid-security/certificates or the directory listed under X509_CERT_DIR is not empty and if so, sets central_certs to true and exits.

So how do I get to an up-to-date version of fetch-crl ?
I could try reinstalling the UI and setting central_certs to false ...
Didn't quite work, but commenting out return 0 works just fine ;-)

if (echo "${NODE_TYPE_LIST}" | grep -qE 'TAR|tar') && ( central_certs); then
# return 0
fi
(no comments on my ability to interpret shell scripts here, please)

Status before my best attempts
[dguser@lx07 functions]$ ls /vols/grid/glite/ui/3.1.15/glite/libexec/fetch-crl.sh
/vols/grid/glite/ui/3.1.15/glite/libexec/fetch-crl.sh
[dguser@lx07 functions]$ ls /vols/grid/glite/ui/3.1.33-0/glite/libexec/fetch-crl.sh
ls: /vols/grid/glite/ui/3.1.33-0/glite/libexec/fetch-crl.sh: No such file or directory

Now I run
[dguser@lx07 ui]$ pwd
/vols/grid/glite/config/ui
/vols/grid/glite/ui/3.1.33-0/glite/yaim/bin/yaim -c -s site-info-ui-3.1.33-0.def -n UI_TAR -f config_crl

I get some random error messages, but I get a shell script and an extra entry in my crontab,
[dguser@lx07 ~]$ ls /vols/grid/glite/ui/3.1.33-0/glite/libexec/fetch-crl.sh
/vols/grid/glite/ui/3.1.33-0/glite/libexec/fetch-crl.sh

A quick diff with /vols/grid/glite/ui/3.1.15/glite/libexec/fetch-crl.sh reveals nothing offencive, basically just updated version number, but the script it sources
/vols/grid/glite/ui/3.1.33-0/external/etc/profile.d/grid-env.sh
does not define X509_CERT_DIR, despite the fact that this is set in the siteinfo.def.
Is it really that difficult to deal with a tar ball installation, grrrr ????

So how did the previous installation get around this:
CRLDIR=${X509_CERT_DIR:-/vols/grid/glite/ui/3.1.15/external/etc/grid-security/certificates}
ls -l /vols/grid/glite/ui/3.1.15/external/etc/grid-security/certificates lrwxrwxrwx 1 dguser res0 30 Jun 20 2008 /vols/grid/glite/ui/3.1.15/external/etc/grid-security/certificates -> /vols/grid/glite/certificates/
AAAARRRRRRRRRRRRRRGGGGGGGGGGGGGGGGGGGHHHHHHHHHHHHHHHHHHHHHHHHHHH.

So I am going to define hack the script and reset config_crl.
The script in full now:
. /vols/grid/glite/ui/3.1.33-0/external/etc/profile.d/grid-env.sh
X509_CERT_DIR=/vols/grid/glite/certificates/
# Define the location of the CA files. Set the default value if X509_CERT_DIR is not defined
CRLDIR=${X509_CERT_DIR:-/vols/grid/glite/ui/3.1.33-0/external/etc/grid-security/certificates}
/vols/grid/glite/ui/3.1.33-0/external/usr/sbin/fetch-crl --loc ${CRLDIR} --out ${CRLDIR} --no-check-certificate

Clean up the crontab to:
58 2,4,8,10,14,16,20,22 * * * /vols/grid/glite/ui/3.1.33-0/glite/libexec/fetch-crl.sh >> /vols/grid/glite/ui/3.1.33-0/external/var/log/fetch-crl-cron.log 2>&1

Let's see what happens.....
Apparently X509_CERT_DIR should have been set -- if I rerun everything not just config_crl -- but that takes so long :-(