Difference between revisions of "Preview 1.1.0"
(One intermediate revision by the same user not shown) | |||
Line 1: | Line 1: | ||
= STORM 1.11.10 = | |||
== Description and released components == | |||
[http://italiangrid.github.io/storm/release-notes/StoRM-v1.11.10.html This release] provides fixes and improvements for the several components. | [http://italiangrid.github.io/storm/release-notes/StoRM-v1.11.10.html This release] provides fixes and improvements for the several components. | ||
Line 14: | Line 14: | ||
to be compliant with [https://tools.ietf.org/html/rfc3230 RFC-3230] specific. | to be compliant with [https://tools.ietf.org/html/rfc3230 RFC-3230] specific. | ||
== Bug fixes == | |||
* [https://issues.infn.it/browse/STOR-234 STOR-234] - Storm BE does not manage correctly abort requests of expired tokens | * [https://issues.infn.it/browse/STOR-234 STOR-234] - Storm BE does not manage correctly abort requests of expired tokens | ||
Line 21: | Line 21: | ||
* [https://issues.infn.it/browse/STOR-837 STOR-837] - Missing GlueSAPath from Storage Areas BDII info | * [https://issues.infn.it/browse/STOR-837 STOR-837] - Missing GlueSAPath from Storage Areas BDII info | ||
== Improvements == | |||
* [https://issues.infn.it/browse/STOR-700 STOR-700] - Add support for RFC 3230 in StoRM WebDAV service | * [https://issues.infn.it/browse/STOR-700 STOR-700] - Add support for RFC 3230 in StoRM WebDAV service | ||
== Security vulnerabilities == | |||
More information concerning the security vulnerabilities addressed by this release are going to be published when appropriate at [https://wiki.egi.eu/wiki/SVG:Advisory-SVG-2015-10134 this URL] | More information concerning the security vulnerabilities addressed by this release are going to be published when appropriate at [https://wiki.egi.eu/wiki/SVG:Advisory-SVG-2015-10134 this URL] | ||
== Installation and configuration == | |||
Packages can be obtained from Preview repositories. | Packages can be obtained from Preview repositories. | ||
Line 50: | Line 50: | ||
The instructions per component are below. | The instructions per component are below. | ||
=== StoRM Backend v. 1.11.10 === | |||
* Update and restart package: | * Update and restart package: | ||
Line 57: | Line 57: | ||
service storm-backend-server restart | service storm-backend-server restart | ||
=== StoRM Info Provider v. 1.7.9 === | |||
* Update package: | * Update package: | ||
Line 73: | Line 73: | ||
Alternatively, you can simply run YAIM after the update. | Alternatively, you can simply run YAIM after the update. | ||
=== StoRM GridHTTPs v. 3.0.4 === | |||
* Update and restart package: | * Update and restart package: | ||
Line 80: | Line 80: | ||
service storm-gridhttps-server restart | service storm-gridhttps-server restart | ||
=== StoRM WebDAV v. 1.0.4 === | |||
* Update and restart package: | * Update and restart package: | ||
Line 89: | Line 89: | ||
Check the the [http://italiangrid.github.io/storm/documentation/sysadmin-guide/1.11.10/storm-webdav-guide.html StoRM WebDAV installation and configuration guide] for detailed installation and configuration information. | Check the the [http://italiangrid.github.io/storm/documentation/sysadmin-guide/1.11.10/storm-webdav-guide.html StoRM WebDAV installation and configuration guide] for detailed installation and configuration information. | ||
= VOMS Admin server 3.4.2 = | |||
== Description == | |||
This release provides fixes to a couple of problems introduced in VOMS Admin 3.4.0, in particular: | This release provides fixes to a couple of problems introduced in VOMS Admin 3.4.0, in particular: | ||
Line 98: | Line 98: | ||
* The sign-aup alias URL sent in user suspension notifications was broken | * The sign-aup alias URL sent in user suspension notifications was broken | ||
=== Authenticate users by certificate subject === | |||
Now users are correctly authenticated by certificate subject. With default settings, VOMS Admin authenticates clients by looking at the client certificate (subject,issuer) couple. A configuration flag was introduced in VOMS Admin 3.3.2 to authenticate only by certificate subject, but the fix worked only for VO administrators. This problem is now fixed. | Now users are correctly authenticated by certificate subject. With default settings, VOMS Admin authenticates clients by looking at the client certificate (subject,issuer) couple. A configuration flag was introduced in VOMS Admin 3.3.2 to authenticate only by certificate subject, but the fix worked only for VO administrators. This problem is now fixed. | ||
Line 104: | Line 104: | ||
For instruction on how to enable this feature, see the [http://italiangrid.github.io/voms/release-notes/voms-admin-server/3.3.2 VOMS Admin 3.3.2 release notes]. | For instruction on how to enable this feature, see the [http://italiangrid.github.io/voms/release-notes/voms-admin-server/3.3.2 VOMS Admin 3.3.2 release notes]. | ||
=== Disable membership expiration notifications === | |||
Is now possible to disable membership expiration notifications. This kind of notification do not make sense in deployments, like at CERN, where a VO administrator cannot extend the lifetime of VO members. | Is now possible to disable membership expiration notifications. This kind of notification do not make sense in deployments, like at CERN, where a VO administrator cannot extend the lifetime of VO members. | ||
Line 116: | Line 116: | ||
Other improvements and fixes are listed below. | Other improvements and fixes are listed below. | ||
== Bug fixes == | |||
* [https://issues.infn.it/browse/VOMS-678 VOMS-678] : VOMS Admin skip-ca check does not work as expected for unprivileged VOMS Admin users | * [https://issues.infn.it/browse/VOMS-678 VOMS-678] : VOMS Admin skip-ca check does not work as expected for unprivileged VOMS Admin users | ||
Line 125: | Line 125: | ||
* [https://issues.infn.it/browse/VOMS-711 VOMS-711] : VOMS Admin sign-aup URL broken | * [https://issues.infn.it/browse/VOMS-711 VOMS-711] : VOMS Admin sign-aup URL broken | ||
== Installation and configuration == | |||
=== Upgrade from VOMS Admin Server >= 3.4.0 === | |||
Update the packages and restart the service. | Update the packages and restart the service. | ||
=== Upgrade from VOMS Admin Server >= 3.2.0 === | |||
A [http://italiangrid.github.io/voms/documentation/sysadmin-guide/3.0.6/#db-upgrade database upgrade] and a [http://italiangrid.github.io/voms/documentation/sysadmin-guide/3.0.6/#reconf reconfiguration] (in this order) are required to upgrade to VOMS Admin server 3.4.2. | A [http://italiangrid.github.io/voms/documentation/sysadmin-guide/3.0.6/#db-upgrade database upgrade] and a [http://italiangrid.github.io/voms/documentation/sysadmin-guide/3.0.6/#reconf reconfiguration] (in this order) are required to upgrade to VOMS Admin server 3.4.2. | ||
=== Upgrade from earlier VOMS Admin Server versions === | |||
First upgrade to VOMS Admin version [http://italiangrid.github.io/voms/release-notes/voms-admin-server/3.2.0 3.2.0] and then to 3.4.2. | First upgrade to VOMS Admin version [http://italiangrid.github.io/voms/release-notes/voms-admin-server/3.2.0 3.2.0] and then to 3.4.2. | ||
Line 142: | Line 142: | ||
Follow the instructions in the [http://italiangrid.github.io/voms/documentation/sysadmin-guide/3.0.6 VOMS System Administrator Guide]. | Follow the instructions in the [http://italiangrid.github.io/voms/documentation/sysadmin-guide/3.0.6 VOMS System Administrator Guide]. | ||
= VOMS Server 2.0.13 = | |||
== Bug fixes == | |||
* [https://issues.infn.it/browse/VOMS-700 VOMS-700] : canonicalize_string doesn't unescape encoded characters correctly | * [https://issues.infn.it/browse/VOMS-700 VOMS-700] : canonicalize_string doesn't unescape encoded characters correctly | ||
== Installation and configuration == | |||
A restart of the service is needed. | A restart of the service is needed. | ||
Line 154: | Line 154: | ||
For clean and update installation instructions, follow the instructions in the [http://italiangrid.github.io/voms/documentation/sysadmin-guide/3.0.6 VOMS System Administrator guide]. | For clean and update installation instructions, follow the instructions in the [http://italiangrid.github.io/voms/documentation/sysadmin-guide/3.0.6 VOMS System Administrator guide]. | ||
= VOMS API Java 3.0.6 = | |||
'''Targeted at Bouncycastle 1.46/CANL 1.3.x''' | '''Targeted at Bouncycastle 1.46/CANL 1.3.x''' | ||
== Description == | |||
This version of the Java APIs provide the following improvement and bug fixes: | This version of the Java APIs provide the following improvement and bug fixes: | ||
Line 165: | Line 165: | ||
* The CertificateValidatorBuilder allows callers to select the hash function used to resolve trust anchors | * The CertificateValidatorBuilder allows callers to select the hash function used to resolve trust anchors | ||
== Bug fixes == | |||
* [https://issues.infn.it/browse/VOMS-653 VOMS-653] : VOMS Java APIs select SSLv3 for legacy VOMS requests | * [https://issues.infn.it/browse/VOMS-653 VOMS-653] : VOMS Java APIs select SSLv3 for legacy VOMS requests | ||
* [https://issues.infn.it/browse/VOMS-703 VOMS-703] : CertificateValidatorBuilder should allow to configure whether is running in an OpenSSL 1.x or 0.9.x envinroment | * [https://issues.infn.it/browse/VOMS-703 VOMS-703] : CertificateValidatorBuilder should allow to configure whether is running in an OpenSSL 1.x or 0.9.x envinroment | ||
== Installation == | |||
From Maven central | From Maven central | ||
Line 190: | Line 190: | ||
yum update | yum update | ||
= VOMS API Java 3.1.0 = | |||
'''This is the porting of VOMS API Java to CANL 2.1.x/Bouncycastle 1.50'''. The functionality is equivalent to VOMS API Java 3.0.6. | '''This is the porting of VOMS API Java to CANL 2.1.x/Bouncycastle 1.50'''. The functionality is equivalent to VOMS API Java 3.0.6. | ||
== Installation == | |||
From Maven central | From Maven central | ||
Line 204: | Line 204: | ||
</dependency> | </dependency> | ||
= VOMS API Java 3.2.0 = | |||
This is the porting of VOMS API Java to CANL 2.2.x/Bouncycastle 1.52. The functionality is equivalent to VOMS API Java 3.0.6. | '''This is the porting of VOMS API Java to CANL 2.2.x/Bouncycastle 1.52'''. The functionality is equivalent to VOMS API Java 3.0.6. | ||
== Installation == | |||
From Maven central | From Maven central |
Latest revision as of 14:56, 31 March 2016
STORM 1.11.10
Description and released components
This release provides fixes and improvements for the several components.
It's HIGHLY RECOMMENDED to upgrade your installation to the version of StoRM WebDAV included in this release, that provides fixes for a security vulnerability affecting the Milton webdav library.
- StoRM Backend v. 1.11.10: This release fixes an improper management of SURL status that can lead to PutDone errors and locked SURLs. It fixes also a minor issue related to the retrieved error message in case an expired token is used with srmAbort.
- StoRM Info Provider v. 1.7.9: This release fixes a missing Glue2 field, not published on the BDII.
- StoRM GridHTTPs v. 3.0.4: This release provides a fix for a security vulnerability and another minor bug fix on the returned error code when copy and move operation are done on equal source and destination.
- StoRM WebDAV v. 1.0.4: This release provides a fix for a security vulnerability that was recently reported, and adds support for RFC-3230. It explains how to get checksum type and value of the stored resources. From this release, each HEAD and GET response will include a header like:
Digest: adler32=8a23d4f8
to be compliant with RFC-3230 specific.
Bug fixes
- STOR-234 - Storm BE does not manage correctly abort requests of expired tokens
- STOR-741 - WebDAV MOVE and COPY requests with source equal to destination fail with 412 instead of 403
- STOR-835 - Improper management of SURL status can lead to PutDone errors and locked SURLs
- STOR-837 - Missing GlueSAPath from Storage Areas BDII info
Improvements
- STOR-700 - Add support for RFC 3230 in StoRM WebDAV service
Security vulnerabilities
More information concerning the security vulnerabilities addressed by this release are going to be published when appropriate at this URL
Installation and configuration
Packages can be obtained from Preview repositories.
In general, to re-configure the services, follow the commands below.
- First of all, reconfigure storm-info-provider:
/usr/libexec/storm-info-provider configure
- Then, restart the involved services and the BDII:
service storm-backend-server restart service storm-webdav restart service bdii restart
Alternatively, you can simply run YAIM.
You can find more information about upgrade, clean installation and configuration of StoRM services in the System Administration Guide.
The instructions per component are below.
StoRM Backend v. 1.11.10
- Update and restart package:
yum update storm-backend-server service storm-backend-server restart
StoRM Info Provider v. 1.7.9
- Update package:
yum update storm-dynamic-info-provider
- Re-configure info provider:
/usr/libexec/storm-info-provider configure
- Restart BDII service:
service bdii restart
Alternatively, you can simply run YAIM after the update.
StoRM GridHTTPs v. 3.0.4
- Update and restart package:
yum update storm-gridhttps-server service storm-gridhttps-server restart
StoRM WebDAV v. 1.0.4
- Update and restart package:
yum update storm-webdav service storm-webdav restart
Check the the StoRM WebDAV installation and configuration guide for detailed installation and configuration information.
VOMS Admin server 3.4.2
Description
This release provides fixes to a couple of problems introduced in VOMS Admin 3.4.0, in particular:
- The handling of group-scoped user requests was broken if the "Group-Manager" role was not defined for a VO
- The sign-aup alias URL sent in user suspension notifications was broken
Authenticate users by certificate subject
Now users are correctly authenticated by certificate subject. With default settings, VOMS Admin authenticates clients by looking at the client certificate (subject,issuer) couple. A configuration flag was introduced in VOMS Admin 3.3.2 to authenticate only by certificate subject, but the fix worked only for VO administrators. This problem is now fixed.
For instruction on how to enable this feature, see the VOMS Admin 3.3.2 release notes.
Disable membership expiration notifications
Is now possible to disable membership expiration notifications. This kind of notification do not make sense in deployments, like at CERN, where a VO administrator cannot extend the lifetime of VO members.
To disable membership expiration notifications either:
- reconfigure the affected VO with voms-configure specifying the --disable-membership-expiration-warnings option
- set the voms.membership.disable_expiration_warning in /etc/voms-admin/<VO>/service.properties
A restart of the service is required.
Other improvements and fixes are listed below.
Bug fixes
- VOMS-678 : VOMS Admin skip-ca check does not work as expected for unprivileged VOMS Admin users
- VOMS-705 : Extend membership expiration time at each sync for VO members with valid, open-ended experiment participation
- VOMS-706 : Add the ability to disable membership expiration notifications
- VOMS-707 : Trim whitespace and remove newlines from subject in certificate requests
- VOMS-710 : User requests cannot be approved if Group-Manager role is not defined
- VOMS-711 : VOMS Admin sign-aup URL broken
Installation and configuration
Upgrade from VOMS Admin Server >= 3.4.0
Update the packages and restart the service.
Upgrade from VOMS Admin Server >= 3.2.0
A database upgrade and a reconfiguration (in this order) are required to upgrade to VOMS Admin server 3.4.2.
Upgrade from earlier VOMS Admin Server versions
First upgrade to VOMS Admin version 3.2.0 and then to 3.4.2. Clean install
Follow the instructions in the VOMS System Administrator Guide.
VOMS Server 2.0.13
Bug fixes
- VOMS-700 : canonicalize_string doesn't unescape encoded characters correctly
Installation and configuration
A restart of the service is needed.
For clean and update installation instructions, follow the instructions in the VOMS System Administrator guide.
VOMS API Java 3.0.6
Targeted at Bouncycastle 1.46/CANL 1.3.x
Description
This version of the Java APIs provide the following improvement and bug fixes:
- SSLv3 is no longer used for legacy VOMS requests
- The CertificateValidatorBuilder allows callers to select the hash function used to resolve trust anchors
Bug fixes
- VOMS-653 : VOMS Java APIs select SSLv3 for legacy VOMS requests
- VOMS-703 : CertificateValidatorBuilder should allow to configure whether is running in an OpenSSL 1.x or 0.9.x envinroment
Installation
From Maven central
<dependency> <groupId>org.italiangrid</groupId> <artifactId>voms-api-java</artifactId> <version>3.0.6</version> </dependency>
From RPM package
- For a clean install:
yum install voms-api-java3
- For an update install:
yum update
VOMS API Java 3.1.0
This is the porting of VOMS API Java to CANL 2.1.x/Bouncycastle 1.50. The functionality is equivalent to VOMS API Java 3.0.6.
Installation
From Maven central
<dependency> <groupId>org.italiangrid</groupId> <artifactId>voms-api-java</artifactId> <version>3.1.0</version> </dependency>
VOMS API Java 3.2.0
This is the porting of VOMS API Java to CANL 2.2.x/Bouncycastle 1.52. The functionality is equivalent to VOMS API Java 3.0.6.
Installation
From Maven central
<dependency> <groupId>org.italiangrid</groupId> <artifactId>voms-api-java</artifactId> <version>3.2.0</version> </dependency>