The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.
Difference between revisions of "EGI Quality Criteria Testing"
| Line 1: | Line 1: | ||
[[Category: Technology ]] | |||
[[Category: Quality Assurance]] | |||
== Generic Criteria == | == Generic Criteria == | ||
Revision as of 11:20, 20 December 2012
Generic Criteria
GENERIC_SEC_1
An easy way to find world-writable files is using the find command:
find / -type f -perm -002 -exec ls -l {} \;
For finding world-writable files in the packages contents:
rpm -qalv | egrep "^[-d]([-r][-w][-xs]){2}[-r]w"
Information Model Capability
INFO_MODEL_SCHEMA_1
Use GlueValidator for testing the validity of both Glue1.3 and Glue2.
Some exceptions may be allowed:
- AssertionError: The field GLUE2EndpointCapability with value 'information.publication' does not follow the type Capability_t
Authentication Capability
AUTHN_CRED_2
Verifiers need a valid SHA-2 proxy for testing. The easiest way of getting such certificate is using a provider like CILogon, using their (unaccredited) OpenID provider like Google
(instructions from D. Groep)
- Go to https://cilogon.org/
- Select "Google" from the list of IdPs.
- After signing in to Google and typing in a password, you can download a pkcs#12 file with your new certificate and private key.
- To get the conventional usercert.pem and userkey.pem, use openssl:
openssl pkcs12 -in myfile.p12 -info -out usercert.pem -nokeys openssl pkcs12 -in myfile.p12 -info -out userkey.pem -nocerts chmod 0600 userkey.pem
Services to test need to have the OpenID CA just like the other IGTF CAs, which is available from the experimental repository. A RPM package is also provided.
AUTHN_CRED_3
RFC proxies can be created by using the -rfc option in voms-proxy-init:
$ voms-proxy-init -rfc --voms dteam Your identity: /DC=es/DC=irisgrid/O=ifca/CN=Enol-Fernandez-delCastillo Creating temporary proxy .......................................... Done Contacting voms.hellasgrid.gr:15004 [/C=GR/O=HellasGrid/OU=hellasgrid.gr/CN=voms.hellasgrid.gr] "dteam" Done Creating proxy ...................................... Done Your proxy is valid until Thu Aug 2 01:01:26 2012
You can check if the proxy has RFC format with voms-proxy-info:
$ voms-proxy-info --all subject : /DC=es/DC=irisgrid/O=ifca/CN=Enol-Fernandez-delCastillo/CN=3300543 issuer : /DC=es/DC=irisgrid/O=ifca/CN=Enol-Fernandez-delCastillo identity : /DC=es/DC=irisgrid/O=ifca/CN=Enol-Fernandez-delCastillo type : RFC compliant proxy strength : 1024 bits path : /nfs4/home/local/enol/.x509up_u7056 timeleft : 11:59:52 === VO dteam extension information === VO : dteam subject : /DC=es/DC=irisgrid/O=ifca/CN=Enol-Fernandez-delCastillo issuer : /C=GR/O=HellasGrid/OU=hellasgrid.gr/CN=voms.hellasgrid.gr attribute : /dteam/Role=NULL/Capability=NULL timeleft : 11:59:51 uri : voms.hellasgrid.gr:15004