Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Difference between revisions of "Preview 1.1.0"

From EGIWiki
Jump to navigation Jump to search
 
Line 1: Line 1:
== STORM 1.11.10 ==
= STORM 1.11.10 =


=== Description and released components ===
== Description and released components ==


[http://italiangrid.github.io/storm/release-notes/StoRM-v1.11.10.html This release] provides fixes and improvements for the several components.
[http://italiangrid.github.io/storm/release-notes/StoRM-v1.11.10.html This release] provides fixes and improvements for the several components.
Line 14: Line 14:
to be compliant with [https://tools.ietf.org/html/rfc3230 RFC-3230] specific.
to be compliant with [https://tools.ietf.org/html/rfc3230 RFC-3230] specific.


=== Bug fixes ===
== Bug fixes ==


* [https://issues.infn.it/browse/STOR-234 STOR-234] - Storm BE does not manage correctly abort requests of expired tokens
* [https://issues.infn.it/browse/STOR-234 STOR-234] - Storm BE does not manage correctly abort requests of expired tokens
Line 21: Line 21:
* [https://issues.infn.it/browse/STOR-837 STOR-837] - Missing GlueSAPath from Storage Areas BDII info
* [https://issues.infn.it/browse/STOR-837 STOR-837] - Missing GlueSAPath from Storage Areas BDII info


=== Improvements ===
== Improvements ==


* [https://issues.infn.it/browse/STOR-700 STOR-700] - Add support for RFC 3230 in StoRM WebDAV service
* [https://issues.infn.it/browse/STOR-700 STOR-700] - Add support for RFC 3230 in StoRM WebDAV service


=== Security vulnerabilities ===
== Security vulnerabilities ==
More information concerning the security vulnerabilities addressed by this release are going to be published when appropriate at [https://wiki.egi.eu/wiki/SVG:Advisory-SVG-2015-10134 this URL]
More information concerning the security vulnerabilities addressed by this release are going to be published when appropriate at [https://wiki.egi.eu/wiki/SVG:Advisory-SVG-2015-10134 this URL]


=== Installation and configuration ===
== Installation and configuration ==


Packages can be obtained from Preview repositories.
Packages can be obtained from Preview repositories.
Line 50: Line 50:
The instructions per component are below.
The instructions per component are below.


==== StoRM Backend v. 1.11.10 ====
=== StoRM Backend v. 1.11.10 ===


* Update and restart package:
* Update and restart package:
Line 57: Line 57:
  service storm-backend-server restart
  service storm-backend-server restart


==== StoRM Info Provider v. 1.7.9 ====
=== StoRM Info Provider v. 1.7.9 ===


* Update package:
* Update package:
Line 73: Line 73:
Alternatively, you can simply run YAIM after the update.
Alternatively, you can simply run YAIM after the update.


==== StoRM GridHTTPs v. 3.0.4 ====
=== StoRM GridHTTPs v. 3.0.4 ===


* Update and restart package:
* Update and restart package:
Line 80: Line 80:
  service storm-gridhttps-server restart
  service storm-gridhttps-server restart


==== StoRM WebDAV v. 1.0.4 ====
=== StoRM WebDAV v. 1.0.4 ===


* Update and restart package:
* Update and restart package:
Line 89: Line 89:
Check the the [http://italiangrid.github.io/storm/documentation/sysadmin-guide/1.11.10/storm-webdav-guide.html StoRM WebDAV installation and configuration guide] for detailed installation and configuration information.
Check the the [http://italiangrid.github.io/storm/documentation/sysadmin-guide/1.11.10/storm-webdav-guide.html StoRM WebDAV installation and configuration guide] for detailed installation and configuration information.


== VOMS Admin server 3.4.2 ==
= VOMS Admin server 3.4.2 =


=== Description ===
== Description ==


This release provides fixes to a couple of problems introduced in VOMS Admin 3.4.0, in particular:
This release provides fixes to a couple of problems introduced in VOMS Admin 3.4.0, in particular:
Line 98: Line 98:
* The sign-aup alias URL sent in user suspension notifications was broken
* The sign-aup alias URL sent in user suspension notifications was broken


==== Authenticate users by certificate subject ====
=== Authenticate users by certificate subject ===


Now users are correctly authenticated by certificate subject. With default settings, VOMS Admin authenticates clients by looking at the client certificate (subject,issuer) couple. A configuration flag was introduced in VOMS Admin 3.3.2 to authenticate only by certificate subject, but the fix worked only for VO administrators. This problem is now fixed.
Now users are correctly authenticated by certificate subject. With default settings, VOMS Admin authenticates clients by looking at the client certificate (subject,issuer) couple. A configuration flag was introduced in VOMS Admin 3.3.2 to authenticate only by certificate subject, but the fix worked only for VO administrators. This problem is now fixed.
Line 104: Line 104:
For instruction on how to enable this feature, see the [http://italiangrid.github.io/voms/release-notes/voms-admin-server/3.3.2 VOMS Admin 3.3.2 release notes].
For instruction on how to enable this feature, see the [http://italiangrid.github.io/voms/release-notes/voms-admin-server/3.3.2 VOMS Admin 3.3.2 release notes].


==== Disable membership expiration notifications ====
=== Disable membership expiration notifications ===


Is now possible to disable membership expiration notifications. This kind of notification do not make sense in deployments, like at CERN, where a VO administrator cannot extend the lifetime of VO members.
Is now possible to disable membership expiration notifications. This kind of notification do not make sense in deployments, like at CERN, where a VO administrator cannot extend the lifetime of VO members.
Line 116: Line 116:
Other improvements and fixes are listed below.
Other improvements and fixes are listed below.


=== Bug fixes ===
== Bug fixes ==


* [https://issues.infn.it/browse/VOMS-678 VOMS-678] : VOMS Admin skip-ca check does not work as expected for unprivileged VOMS Admin users
* [https://issues.infn.it/browse/VOMS-678 VOMS-678] : VOMS Admin skip-ca check does not work as expected for unprivileged VOMS Admin users
Line 125: Line 125:
* [https://issues.infn.it/browse/VOMS-711 VOMS-711] : VOMS Admin sign-aup URL broken
* [https://issues.infn.it/browse/VOMS-711 VOMS-711] : VOMS Admin sign-aup URL broken


=== Installation and configuration ===
== Installation and configuration ==


==== Upgrade from VOMS Admin Server >= 3.4.0 ====
=== Upgrade from VOMS Admin Server >= 3.4.0 ===


Update the packages and restart the service.
Update the packages and restart the service.


==== Upgrade from VOMS Admin Server >= 3.2.0 ====
=== Upgrade from VOMS Admin Server >= 3.2.0 ===


A [http://italiangrid.github.io/voms/documentation/sysadmin-guide/3.0.6/#db-upgrade database upgrade] and a [http://italiangrid.github.io/voms/documentation/sysadmin-guide/3.0.6/#reconf reconfiguration] (in this order) are required to upgrade to VOMS Admin server 3.4.2.
A [http://italiangrid.github.io/voms/documentation/sysadmin-guide/3.0.6/#db-upgrade database upgrade] and a [http://italiangrid.github.io/voms/documentation/sysadmin-guide/3.0.6/#reconf reconfiguration] (in this order) are required to upgrade to VOMS Admin server 3.4.2.


==== Upgrade from earlier VOMS Admin Server versions ====
=== Upgrade from earlier VOMS Admin Server versions ===


First upgrade to VOMS Admin version [http://italiangrid.github.io/voms/release-notes/voms-admin-server/3.2.0 3.2.0] and then to 3.4.2.
First upgrade to VOMS Admin version [http://italiangrid.github.io/voms/release-notes/voms-admin-server/3.2.0 3.2.0] and then to 3.4.2.
Line 142: Line 142:
Follow the instructions in the [http://italiangrid.github.io/voms/documentation/sysadmin-guide/3.0.6 VOMS System Administrator Guide].
Follow the instructions in the [http://italiangrid.github.io/voms/documentation/sysadmin-guide/3.0.6 VOMS System Administrator Guide].


== VOMS Server 2.0.13 ==
= VOMS Server 2.0.13 =


=== Bug fixes ===
== Bug fixes ==


* [https://issues.infn.it/browse/VOMS-700 VOMS-700] : canonicalize_string doesn't unescape encoded characters correctly
* [https://issues.infn.it/browse/VOMS-700 VOMS-700] : canonicalize_string doesn't unescape encoded characters correctly


=== Installation and configuration ===
== Installation and configuration ==


A restart of the service is needed.
A restart of the service is needed.
Line 154: Line 154:
For clean and update installation instructions, follow the instructions in the [http://italiangrid.github.io/voms/documentation/sysadmin-guide/3.0.6 VOMS System Administrator guide].
For clean and update installation instructions, follow the instructions in the [http://italiangrid.github.io/voms/documentation/sysadmin-guide/3.0.6 VOMS System Administrator guide].


== VOMS API Java 3.0.6 ==
= VOMS API Java 3.0.6 =


'''Targeted at Bouncycastle 1.46/CANL 1.3.x'''
'''Targeted at Bouncycastle 1.46/CANL 1.3.x'''


=== Description ===
== Description ==


This version of the Java APIs provide the following improvement and bug fixes:
This version of the Java APIs provide the following improvement and bug fixes:
Line 165: Line 165:
* The CertificateValidatorBuilder allows callers to select the hash function used to resolve trust anchors
* The CertificateValidatorBuilder allows callers to select the hash function used to resolve trust anchors


=== Bug fixes ===
== Bug fixes ==


* [https://issues.infn.it/browse/VOMS-653 VOMS-653] : VOMS Java APIs select SSLv3 for legacy VOMS requests
* [https://issues.infn.it/browse/VOMS-653 VOMS-653] : VOMS Java APIs select SSLv3 for legacy VOMS requests
* [https://issues.infn.it/browse/VOMS-703 VOMS-703] : CertificateValidatorBuilder should allow to configure whether is running in an OpenSSL 1.x or 0.9.x envinroment
* [https://issues.infn.it/browse/VOMS-703 VOMS-703] : CertificateValidatorBuilder should allow to configure whether is running in an OpenSSL 1.x or 0.9.x envinroment


=== Installation ===
== Installation ==


From Maven central
From Maven central
Line 190: Line 190:
  yum update
  yum update


== VOMS API Java 3.1.0 ==
= VOMS API Java 3.1.0 =


'''This is the porting of VOMS API Java to CANL 2.1.x/Bouncycastle 1.50'''. The functionality is equivalent to VOMS API Java 3.0.6.
'''This is the porting of VOMS API Java to CANL 2.1.x/Bouncycastle 1.50'''. The functionality is equivalent to VOMS API Java 3.0.6.


=== Installation ===
== Installation ==


From Maven central
From Maven central
Line 204: Line 204:
  </dependency>
  </dependency>


== VOMS API Java 3.2.0 ==
= VOMS API Java 3.2.0 =


'''This is the porting of VOMS API Java to CANL 2.2.x/Bouncycastle 1.52'''. The functionality is equivalent to VOMS API Java 3.0.6.
'''This is the porting of VOMS API Java to CANL 2.2.x/Bouncycastle 1.52'''. The functionality is equivalent to VOMS API Java 3.0.6.


=== Installation ===
== Installation ==


From Maven central
From Maven central

Latest revision as of 13:56, 31 March 2016

STORM 1.11.10

Description and released components

This release provides fixes and improvements for the several components.

It's HIGHLY RECOMMENDED to upgrade your installation to the version of StoRM WebDAV included in this release, that provides fixes for a security vulnerability affecting the Milton webdav library.

  • StoRM Backend v. 1.11.10: This release fixes an improper management of SURL status that can lead to PutDone errors and locked SURLs. It fixes also a minor issue related to the retrieved error message in case an expired token is used with srmAbort.
  • StoRM Info Provider v. 1.7.9: This release fixes a missing Glue2 field, not published on the BDII.
  • StoRM GridHTTPs v. 3.0.4: This release provides a fix for a security vulnerability and another minor bug fix on the returned error code when copy and move operation are done on equal source and destination.
  • StoRM WebDAV v. 1.0.4: This release provides a fix for a security vulnerability that was recently reported, and adds support for RFC-3230. It explains how to get checksum type and value of the stored resources. From this release, each HEAD and GET response will include a header like:
Digest: adler32=8a23d4f8

to be compliant with RFC-3230 specific.

Bug fixes

  • STOR-234 - Storm BE does not manage correctly abort requests of expired tokens
  • STOR-741 - WebDAV MOVE and COPY requests with source equal to destination fail with 412 instead of 403
  • STOR-835 - Improper management of SURL status can lead to PutDone errors and locked SURLs
  • STOR-837 - Missing GlueSAPath from Storage Areas BDII info

Improvements

  • STOR-700 - Add support for RFC 3230 in StoRM WebDAV service

Security vulnerabilities

More information concerning the security vulnerabilities addressed by this release are going to be published when appropriate at this URL

Installation and configuration

Packages can be obtained from Preview repositories.

In general, to re-configure the services, follow the commands below.

  • First of all, reconfigure storm-info-provider:
/usr/libexec/storm-info-provider configure
  • Then, restart the involved services and the BDII:
service storm-backend-server restart
service storm-webdav restart
service bdii restart

Alternatively, you can simply run YAIM.

You can find more information about upgrade, clean installation and configuration of StoRM services in the System Administration Guide.

The instructions per component are below.

StoRM Backend v. 1.11.10

  • Update and restart package:
yum update storm-backend-server
service storm-backend-server restart

StoRM Info Provider v. 1.7.9

  • Update package:
yum update storm-dynamic-info-provider
  • Re-configure info provider:
/usr/libexec/storm-info-provider configure
  • Restart BDII service:
service bdii restart

Alternatively, you can simply run YAIM after the update.

StoRM GridHTTPs v. 3.0.4

  • Update and restart package:
yum update storm-gridhttps-server
service storm-gridhttps-server restart

StoRM WebDAV v. 1.0.4

  • Update and restart package:
yum update storm-webdav
service storm-webdav restart

Check the the StoRM WebDAV installation and configuration guide for detailed installation and configuration information.

VOMS Admin server 3.4.2

Description

This release provides fixes to a couple of problems introduced in VOMS Admin 3.4.0, in particular:

  • The handling of group-scoped user requests was broken if the "Group-Manager" role was not defined for a VO
  • The sign-aup alias URL sent in user suspension notifications was broken

Authenticate users by certificate subject

Now users are correctly authenticated by certificate subject. With default settings, VOMS Admin authenticates clients by looking at the client certificate (subject,issuer) couple. A configuration flag was introduced in VOMS Admin 3.3.2 to authenticate only by certificate subject, but the fix worked only for VO administrators. This problem is now fixed.

For instruction on how to enable this feature, see the VOMS Admin 3.3.2 release notes.

Disable membership expiration notifications

Is now possible to disable membership expiration notifications. This kind of notification do not make sense in deployments, like at CERN, where a VO administrator cannot extend the lifetime of VO members.

To disable membership expiration notifications either:

  • reconfigure the affected VO with voms-configure specifying the --disable-membership-expiration-warnings option
  • set the voms.membership.disable_expiration_warning in /etc/voms-admin/<VO>/service.properties

A restart of the service is required.

Other improvements and fixes are listed below.

Bug fixes

  • VOMS-678 : VOMS Admin skip-ca check does not work as expected for unprivileged VOMS Admin users
  • VOMS-705 : Extend membership expiration time at each sync for VO members with valid, open-ended experiment participation
  • VOMS-706 : Add the ability to disable membership expiration notifications
  • VOMS-707 : Trim whitespace and remove newlines from subject in certificate requests
  • VOMS-710 : User requests cannot be approved if Group-Manager role is not defined
  • VOMS-711 : VOMS Admin sign-aup URL broken

Installation and configuration

Upgrade from VOMS Admin Server >= 3.4.0

Update the packages and restart the service.

Upgrade from VOMS Admin Server >= 3.2.0

A database upgrade and a reconfiguration (in this order) are required to upgrade to VOMS Admin server 3.4.2.

Upgrade from earlier VOMS Admin Server versions

First upgrade to VOMS Admin version 3.2.0 and then to 3.4.2. Clean install

Follow the instructions in the VOMS System Administrator Guide.

VOMS Server 2.0.13

Bug fixes

  • VOMS-700 : canonicalize_string doesn't unescape encoded characters correctly

Installation and configuration

A restart of the service is needed.

For clean and update installation instructions, follow the instructions in the VOMS System Administrator guide.

VOMS API Java 3.0.6

Targeted at Bouncycastle 1.46/CANL 1.3.x

Description

This version of the Java APIs provide the following improvement and bug fixes:

  • SSLv3 is no longer used for legacy VOMS requests
  • The CertificateValidatorBuilder allows callers to select the hash function used to resolve trust anchors

Bug fixes

  • VOMS-653 : VOMS Java APIs select SSLv3 for legacy VOMS requests
  • VOMS-703 : CertificateValidatorBuilder should allow to configure whether is running in an OpenSSL 1.x or 0.9.x envinroment

Installation

From Maven central

<dependency>
  <groupId>org.italiangrid</groupId>
  <artifactId>voms-api-java</artifactId>
  <version>3.0.6</version>
</dependency>

From RPM package

  • For a clean install:
yum install voms-api-java3
  • For an update install:
yum update

VOMS API Java 3.1.0

This is the porting of VOMS API Java to CANL 2.1.x/Bouncycastle 1.50. The functionality is equivalent to VOMS API Java 3.0.6.

Installation

From Maven central

<dependency>
  <groupId>org.italiangrid</groupId>
  <artifactId>voms-api-java</artifactId>
  <version>3.1.0</version>
</dependency>

VOMS API Java 3.2.0

This is the porting of VOMS API Java to CANL 2.2.x/Bouncycastle 1.52. The functionality is equivalent to VOMS API Java 3.0.6.

Installation

From Maven central

<dependency>
  <groupId>org.italiangrid</groupId>
  <artifactId>voms-api-java</artifactId>
  <version>3.2.0</version>
</dependency>