Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Preview 1.1.0

From EGIWiki
Jump to navigation Jump to search

STORM 1.11.10

Description and released components

This release provides fixes and improvements for the several components.

It's HIGHLY RECOMMENDED to upgrade your installation to the version of StoRM WebDAV included in this release, that provides fixes for a security vulnerability affecting the Milton webdav library.

  • StoRM Backend v. 1.11.10: This release fixes an improper management of SURL status that can lead to PutDone errors and locked SURLs. It fixes also a minor issue related to the retrieved error message in case an expired token is used with srmAbort.
  • StoRM Info Provider v. 1.7.9: This release fixes a missing Glue2 field, not published on the BDII.
  • StoRM GridHTTPs v. 3.0.4: This release provides a fix for a security vulnerability and another minor bug fix on the returned error code when copy and move operation are done on equal source and destination.
  • StoRM WebDAV v. 1.0.4: This release provides a fix for a security vulnerability that was recently reported, and adds support for RFC-3230. It explains how to get checksum type and value of the stored resources. From this release, each HEAD and GET response will include a header like:
Digest: adler32=8a23d4f8

to be compliant with RFC-3230 specific.

Bug fixes

  • STOR-234 - Storm BE does not manage correctly abort requests of expired tokens
  • STOR-741 - WebDAV MOVE and COPY requests with source equal to destination fail with 412 instead of 403
  • STOR-835 - Improper management of SURL status can lead to PutDone errors and locked SURLs
  • STOR-837 - Missing GlueSAPath from Storage Areas BDII info

Improvements

  • STOR-700 - Add support for RFC 3230 in StoRM WebDAV service

Security vulnerabilities

More information concerning the security vulnerabilities addressed by this release are going to be published when appropriate at this URL

Installation and configuration

Packages can be obtained from Preview repositories.

In general, to re-configure the services, follow the commands below.

  • First of all, reconfigure storm-info-provider:
/usr/libexec/storm-info-provider configure
  • Then, restart the involved services and the BDII:
service storm-backend-server restart
service storm-webdav restart
service bdii restart

Alternatively, you can simply run YAIM.

You can find more information about upgrade, clean installation and configuration of StoRM services in the System Administration Guide.

The instructions per component are below.

StoRM Backend v. 1.11.10

  • Update and restart package:
yum update storm-backend-server
service storm-backend-server restart

StoRM Info Provider v. 1.7.9

  • Update package:
yum update storm-dynamic-info-provider
  • Re-configure info provider:
/usr/libexec/storm-info-provider configure
  • Restart BDII service:
service bdii restart

Alternatively, you can simply run YAIM after the update.

StoRM GridHTTPs v. 3.0.4

  • Update and restart package:
yum update storm-gridhttps-server
service storm-gridhttps-server restart

StoRM WebDAV v. 1.0.4

  • Update and restart package:
yum update storm-webdav
service storm-webdav restart

Check the the StoRM WebDAV installation and configuration guide for detailed installation and configuration information.

VOMS Admin server 3.4.2

Description

This release provides fixes to a couple of problems introduced in VOMS Admin 3.4.0, in particular:

  • The handling of group-scoped user requests was broken if the "Group-Manager" role was not defined for a VO
  • The sign-aup alias URL sent in user suspension notifications was broken

Authenticate users by certificate subject

Now users are correctly authenticated by certificate subject. With default settings, VOMS Admin authenticates clients by looking at the client certificate (subject,issuer) couple. A configuration flag was introduced in VOMS Admin 3.3.2 to authenticate only by certificate subject, but the fix worked only for VO administrators. This problem is now fixed.

For instruction on how to enable this feature, see the VOMS Admin 3.3.2 release notes.

Disable membership expiration notifications

Is now possible to disable membership expiration notifications. This kind of notification do not make sense in deployments, like at CERN, where a VO administrator cannot extend the lifetime of VO members.

To disable membership expiration notifications either:

  • reconfigure the affected VO with voms-configure specifying the --disable-membership-expiration-warnings option
  • set the voms.membership.disable_expiration_warning in /etc/voms-admin/<VO>/service.properties

A restart of the service is required.

Other improvements and fixes are listed below.

VOMS Server 2.0.13

VOMS API Java 3.0.6