Index: branches/fc15-dev/host/debian/scripts-vm-host/conserver-sudoers =================================================================== --- branches/fc15-dev/host/debian/scripts-vm-host/conserver-sudoers (revision 1938) +++ branches/fc15-dev/host/debian/scripts-vm-host/conserver-sudoers (revision 1938) @@ -0,0 +1,1 @@ +conservr ALL=(ALL) NOPASSWD: /usr/sbin/xm console * Index: branches/fc15-dev/host/debian/scripts-vm-host/conserver.cf.divert =================================================================== --- branches/fc15-dev/host/debian/scripts-vm-host/conserver.cf.divert (revision 1938) +++ branches/fc15-dev/host/debian/scripts-vm-host/conserver.cf.divert (revision 1938) @@ -0,0 +1,21 @@ +config * { + sslrequired no; +} +default full { + rw *; +} +default * { + logfile /var/log/conserver/&.log; + timestamp "1lab"; + include full; + sslrequired no; + options reinitoncc; +} +default xen { + type exec; + exec sudo xm console f; + execsubst f=cs; +} +access * { + trusted 127.0.0.1; +} Index: branches/fc15-dev/host/debian/scripts-vm-host/debian/changelog =================================================================== --- branches/fc15-dev/host/debian/scripts-vm-host/debian/changelog (revision 1938) +++ branches/fc15-dev/host/debian/scripts-vm-host/debian/changelog (revision 1938) @@ -0,0 +1,11 @@ +scripts-vm-host (0.2) unstable; urgency=low + + * Uhh, actually depend on c-p-d + + -- Quentin Smith Sat, 18 Jun 2011 15:36:44 -0400 + +scripts-vm-host (0.1) unstable; urgency=low + + * Initial release + + -- Quentin Smith Wed, 08 Jun 2011 23:22:31 -0400 Index: branches/fc15-dev/host/debian/scripts-vm-host/debian/compat =================================================================== --- branches/fc15-dev/host/debian/scripts-vm-host/debian/compat (revision 1938) +++ branches/fc15-dev/host/debian/scripts-vm-host/debian/compat (revision 1938) @@ -0,0 +1,1 @@ +7 Index: branches/fc15-dev/host/debian/scripts-vm-host/debian/control =================================================================== --- branches/fc15-dev/host/debian/scripts-vm-host/debian/control (revision 1938) +++ branches/fc15-dev/host/debian/scripts-vm-host/debian/control (revision 1938) @@ -0,0 +1,48 @@ +Source: scripts-vm-host +Section: misc +Priority: extra +Maintainer: scripts team +Build-Depends: cdbs, debhelper (>= 7.0.50~), config-package-dev, munin-node +Standards-Version: 3.9.1 +Homepage: http://scripts.mit.edu/ + +Package: scripts-vm-host +Architecture: all +Depends: ${misc:Depends}, + apticron, + bwm-ng, + bzip2, + emacs23-nox, + ethtool, + git, + htop, + i2c-tools, + ipmitool, + kpartx, + lm-sensors, + memtest86+, + memtest86, + mii-diag, + molly-guard, + mtr-tiny, + nbd-client, + nbd-server, + ntp, + ntpdate, + rlwrap, + smartmontools, + strace, + tcpdump, + tree, + vim, + xen-linux-system, + debathena-clients, + debathena-ssh-server-config, + sudo, + conserver-client, + conserver-server, + munin-node, + subversion, +Description: Configures a machine to be a scripts VM host + Configures a machine to be a scripts VM host, installing all + appropriate dependencies. Index: branches/fc15-dev/host/debian/scripts-vm-host/debian/copyright =================================================================== --- branches/fc15-dev/host/debian/scripts-vm-host/debian/copyright (revision 1938) +++ branches/fc15-dev/host/debian/scripts-vm-host/debian/copyright (revision 1938) @@ -0,0 +1,22 @@ +This work was packaged for Debian by: + + Quentin Smith on Wed, 08 Jun 2011 23:22:31 -0400 + +It was downloaded from: + + http://scripts.mit.edu + +Copyright: + + Copyright (C) 2011 Quentin Smith + +License: + + GPLv2+ + +The Debian packaging is: + + Copyright (C) 2011 Quentin Smith + +and is licensed under the GPL version 2 +see "/usr/share/common-licenses/GPL-2". Index: branches/fc15-dev/host/debian/scripts-vm-host/debian/rules =================================================================== --- branches/fc15-dev/host/debian/scripts-vm-host/debian/rules (revision 1938) +++ branches/fc15-dev/host/debian/scripts-vm-host/debian/rules (revision 1938) @@ -0,0 +1,8 @@ +#!/usr/bin/make -f + +DEB_DIVERT_FILES_scripts-vm-host = /etc/conserver/conserver.cf.divert +DEB_TRANSFORM_FILES_scripts-vm-host = /etc/munin/munin-node.conf.divert + +include /usr/share/cdbs/1/rules/debhelper.mk +include /usr/share/cdbs/1/rules/config-package.mk + Index: branches/fc15-dev/host/debian/scripts-vm-host/debian/scripts-vm-host.install =================================================================== --- branches/fc15-dev/host/debian/scripts-vm-host/debian/scripts-vm-host.install (revision 1938) +++ branches/fc15-dev/host/debian/scripts-vm-host/debian/scripts-vm-host.install (revision 1938) @@ -0,0 +1,3 @@ +gitconfig /etc +conserver.cf.divert /etc/conserver +conserver-sudoers /etc/sudoers.d Index: branches/fc15-dev/host/debian/scripts-vm-host/debian/scripts-vm-host.postinst =================================================================== --- branches/fc15-dev/host/debian/scripts-vm-host/debian/scripts-vm-host.postinst (revision 1938) +++ branches/fc15-dev/host/debian/scripts-vm-host/debian/scripts-vm-host.postinst (revision 1938) @@ -0,0 +1,47 @@ +#!/bin/sh +# postinst script for #PACKAGE# +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `configure' +# * `abort-upgrade' +# * `abort-remove' `in-favour' +# +# * `abort-remove' +# * `abort-deconfigure' `in-favour' +# `removing' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case "$1" in + configure) + debconf-set-selections <&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 Index: branches/fc15-dev/host/debian/scripts-vm-host/debian/transform_munin-node.conf.divert =================================================================== --- branches/fc15-dev/host/debian/scripts-vm-host/debian/transform_munin-node.conf.divert (revision 1938) +++ branches/fc15-dev/host/debian/scripts-vm-host/debian/transform_munin-node.conf.divert (revision 1938) @@ -0,0 +1,9 @@ +#!/bin/sh + +cat +cat < /etc/apt/sources.list.d/debathena.list +deb http://debathena.mit.edu/apt squeeze debathena debathena-config debathena-system openafs +deb-src http://debathena.mit.edu/apt squeeze debathena debathena-config debathena-system openafs +EOF + +# install host keytab + cp $keytab /etc/krb5.keytab + k5srvutil change + k5srvutil delold +# install ~/.k5login +# clone the xen config (/etc/xen) + git clone -b squeeze ssh://scripts@scripts.mit.edu/mit/scripts/git/xen.git /etc/xen + +# Install scripts-vm-host + aptitude install scripts-vm-host Index: branches/fc15-dev/locker/bin/cronload =================================================================== --- branches/fc15-dev/locker/bin/cronload (revision 1930) +++ branches/fc15-dev/locker/bin/cronload (revision 1938) @@ -1,3 +1,17 @@ #!/bin/sh + +usage="Usage \"$0 [-l lockername] [-h] crontab\"" +while getopts "l:h" options; do + case $options in + l ) lname=$OPTARG;; + h ) echo "$usage"; exit 0;; + * ) echo "$usage"; exit 1;; + esac +done +shift `expr $OPTIND - 1` +if [ -z "$1" ]; then + echo "$usage" + exit 1 +fi echo "This program should print your new crontab below." @@ -6,5 +20,22 @@ echo + cwd=`pwd` -lname=`perl -e "\\\$temp = \"$cwd\"; \\\$temp =~ /\\\/([^\\\/]+)\\\/cron_scripts/; print \\\$1"` +if [ -z "$lname" ]; then + lname=`perl -e "\\\$temp = \"$cwd\"; \\\$temp =~ /\\\/([^\\\/]+)\\\/cron_scripts/; print \\\$1"` +fi +if [ -z "$lname" ]; then + echo "ERROR: Could not detect locker name. Make sure to run" + echo "cronload from within /mit/lockername/cron_scripts/" + echo "(or pass the -l lockername option)" + exit 1 +fi athrun scripts scripts-ssh "$lname" /usr/local/bin/cronload "$1" "$cwd" 2>/dev/null +if ! grep -q "^MAILTO=" "$1"; then + echo "WARNING: You have no MAILTO= variable set. This means any" + echo "cron errors will go to $lname@scripts.mit.edu (your mail_scripts" + echo "account), which is almost certainly not what you want!" + echo "Please add a MAILTO= line, e.g., MAILTO=${EMAIL:-${ATHENA_USER:-$USER}@mit.edu}," + echo "to your crontab. If you do not want to receive errors, set" + echo 'MAILTO="".' +fi Index: branches/fc15-dev/locker/bin/crontab =================================================================== --- branches/fc15-dev/locker/bin/crontab (revision 1930) +++ branches/fc15-dev/locker/bin/crontab (revision 1938) @@ -9,5 +9,5 @@ # (can be useful for debugging) # You can always redirect the output of individual commands to /dev/null -MAILTO="SCRIPTS_USER@mit.edu" +MAILTO="ATHENA_USER@mit.edu" # If you do not want to receive any mail from cron, use the line below instead #MAILTO="" @@ -22,5 +22,5 @@ # | | | | | # | | | | ----- day of week (0 - 6) (Sunday=0) -# | | | ------- month (1 - 12) +# | | | ------- month (1 - 12) # | | --------- day of month (1 - 31) # | ----------- hour (0 - 23) Index: branches/fc15-dev/locker/bin/for-each-server =================================================================== --- branches/fc15-dev/locker/bin/for-each-server (revision 1930) +++ branches/fc15-dev/locker/bin/for-each-server (revision 1938) @@ -1,14 +1,5 @@ #!/bin/sh -case `machtype` in - linux|darwin) - TAIL_ARG="-n" - ;; - *) - TAIL_ARG="" - ;; -esac - -for server in `finger @scripts.mit.edu | tail ${TAIL_ARG} +5 | sed -n "s/ -> \([^:]*\):.*/\1/p" | sort -u`; do +for server in `finger @scripts.mit.edu | sed -n -e "1,5d" -e "s/ -> \([^:]*\):.*/\1/p" | sort -u`; do ssh "$server" "$@" done Index: branches/fc15-dev/locker/bin/scripts-advancedbook =================================================================== --- branches/fc15-dev/locker/bin/scripts-advancedbook (revision 1930) +++ (revision ) @@ -1,6 +1,0 @@ -#!/bin/sh - -sname="Advanced Guestbook" -deploy="advancedbook" -prompt_username=1 -. /mit/scripts/deploy$scriptsdev/bin/onathena Index: branches/fc15-dev/locker/bin/scripts-advancedpoll =================================================================== --- branches/fc15-dev/locker/bin/scripts-advancedpoll (revision 1930) +++ (revision ) @@ -1,10 +1,0 @@ -#!/bin/sh - -# This automatic installer is no longer advertised. -# Here is our old description of it: -# * "Advanced Poll":http://proxy2.de/scripts.php ~["demo":http://proxy2.de/poll/]~ - polling software featuring multiple polls, templates, unlimited options, multi-language support, IP-Logging, IP-Locking, cookie support, comment feature, vote expire feature, and random poll support. - -sname="Advanced Poll" -deploy="advancedpoll" -prompt_username=1 -. /mit/scripts/deploy$scriptsdev/bin/onathena Index: branches/fc15-dev/locker/bin/scripts-e107 =================================================================== --- branches/fc15-dev/locker/bin/scripts-e107 (revision 1930) +++ (revision ) @@ -1,6 +1,0 @@ -#!/bin/sh - -sname="e107" -deploy="e107" -prompt_username=1 -. /mit/scripts/deploy$scriptsdev/bin/onathena Index: branches/fc15-dev/locker/bin/scripts-git =================================================================== --- branches/fc15-dev/locker/bin/scripts-git (revision 1938) +++ branches/fc15-dev/locker/bin/scripts-git (revision 1938) @@ -0,0 +1,9 @@ +#!/bin/sh + +sname="git repository" +deploy="git" +create_scripts_dir=1 +requires_sql=0 +prompt_username=1 +prompt_password=0 +. /mit/scripts/deploy$scriptsdev/bin/onathena Index: branches/fc15-dev/locker/bin/scripts-mediawiki =================================================================== --- branches/fc15-dev/locker/bin/scripts-mediawiki (revision 1930) +++ branches/fc15-dev/locker/bin/scripts-mediawiki (revision 1938) @@ -2,6 +2,6 @@ sname="MediaWiki" -deploy="mediawiki$scriptsstar" +deploy="mediawiki" prompt_username=1 wizard="mediawiki" -. /mit/scripts/deploy$scriptsdev/bin/onathena$scriptsstar +. /mit/scripts/deploy$scriptsdev/bin/onathena Index: branches/fc15-dev/locker/bin/scripts-phpical =================================================================== --- branches/fc15-dev/locker/bin/scripts-phpical (revision 1930) +++ (revision ) @@ -1,6 +1,0 @@ -#!/bin/sh - -sname="PHP iCalendar" -deploy="phpical" -requires_sql=0 -. /mit/scripts/deploy$scriptsdev/bin/onathena Index: branches/fc15-dev/locker/bin/scripts-ssh =================================================================== --- branches/fc15-dev/locker/bin/scripts-ssh (revision 1930) +++ branches/fc15-dev/locker/bin/scripts-ssh (revision 1938) @@ -9,5 +9,5 @@ -o PreferredAuthentications=gssapi-with-mic \ -o ForwardX11=no \ - -o GlobalKnownHostsFile=/afs/athena.mit.edu/contrib/scripts/ssh/known_hosts \ + -o GlobalKnownHostsFile=/afs/athena.mit.edu/contrib/scripts/etc/known_hosts \ -o UserKnownHostsFile=/dev/null \ -t \ Index: branches/fc15-dev/locker/bin/scripts-start =================================================================== --- branches/fc15-dev/locker/bin/scripts-start (revision 1930) +++ branches/fc15-dev/locker/bin/scripts-start (revision 1938) @@ -6,7 +6,7 @@ echo 'gallery2 Gallery2' echo 'phpbb phpBB' - echo 'phpical PHP iCalendar' + echo 'joomla Joomla' + echo 'git Git repository' echo 'trac Trac' - echo 'joomla Joomla' echo 'turbogears TurboGears' echo 'django Django' Index: branches/fc15-dev/locker/bin/scripts-wordpress =================================================================== --- branches/fc15-dev/locker/bin/scripts-wordpress (revision 1930) +++ branches/fc15-dev/locker/bin/scripts-wordpress (revision 1938) @@ -2,6 +2,6 @@ sname="WordPress" -deploy="wordpress$scriptsstar" +deploy="wordpress" prompt_password=0 wizard="wordpress" -. /mit/scripts/deploy$scriptsdev/bin/onathena$scriptsstar +. /mit/scripts/deploy$scriptsdev/bin/onathena Index: branches/fc15-dev/locker/bin/signup-cron =================================================================== --- branches/fc15-dev/locker/bin/signup-cron (revision 1930) +++ branches/fc15-dev/locker/bin/signup-cron (revision 1938) @@ -10,5 +10,9 @@ fs sa /mit/$lname/cron_scripts daemon.scripts write DATE=`date` - sed '/SCRIPTS_USER/s//'"$lname"'/g' /mit/scripts/deploy/crontab | sed '/SCRIPTS_DATE/s//'"$DATE"'/g' > /mit/$lname/cron_scripts/crontab + signupuser=`echo "$principal" | sed 's/[/@].*$//'` + sed '/SCRIPTS_USER/s//'"$lname"'/g' /mit/scripts/bin$scriptsdev/crontab | sed '/ATHENA_USER/s//'"$signupuser"'/g' | sed '/SCRIPTS_DATE/s//'"$DATE"'/g' > /mit/$lname/cron_scripts/crontab + echo "By default, output from cron jobs for the $lname locker will be mailed" + echo "to $signupuser@mit.edu. You should edit /mit/$lname/cron_scripts/crontab" + echo "to change this and set up your cron jobs." success "the cron script service" "The directory /mit/$lname/cron_scripts has been created." else Index: branches/fc15-dev/locker/bin/signup-mail =================================================================== --- branches/fc15-dev/locker/bin/signup-mail (revision 1930) +++ branches/fc15-dev/locker/bin/signup-mail (revision 1938) @@ -9,5 +9,5 @@ fs sa /mit/$lname/mail_scripts system:authuser none fs sa /mit/$lname/mail_scripts daemon.scripts read - signupuser=`echo "$principal" | sed 's/@.*$//'` + signupuser=`echo "$principal" | sed 's/[/@].*$//'` sed /SCRIPTS_USER/s//$signupuser/ /mit/scripts/bin/procmailrc > /mit/$lname/mail_scripts/procmailrc echo "By default, mail sent to $lname@scripts.mit.edu will be forwarded to" Index: branches/fc15-dev/locker/bin/ssh =================================================================== --- branches/fc15-dev/locker/bin/ssh (revision 1930) +++ branches/fc15-dev/locker/bin/ssh (revision 1938) @@ -11,5 +11,5 @@ -o PreferredAuthentications=gssapi-with-mic \ -o ForwardX11=no \ - -o GlobalKnownHostsFile=/afs/athena.mit.edu/contrib/scripts/ssh/known_hosts \ + -o GlobalKnownHostsFile=/afs/athena.mit.edu/contrib/scripts/etc/known_hosts \ -o UserKnownHostsFile=/dev/null \ "$@" Index: branches/fc15-dev/locker/deploy/bin/advancedbook =================================================================== --- branches/fc15-dev/locker/deploy/bin/advancedbook (revision 1930) +++ (revision ) @@ -1,39 +1,0 @@ -#!/usr/bin/perl -use strict; -use FindBin qw($Bin); -use lib $Bin; -use onserver; - -setup(); - -undef $/; - -open(FILE, "admin/contemp.php"); -my $a = ; -close(FILE); -$a =~ s/localhost/$sqlhost/g; -$a =~ s/dbuser/$sqluser/g; -$a =~ s/dbpass/$sqlpass/g; -$a =~ s/guestbookdb/$sqldb/g; -$a =~ s/useremail/$email/g; -open(FILE, ">admin/config.inc.php"); -print FILE $a; -close(FILE); - -open(FILE, "instemp.php"); -$a = ; -close(FILE); -$a =~ s/gbuser/$admin_username/g; -$a =~ s/gbpass/$admin_password/g; -open(FILE, ">install.php"); -print FILE $a; -close(FILE); - -fetch_uri( - 'install.php', - {}, - {action => 'Create table', - db => $sqldb, - host => $sqlhost, - name => $sqluser, - pass => $sqlpass}); Index: branches/fc15-dev/locker/deploy/bin/advancedpoll =================================================================== --- branches/fc15-dev/locker/deploy/bin/advancedpoll (revision 1930) +++ (revision ) @@ -1,39 +1,0 @@ -#!/usr/bin/perl -use strict; -use FindBin qw($Bin); -use lib $Bin; -use onserver; - -setup(); - -undef $/; -open(FILE, "include/contemp.php"); -my $a = ; -close(FILE); -$a =~ s/localhost/$sqlhost/g; -$a =~ s/dbuser/$sqluser/g; -$a =~ s/dbpass/$sqlpass/g; -$a =~ s/polldb/$sqldb/g; -open(FILE, ">include/config.inc.php"); -print FILE $a; -close(FILE); - -fetch_uri('install.php', {action => 'step_2'}); -fetch_uri('install.php', {action => 'step_3'}); -fetch_uri('install.php', {action => 'step_4'}); - -fetch_uri( - 'install.php', - {action => 'step_6'}, - {action => 'step_6', - username => $admin_username, - password => $admin_password}); - -unlink('include/contemp.php'); - -print < $sqlhost, - name => $sqluser, - password => $sqlpass, - db => $sqldb, - prefix => 'e107_', - stage => 3}) =~ /name='previous_steps' value='(.*)'/; - -my ($prevb) = fetch_uri( - 'install.php', - {}, - {stage => 4, - previous_steps => $preva}) =~ /name='previous_steps' value='(.*)'/; - -my ($prevc) = fetch_uri( - 'install.php', - {}, - {u_name => $admin_username, - d_name => $admin_username, - pass1 => $admin_password, - pass2 => $admin_password, - email => $email, - stage => 6, - previous_steps => $prevb}) =~ /name='previous_steps' value='(.*)'/; - -fetch_uri( - 'install.php', - {}, - {stage => "7", - previous_steps => $prevc}); - -unlink 'install.php'; Index: branches/fc15-dev/locker/deploy/bin/git =================================================================== --- branches/fc15-dev/locker/deploy/bin/git (revision 1938) +++ branches/fc15-dev/locker/deploy/bin/git (revision 1938) @@ -0,0 +1,81 @@ +#!/usr/bin/perl +use strict; +use FindBin qw($Bin); +use lib $Bin; +use onserver; + +setup(); + +my $gitbase = "$scriptsdir/git"; +my $htpasswd = "$gitbase/$addrend.git/.htpasswd"; + +open HTACCESS, ">.htaccess"; +print HTACCESS < + AuthName "Git Access" + AuthType basic + AuthUserFile $htpasswd + Require user $admin_username + + # Alternatively, replace "require user" with: + #Require group somegroup + #AuthGroupFile $gitbase/$addrend/.htgroup + # and set up .htgroup appropriately + + +RewriteRule ^($addrend\\.git/.*)\$ /~$USER/$addrend/_git.cgi/\$1 +EOF +close HTACCESS; +chmod 0777, ".htaccess"; + +open GIT_CGI, ">_git.cgi"; +print GIT_CGI <&2 + exit 1;; + /$addrend.git/*) + # pass + ;; + *) + echo "Content-type: text/plain" + echo "Status: 403 Forbidden" + echo "" + echo "Error: PATH_INFO='\$PATH_INFO' must start with /$addrend.git/" + echo "gitautoinstaller: \$HOME: found bad start in PATH_INFO='\$PATH_INFO'" >&2 + exit 1;; +esac +export GIT_PROJECT_ROOT="$gitbase" +export PATH_TRANSLATED="\$GIT_PROJECT_ROOT\$PATH_INFO" +exec git http-backend +EOF +close GIT_CGI; +chmod 0755, "_git.cgi"; +symlink "_git.cgi","_git-auth.cgi"; + +chdir $gitbase; +system qw{git init --bare}, "$addrend.git"; +chdir "$addrend.git"; + +open ENABLE, ">git-daemon-export-ok"; +print ENABLE ""; +close ENABLE; + +system qw{htpasswd -c}, $htpasswd, $admin_username; + +print "Your git repository is located in:\n"; +print " $gitbase/$addrend.git/\n"; +print "To clone, run\n git clone https://$USER.scripts.mit.edu/$addrend/$addrend.git\n\n"; +press_enter; + +exit 0; Index: branches/fc15-dev/locker/deploy/bin/onathena =================================================================== --- branches/fc15-dev/locker/deploy/bin/onathena (revision 1930) +++ branches/fc15-dev/locker/deploy/bin/onathena (revision 1938) @@ -62,35 +62,41 @@ echo echo "Please report problems with this installer to $aicontact." -echo -echo "Are you performing this install for:" -echo "1. Your personal Athena account" -echo "2. A locker that you control (a club, a course, etc)" -echo "If you do not understand this question, you should answer '1'." -printf "Please enter either '1' or '2' (without quotes): " -read whofor -if [ "$whofor" = 1 ]; then - lname="${ATHENA_USER:-$USER}" -elif [ "$whofor" = 2 ]; then - echo - echo "OK. $sname will be installed into a locker of your choice that" - echo "you control. Please enter the name of the selected locker below." - echo "(For the locker /mit/lsc -- which has a full path of" - echo "/afs/athena.mit.edu/activity/l/lsc -- you would simply enter lsc)." - printf "Locker name: " - read lname + +if [ -n "$SCRIPTS_INSTALL_LOCKER" ]; then + lname=$SCRIPTS_INSTALL_LOCKER else echo - echo "ERROR:" - echo "You must select either '1' or '2'." - exit 1 -fi -while true; do - if attach "$lname"; then - break - fi - echo "$lname is not a valid locker name." - printf "Locker name: " - read lname -done + echo "Are you performing this install for:" + echo "1. Your personal Athena account" + echo "2. A locker that you control (a club, a course, etc)" + echo "If you do not understand this question, you should answer '1'." + printf "Please enter either '1' or '2' (without quotes): " + read whofor + if [ "$whofor" = 1 ]; then + lname="${ATHENA_USER:-$USER}" + elif [ "$whofor" = 2 ]; then + echo + echo "OK. $sname will be installed into a locker of your choice that" + echo "you control. Please enter the name of the selected locker below." + echo "(For the locker /mit/lsc -- which has a full path of" + echo "/afs/athena.mit.edu/activity/l/lsc -- you would simply enter lsc)." + printf "Locker name: " + read lname + else + echo + echo "ERROR:" + echo "You must select either '1' or '2'." + exit 1 + fi + while true; do + if attach "$lname"; then + break + fi + echo "$lname is not a valid locker name." + printf "Locker name: " + read lname + done + unset whofor +fi lroot="/mit/$lname" @@ -101,12 +107,16 @@ . "/mit/scripts/bin$scriptsdev/signup-web" -echo -echo "Your new copy of $sname will appear on the web at a URL" -echo "that starts with http://$lname.scripts.mit.edu/" -echo "Please decide upon a complete URL and enter it below." -echo "You must enter one or more characters after mit.edu/" -echo "The completed address must only contain a-z, 0-9, and /." -printf "Desired address: http://$lname.scripts.mit.edu/" -read addrend +if [ -n "$SCRIPTS_INSTALL_ADDREND" ]; then + addrend=$SCRIPTS_INSTALL_ADDREND +else + echo + echo "Your new copy of $sname will appear on the web at a URL" + echo "that starts with http://$lname.scripts.mit.edu/" + echo "Please decide upon a complete URL and enter it below." + echo "You must enter one or more characters after mit.edu/" + echo "The completed address must only contain a-z, 0-9, and /." + printf "Desired address: http://$lname.scripts.mit.edu/" + read addrend +fi addrend=`perl -0e 'print $ARGV[0] =~ /^([\w\/-]*[\w-])\/*$/' -- "$addrend"` @@ -209,5 +219,9 @@ if [ "$wizard" != "" ]; then - vsshrun "/mit/$ailocker/wizard/bin/wizard" "install" "$@" "$wizard" "$lroot/web_scripts/$addrend" + if [ "$create_scripts_dir" -eq 1 ]; then + vsshrun "/mit/$ailocker/wizard/bin/wizard" "install" "--web-stub-path" "$lroot/web_scripts/$addrend" "$@" "$wizard" "$lroot/Scripts/$deploy/$addrend" + else + vsshrun "/mit/$ailocker/wizard/bin/wizard" "install" "$@" "$wizard" "$lroot/web_scripts/$addrend" + fi exit 0 fi Index: branches/fc15-dev/locker/deploy/bin/onserver.pm =================================================================== --- branches/fc15-dev/locker/deploy/bin/onserver.pm (revision 1930) +++ branches/fc15-dev/locker/deploy/bin/onserver.pm (revision 1938) @@ -11,9 +11,9 @@ use URI; our @ISA = qw(Exporter); -our @EXPORT = qw(setup totmp fetch_uri print_login_info press_enter $server $tmp $USER $HOME $sname $deploy $addrend $base_uri $ua $admin_username $requires_sql $addrlast $sqlhost $sqluser $sqlpass $sqldb $admin_password $scriptsdev $human $email); +our @EXPORT = qw(setup totmp fetch_uri print_login_info press_enter $server $tmp $USER $HOME $scriptsdir $sname $deploy $addrend $base_uri $ua $admin_username $requires_sql $addrlast $sqlhost $sqluser $sqlpass $sqldb $admin_password $scriptsdev $human $email); our $server = "scripts.mit.edu"; -our ($tmp, $USER, $HOME, $sname, $deploy, $addrend, $base_uri, $ua, $admin_username, $requires_sql, $addrlast, $sqlhost, $sqluser, $sqlpass, $sqldb, $admin_password, $scriptsdev, $human, $email); +our ($tmp, $USER, $HOME, $scriptsdir, $sname, $deploy, $addrend, $base_uri, $ua, $admin_username, $requires_sql, $addrlast, $sqlhost, $sqluser, $sqlpass, $sqldb, $admin_password, $scriptsdev, $human, $email); $tmp = ".scripts-tmp"; @@ -77,4 +77,7 @@ $USER = $ENV{USER}; $HOME = $ENV{HOME}; + $scriptsdir = $HOME; + $scriptsdir =~ s/\/Scripts$//; + $scriptsdir .= "/Scripts"; ($sname, $deploy, $addrend, $admin_username, $requires_sql, $scriptsdev, $human) = @ARGV; Index: branches/fc15-dev/locker/deploy/bin/phpical =================================================================== --- branches/fc15-dev/locker/deploy/bin/phpical (revision 1930) +++ (revision ) @@ -1,30 +1,0 @@ -#!/usr/bin/perl -use strict; -use FindBin qw($Bin); -use lib $Bin; -use onserver; - -setup(); - -undef $/; -open(FILE, "contemp.php"); -my $a = ; -close(FILE); -$a =~ s/adminpass/$admin_password/g; -$a =~ s|\$timezone\s*= '';|\$timezone = 'US/Eastern';|g; -$a =~ s/\$phpicalendar_publishing/\/\/ WARNING: The scripts.mit.edu maintainers have had to disable this feature on scripts.mit.edu because it contains a serious security vulnerability that has not been addressed by the software\'s authors. Please do not try to enable this feature\n\$phpicalendar_publishing/; -open(FILE, ">config.inc.php"); -print FILE $a; -close(FILE); - -#system('cp', '/mit/scripts/deploy/phpical/MIT Academic Calendar.ics', 'calendars/'); - -unlink('contemp.php'); -unlink('calendars/publish.ical.php'); - -print <newval('components', 'webadmin.*', 'enabled'); $cfg->newval('components', 'tracext.git.*', 'enabled') if $repotype eq "git"; +$cfg->newval('components', 'tracext.hg.*', 'enabled') if $repotype eq "hg"; $cfg->RewriteConfig(); Index: branches/fc15-dev/locker/deploy/trac/trac.fcgi =================================================================== --- branches/fc15-dev/locker/deploy/trac/trac.fcgi (revision 1930) +++ branches/fc15-dev/locker/deploy/trac/trac.fcgi (revision 1938) @@ -2,5 +2,6 @@ import os, os.path, sys -from trac.web import fcgi_frontend +from trac.web.main import dispatch_request +from trac.web._fcgi import WSGIServer import urlparse @@ -38,5 +39,5 @@ env.log.exception(e) if env.needs_upgrade(): - fcgi_frontend._fcgi.WSGIServer(send_upgrade_message).run() + WSGIServer(send_upgrade_message).run() sys.exit(0) if hasattr(trac.env, 'env_cache'): @@ -65,5 +66,5 @@ referrer.path, referrer.query, referrer.fragment)) - return fcgi_frontend.dispatch_request(environ, start_response) + return dispatch_request(environ, start_response) -fcgi_frontend._fcgi.WSGIServer(my_dispatch_request).run() +WSGIServer(my_dispatch_request).run() Index: branches/fc15-dev/locker/etc/known_hosts =================================================================== --- branches/fc15-dev/locker/etc/known_hosts (revision 1938) +++ branches/fc15-dev/locker/etc/known_hosts (revision 1938) @@ -0,0 +1,1 @@ +scripts,scripts.mit.edu,scripts-vhosts,scripts-vhosts.mit.edu,scripts-test,scripts-test.mit.edu,b-k,b-k.mit.edu,bees-knees,bees-knees.mit.edu,b-m,b-m.mit.edu,better-mousetrap,better-mousetrap.mit.edu,b-b,b-b.mit.edu,busy-beaver,busy-beaver.mit.edu,c-w,c-w.mit.edu,cats-whiskers,cats-whiskers.mit.edu,o-f,o-f.mit.edu,old-faithful,old-faithful.mit.edu,p-b,p-b.mit.edu,pancake-bunny,pancake-bunny.mit.edu,r-m,r-m.mit.edu,real-mccoy,real-mccoy.mit.edu,s-a,s-a.mit.edu,shining-armor,shining-armor.mit.edu,w-e,w-e.mit.edu,whole-enchilada,whole-enchilada.mit.edu,scripts1,scripts1.mit.edu,scripts2,scripts2.mit.edu,scripts3,scripts3.mit.edu,scripts4,scripts4.mit.edu,scripts5,scripts5.mit.edu,scripts6,scripts6.mit.edu,scripts7,scripts7.mit.edu,scripts8,scripts8.mit.edu,scripts9,scripts9.mit.edu,18.181.0.43,18.181.0.46,18.181.0.57,18.181.0.53,18.181.0.167,18.181.0.228,18.181.0.236,18.181.0.237,18.181.0.234,18.181.0.235,18.181.0.135,18.181.0.229 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuEpkEgaIgjK7F1gV81lLSYTwSqIZX/9IJs37VaJCsJFv3D86uuJSdfI3Y94fPn2OH6AxfdaqGNksVdi27mKQfzvCB4ogjQgxmM391MIDLd+izZDY0YvCb4DqJLMJUpX49cNUMkj+/rJg1O0K2w/lb8DGr7wdoLSPKCUJNJv5WMMDxpFL253lPELsmnds4T+R6LpTt6W9+FalHl84me51sEjV9PbmhcTaNwuoJStAjhrKPfgHHDIKNyCUvaVkoHPXEsdzz00yY7i57djyZlzPV/jM7LKar+Xw2LB0Z3098IQcdbD8zmz2DdakPTlShxavNPC6kZDZ3WVqziC+bszaSQ== Index: branches/fc15-dev/lvs/debian/config/etc/nagios/nrpe.cfg =================================================================== --- branches/fc15-dev/lvs/debian/config/etc/nagios/nrpe.cfg (revision 1930) +++ branches/fc15-dev/lvs/debian/config/etc/nagios/nrpe.cfg (revision 1938) @@ -93,5 +93,5 @@ # Values: 0=do not allow arguments, 1=allow command arguments -dont_blame_nrpe=1 +dont_blame_nrpe=0 @@ -187,15 +187,15 @@ # config file is set to '1'... -command[check_users]=/usr/lib/nagios/plugins/check_users -w $ARG1$ -c $ARG2$ -command[check_load]=/usr/lib/nagios/plugins/check_load -w $ARG1$ -c $ARG2$ -command[check_disk]=/usr/lib/nagios/plugins/check_disk -w $ARG1$ -c $ARG2$ -command[check_disk_p]=/usr/lib/nagios/plugins/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$ -command[check_procs]=/usr/lib/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -command[check_procs_C]=/usr/lib/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -C $ARG3$ -command[check_procs_P]=/usr/lib/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -P $ARG3$ -command[check_procs_m]=/usr/lib/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -m $ARG3$ -command[check_procs_s]=/usr/lib/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$ -command[check_procs_u]=/usr/lib/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -u $ARG3$ -command[check_procs_z]=/usr/lib/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -z $ARG3$ +#command[check_users]=/usr/lib/nagios/plugins/check_users -w $ARG1$ -c $ARG2$ +#command[check_load]=/usr/lib/nagios/plugins/check_load -w $ARG1$ -c $ARG2$ +command[check_disk]=/usr/lib/nagios/plugins/check_disk -w 10% -c 5% +#command[check_disk_p]=/usr/lib/nagios/plugins/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$ +#command[check_procs]=/usr/lib/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ +#command[check_procs_C]=/usr/lib/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -C $ARG3$ +#command[check_procs_P]=/usr/lib/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -P $ARG3$ +#command[check_procs_m]=/usr/lib/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -m $ARG3$ +#command[check_procs_s]=/usr/lib/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$ +#command[check_procs_u]=/usr/lib/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -u $ARG3$ +#command[check_procs_z]=/usr/lib/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -z $ARG3$ #command[check_users]=/usr/lib/nagios/plugins/check_users -w $ARG1$ -c $ARG2$ Index: branches/fc15-dev/server/common/oursrc/logview/logview.pl =================================================================== --- branches/fc15-dev/server/common/oursrc/logview/logview.pl (revision 1930) +++ branches/fc15-dev/server/common/oursrc/logview/logview.pl (revision 1938) @@ -1,18 +1,12 @@ #!/usr/bin/perl -T -w -%ENV = (); -$ENV{'PATH'} = '/bin:/usr/bin'; my $elogsrc = '/home/logview/error_log'; # get by uid the caller's name to find the corresponding locker name -my $caller = (getpwuid $<)[0]; -$\ = "\n"; +my ($caller, $home) = (getpwuid($<))[0, 7]; +my $search = "$home/"; -print "--- Error logs for $caller ---"; -open FOO, $elogsrc; +print "--- Error logs for $caller ---\n"; +open FOO, '<', $elogsrc or die $!; while () { - # Prevent deviousness, like web_scripts directories within web_scripts - if (m|/afs/athena.mit.edu/| && - m|/([^/]+)/web_scripts/| && $caller eq $1) { - print; - } + print if index($_, $search) != -1; } Index: branches/fc15-dev/server/doc/install-xen =================================================================== --- branches/fc15-dev/server/doc/install-xen (revision 1930) +++ (revision ) @@ -1,95 +1,0 @@ -# install Squeeze - # Configure each drive with a 1G partition and a rest-of-the-space partition, as RAID - # Create a RAID1 for the 1G partitions - # Create a RAID1 for each pair of rest-of-the-space partitions - # Create an ext3 /boot on the 1G RAID1 - # Create an LVM volume group named after the machine's short hostname - # Create an LV called "swap" that is the same size as the machine's physical RAM - # Create an LV called "root" that is 50G ext4 - -# ??? F11 will suggest ext4, DON'T USE IT. -# - New filesystem, so it's scary -# - The hosts can't mount it -# - Grub can't cope with it - -# install useful utility packages - aptitude install htop ipmitool emacs23-nox vim memtest86 memtest86+ ntp ntpdate git smartmontools kpartx apticron bwm-ng bzip2 ethtool i2c-tools lm-sensors mii-diag molly-guard mtr-tiny nbd-client nbd-server rlwrap strace tcpdump tree - git config --global color.ui auto - -# install Xen - aptitude install xen-linux-system - -# download Debathena archive key, verify - (aptitude install debian-keyring && - cd /tmp && - wget http://debathena.mit.edu/apt/debathena-archive.asc && - kcr_fingerprint=$(gpg --keyring /usr/share/keyrings/debian-keyring.gpg --no-default-keyring --list-keys --with-colons kcr@debian.org | grep ^pub | cut -f 5 -d :) && - gpg --primary-keyring /tmp/debathena.gpg --no-default-keyring --import debathena-archive.asc && - gpg --primary-keyring /tmp/debathena.gpg --no-default-keyring --refresh-keys && - gpg --primary-keyring /tmp/debathena.gpg --no-default-keyring --keyring /usr/share/keyrings/debian-keyring.gpg --check-sigs --with-colons debathena@mit.edu | grep '^sig:!' | cut -d: -f5 | grep -q $kcr_fingerprint && - gpg --primary-keyring /tmp/debathena.gpg --no-default-keyring --export debathena@mit.edu | apt-key adv --import) - -# add Debathena repos to etc/apt/sources.list.d - cat < /etc/apt/sources.list.d/debathena.list -deb http://debathena.mit.edu/apt squeeze debathena debathena-config debathena-system openafs -deb-src http://debathena.mit.edu/apt squeeze debathena debathena-config debathena-system openafs -EOF - -# install host keytab - cp $keytab /etc/krb5.keytab - k5srvutil change - k5srvutil delold -# install ~/.k5login -# install Debathena software (hit enter to take the defaults at the -# configuration prompts) - aptitude update - aptitude install debathena-clients debathena-ssh-server-config -# compare packages with another server - dpkg -l -# reconfigure so that we can get an MTA, although we don't -# want the hosts to accept mail (mail sent by smarthost; no local mail) -# outgoing.mit.edu - dpkg-reconfigure exim4-config - # answer questions properly -# change root alias in /etc/aliases to be the same as scripts server -# reload it - newaliases -# clone the xen config (/etc/xen) - git clone -b squeeze ssh://scripts@scripts.mit.edu/mit/scripts/git/xen.git /etc/xen -# copy conserver config (we need to version this) - aptitude install sudo conserver-{server,client} -# setup conserver - cat < /etc/conserver/conserver.cf -config * { - sslrequired no; -} -default full { - rw *; -} -default * { - logfile /var/log/conserver/&.log; - timestamp "1lab"; - include full; - sslrequired no; - options reinitoncc; -} -default xen { - type exec; - exec sudo xm console f; - execsubst f=cs; -} -access * { - trusted 127.0.0.1; -} -EOF - visudo # add conservr to sudoers list with: - conservr ALL=(ALL) NOPASSWD: /usr/sbin/xm console * - -# setup munin and nagios - aptitude install munin-node -cat <> /etc/munin/munin-node.conf -allow ^18\.187\.1\.128$ -allow ^18\.181\.0\.65$ -allow ^18\.181\.0\.51$ -EOF - Index: branches/fc15-dev/server/fedora/config/etc/aliases =================================================================== --- branches/fc15-dev/server/fedora/config/etc/aliases (revision 1930) +++ branches/fc15-dev/server/fedora/config/etc/aliases (revision 1938) @@ -99,5 +99,10 @@ # People who are abusing or otherwise causing problems with the mail system # Put "/dev/null" as the target of their alias -srimano: /dev/null # has a phpBB generating a lot of backscatter +# srimano: has a phpBB generating a lot of backscatter +srimano: /dev/null +# dbriggs: phpBB: added 2011-06-25, see mail to -root 2011-03-27, 2011-06-03 +dbriggs: /dev/null +# ro21531: spam to rosmosis.net: added 2011-06-25, see mail to -root 2011-06-03 +ro21531: /dev/null # Temporary to clear the queue Index: branches/fc15-dev/server/fedora/config/etc/cron.d/check-setugid =================================================================== --- branches/fc15-dev/server/fedora/config/etc/cron.d/check-setugid (revision 1938) +++ branches/fc15-dev/server/fedora/config/etc/cron.d/check-setugid (revision 1938) @@ -0,0 +1,2 @@ +MAILTO=scripts-root@mit.edu +23 5 * * * root find / -xdev -not -perm -o=x -prune -o -type f -perm /ug=s -print | grep -Fxvf /etc/scripts/allowed-setugid.list | sed 's/^/Extra set[ug]id binary: /' Index: branches/fc15-dev/server/fedora/config/etc/cron.daily/num-crontabs =================================================================== --- branches/fc15-dev/server/fedora/config/etc/cron.daily/num-crontabs (revision 1930) +++ branches/fc15-dev/server/fedora/config/etc/cron.daily/num-crontabs (revision 1938) @@ -4,5 +4,5 @@ if [ $numcrontabs -lt 100 ] && [ $numcrontabs -gt 0 ]; then msg="$(hostname --fqdn) has $numcrontabs files in /var/spool/cron and should have none or hundreds." - logger -u /dev/log -p cron.warning -t cron "$msg" + logger -u /dev/log -p authpriv.info -t num-crontabs "$msg" echo "$msg" fi Index: branches/fc15-dev/server/fedora/config/etc/httpd/conf/httpd.conf =================================================================== --- branches/fc15-dev/server/fedora/config/etc/httpd/conf/httpd.conf (revision 1930) +++ branches/fc15-dev/server/fedora/config/etc/httpd/conf/httpd.conf (revision 1938) @@ -338,4 +338,5 @@ Include conf.d/vhosts-common-ssl.conf SSLCertificateFile /etc/pki/tls/certs/scripts-cert.pem + SSLCertificateKeyFile /etc/pki/tls/private/scripts.key Include conf.d/vhosts-common-ssl-cert.conf Index: branches/fc15-dev/server/fedora/config/etc/httpd/vhosts.d/ailg-bdf.conf =================================================================== --- branches/fc15-dev/server/fedora/config/etc/httpd/vhosts.d/ailg-bdf.conf (revision 1938) +++ branches/fc15-dev/server/fedora/config/etc/httpd/vhosts.d/ailg-bdf.conf (revision 1938) @@ -0,0 +1,34 @@ +# do not trailing-slash DocumentRoot + + + ServerName ailg-bdf.mit.edu + ServerAlias ailg-bdf + DocumentRoot /afs/athena.mit.edu/org/a/ailg/web_scripts/bdf + Alias /~ailg /afs/athena.mit.edu/org/a/ailg/web_scripts + SuExecUserGroup ailg ailg + Include conf.d/vhosts-common.conf + + + + + ServerName ailg-bdf.mit.edu + ServerAlias ailg-bdf + DocumentRoot /afs/athena.mit.edu/org/a/ailg/web_scripts/bdf + Alias /~ailg /afs/athena.mit.edu/org/a/ailg/web_scripts + SuExecUserGroup ailg ailg + Include conf.d/vhosts-common-ssl.conf + SSLCertificateFile /etc/pki/tls/certs/ailg-bdf.pem + SSLCertificateKeyFile /etc/pki/tls/private/scripts.key + + + ServerName ailg-bdf.mit.edu + ServerAlias ailg-bdf + DocumentRoot /afs/athena.mit.edu/org/a/ailg/web_scripts/bdf + Alias /~ailg /afs/athena.mit.edu/org/a/ailg/web_scripts + SuExecUserGroup ailg ailg + Include conf.d/vhosts-common-ssl.conf + Include conf.d/vhosts-common-ssl-cert.conf + SSLCertificateFile /etc/pki/tls/certs/ailg-bdf.pem + SSLCertificateKeyFile /etc/pki/tls/private/scripts.key + + Index: branches/fc15-dev/server/fedora/config/etc/httpd/vhosts.d/metu.conf =================================================================== --- branches/fc15-dev/server/fedora/config/etc/httpd/vhosts.d/metu.conf (revision 1930) +++ branches/fc15-dev/server/fedora/config/etc/httpd/vhosts.d/metu.conf (revision 1938) @@ -19,4 +19,5 @@ Include conf.d/vhosts-common-ssl.conf SSLCertificateFile /etc/pki/tls/certs/metu.pem + SSLCertificateKeyFile /etc/pki/tls/private/scripts.key @@ -29,4 +30,5 @@ Include conf.d/vhosts-common-ssl-cert.conf SSLCertificateFile /etc/pki/tls/certs/metu.pem + SSLCertificateKeyFile /etc/pki/tls/private/scripts.key Index: branches/fc15-dev/server/fedora/config/etc/httpd/vhosts.d/nudelta.conf =================================================================== --- branches/fc15-dev/server/fedora/config/etc/httpd/vhosts.d/nudelta.conf (revision 1938) +++ branches/fc15-dev/server/fedora/config/etc/httpd/vhosts.d/nudelta.conf (revision 1938) @@ -0,0 +1,34 @@ +# do not trailing-slash DocumentRoot + + + ServerName nudelta.mit.edu + ServerAlias nudelta + DocumentRoot /afs/athena.mit.edu/activity/n/ndelta/web_scripts/www + Alias /~ndelta /afs/athena.mit.edu/activity/n/ndelta/web_scripts + SuExecUserGroup ndelta ndelta + Include conf.d/vhosts-common.conf + + + + + ServerName nudelta.mit.edu + ServerAlias nudelta + DocumentRoot /afs/athena.mit.edu/activity/n/ndelta/web_scripts/www + Alias /~ndelta /afs/athena.mit.edu/activity/n/ndelta/web_scripts + SuExecUserGroup ndelta ndelta + Include conf.d/vhosts-common-ssl.conf + SSLCertificateFile /etc/pki/tls/certs/nudelta.pem + SSLCertificateKeyFile /etc/pki/tls/private/scripts.key + + + ServerName nudelta.mit.edu + ServerAlias nudelta + DocumentRoot /afs/athena.mit.edu/activity/n/ndelta/web_scripts/www + Alias /~ndelta /afs/athena.mit.edu/activity/n/ndelta/web_scripts + SuExecUserGroup ndelta ndelta + Include conf.d/vhosts-common-ssl.conf + Include conf.d/vhosts-common-ssl-cert.conf + SSLCertificateFile /etc/pki/tls/certs/nudelta.pem + SSLCertificateKeyFile /etc/pki/tls/private/scripts.key + + Index: branches/fc15-dev/server/fedora/config/etc/mock/scripts-fc11-i386.cfg =================================================================== --- branches/fc15-dev/server/fedora/config/etc/mock/scripts-fc11-i386.cfg (revision 1930) +++ branches/fc15-dev/server/fedora/config/etc/mock/scripts-fc11-i386.cfg (revision 1938) @@ -36,5 +36,5 @@ [scripts] name=Scripts -baseurl=http://web.mit.edu/scripts/rpm-fc11/ +baseurl=http://web.mit.edu/scripts/yum-repos/rpm-fc11/ enabled=1 gpgcheck=0 Index: branches/fc15-dev/server/fedora/config/etc/mock/scripts-fc11-x86_64.cfg =================================================================== --- branches/fc15-dev/server/fedora/config/etc/mock/scripts-fc11-x86_64.cfg (revision 1930) +++ branches/fc15-dev/server/fedora/config/etc/mock/scripts-fc11-x86_64.cfg (revision 1938) @@ -40,5 +40,5 @@ [scripts] name=Scripts -baseurl=http://web.mit.edu/scripts/rpm-fc11/ +baseurl=http://web.mit.edu/scripts/yum-repos/rpm-fc11/ enabled=1 gpgcheck=0 Index: branches/fc15-dev/server/fedora/config/etc/mock/scripts-fc13-i386.cfg =================================================================== --- branches/fc15-dev/server/fedora/config/etc/mock/scripts-fc13-i386.cfg (revision 1930) +++ branches/fc15-dev/server/fedora/config/etc/mock/scripts-fc13-i386.cfg (revision 1938) @@ -35,5 +35,5 @@ [scripts] name=Scripts -baseurl=http://web.mit.edu/scripts/rpm-fc13/ +baseurl=http://web.mit.edu/scripts/yum-repos/rpm-fc13/ enabled=0 gpgcheck=0 Index: branches/fc15-dev/server/fedora/config/etc/mock/scripts-fc13-x86_64.cfg =================================================================== --- branches/fc15-dev/server/fedora/config/etc/mock/scripts-fc13-x86_64.cfg (revision 1930) +++ branches/fc15-dev/server/fedora/config/etc/mock/scripts-fc13-x86_64.cfg (revision 1938) @@ -46,5 +46,5 @@ [scripts] name=Scripts -baseurl=http://web.mit.edu/scripts/rpm-fc13/ +baseurl=http://web.mit.edu/scripts/yum-repos/rpm-fc13/ enabled=1 gpgcheck=0 Index: branches/fc15-dev/server/fedora/config/etc/nagios/nrpe.cfg =================================================================== --- branches/fc15-dev/server/fedora/config/etc/nagios/nrpe.cfg (revision 1930) +++ branches/fc15-dev/server/fedora/config/etc/nagios/nrpe.cfg (revision 1938) @@ -93,5 +93,5 @@ # Values: 0=do not allow arguments, 1=allow command arguments -dont_blame_nrpe=1 +dont_blame_nrpe=0 @@ -210,16 +210,12 @@ # make sure you read the SECURITY file before doing this. -command[check_users]=/usr/lib64/nagios/plugins/check_users -w $ARG1$ -c $ARG2$ -command[check_load]=/usr/lib64/nagios/plugins/check_load -w $ARG1$ -c $ARG2$ -command[check_disk]=/usr/lib64/nagios/plugins/check_disk -w $ARG1$ -c $ARG2$ -A -i ^/mnt -command[check_disk_p]=/usr/lib64/nagios/plugins/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$ -command[check_procs]=/usr/lib64/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -command[check_procs_C]=/usr/lib64/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -C $ARG3$ -command[check_procs_P]=/usr/lib64/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -P $ARG3$ -command[check_procs_m]=/usr/lib64/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -m $ARG3$ -command[check_procs_s]=/usr/lib64/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$ -command[check_procs_u]=/usr/lib64/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -u $ARG3$ -command[check_procs_z]=/usr/lib64/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -z $ARG3$ -command[check_postfix_mailq]=/usr/lib64/nagios/plugins/check_mailq -w 300 -c 1000 -M postfix +command[check_users]=/usr/lib64/nagios/plugins/check_users -w 25 -c 50 +command[check_load]=/usr/lib64/nagios/plugins/check_load -w 50:50:50 -c 100:50:50 +command[check_disk]=/usr/lib64/nagios/plugins/check_disk -w 10% -c 5% -A -i ^/mnt +command[check_procs_cpu]=/usr/lib64/nagios/plugins/check_procs -w 4 -c 6 -P 50 +command[check_procs_crond]=/usr/lib64/nagios/plugins/check_procs -w 1: -c 1: -C crond +command[check_procs_nscd]=/usr/lib64/nagios/plugins/check_procs -w 1:256 -c 1:512 -u nscd +command[check_procs_postfix]=/usr/lib64/nagios/plugins/check_procs -w 1:128 -c 1:256 -u postfix +command[check_postfix_mailq]=/usr/lib64/nagios/plugins/check_mailq -w 500 -c 1000 -M postfix command[check_afs]=/etc/nagios/check_afs command[check_cron_working]=/etc/nagios/check_cron_working Index: branches/fc15-dev/server/fedora/config/etc/pki/tls/certs/ailg-bdf.pem =================================================================== --- branches/fc15-dev/server/fedora/config/etc/pki/tls/certs/ailg-bdf.pem (revision 1938) +++ branches/fc15-dev/server/fedora/config/etc/pki/tls/certs/ailg-bdf.pem (revision 1938) @@ -0,0 +1,110 @@ +From mitcert@MIT.EDU Tue Jul 5 15:06:58 2011 +Date: Tue, 5 Jul 2011 15:06:56 -0400 +From: "mitcert@MIT.EDU" +To: Alexander Chernyakhovsky +Subject: [help.mit.edu #1657448] certificate signing request for ailg-bdf.mit.edu + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 38:1f:e2:c8:5f:e3:26:1b:3f:fc:95:4a:c6:24:51:4d + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=Massachusetts, O=Massachusetts Institute of Technology, OU=MIT Certification Authority + Validity + Not Before: Jul 4 16:00:00 2011 GMT + Not After : Jul 4 16:00:00 2012 GMT + Subject: C=US, ST=Massachusetts, L=Cambridge, O=Massachusetts Institute of Technology, OU=scripts.mit.edu web hosting service, CN=ailg-bdf.mit.edu/emailAddress=scripts@mit.edu + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (4096 bit) + Modulus (4096 bit): + 00:bf:a3:f2:7b:98:cc:16:a7:57:e6:92:85:34:56: + f1:e3:62:83:9e:6a:4f:35:9d:f0:cf:89:87:73:e3: + 93:f7:b7:01:57:38:6e:e9:fc:59:4d:24:eb:a7:17: + 47:ca:2c:51:0e:45:c8:b7:68:c9:0e:32:26:e0:91: + d3:06:5c:8c:7c:0e:6c:99:0c:b2:46:05:0f:4d:f1: + b0:c7:5e:35:06:62:fe:2a:d6:0f:1b:2c:b5:02:24: + 4c:c3:06:71:ec:94:ca:1d:aa:af:7e:b9:2d:c0:55: + 4b:cc:bc:51:3d:76:68:5b:d3:ed:35:d0:03:ba:1b: + 6c:f3:a0:d8:d3:dc:6b:44:b0:5e:01:51:d3:02:cc: + 4a:da:52:12:de:35:31:69:16:5a:48:8b:0f:ce:ad: + 4d:e4:d5:8b:11:36:7f:87:1c:fd:84:da:43:2e:87: + 2f:41:70:ac:ad:df:54:c0:ed:f6:21:51:fa:c5:06: + f0:1b:eb:a1:b0:bf:4d:1c:42:34:8a:d5:6f:f7:25: + 66:73:8f:60:c4:d7:8d:33:91:f4:46:3a:97:09:59: + 01:ff:c3:64:94:40:48:30:68:f0:6e:03:26:74:c2: + a1:b3:d7:cb:94:fc:6e:53:8a:2a:9e:fd:b1:4f:c4: + 74:56:25:63:1f:aa:bd:95:25:78:9c:45:46:1b:0c: + 21:71:eb:84:94:d0:b2:f1:da:52:f6:d1:7f:63:1d: + 08:23:52:5f:c2:f9:4d:ac:a4:44:e5:9a:54:70:fc: + c9:fc:d4:d4:b7:1d:75:95:00:e3:bf:3e:4c:f3:43: + c3:96:c7:09:2a:29:45:12:d2:31:d6:79:4c:8a:e7: + 54:27:22:c6:80:ae:87:23:56:f1:8d:49:9b:c8:fa: + ed:33:5b:5f:56:76:c8:0f:7e:85:14:69:c4:48:31: + 07:39:a5:34:81:f2:6b:15:50:22:fb:bb:2c:ad:4b: + 84:ea:55:64:f7:de:56:9d:d0:b6:d0:7d:1e:1b:51: + 50:37:44:94:e6:c4:15:eb:45:31:f1:b3:ec:0f:b3: + a9:0c:f8:1c:47:c7:51:00:05:ef:ee:b0:3d:9f:7e: + 07:a7:38:e8:83:4c:3d:db:34:b6:24:0c:90:57:c0: + f9:d0:64:14:8a:93:47:9b:41:f5:a3:14:1d:9e:18: + 5d:d5:d8:66:af:f5:f3:c8:2f:bc:a7:02:a7:ef:dc: + f0:0e:c7:47:8d:2e:d6:a8:62:42:93:5b:7c:f5:35: + f8:31:10:7b:38:d4:40:24:68:81:13:27:cb:fb:76: + 0e:d1:99:14:d8:d5:eb:f7:69:64:8f:af:8f:82:bb: + 24:29:f9:d4:29:1d:ce:e6:14:ba:4c:8b:09:ff:46: + ce:8b:6d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Cert Type: + SSL Client, SSL Server, S/MIME + X509v3 Extended Key Usage: + TLS Web Server Authentication, E-mail Protection, TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature, Non Repudiation, Key Encipherment + X509v3 Subject Key Identifier: + CB:11:B7:01:5F:86:55:4F:45:5E:AB:27:69:BE:E1:3C:89:7A:55:62 + X509v3 CRL Distribution Points: + URI:http://ca.mit.edu/ca/mitserver.crl + + Signature Algorithm: sha1WithRSAEncryption + 66:12:b1:ad:fd:d3:45:d4:46:83:38:1e:4c:6c:32:23:29:f9: + a5:19:1d:07:e2:2a:b3:a3:3e:14:4e:cc:db:21:2c:b6:c6:36: + d9:a8:a5:3a:da:3a:99:f4:f9:f8:ce:f6:93:e1:af:d9:dd:8d: + ef:dc:db:48:37:2c:75:97:b9:20:16:80:2b:7f:3a:73:95:b4: + d2:c7:34:05:83:91:73:70:47:4a:59:99:bc:54:b5:e4:ec:08: + a7:cf:35:cf:18:eb:16:ad:9d:39:d4:9c:6a:24:87:16:af:e3: + 10:65:e4:0e:94:91:2e:d8:50:ed:b6:ce:9e:d1:9a:5d:e9:a1: + d0:d9 +-----BEGIN CERTIFICATE----- +MIIFAzCCBGygAwIBAgIQOB/iyF/jJhs//JVKxiRRTTANBgkqhkiG9w0BAQUFADB7 +MQswCQYDVQQGEwJVUzEWMBQGA1UECBMNTWFzc2FjaHVzZXR0czEuMCwGA1UEChMl +TWFzc2FjaHVzZXR0cyBJbnN0aXR1dGUgb2YgVGVjaG5vbG9neTEkMCIGA1UECxMb +TUlUIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTExMDcwNDE2MDAwMFoXDTEy +MDcwNDE2MDAwMFowgdIxCzAJBgNVBAYTAlVTMRYwFAYDVQQIEw1NYXNzYWNodXNl +dHRzMRIwEAYDVQQHEwlDYW1icmlkZ2UxLjAsBgNVBAoTJU1hc3NhY2h1c2V0dHMg +SW5zdGl0dXRlIG9mIFRlY2hub2xvZ3kxLDAqBgNVBAsTI3NjcmlwdHMubWl0LmVk +dSB3ZWIgaG9zdGluZyBzZXJ2aWNlMRkwFwYDVQQDExBhaWxnLWJkZi5taXQuZWR1 +MR4wHAYJKoZIhvcNAQkBFg9zY3JpcHRzQG1pdC5lZHUwggIiMA0GCSqGSIb3DQEB +AQUAA4ICDwAwggIKAoICAQC/o/J7mMwWp1fmkoU0VvHjYoOeak81nfDPiYdz45P3 +twFXOG7p/FlNJOunF0fKLFEORci3aMkOMibgkdMGXIx8DmyZDLJGBQ9N8bDHXjUG +Yv4q1g8bLLUCJEzDBnHslModqq9+uS3AVUvMvFE9dmhb0+010AO6G2zzoNjT3GtE +sF4BUdMCzEraUhLeNTFpFlpIiw/OrU3k1YsRNn+HHP2E2kMuhy9BcKyt31TA7fYh +UfrFBvAb66Gwv00cQjSK1W/3JWZzj2DE140zkfRGOpcJWQH/w2SUQEgwaPBuAyZ0 +wqGz18uU/G5Tiiqe/bFPxHRWJWMfqr2VJXicRUYbDCFx64SU0LLx2lL20X9jHQgj +Ul/C+U2spETlmlRw/Mn81NS3HXWVAOO/PkzzQ8OWxwkqKUUS0jHWeUyK51QnIsaA +rocjVvGNSZvI+u0zW19WdsgPfoUUacRIMQc5pTSB8msVUCL7uyytS4TqVWT33lad +0LbQfR4bUVA3RJTmxBXrRTHxs+wPs6kM+BxHx1EABe/usD2ffgenOOiDTD3bNLYk +DJBXwPnQZBSKk0ebQfWjFB2eGF3V2Gav9fPIL7ynAqfv3PAOx0eNLtaoYkKTW3z1 +NfgxEHs41EAkaIETJ8v7dg7RmRTY1ev3aWSPr4+CuyQp+dQpHc7mFLpMiwn/Rs6L +bQIDAQABo4GrMIGoMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgXgMCcGA1Ud +JQQgMB4GCCsGAQUFBwMBBggrBgEFBQcDBAYIKwYBBQUHAwIwCwYDVR0PBAQDAgXg +MB0GA1UdDgQWBBTLEbcBX4ZVT0VeqydpvuE8iXpVYjAzBgNVHR8ELDAqMCigJqAk +hiJodHRwOi8vY2EubWl0LmVkdS9jYS9taXRzZXJ2ZXIuY3JsMA0GCSqGSIb3DQEB +BQUAA4GBAGYSsa3900XURoM4HkxsMiMp+aUZHQfiKrOjPhROzNshLLbGNtmopTra +Opn0+fjO9pPhr9ndje/c20g3LHWXuSAWgCt/OnOVtNLHNAWDkXNwR0pZmbxUteTs +CKfPNc8Y6xatnTnUnGokhxav4xBl5A6UkS7YUO22zp7Rml3podDZ +-----END CERTIFICATE----- + Index: branches/fc15-dev/server/fedora/config/etc/pki/tls/certs/metu.pem =================================================================== --- branches/fc15-dev/server/fedora/config/etc/pki/tls/certs/metu.pem (revision 1930) +++ branches/fc15-dev/server/fedora/config/etc/pki/tls/certs/metu.pem (revision 1938) @@ -3,24 +3,50 @@ Version: 3 (0x2) Serial Number: - 06:ab:a1:83:4f:a6:a7:1a:7b:b2:3b:0a:22:13:70:e4 + 5e:4e:d2:f8:98:7b:fa:87:0a:75:67:5b:48:87:a8:0f Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=Massachusetts, O=Massachusetts Institute of Technology, OU=MIT Certification Authority Validity - Not Before: Jul 30 16:00:00 2010 GMT - Not After : Aug 1 16:00:00 2011 GMT + Not Before: Jul 19 16:00:00 2011 GMT + Not After : Jul 19 16:00:00 2012 GMT Subject: C=US, ST=Massachusetts, L=Cambridge, O=Massachusetts Institute of Technology, OU=scripts.mit.edu web hosting service, CN=metu.mit.edu/emailAddress=scripts@mit.edu Subject Public Key Info: Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:b5:3e:21:4d:c1:89:6b:01:8c:47:80:fe:b3:37: - 27:76:f8:52:41:e6:a2:3d:4b:76:78:e5:f2:66:3c: - 0f:b1:ad:fb:97:8f:2e:a2:b6:53:d3:b6:0e:e2:66: - f9:b9:0b:b7:ce:b4:d5:f5:1c:1f:6f:22:7d:48:f5: - 6d:f0:16:cd:8e:48:79:d1:14:4a:14:2f:2f:f8:c4: - bd:1d:87:cf:7d:8b:5c:77:ad:58:24:b0:0e:a1:6d: - d6:0a:c7:d8:bc:2f:67:65:c8:5d:d8:d8:31:c2:67: - 4b:4a:f4:a1:a5:54:82:af:cb:34:08:2a:04:7f:8e: - 7c:4c:b7:db:dc:6a:8a:5d:81 + RSA Public Key: (4096 bit) + Modulus (4096 bit): + 00:bf:a3:f2:7b:98:cc:16:a7:57:e6:92:85:34:56: + f1:e3:62:83:9e:6a:4f:35:9d:f0:cf:89:87:73:e3: + 93:f7:b7:01:57:38:6e:e9:fc:59:4d:24:eb:a7:17: + 47:ca:2c:51:0e:45:c8:b7:68:c9:0e:32:26:e0:91: + d3:06:5c:8c:7c:0e:6c:99:0c:b2:46:05:0f:4d:f1: + b0:c7:5e:35:06:62:fe:2a:d6:0f:1b:2c:b5:02:24: + 4c:c3:06:71:ec:94:ca:1d:aa:af:7e:b9:2d:c0:55: + 4b:cc:bc:51:3d:76:68:5b:d3:ed:35:d0:03:ba:1b: + 6c:f3:a0:d8:d3:dc:6b:44:b0:5e:01:51:d3:02:cc: + 4a:da:52:12:de:35:31:69:16:5a:48:8b:0f:ce:ad: + 4d:e4:d5:8b:11:36:7f:87:1c:fd:84:da:43:2e:87: + 2f:41:70:ac:ad:df:54:c0:ed:f6:21:51:fa:c5:06: + f0:1b:eb:a1:b0:bf:4d:1c:42:34:8a:d5:6f:f7:25: + 66:73:8f:60:c4:d7:8d:33:91:f4:46:3a:97:09:59: + 01:ff:c3:64:94:40:48:30:68:f0:6e:03:26:74:c2: + a1:b3:d7:cb:94:fc:6e:53:8a:2a:9e:fd:b1:4f:c4: + 74:56:25:63:1f:aa:bd:95:25:78:9c:45:46:1b:0c: + 21:71:eb:84:94:d0:b2:f1:da:52:f6:d1:7f:63:1d: + 08:23:52:5f:c2:f9:4d:ac:a4:44:e5:9a:54:70:fc: + c9:fc:d4:d4:b7:1d:75:95:00:e3:bf:3e:4c:f3:43: + c3:96:c7:09:2a:29:45:12:d2:31:d6:79:4c:8a:e7: + 54:27:22:c6:80:ae:87:23:56:f1:8d:49:9b:c8:fa: + ed:33:5b:5f:56:76:c8:0f:7e:85:14:69:c4:48:31: + 07:39:a5:34:81:f2:6b:15:50:22:fb:bb:2c:ad:4b: + 84:ea:55:64:f7:de:56:9d:d0:b6:d0:7d:1e:1b:51: + 50:37:44:94:e6:c4:15:eb:45:31:f1:b3:ec:0f:b3: + a9:0c:f8:1c:47:c7:51:00:05:ef:ee:b0:3d:9f:7e: + 07:a7:38:e8:83:4c:3d:db:34:b6:24:0c:90:57:c0: + f9:d0:64:14:8a:93:47:9b:41:f5:a3:14:1d:9e:18: + 5d:d5:d8:66:af:f5:f3:c8:2f:bc:a7:02:a7:ef:dc: + f0:0e:c7:47:8d:2e:d6:a8:62:42:93:5b:7c:f5:35: + f8:31:10:7b:38:d4:40:24:68:81:13:27:cb:fb:76: + 0e:d1:99:14:d8:d5:eb:f7:69:64:8f:af:8f:82:bb: + 24:29:f9:d4:29:1d:ce:e6:14:ba:4c:8b:09:ff:46: + ce:8b:6d Exponent: 65537 (0x10001) X509v3 extensions: @@ -34,36 +60,44 @@ Digital Signature, Non Repudiation, Key Encipherment X509v3 Subject Key Identifier: - 54:11:7C:09:55:44:1C:94:45:A9:A2:76:46:2B:2C:24:26:6A:44:E8 + CB:11:B7:01:5F:86:55:4F:45:5E:AB:27:69:BE:E1:3C:89:7A:55:62 X509v3 CRL Distribution Points: URI:http://ca.mit.edu/ca/mitserver.crl Signature Algorithm: sha1WithRSAEncryption - 35:20:e9:bd:7b:8b:7e:5d:97:a8:a2:9f:3c:a4:9d:3b:48:20: - 96:4c:f2:60:22:4c:af:eb:11:7a:8a:4a:9c:89:9a:3c:50:4b: - 4a:e4:c5:fe:72:d2:56:82:a7:6c:c1:d9:a3:34:17:32:00:71: - bd:cd:e0:10:02:5e:f9:65:76:e4:b1:a4:1e:b1:be:05:e8:77: - fd:15:fd:2e:79:9f:b0:f6:94:c5:ca:69:21:3d:9b:5d:04:a5: - 3a:ca:48:10:14:15:a0:f0:6a:cb:f5:94:db:a7:4b:5e:6a:65: - b6:87:3c:5d:8c:9b:88:59:46:d1:8c:59:d7:aa:3d:f9:5a:b6: - 49:71 + 00:8e:e4:59:71:5b:bd:23:0b:4d:1a:b0:3c:69:c7:f7:d3:31: + 47:d3:e3:4c:a7:5d:8c:c8:d8:dc:22:4b:34:53:77:e0:85:ae: + 47:72:88:01:9b:50:7d:96:36:bd:60:3d:81:49:fe:4d:2d:c6: + 19:dc:7a:3e:32:b2:0e:16:bf:3e:1c:2e:7f:aa:63:9d:e2:bb: + a1:c6:01:dd:54:ea:6d:bf:6f:49:41:33:36:10:ee:e8:93:e2: + 12:7b:72:d5:b0:0a:62:3f:4f:15:b0:20:a6:d6:3b:de:d1:fe: + 0d:6f:de:26:c9:90:02:7b:9a:a6:d8:5f:9d:2f:41:03:01:58: + 11:da -----BEGIN CERTIFICATE----- -MIIDezCCAuSgAwIBAgIQBquhg0+mpxp7sjsKIhNw5DANBgkqhkiG9w0BAQUFADB7 +MIIE/zCCBGigAwIBAgIQXk7S+Jh7+ocKdWdbSIeoDzANBgkqhkiG9w0BAQUFADB7 MQswCQYDVQQGEwJVUzEWMBQGA1UECBMNTWFzc2FjaHVzZXR0czEuMCwGA1UEChMl TWFzc2FjaHVzZXR0cyBJbnN0aXR1dGUgb2YgVGVjaG5vbG9neTEkMCIGA1UECxMb -TUlUIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTEwMDczMDE2MDAwMFoXDTEx -MDgwMTE2MDAwMFowgc4xCzAJBgNVBAYTAlVTMRYwFAYDVQQIEw1NYXNzYWNodXNl +TUlUIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTExMDcxOTE2MDAwMFoXDTEy +MDcxOTE2MDAwMFowgc4xCzAJBgNVBAYTAlVTMRYwFAYDVQQIEw1NYXNzYWNodXNl dHRzMRIwEAYDVQQHEwlDYW1icmlkZ2UxLjAsBgNVBAoTJU1hc3NhY2h1c2V0dHMg SW5zdGl0dXRlIG9mIFRlY2hub2xvZ3kxLDAqBgNVBAsTI3NjcmlwdHMubWl0LmVk dSB3ZWIgaG9zdGluZyBzZXJ2aWNlMRUwEwYDVQQDEwxtZXR1Lm1pdC5lZHUxHjAc -BgkqhkiG9w0BCQEWD3NjcmlwdHNAbWl0LmVkdTCBnzANBgkqhkiG9w0BAQEFAAOB -jQAwgYkCgYEAtT4hTcGJawGMR4D+szcndvhSQeaiPUt2eOXyZjwPsa37l48uorZT -07YO4mb5uQu3zrTV9RwfbyJ9SPVt8BbNjkh50RRKFC8v+MS9HYfPfYtcd61YJLAO -oW3WCsfYvC9nZchd2NgxwmdLSvShpVSCr8s0CCoEf458TLfb3GqKXYECAwEAAaOB -qzCBqDAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIF4DAnBgNVHSUEIDAeBggr -BgEFBQcDAQYIKwYBBQUHAwQGCCsGAQUFBwMCMAsGA1UdDwQEAwIF4DAdBgNVHQ4E -FgQUVBF8CVVEHJRFqaJ2RissJCZqROgwMwYDVR0fBCwwKjAooCagJIYiaHR0cDov -L2NhLm1pdC5lZHUvY2EvbWl0c2VydmVyLmNybDANBgkqhkiG9w0BAQUFAAOBgQA1 -IOm9e4t+XZeoop88pJ07SCCWTPJgIkyv6xF6ikqciZo8UEtK5MX+ctJWgqdswdmj -NBcyAHG9zeAQAl75ZXbksaQesb4F6Hf9Ff0ueZ+w9pTFymkhPZtdBKU6ykgQFBWg -8GrL9ZTbp0teamW2hzxdjJuIWUbRjFnXqj35WrZJcQ== +BgkqhkiG9w0BCQEWD3NjcmlwdHNAbWl0LmVkdTCCAiIwDQYJKoZIhvcNAQEBBQAD +ggIPADCCAgoCggIBAL+j8nuYzBanV+aShTRW8eNig55qTzWd8M+Jh3Pjk/e3AVc4 +bun8WU0k66cXR8osUQ5FyLdoyQ4yJuCR0wZcjHwObJkMskYFD03xsMdeNQZi/irW +DxsstQIkTMMGceyUyh2qr365LcBVS8y8UT12aFvT7TXQA7obbPOg2NPca0SwXgFR +0wLMStpSEt41MWkWWkiLD86tTeTVixE2f4cc/YTaQy6HL0FwrK3fVMDt9iFR+sUG +8BvrobC/TRxCNIrVb/clZnOPYMTXjTOR9EY6lwlZAf/DZJRASDBo8G4DJnTCobPX +y5T8blOKKp79sU/EdFYlYx+qvZUleJxFRhsMIXHrhJTQsvHaUvbRf2MdCCNSX8L5 +TaykROWaVHD8yfzU1LcddZUA478+TPNDw5bHCSopRRLSMdZ5TIrnVCcixoCuhyNW +8Y1Jm8j67TNbX1Z2yA9+hRRpxEgxBzmlNIHyaxVQIvu7LK1LhOpVZPfeVp3QttB9 +HhtRUDdElObEFetFMfGz7A+zqQz4HEfHUQAF7+6wPZ9+B6c46INMPds0tiQMkFfA ++dBkFIqTR5tB9aMUHZ4YXdXYZq/188gvvKcCp+/c8A7HR40u1qhiQpNbfPU1+DEQ +ezjUQCRogRMny/t2DtGZFNjV6/dpZI+vj4K7JCn51CkdzuYUukyLCf9GzottAgMB +AAGjgaswgagwCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCBeAwJwYDVR0lBCAw +HgYIKwYBBQUHAwEGCCsGAQUFBwMEBggrBgEFBQcDAjALBgNVHQ8EBAMCBeAwHQYD +VR0OBBYEFMsRtwFfhlVPRV6rJ2m+4TyJelViMDMGA1UdHwQsMCowKKAmoCSGImh0 +dHA6Ly9jYS5taXQuZWR1L2NhL21pdHNlcnZlci5jcmwwDQYJKoZIhvcNAQEFBQAD +gYEAAI7kWXFbvSMLTRqwPGnH99MxR9PjTKddjMjY3CJLNFN34IWuR3KIAZtQfZY2 +vWA9gUn+TS3GGdx6PjKyDha/Phwuf6pjneK7ocYB3VTqbb9vSUEzNhDu6JPiEnty +1bAKYj9PFbAgptY73tH+DW/eJsmQAnuapthfnS9BAwFYEdo= -----END CERTIFICATE----- Index: branches/fc15-dev/server/fedora/config/etc/pki/tls/certs/nudelta.pem =================================================================== --- branches/fc15-dev/server/fedora/config/etc/pki/tls/certs/nudelta.pem (revision 1938) +++ branches/fc15-dev/server/fedora/config/etc/pki/tls/certs/nudelta.pem (revision 1938) @@ -0,0 +1,110 @@ +From mitcert@MIT.EDU Tue Jul 5 15:03:20 2011 +Date: Tue, 5 Jul 2011 15:03:18 -0400 +From: "mitcert@MIT.EDU" +To: Alexander Chernyakhovsky +Subject: [help.mit.edu #1657447] certificate signing request for nudelta.mit.edu + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + c1:d4:4f:e5:ff:e6:a4:6c:a6:0b:24:d7:88:0c:cc:75 + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=Massachusetts, O=Massachusetts Institute of Technology, OU=MIT Certification Authority + Validity + Not Before: Jul 4 16:00:00 2011 GMT + Not After : Jul 4 16:00:00 2012 GMT + Subject: C=US, ST=Massachusetts, L=Cambridge, O=Massachusetts Institute of Technology, OU=scripts.mit.edu web hosting service, CN=nudelta.mit.edu/emailAddress=scripts@mit.edu + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (4096 bit) + Modulus (4096 bit): + 00:bf:a3:f2:7b:98:cc:16:a7:57:e6:92:85:34:56: + f1:e3:62:83:9e:6a:4f:35:9d:f0:cf:89:87:73:e3: + 93:f7:b7:01:57:38:6e:e9:fc:59:4d:24:eb:a7:17: + 47:ca:2c:51:0e:45:c8:b7:68:c9:0e:32:26:e0:91: + d3:06:5c:8c:7c:0e:6c:99:0c:b2:46:05:0f:4d:f1: + b0:c7:5e:35:06:62:fe:2a:d6:0f:1b:2c:b5:02:24: + 4c:c3:06:71:ec:94:ca:1d:aa:af:7e:b9:2d:c0:55: + 4b:cc:bc:51:3d:76:68:5b:d3:ed:35:d0:03:ba:1b: + 6c:f3:a0:d8:d3:dc:6b:44:b0:5e:01:51:d3:02:cc: + 4a:da:52:12:de:35:31:69:16:5a:48:8b:0f:ce:ad: + 4d:e4:d5:8b:11:36:7f:87:1c:fd:84:da:43:2e:87: + 2f:41:70:ac:ad:df:54:c0:ed:f6:21:51:fa:c5:06: + f0:1b:eb:a1:b0:bf:4d:1c:42:34:8a:d5:6f:f7:25: + 66:73:8f:60:c4:d7:8d:33:91:f4:46:3a:97:09:59: + 01:ff:c3:64:94:40:48:30:68:f0:6e:03:26:74:c2: + a1:b3:d7:cb:94:fc:6e:53:8a:2a:9e:fd:b1:4f:c4: + 74:56:25:63:1f:aa:bd:95:25:78:9c:45:46:1b:0c: + 21:71:eb:84:94:d0:b2:f1:da:52:f6:d1:7f:63:1d: + 08:23:52:5f:c2:f9:4d:ac:a4:44:e5:9a:54:70:fc: + c9:fc:d4:d4:b7:1d:75:95:00:e3:bf:3e:4c:f3:43: + c3:96:c7:09:2a:29:45:12:d2:31:d6:79:4c:8a:e7: + 54:27:22:c6:80:ae:87:23:56:f1:8d:49:9b:c8:fa: + ed:33:5b:5f:56:76:c8:0f:7e:85:14:69:c4:48:31: + 07:39:a5:34:81:f2:6b:15:50:22:fb:bb:2c:ad:4b: + 84:ea:55:64:f7:de:56:9d:d0:b6:d0:7d:1e:1b:51: + 50:37:44:94:e6:c4:15:eb:45:31:f1:b3:ec:0f:b3: + a9:0c:f8:1c:47:c7:51:00:05:ef:ee:b0:3d:9f:7e: + 07:a7:38:e8:83:4c:3d:db:34:b6:24:0c:90:57:c0: + f9:d0:64:14:8a:93:47:9b:41:f5:a3:14:1d:9e:18: + 5d:d5:d8:66:af:f5:f3:c8:2f:bc:a7:02:a7:ef:dc: + f0:0e:c7:47:8d:2e:d6:a8:62:42:93:5b:7c:f5:35: + f8:31:10:7b:38:d4:40:24:68:81:13:27:cb:fb:76: + 0e:d1:99:14:d8:d5:eb:f7:69:64:8f:af:8f:82:bb: + 24:29:f9:d4:29:1d:ce:e6:14:ba:4c:8b:09:ff:46: + ce:8b:6d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Cert Type: + SSL Client, SSL Server, S/MIME + X509v3 Extended Key Usage: + TLS Web Server Authentication, E-mail Protection, TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature, Non Repudiation, Key Encipherment + X509v3 Subject Key Identifier: + CB:11:B7:01:5F:86:55:4F:45:5E:AB:27:69:BE:E1:3C:89:7A:55:62 + X509v3 CRL Distribution Points: + URI:http://ca.mit.edu/ca/mitserver.crl + + Signature Algorithm: sha1WithRSAEncryption + 75:39:e0:d6:c2:fa:64:75:b2:e2:51:05:d5:3a:f0:2b:30:65: + 24:53:03:4f:eb:e5:be:e4:73:43:7e:d7:5a:37:92:32:25:ad: + 66:7b:8a:c7:b3:89:24:f5:98:e8:0a:b2:69:cf:8f:d4:29:37: + 1c:55:93:90:5f:b8:d7:9f:69:99:cf:7a:43:45:e1:14:de:f9: + 23:40:6b:99:82:fc:1c:cd:46:a8:8c:e8:85:33:d5:f5:5b:79: + 79:d8:7d:ca:e9:d6:18:de:a6:2c:8a:00:6c:92:f7:6c:0a:67: + 09:a7:d8:ef:26:62:5d:09:78:dc:05:6e:53:c2:f8:70:cc:08: + 0e:39 +-----BEGIN CERTIFICATE----- +MIIFAzCCBGygAwIBAgIRAMHUT+X/5qRspgsk14gMzHUwDQYJKoZIhvcNAQEFBQAw +ezELMAkGA1UEBhMCVVMxFjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxLjAsBgNVBAoT +JU1hc3NhY2h1c2V0dHMgSW5zdGl0dXRlIG9mIFRlY2hub2xvZ3kxJDAiBgNVBAsT +G01JVCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xMTA3MDQxNjAwMDBaFw0x +MjA3MDQxNjAwMDBaMIHRMQswCQYDVQQGEwJVUzEWMBQGA1UECBMNTWFzc2FjaHVz +ZXR0czESMBAGA1UEBxMJQ2FtYnJpZGdlMS4wLAYDVQQKEyVNYXNzYWNodXNldHRz +IEluc3RpdHV0ZSBvZiBUZWNobm9sb2d5MSwwKgYDVQQLEyNzY3JpcHRzLm1pdC5l +ZHUgd2ViIGhvc3Rpbmcgc2VydmljZTEYMBYGA1UEAxMPbnVkZWx0YS5taXQuZWR1 +MR4wHAYJKoZIhvcNAQkBFg9zY3JpcHRzQG1pdC5lZHUwggIiMA0GCSqGSIb3DQEB +AQUAA4ICDwAwggIKAoICAQC/o/J7mMwWp1fmkoU0VvHjYoOeak81nfDPiYdz45P3 +twFXOG7p/FlNJOunF0fKLFEORci3aMkOMibgkdMGXIx8DmyZDLJGBQ9N8bDHXjUG +Yv4q1g8bLLUCJEzDBnHslModqq9+uS3AVUvMvFE9dmhb0+010AO6G2zzoNjT3GtE +sF4BUdMCzEraUhLeNTFpFlpIiw/OrU3k1YsRNn+HHP2E2kMuhy9BcKyt31TA7fYh +UfrFBvAb66Gwv00cQjSK1W/3JWZzj2DE140zkfRGOpcJWQH/w2SUQEgwaPBuAyZ0 +wqGz18uU/G5Tiiqe/bFPxHRWJWMfqr2VJXicRUYbDCFx64SU0LLx2lL20X9jHQgj +Ul/C+U2spETlmlRw/Mn81NS3HXWVAOO/PkzzQ8OWxwkqKUUS0jHWeUyK51QnIsaA +rocjVvGNSZvI+u0zW19WdsgPfoUUacRIMQc5pTSB8msVUCL7uyytS4TqVWT33lad +0LbQfR4bUVA3RJTmxBXrRTHxs+wPs6kM+BxHx1EABe/usD2ffgenOOiDTD3bNLYk +DJBXwPnQZBSKk0ebQfWjFB2eGF3V2Gav9fPIL7ynAqfv3PAOx0eNLtaoYkKTW3z1 +NfgxEHs41EAkaIETJ8v7dg7RmRTY1ev3aWSPr4+CuyQp+dQpHc7mFLpMiwn/Rs6L +bQIDAQABo4GrMIGoMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgXgMCcGA1Ud +JQQgMB4GCCsGAQUFBwMBBggrBgEFBQcDBAYIKwYBBQUHAwIwCwYDVR0PBAQDAgXg +MB0GA1UdDgQWBBTLEbcBX4ZVT0VeqydpvuE8iXpVYjAzBgNVHR8ELDAqMCigJqAk +hiJodHRwOi8vY2EubWl0LmVkdS9jYS9taXRzZXJ2ZXIuY3JsMA0GCSqGSIb3DQEB +BQUAA4GBAHU54NbC+mR1suJRBdU68CswZSRTA0/r5b7kc0N+11o3kjIlrWZ7isez +iST1mOgKsmnPj9QpNxxVk5BfuNefaZnPekNF4RTe+SNAa5mC/BzNRqiM6IUz1fVb +eXnYfcrp1hjepiyKAGyS92wKZwmn2O8mYl0JeNwFblPC+HDMCA45 +-----END CERTIFICATE----- + Index: branches/fc15-dev/server/fedora/config/etc/pki/tls/certs/scripts-cert.pem =================================================================== --- branches/fc15-dev/server/fedora/config/etc/pki/tls/certs/scripts-cert.pem (revision 1930) +++ branches/fc15-dev/server/fedora/config/etc/pki/tls/certs/scripts-cert.pem (revision 1938) @@ -1,7 +1,7 @@ -From mitcert@MIT.EDU Wed Jun 23 22:32:29 2010 -Date: Wed, 23 Jun 2010 22:32:27 -0400 (EDT) +From mitcert@MIT.EDU Wed Jun 8 13:18:37 2011 +Date: Wed, 8 Jun 2011 13:18:36 -0400 From: mitcert@MIT.EDU -To: scripts-root@mit.edu -Subject: CSR for scripts-cert@mit.edu [help.mit.edu #1269024] +To: mitchb@mit.edu +Subject: [help.mit.edu #1631653] Certificate signing request for scripts-cert.mit.edu Certificate: @@ -9,24 +9,50 @@ Version: 3 (0x2) Serial Number: - 62:d0:96:53:78:eb:91:3f:dd:66:93:e3:c0:d2:ed:ee + b8:1d:86:05:0a:9f:95:8c:d3:0d:6f:1b:3a:30:1b:d3 Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=Massachusetts, O=Massachusetts Institute of Technology, OU=MIT Certification Authority Validity - Not Before: Jun 22 16:00:00 2010 GMT - Not After : Jun 23 16:00:00 2011 GMT + Not Before: Jun 7 16:00:00 2011 GMT + Not After : Jun 7 16:00:00 2012 GMT Subject: C=US, ST=Massachusetts, L=Cambridge, O=Massachusetts Institute of Technology, OU=scripts.mit.edu web hosting service, CN=scripts-cert.mit.edu/emailAddress=scripts@mit.edu Subject Public Key Info: Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:b5:3e:21:4d:c1:89:6b:01:8c:47:80:fe:b3:37: - 27:76:f8:52:41:e6:a2:3d:4b:76:78:e5:f2:66:3c: - 0f:b1:ad:fb:97:8f:2e:a2:b6:53:d3:b6:0e:e2:66: - f9:b9:0b:b7:ce:b4:d5:f5:1c:1f:6f:22:7d:48:f5: - 6d:f0:16:cd:8e:48:79:d1:14:4a:14:2f:2f:f8:c4: - bd:1d:87:cf:7d:8b:5c:77:ad:58:24:b0:0e:a1:6d: - d6:0a:c7:d8:bc:2f:67:65:c8:5d:d8:d8:31:c2:67: - 4b:4a:f4:a1:a5:54:82:af:cb:34:08:2a:04:7f:8e: - 7c:4c:b7:db:dc:6a:8a:5d:81 + RSA Public Key: (4096 bit) + Modulus (4096 bit): + 00:bf:a3:f2:7b:98:cc:16:a7:57:e6:92:85:34:56: + f1:e3:62:83:9e:6a:4f:35:9d:f0:cf:89:87:73:e3: + 93:f7:b7:01:57:38:6e:e9:fc:59:4d:24:eb:a7:17: + 47:ca:2c:51:0e:45:c8:b7:68:c9:0e:32:26:e0:91: + d3:06:5c:8c:7c:0e:6c:99:0c:b2:46:05:0f:4d:f1: + b0:c7:5e:35:06:62:fe:2a:d6:0f:1b:2c:b5:02:24: + 4c:c3:06:71:ec:94:ca:1d:aa:af:7e:b9:2d:c0:55: + 4b:cc:bc:51:3d:76:68:5b:d3:ed:35:d0:03:ba:1b: + 6c:f3:a0:d8:d3:dc:6b:44:b0:5e:01:51:d3:02:cc: + 4a:da:52:12:de:35:31:69:16:5a:48:8b:0f:ce:ad: + 4d:e4:d5:8b:11:36:7f:87:1c:fd:84:da:43:2e:87: + 2f:41:70:ac:ad:df:54:c0:ed:f6:21:51:fa:c5:06: + f0:1b:eb:a1:b0:bf:4d:1c:42:34:8a:d5:6f:f7:25: + 66:73:8f:60:c4:d7:8d:33:91:f4:46:3a:97:09:59: + 01:ff:c3:64:94:40:48:30:68:f0:6e:03:26:74:c2: + a1:b3:d7:cb:94:fc:6e:53:8a:2a:9e:fd:b1:4f:c4: + 74:56:25:63:1f:aa:bd:95:25:78:9c:45:46:1b:0c: + 21:71:eb:84:94:d0:b2:f1:da:52:f6:d1:7f:63:1d: + 08:23:52:5f:c2:f9:4d:ac:a4:44:e5:9a:54:70:fc: + c9:fc:d4:d4:b7:1d:75:95:00:e3:bf:3e:4c:f3:43: + c3:96:c7:09:2a:29:45:12:d2:31:d6:79:4c:8a:e7: + 54:27:22:c6:80:ae:87:23:56:f1:8d:49:9b:c8:fa: + ed:33:5b:5f:56:76:c8:0f:7e:85:14:69:c4:48:31: + 07:39:a5:34:81:f2:6b:15:50:22:fb:bb:2c:ad:4b: + 84:ea:55:64:f7:de:56:9d:d0:b6:d0:7d:1e:1b:51: + 50:37:44:94:e6:c4:15:eb:45:31:f1:b3:ec:0f:b3: + a9:0c:f8:1c:47:c7:51:00:05:ef:ee:b0:3d:9f:7e: + 07:a7:38:e8:83:4c:3d:db:34:b6:24:0c:90:57:c0: + f9:d0:64:14:8a:93:47:9b:41:f5:a3:14:1d:9e:18: + 5d:d5:d8:66:af:f5:f3:c8:2f:bc:a7:02:a7:ef:dc: + f0:0e:c7:47:8d:2e:d6:a8:62:42:93:5b:7c:f5:35: + f8:31:10:7b:38:d4:40:24:68:81:13:27:cb:fb:76: + 0e:d1:99:14:d8:d5:eb:f7:69:64:8f:af:8f:82:bb: + 24:29:f9:d4:29:1d:ce:e6:14:ba:4c:8b:09:ff:46: + ce:8b:6d Exponent: 65537 (0x10001) X509v3 extensions: @@ -40,37 +66,45 @@ Digital Signature, Non Repudiation, Key Encipherment X509v3 Subject Key Identifier: - 54:11:7C:09:55:44:1C:94:45:A9:A2:76:46:2B:2C:24:26:6A:44:E8 + CB:11:B7:01:5F:86:55:4F:45:5E:AB:27:69:BE:E1:3C:89:7A:55:62 X509v3 CRL Distribution Points: URI:http://ca.mit.edu/ca/mitserver.crl Signature Algorithm: sha1WithRSAEncryption - b5:59:50:6b:e1:e1:ac:15:2b:df:7c:97:7b:28:e0:ed:65:7e: - 2c:bf:5b:a7:83:0d:75:8f:3e:6a:bb:31:a9:d2:86:90:87:bb: - f9:6d:8d:2f:07:3b:43:bf:84:77:c3:e6:2b:75:8a:bc:56:35: - dd:5b:6f:20:0f:26:d7:1d:ab:23:71:4f:39:a2:64:a2:9f:28: - 78:ec:3e:e9:b5:d6:f5:66:1b:1a:22:c2:86:9d:68:3a:6d:13: - 79:86:ff:df:c8:1d:f5:3f:c4:85:78:d7:41:7e:6c:f0:6a:af: - 39:27:3d:1e:74:dc:5a:07:33:bb:f8:4b:db:e4:dc:b0:e9:99: - 09:25 + ae:4e:cf:46:74:15:59:3d:9d:eb:e7:2c:1b:59:7c:ec:4e:c7: + 0e:61:9f:1a:a8:48:0e:4d:69:aa:98:53:6f:8e:18:86:4f:10: + 7f:97:da:67:ff:e6:ba:13:2a:82:bd:5b:ed:e4:f4:37:00:d3: + a3:aa:16:d7:3f:bf:a0:93:fe:35:45:aa:c0:bf:6e:26:13:88: + 95:dc:e0:e9:a7:c2:e6:d4:97:97:c8:fa:6e:23:67:8c:01:eb: + 3f:37:c1:dc:b4:c3:80:8c:d9:9c:4c:be:a3:88:0a:9e:82:8a: + d8:d9:a9:bc:69:e4:b4:36:91:a9:0d:75:51:59:f4:87:f0:cc: + 32:4f -----BEGIN CERTIFICATE----- -MIIDgzCCAuygAwIBAgIQYtCWU3jrkT/dZpPjwNLt7jANBgkqhkiG9w0BAQUFADB7 -MQswCQYDVQQGEwJVUzEWMBQGA1UECBMNTWFzc2FjaHVzZXR0czEuMCwGA1UEChMl -TWFzc2FjaHVzZXR0cyBJbnN0aXR1dGUgb2YgVGVjaG5vbG9neTEkMCIGA1UECxMb -TUlUIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTEwMDYyMjE2MDAwMFoXDTEx -MDYyMzE2MDAwMFowgdYxCzAJBgNVBAYTAlVTMRYwFAYDVQQIEw1NYXNzYWNodXNl -dHRzMRIwEAYDVQQHEwlDYW1icmlkZ2UxLjAsBgNVBAoTJU1hc3NhY2h1c2V0dHMg -SW5zdGl0dXRlIG9mIFRlY2hub2xvZ3kxLDAqBgNVBAsTI3NjcmlwdHMubWl0LmVk -dSB3ZWIgaG9zdGluZyBzZXJ2aWNlMR0wGwYDVQQDExRzY3JpcHRzLWNlcnQubWl0 -LmVkdTEeMBwGCSqGSIb3DQEJARYPc2NyaXB0c0BtaXQuZWR1MIGfMA0GCSqGSIb3 -DQEBAQUAA4GNADCBiQKBgQC1PiFNwYlrAYxHgP6zNyd2+FJB5qI9S3Z45fJmPA+x -rfuXjy6itlPTtg7iZvm5C7fOtNX1HB9vIn1I9W3wFs2OSHnRFEoULy/4xL0dh899 -i1x3rVgksA6hbdYKx9i8L2dlyF3Y2DHCZ0tK9KGlVIKvyzQIKgR/jnxMt9vcaopd -gQIDAQABo4GrMIGoMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgXgMCcGA1Ud -JQQgMB4GCCsGAQUFBwMBBggrBgEFBQcDBAYIKwYBBQUHAwIwCwYDVR0PBAQDAgXg -MB0GA1UdDgQWBBRUEXwJVUQclEWponZGKywkJmpE6DAzBgNVHR8ELDAqMCigJqAk -hiJodHRwOi8vY2EubWl0LmVkdS9jYS9taXRzZXJ2ZXIuY3JsMA0GCSqGSIb3DQEB -BQUAA4GBALVZUGvh4awVK998l3so4O1lfiy/W6eDDXWPPmq7ManShpCHu/ltjS8H -O0O/hHfD5it1irxWNd1bbyAPJtcdqyNxTzmiZKKfKHjsPum11vVmGxoiwoadaDpt -E3mG/9/IHfU/xIV410F+bPBqrzknPR503FoHM7v4S9vk3LDpmQkl +MIIFCDCCBHGgAwIBAgIRALgdhgUKn5WM0w1vGzowG9MwDQYJKoZIhvcNAQEFBQAw +ezELMAkGA1UEBhMCVVMxFjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxLjAsBgNVBAoT +JU1hc3NhY2h1c2V0dHMgSW5zdGl0dXRlIG9mIFRlY2hub2xvZ3kxJDAiBgNVBAsT +G01JVCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xMTA2MDcxNjAwMDBaFw0x +MjA2MDcxNjAwMDBaMIHWMQswCQYDVQQGEwJVUzEWMBQGA1UECBMNTWFzc2FjaHVz +ZXR0czESMBAGA1UEBxMJQ2FtYnJpZGdlMS4wLAYDVQQKEyVNYXNzYWNodXNldHRz +IEluc3RpdHV0ZSBvZiBUZWNobm9sb2d5MSwwKgYDVQQLEyNzY3JpcHRzLm1pdC5l +ZHUgd2ViIGhvc3Rpbmcgc2VydmljZTEdMBsGA1UEAxMUc2NyaXB0cy1jZXJ0Lm1p +dC5lZHUxHjAcBgkqhkiG9w0BCQEWD3NjcmlwdHNAbWl0LmVkdTCCAiIwDQYJKoZI +hvcNAQEBBQADggIPADCCAgoCggIBAL+j8nuYzBanV+aShTRW8eNig55qTzWd8M+J +h3Pjk/e3AVc4bun8WU0k66cXR8osUQ5FyLdoyQ4yJuCR0wZcjHwObJkMskYFD03x +sMdeNQZi/irWDxsstQIkTMMGceyUyh2qr365LcBVS8y8UT12aFvT7TXQA7obbPOg +2NPca0SwXgFR0wLMStpSEt41MWkWWkiLD86tTeTVixE2f4cc/YTaQy6HL0FwrK3f +VMDt9iFR+sUG8BvrobC/TRxCNIrVb/clZnOPYMTXjTOR9EY6lwlZAf/DZJRASDBo +8G4DJnTCobPXy5T8blOKKp79sU/EdFYlYx+qvZUleJxFRhsMIXHrhJTQsvHaUvbR +f2MdCCNSX8L5TaykROWaVHD8yfzU1LcddZUA478+TPNDw5bHCSopRRLSMdZ5TIrn +VCcixoCuhyNW8Y1Jm8j67TNbX1Z2yA9+hRRpxEgxBzmlNIHyaxVQIvu7LK1LhOpV +ZPfeVp3QttB9HhtRUDdElObEFetFMfGz7A+zqQz4HEfHUQAF7+6wPZ9+B6c46INM +Pds0tiQMkFfA+dBkFIqTR5tB9aMUHZ4YXdXYZq/188gvvKcCp+/c8A7HR40u1qhi +QpNbfPU1+DEQezjUQCRogRMny/t2DtGZFNjV6/dpZI+vj4K7JCn51CkdzuYUukyL +Cf9GzottAgMBAAGjgaswgagwCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCBeAw +JwYDVR0lBCAwHgYIKwYBBQUHAwEGCCsGAQUFBwMEBggrBgEFBQcDAjALBgNVHQ8E +BAMCBeAwHQYDVR0OBBYEFMsRtwFfhlVPRV6rJ2m+4TyJelViMDMGA1UdHwQsMCow +KKAmoCSGImh0dHA6Ly9jYS5taXQuZWR1L2NhL21pdHNlcnZlci5jcmwwDQYJKoZI +hvcNAQEFBQADgYEArk7PRnQVWT2d6+csG1l87E7HDmGfGqhIDk1pqphTb44Yhk8Q +f5faZ//muhMqgr1b7eT0NwDTo6oW1z+/oJP+NUWqwL9uJhOIldzg6afC5tSXl8j6 +biNnjAHrPzfB3LTDgIzZnEy+o4gKnoKK2NmpvGnktDaRqQ11UVn0h/DMMk8= -----END CERTIFICATE----- Index: branches/fc15-dev/server/fedora/config/etc/scripts/allowed-setugid.list =================================================================== --- branches/fc15-dev/server/fedora/config/etc/scripts/allowed-setugid.list (revision 1938) +++ branches/fc15-dev/server/fedora/config/etc/scripts/allowed-setugid.list (revision 1938) @@ -0,0 +1,23 @@ +/bin/ping +/bin/ping6 +/sbin/pam_timestamp_check +/sbin/unix_chkpwd +/usr/bin/at +/usr/bin/crontab +/usr/bin/locate +/usr/bin/screen +/usr/bin/sudo +/usr/bin/sudoedit +/usr/libexec/openssh/ssh-keysign +/usr/libexec/polkit-1/polkit-agent-helper-1 +/usr/libexec/pt_chown +/usr/libexec/utempter/utempter +/usr/local/bin/logview +/usr/local/sbin/signup-scripts-frontend +/usr/sbin/fping +/usr/sbin/fping6 +/usr/sbin/lockdev +/usr/sbin/mtr +/usr/sbin/postdrop +/usr/sbin/postqueue +/usr/sbin/userhelper Index: branches/fc15-dev/server/fedora/config/etc/yum/post-actions/statoverride.action =================================================================== --- branches/fc15-dev/server/fedora/config/etc/yum/post-actions/statoverride.action (revision 1938) +++ branches/fc15-dev/server/fedora/config/etc/yum/post-actions/statoverride.action (revision 1938) @@ -0,0 +1,29 @@ +/bin/cgexec:install:chmod ug-s /bin/cgexec +/bin/fusermount:install:chmod ug-s /bin/fusermount +/bin/mount:install:chmod ug-s /bin/mount +/bin/su:install:chmod ug-s /bin/su +/bin/umount:install:chmod ug-s /bin/umount +/sbin/mount.nfs:install:chmod ug-s /sbin/mount.nfs +/sbin/netreport:install:chmod ug-s /sbin/netreport +/usr/bin/chage:install:chmod ug-s /usr/bin/chage +/usr/bin/chfn:install:chmod ug-s /usr/bin/chfn +/usr/bin/chsh:install:chmod ug-s /usr/bin/chsh +/usr/bin/gpasswd:install:chmod ug-s /usr/bin/gpasswd +/usr/bin/lockfile:install:chmod ug-s /usr/bin/lockfile +/usr/bin/newgrp:install:chmod ug-s /usr/bin/newgrp +/usr/bin/newrole:install:chmod ug-s /usr/bin/newrole +/usr/bin/passwd:install:chmod ug-s /usr/bin/passwd +/usr/bin/rcp:install:chmod ug-s /usr/bin/rcp +/usr/bin/rlogin:install:chmod ug-s /usr/bin/rlogin +/usr/bin/rsh:install:chmod ug-s /usr/bin/rsh +/usr/bin/sperl5.10.1:install:chmod ug-s /usr/bin/sperl5.10.1 +/usr/bin/ssh-agent:install:chmod ug-s /usr/bin/ssh-agent +/usr/bin/wall:install:chmod ug-s /usr/bin/wall +/usr/bin/write:install:chmod ug-s /usr/bin/write +/usr/bin/Xorg:install:chmod ug-s /usr/bin/Xorg +/usr/kerberos/bin/ksu:install:chmod ug-s /usr/kerberos/bin/ksu +/usr/lib64/nspluginwrapper/plugin-config:install:chmod ug-s /usr/lib64/nspluginwrapper/plugin-config +/usr/lib64/vte/gnome-pty-helper:install:chmod ug-s /usr/lib64/vte/gnome-pty-helper +/usr/sbin/ccreds_chkpwd:install:chmod ug-s /usr/sbin/ccreds_chkpwd +/usr/sbin/userisdnctl:install:chmod ug-s /usr/sbin/userisdnctl +/usr/sbin/usernetctl:install:chmod ug-s /usr/sbin/usernetctl Index: branches/fc15-dev/server/fedora/specs/logview.spec =================================================================== --- branches/fc15-dev/server/fedora/specs/logview.spec (revision 1930) +++ branches/fc15-dev/server/fedora/specs/logview.spec (revision 1938) @@ -32,4 +32,5 @@ %pre useradd logview || [ $? -eq 9 ] +chmod 710 /home/logview %postun @@ -41,5 +42,5 @@ %defattr(0755, root, root) /usr/local/bin/logview.pl -%defattr(4755, logview, root) +%defattr(2755, root, logview) /usr/local/bin/logview