From d952bcdec096ccbd92b61decc6474971ac569254 Mon Sep 17 00:00:00 2001
From: lissav <lissav@8638fb3e-16cb-4fca-ae20-7b5d299a9bcd>
Date: Fri, 23 Apr 2010 18:06:29 +0000
Subject: [PATCH] remove update of sensitive cred files to /install/postscripts
 directories

git-svn-id: https://svn.code.sf.net/p/xcat/code/xcat-core/trunk@5873 8638fb3e-16cb-4fca-ae20-7b5d299a9bcd
---
 xCAT-server/sbin/xcatconfig | 66 +++++++------------------------------
 1 file changed, 12 insertions(+), 54 deletions(-)

diff --git a/xCAT-server/sbin/xcatconfig b/xCAT-server/sbin/xcatconfig
index 8bbedee19..886352fe8 100644
--- a/xCAT-server/sbin/xcatconfig
+++ b/xCAT-server/sbin/xcatconfig
@@ -312,7 +312,7 @@ if ($::INITIALINSTALL || $::FORCE || $::UPDATEINSTALL)
 #
 #  set up the certificates for xcatd, gen new ones if requested or do not exist
 #
-if ($::INITIALINSTALL || $::FORCE || $::genCredentials)
+if ($::INITIALINSTALL || $::UPDATEINSTALL || $::FORCE || $::genCredentials)
 {
     &genCredentials;
 }
@@ -1267,34 +1267,33 @@ sub genCredentials
         }
     }
 
-    #  copy to postscript directory
+    #  copy to postscript directory  just non-sensitive files
     my $cmd    = "/bin/rm -rf $::INSTALLDIR/postscripts/ca >/dev/null 2>&1";
     my $outref = xCAT::Utils->runcmd("$cmd", 0);
-    my $cmd    = "/bin/mkdir -p $::INSTALLDIR/postscripts/ca/certs";
+    my $cmd    = "/bin/mkdir -p $::INSTALLDIR/postscripts/ca";
     my $outref = xCAT::Utils->runcmd("$cmd", 0);
     if ($::RUNCMD_RC != 0)
     {
         xCAT::MsgUtils->message('E',
-                   "Could not create $::INSTALLDIR/postscripts/ca/certs directory.");
+                       "Could not create $::INSTALLDIR/postscripts/ca directory.");
     }
     else
     {
-        xCAT::MsgUtils->message('I',
-                            "Created $::INSTALLDIR/postscripts/ca/certs directory.");
+        verbose("Created $::INSTALLDIR/postscripts/ca directory.");
     }
-    my $cmd = "/bin/cp -r /etc/xcat/ca/* $::INSTALLDIR/postscripts/ca";
+    my $cmd = "/bin/cp -p /etc/xcat/ca/ca-cert.pem $::INSTALLDIR/postscripts/ca/ca-cert.pem";
     my $outref = xCAT::Utils->runcmd("$cmd", 0);
     if ($::RUNCMD_RC != 0)
     {
         xCAT::MsgUtils->message(
             'E',
-            "Could not copy /etc/xcat/ca/* to  $::INSTALLDIR/postscripts/ca directory."
+            "$cmd failed"
             );
     }
     else
     {
         xCAT::MsgUtils->message('I',
-                 "Copied /etc/xcat/ca/* to $::INSTALLDIR/postscripts/ca directory.");
+                 "$cmd succeeded.");
     }
 
     if ((!-d "/etc/xcat/cert") || $::FORCE || $::genCredentials)
@@ -1323,34 +1322,9 @@ sub genCredentials
         }
     }
 
-    #  copy to postscript directory
+    #  copy to postscript directory, no longer use cert directory
     my $cmd    = "/bin/rm -rf $::INSTALLDIR/postscripts/cert >/dev/null 2>&1";
     my $outref = xCAT::Utils->runcmd("$cmd", 0);
-    my $cmd    = "/bin/mkdir -p $::INSTALLDIR/postscripts/cert";
-    my $outref = xCAT::Utils->runcmd("$cmd", 0);
-    if ($::RUNCMD_RC != 0)
-    {
-        xCAT::MsgUtils->message('E',
-                       "Could not create $::INSTALLDIR/postscripts/cert directory.");
-    }
-    else
-    {
-        verbose("Created $::INSTALLDIR/postscripts/cert directory.");
-    }
-    my $cmd = "/bin/cp -r /etc/xcat/cert/* $::INSTALLDIR/postscripts/cert";
-    my $outref = xCAT::Utils->runcmd("$cmd", 0);
-    if ($::RUNCMD_RC != 0)
-    {
-        xCAT::MsgUtils->message(
-            'E',
-            "Could not copy /etc/xcat/cert/* to  $::INSTALLDIR/postscripts/cert directory."
-            );
-    }
-    else
-    {
-        xCAT::MsgUtils->message('I',
-             "Copied /etc/xcat/cert/* to $::INSTALLDIR/postscripts/cert directory.");
-    }
 
     if ((!-r "$::root/.xcat/client-key.pem") || $::FORCE || $::genCredentials)
     {
@@ -1384,35 +1358,19 @@ sub genCredentials
     {
         verbose("Created $::INSTALLDIR/postscripts/_xcat directory.");
     }
-    my $cmd = "/bin/cp -r $::root/.xcat/* $::INSTALLDIR/postscripts/_xcat";
+    my $cmd = "/bin/cp -p $::root/.xcat/ca.pem $::INSTALLDIR/postscripts/_xcat/ca.pem";
     my $outref = xCAT::Utils->runcmd("$cmd", 0);
     if ($::RUNCMD_RC != 0)
     {
         xCAT::MsgUtils->message(
             'E',
-            "Could not copy $::root/.xcat/* to  $::INSTALLDIR/postscripts/_xcat directory."
+            "Could not copy $::root/.xcat/ca.pem to  $::INSTALLDIR/postscripts/_xcat directory."
             );
     }
     else
     {
         xCAT::MsgUtils->message('I',
-             "Copied $::root/.xcat/* to $::INSTALLDIR/postscripts/_xcat directory.");
-    }
-    my $cmd = "/bin/cp -r /etc/xcat/ca/certs/* $::INSTALLDIR/postscripts/ca/certs";
-    my $outref = xCAT::Utils->runcmd("$cmd", 0);
-    if ($::RUNCMD_RC != 0)
-    {
-        xCAT::MsgUtils->message(
-            'E',
-            "Could not copy /etc/xcat/ca/certs/* to  $::INSTALLDIR/postscripts/ca/certs directory."
-            );
-    }
-    else
-    {
-        xCAT::MsgUtils->message(
-            'I',
-            "Copied /etc/xcat/ca/certs* to $::INSTALLDIR/postscripts/ca/certs directory."
-            );
+             "Copied $::root/.xcat/ca.pem to $::INSTALLDIR/postscripts/_xcat directory.");
     }
 }