From 8c27bafa7f722ddc17d535d3d0fb0758cb532171 Mon Sep 17 00:00:00 2001
From: Magnus Ahltorp <map@kth.se>
Date: Thu, 23 Apr 2015 17:37:01 +0200
Subject: Add remote script for merge secondary

---
 tools/merge.py           | 9 ++++++---
 tools/verifysecondary.sh | 4 ++++
 2 files changed, 10 insertions(+), 3 deletions(-)
 create mode 100755 tools/verifysecondary.sh

diff --git a/tools/merge.py b/tools/merge.py
index ed1c162..b426039 100755
--- a/tools/merge.py
+++ b/tools/merge.py
@@ -38,7 +38,7 @@ localconfig = yaml.load(open(args.localconfig))
 ctbaseurl = config["baseurl"]
 frontendnodes = config["frontendnodes"]
 storagenodes = config["storagenodes"]
-secondaries = localconfig["secondary"]
+secondaries = localconfig.get("secondary", [])
 paths = localconfig["paths"]
 mergedb = paths["mergedb"]
 
@@ -241,15 +241,18 @@ timestamp = int(time.time() * 1000)
 for secondary in secondaries:
     remotehost = secondary["host"]
     remotedir = remotehost + ":" + secondary["mergedir"]
+    localdir = mergedb
+    if localdir[:-1] != '/':
+        localdir = localdir + "/"
 
     print >>sys.stderr, "copying database to secondary:", remotehost
-    rsyncstatus = subprocess.call(["rsync", "-r", "--append", "--rsh=ssh", mergedb, remotedir])
+    rsyncstatus = subprocess.call(["rsync", "-r", "--append", "--rsh=ssh", localdir, remotedir])
     if rsyncstatus:
         print >>sys.stderr, "rsync failed:", rsyncstatus
         sys.exit(1)
 
     print >>sys.stderr, "verifying database at secondary:", remotehost
-    verifysecondary = subprocess.Popen(["ssh", remotehost, secondary["verifycommand"]],
+    verifysecondary = subprocess.Popen(["ssh", remotehost, secondary["verifycommand"], secondary["mergedir"]],
                                     stdout=subprocess.PIPE)
 
     (verifysecondaryresult, _) = verifysecondary.communicate()
diff --git a/tools/verifysecondary.sh b/tools/verifysecondary.sh
new file mode 100755
index 0000000..4a90543
--- /dev/null
+++ b/tools/verifysecondary.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+cd $(dirname $0)/../catlfish
+../tools/verifysecondary.py --mergedb="$1" --verifycert=../verifycert.erl --knownroots=../tools/testcerts/roots/
-- 
cgit v1.1


From cef3057325c7eba5d4a931a9814202eb9eb574eb Mon Sep 17 00:00:00 2001
From: Magnus Ahltorp <map@kth.se>
Date: Thu, 23 Apr 2015 18:11:07 +0200
Subject: Don't require logprivatekey if hsm is configured for a signing node.

---
 tools/compileconfig.py |  6 +++++-
 tools/testcase1.py     | 20 +++++++++++---------
 2 files changed, 16 insertions(+), 10 deletions(-)

diff --git a/tools/compileconfig.py b/tools/compileconfig.py
index 95c71be..a8fe408 100755
--- a/tools/compileconfig.py
+++ b/tools/compileconfig.py
@@ -242,10 +242,14 @@ def gen_config(nodename, config, localconfig):
         (Symbol("services"), services),
     ]
     if nodetype == "signingnodes":
-        plopconfig.append((Symbol("log_private_key"), paths["logprivatekey"]))
         hsm = localconfig.get("hsm")
+        if "logprivatekey" in paths:
+            plopconfig.append((Symbol("log_private_key"), paths["logprivatekey"]))
         if hsm:
             plopconfig.append((Symbol("hsm"), [hsm.get("library"), str(hsm.get("slot")), "ecdsa", hsm.get("label"), hsm.get("pin")]))
+        if not ("logprivatekey" in paths or hsm):
+            print >>sys.stderr, "Neither logprivatekey nor hsm configured for signing node", nodename
+            sys.exit(1)
     plopconfig += [
         (Symbol("log_public_key"), paths["logpublickey"]),
         (Symbol("own_key"), (nodename, "%s/%s-private.pem" % (paths["privatekeys"], nodename))),
diff --git a/tools/testcase1.py b/tools/testcase1.py
index c1100ea..c66d976 100755
--- a/tools/testcase1.py
+++ b/tools/testcase1.py
@@ -48,13 +48,15 @@ def print_error(message, *args):
 def print_success(message, *args):
     print indentation + message % args
 
-def assert_equal(actual, expected, name, quiet=False, nodata=False):
+def assert_equal(actual, expected, name, quiet=False, nodata=False, fatal=False):
     global failures
     if actual != expected:
         if nodata:
             print_error("%s differs", name)
         else:
             print_error("%s expected %s got %s", name, expected, actual)
+        if fatal:
+            sys.exit(1)
     elif not quiet:
         print_success("%s was correct", name)
 
@@ -149,7 +151,7 @@ def merge():
                             "--localconfig", "../test/catlfish-test-local-merge.cfg"])
 
 mergeresult = merge()
-assert_equal(mergeresult, 0, "merge", quiet=True)
+assert_equal(mergeresult, 0, "merge", quiet=True, fatal=True)
 
 for baseurl in baseurls:
     print_and_check_tree_size(0, baseurl)
@@ -159,7 +161,7 @@ testgroup("cert1")
 result1 = do_add_chain(cc1, baseurls[0])
 
 mergeresult = merge()
-assert_equal(mergeresult, 0, "merge", quiet=True)
+assert_equal(mergeresult, 0, "merge", quiet=True, fatal=True)
 
 size_sth = {}
 
@@ -172,7 +174,7 @@ result2 = do_add_chain(cc1, baseurls[0])
 assert_equal(result2["timestamp"], result1["timestamp"], "timestamp")
 
 mergeresult = merge()
-assert_equal(mergeresult, 0, "merge", quiet=True)
+assert_equal(mergeresult, 0, "merge", quiet=True, fatal=True)
 
 for baseurl in baseurls:
     print_and_check_tree_size(1, baseurl)
@@ -190,7 +192,7 @@ testgroup("cert2")
 result3 = do_add_chain(cc2, baseurls[0])
 
 mergeresult = merge()
-assert_equal(mergeresult, 0, "merge", quiet=True)
+assert_equal(mergeresult, 0, "merge", quiet=True, fatal=True)
 
 for baseurl in baseurls:
     print_and_check_tree_size(2, baseurl)
@@ -204,7 +206,7 @@ testgroup("cert3")
 result4 = do_add_chain(cc3, baseurls[0])
 
 mergeresult = merge()
-assert_equal(mergeresult, 0, "merge", quiet=True)
+assert_equal(mergeresult, 0, "merge", quiet=True, fatal=True)
 
 for baseurl in baseurls:
     print_and_check_tree_size(3, baseurl)
@@ -219,7 +221,7 @@ testgroup("cert4")
 result5 = do_add_chain(cc4, baseurls[0])
 
 mergeresult = merge()
-assert_equal(mergeresult, 0, "merge", quiet=True)
+assert_equal(mergeresult, 0, "merge", quiet=True, fatal=True)
 
 for baseurl in baseurls:
     print_and_check_tree_size(4, baseurl)
@@ -235,7 +237,7 @@ testgroup("cert5")
 result6 = do_add_chain(cc5, baseurls[0])
 
 mergeresult = merge()
-assert_equal(mergeresult, 0, "merge", quiet=True)
+assert_equal(mergeresult, 0, "merge", quiet=True, fatal=True)
 
 for baseurl in baseurls:
     print_and_check_tree_size(5, baseurl)
@@ -248,7 +250,7 @@ get_and_validate_proof(result5["timestamp"], cc4, 3, 3, baseurls[0])
 get_and_validate_proof(result6["timestamp"], cc5, 4, 1, baseurls[0])
 
 mergeresult = merge()
-assert_equal(mergeresult, 0, "merge", quiet=True)
+assert_equal(mergeresult, 0, "merge", quiet=True, fatal=True)
 
 for first_size in range(1, 5):
     for second_size in range(first_size + 1, 6):
-- 
cgit v1.1