Ensure that the client cert database and server cert are readable by all.

3 files changed, 13 insertions, 3 deletions

diff --git a/ChangeLog b/ChangeLog
index f8ffd7d8..a74b6dc7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2009-01-13  Dave Brolley  <brolley@redhat.com>
+
+	* stap-add-server-cert: Failure to make the client database readable
+	is now only a warning.
+	* stap-gen-server-cert: Ensure that the certificate is readable by
+	all. Warn if unsuccessful.
+
 2009-01-11  Wenji Huang  <wenji.huang@oracle.com>
 
         * tapsets.cxx (dwarf_derived_probe_group::emit_module_decls): Fix too
diff --git a/stap-add-server-cert b/stap-add-server-cert
index 5f17f165..81424c82 100755
--- a/stap-add-server-cert
+++ b/stap-add-server-cert
@@ -40,9 +40,7 @@ fi
 
 # Ensure that the database is readable by others
 if ! chmod +r $2/*.db; then
-    echo "Unable to make the client certificate database $2 readable by others" >&2
-    exit 1
+    echo "Warning: unable to make the client certificate database $2 readable by others" >&2
 fi
-    
 
 exit 0
diff --git a/stap-gen-server-cert b/stap-gen-server-cert
index fe40db90..af3a5917 100755
--- a/stap-gen-server-cert
+++ b/stap-gen-server-cert
@@ -83,6 +83,11 @@ y
 EOF
 rm -fr $1/stap-server.req
 
+# Ensure that the certificate is readable by others.
+if ! chmod +r $serverdb/stap-server.cert; then
+    echo "Warning: unable to make the server's certificate $serverdb/stap-server.cert readable by others" >&2
+fi
+
 # Add the certificate to the server's certificate/key database as a trusted peer, ssl server and object signer
 certutil -A -n stap-server -t "PCu,,PCu" -i $serverdb/stap-server.cert -d $serverdb -f $serverdb/pw