2009-04-02 Dave Brolley <brolley@redhat.com>

        * stap-serverd (initialization): Create client certificate database if it
        does not exist.
        * stap-server (call_stap): Don't pass --sign-module to stap.
        * session.h (unprivileged): New member of systemtap_session.
        * modsign.cxx (init_cert_db_path, check_cert_db_path): New functions.
        (sign_module): Call check_cert_db_path.
        * main.cxx (usage): Document --signing-cert and --unprivileged.
        (runner): Set default signing certificate path. Initialize s.unprivileged.
        (LONG_OPT_SIGN_MODULE): Renamed to LONG_OPT_SIGNING_CERT.
        (LONG_OPT_UNPRIVILEGED): #define it.
        (long_options): Add --signing-cert and --unprivileged.
        (runner): Allow multiple --signing-cert options. Use the last specified.
        Don't reset unless the new setting is valid. Handle LONG_OPT_UNPRIVILEGED.

1 files changed, 5 insertions, 0 deletions

diff --git a/stap-serverd b/stap-serverd
index 9b1dfd43..04ef54c3 100755
--- a/stap-serverd
+++ b/stap-serverd
@@ -47,6 +47,11 @@ function initialization {
 	    if test -f `which ${stap_exec_prefix}stap-add-server-cert` -a -x `which ${stap_exec_prefix}stap-add-server-cert`; then
 		${stap_exec_prefix}stap-authorize-server-cert $ssl_db/stap-server.cert
 	    fi
+	elif ! test -f $stap_ssl_db/client/cert8.db; then
+	    # If the client's database does not exist, then initialize it with our certificate.
+	    if test -f `which ${stap_exec_prefix}stap-add-server-cert` -a -x `which ${stap_exec_prefix}stap-add-server-cert`; then
+		${stap_exec_prefix}stap-authorize-server-cert $ssl_db/stap-server.cert
+	    fi
 	fi
     fi