Wednesday, August 10, 2011

OSG RPM CA Distribution Problem

This message is for the OSG site administrators who have used rpm or
yum mechanisms to update their certificate authority (CA) caches since
9:00 EDT 8/9/11. If you retrieve CA caches via pacman updates, you can ignore
this message.

There was a problem in the production rpm cache that began with the
cache update yesterday (8/9/11) and was corrected this afternoon
(8/10/11). If you did a yum update during this time (yum update
osg-ca-certs), your site may have ended up with CA caches that may
cause problems. You may also see RSV CA probe failures. We have fixed the
problem in the software cache. In order to get rid of the incorrect
package and install the new one, please run the command:

rpm -Uhv --oldpackage http://software.grid.iu.edu/yum/rpms/noarch/osg-ca-certs-1.20-0.noarch.rpm
(all one line)

To understand whether you installed the incorrect package, go to
TRUSTED_CA directory and check the installed package version. If you
see 1.20NEW in CHANGES file, you have the incorrect package. If you
see 1.20, then you have the correct version, and you do not need to take
any action. You can also go inside TRUSTED_CA/certificates directory
and do an ls -al, if you see a large number of symbolic links, you
have the incorrect package.

Our sincere apologies for this mistake. Please contact us immediately
if you have questions.

Mine Altunay (OSG Security Coordinator)
Scott Teige (OSG Operations Technical Lead)