diff --git a/build.xml b/build.xml index f908df7b..eb21fe25 100644 --- a/build.xml +++ b/build.xml @@ -144,9 +144,12 @@ + + + - - + + + + + + + + + - + + - + - @@ -271,6 +284,7 @@ + @@ -291,11 +305,6 @@ - - - Stage 3.1 Success: Aggregates send to keymaster for processing. @@ -497,76 +508,83 @@ - - Stage 3.3 Success: Signed aggregates and stats file comitted to data repository, pushed to origin. + + Stage 4 Success: MDQ cache created; all files comitted to data repository. - + - - Stage 4 Success: MDQ cache created (not yet implemented!); all files comitted to data repository. + + Stage 4.2 Success: Signed aggregates and stats file comitted to data repository. - Stage 5 Success: Master branch pushed to origin, new tag created and pushed, message sent to start publication. + Stage 5 Success: Master branch pushed to origin, new tag created and pushed, mdq cache sent to repo, message sent to start publication. - + @@ -776,7 +794,7 @@ - + @@ -794,7 +812,7 @@ - + @@ -810,9 +828,8 @@ - - + @@ -830,7 +847,7 @@ - + @@ -848,7 +865,7 @@ - + @@ -1054,7 +1071,7 @@ Commit unsigned files to local products repository --> - Commiting all changes in products repository. + Pushing the latest tooling repository to keymaster. @@ -1087,6 +1104,59 @@ + + + + + Updating local stats cache + + + + + + + + Triggering daily stats job + + + + + + + + + + Triggering monthly stats job + + + + + + + + + Triggering yearly stats job + + + + + + @@ -1120,30 +1186,21 @@ - + - + Verifying @{i}... - - - - + - + @@ -1184,11 +1237,6 @@ Checksum of file matches expected value - - - @@ -1222,56 +1270,67 @@ property="mdaggr.export.preview.signed.checksum"/> Verifying metadata held at ${md.dist.host1.name} - - - - - - - Verifying metadata held at ${md.dist.host2.name} - - - - - - - Verifying metadata held at ${md.dist.host3.name} - - - - - - - Verification completed. + + + Verifying MDQ held at ${mdq.dist.name} + + + + + + + + + + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + - - - - - + + Testing signing the unsigned main aggregate. - - + Test signing UKfed prod metadata. + - - + Verifying signed UK metadata. - + Verifying signed UK WAYF metadata. - + Verifying signed UK CDS full metadata. - + Verifying signed UK test metadata. - + Verifying signed UK export metadata. - + Verifying signed UK export preview metadata. - + Verifying signed UK fallback metadata. - + Verification completed. + + + Testing verifying the signed main aggregate. + + + Test verification completed. + + + + + + + Generating per-entity metadata in ${mda.mdq.output} + from production aggregate in ${mda.mdq.input} + + + + Generation complete. + Generating all.xml in ${mda.mdq.output} + + Generation complete. + + + + + + + Generating per-entity metadata in ${mda.mdq.output} + from test metadata in ${mda.mdq.input} + + + + Generation complete. + + - - Creating MDQ cache. - -> Not yet implemented. This is not a failure, other than a moral one + + MDQ cache created. @@ -1961,6 +2057,31 @@ + + + Pushing UK Federation mdq cache to MD dist. + -> MD1 + + + + + + -> MD2 + + + + + + -> MD3 + + + + + + + - - - - Please select the channel to use (e.g., us_incommon): - - - - - - - - - - - - - - - + - - + + @@ -33,100 +35,100 @@ Total entities - + Identity providers - + Service providers - + - + : - + - + mdui:UIInfo - + mdui:Logo - + mdui:Description - + mdui:DisplayName - + mdui:Keywords - + mdui:InformationURL - + mdui:PrivacyStatementURL - + mdui:DiscoHints - + mdui:IPHint - + mdui:DomainHint - + mdui:GeolocationHint - + - + @@ -142,5 +144,5 @@ ) - + diff --git a/macosx.properties b/macosx.properties index 1b5744a2..0b062e2e 100644 --- a/macosx.properties +++ b/macosx.properties @@ -5,3 +5,13 @@ # those defined in default.properties, but may be overridden by # properties defined in a machine-specific build.properties file. # + +# +# Location of the PKCS#11 configuration file for OpenSC on Mac OS X. +# +sign.uk.pkcs11Config = ${basedir}/mdx/uk/opensc-mac.cfg + +# +# Signing key alias within the keystore. +# +sign.uk.keyAlias = key10 diff --git a/mdx/_rules/check_sirtfi.xsl b/mdx/_rules/check_sirtfi.xsl new file mode 100644 index 00000000..78240c01 --- /dev/null +++ b/mdx/_rules/check_sirtfi.xsl @@ -0,0 +1,73 @@ + + + + + + + + + + + + + + + + + SIRTFI requires a REFEDS security contact + + + + + + + + SIRTFI requires a REFEDS security contact with a GivenName + + + + + SIRTFI requires a REFEDS security contact with an EmailAddress + + + + + + diff --git a/mdx/common-beans.xml b/mdx/common-beans.xml index b7ea95f6..ee5bc181 100644 --- a/mdx/common-beans.xml +++ b/mdx/common-beans.xml @@ -56,14 +56,6 @@ - - - - - - @@ -197,27 +181,6 @@ - - - - - - - - + @@ -254,22 +221,22 @@ + + - - - + - + - + @@ -286,7 +253,7 @@ - + @@ -302,6 +269,49 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/mdx/identity.xsl b/mdx/identity.xsl new file mode 100644 index 00000000..dc2ad8b1 --- /dev/null +++ b/mdx/identity.xsl @@ -0,0 +1,30 @@ + + + + + + + + + + + + + + + + + + + + diff --git a/mdx/int_edugain/beans.xml b/mdx/int_edugain/beans.xml index 7bf73818..05b7c9b3 100644 --- a/mdx/int_edugain/beans.xml +++ b/mdx/int_edugain/beans.xml @@ -15,7 +15,8 @@ - + + - diff --git a/mdx/schema/uk-fed-label.xsd b/mdx/schema/uk-fed-label.xsd index 83213fb8..8c1656ae 100644 --- a/mdx/schema/uk-fed-label.xsd +++ b/mdx/schema/uk-fed-label.xsd @@ -2,7 +2,7 @@ @@ -43,13 +43,46 @@ - + + + + + An organization ID is a string constrained to be the string "ukforg" + followed by a numeric code. + + These codes are defined as IDs in the members.xml database, but + are simple strings in entity metadata. + + + + + + + Indicates an entity whose owner is a member in good standing of the UK federation. + + + + + + + The orgID attribute is described as "optional" in this schema + so that it can be omitted in published metadata. However, it + is mandatory in entity fragment files. + + orgID can become a mandatory attribute if we ever stop + publishing UKFederationMember labels. + + + + + + diff --git a/mdx/uk/beans.xml b/mdx/uk/beans.xml index 1acb9162..eb185e63 100644 --- a/mdx/uk/beans.xml +++ b/mdx/uk/beans.xml @@ -125,38 +125,39 @@ - - + + + + + - - + + + + - + - - - - - - - + + + + + unknown assurance certification URI + + + + + diff --git a/mdx/uk/generate.xml b/mdx/uk/generate.xml index b259957e..9285cab2 100644 --- a/mdx/uk/generate.xml +++ b/mdx/uk/generate.xml @@ -119,7 +119,71 @@ - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -242,6 +310,11 @@ + + + @@ -299,6 +372,11 @@ + + + @@ -477,6 +555,11 @@ + + + @@ -587,6 +670,11 @@ + + + + + - - - - - - - - - - - - - - - - - - - - *** ENTITY COMMENT GOES HERE *** - - - - - - - - - - - - - - - - - - *** VERIFY OR REMOVE THE FOLLOWING ELEMENT *** - - *** VERIFY OR REMOVE THE FOLLOWING ELEMENT *** - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + *** ENTITY COMMENT GOES HERE *** + + + + + + + + + + + + + + *** FILL IN APPROPRIATE orgID VALUE BELOW *** + + + + + *** VERIFY OR REMOVE THE FOLLOWING ELEMENT *** + + *** VERIFY OR REMOVE THE FOLLOWING ELEMENT *** + + + + + + + + + + + + - - http://ukfederation.org.uk - - - - - en - http://ukfederation.org.uk/doc/mdrps-20130902 - - - - - - - - - - - - - - - - - - *** FILL IN *** - *** FILL IN *** - http://*** FILL IN ***/ - - - - - - - - - - - - *** FILL IN *** - *** FILL IN *** - mailto:*** FILL IN *** - - - - - - - - - - - - *** FILL IN *** - *** FILL IN *** - mailto:*** FILL IN *** - - - - - - - - - - - - *** FILL IN *** - *** FILL IN *** - mailto:*** FILL IN *** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol - - - - - - + + + + + + + + + + + + *** FILL IN *** + *** FILL IN *** + http://*** FILL IN ***/ + + + + + + + + + + + + *** FILL IN *** + *** FILL IN *** + mailto:*** FILL IN *** + + + + + + + + + + + + *** FILL IN *** + *** FILL IN *** + mailto:*** FILL IN *** + + + + + + + + + + + + *** FILL IN *** + *** FILL IN *** + mailto:*** FILL IN *** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol + + + + + + - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + diff --git a/mdx/uk/mdq-multisign.xml b/mdx/uk/mdq-multisign.xml new file mode 100644 index 00000000..443f09a8 --- /dev/null +++ b/mdx/uk/mdq-multisign.xml @@ -0,0 +1,97 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/mdx/uk/ns_norm_test.xsl b/mdx/uk/ns_norm_test.xsl index 23b6bdac..b05bf888 100644 --- a/mdx/uk/ns_norm_test.xsl +++ b/mdx/uk/ns_norm_test.xsl @@ -33,6 +33,7 @@ xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute" xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi" xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" + xmlns:remd="http://refeds.org/metadata" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" xmlns:ukfedlabel="http://ukfederation.org.uk/2006/11/label" diff --git a/mdx/uk/opensc-mac.cfg b/mdx/uk/opensc-mac.cfg new file mode 100644 index 00000000..afad28fc --- /dev/null +++ b/mdx/uk/opensc-mac.cfg @@ -0,0 +1,3 @@ +# PKCS#11 provider configuration for for OpenSC running under Mac OS X +name = OpenSC +library = /Library/OpenSC/lib/pkcs11/opensc-pkcs11.so diff --git a/mdx/uk/statistics.xsl b/mdx/uk/statistics.xsl index ef64c117..c31d1721 100644 --- a/mdx/uk/statistics.xsl +++ b/mdx/uk/statistics.xsl @@ -124,7 +124,6 @@

  • Entity Statistics

  • Entities by Owner

  • Identity Provider Accountability

    • -

  • Members by Primary Scope

  • Members Lacking Deployment

  • Shibboleth 1.3 Remnants

  • Export Aggregate: Entities Opted Out

    • @@ -151,14 +150,6 @@ to an aggregate IdP. Other IdP outsourcing, and any SP outsourcing, is not recorded in the table.

    -

    - The final column in the table, Primary Scope, records a scope (or security domain) - owned by the member and designated as its main (or only) scope. - ('Primary Scope' is a useful concept, but is not precisely defined. - It is only recorded if the member in question owns an IdP or outsources its IdP provision - - and perhaps not even then, as it it sometimes unclear which of the scopes - it owns should be designated as 'primary'.) -

    @@ -166,7 +157,6 @@ - @@ -973,33 +963,6 @@ - -

    Members by Primary Scope

    -

    Primary Scope is a useful concept, but is not precisely defined. - It is only recorded if the member in question owns an IdP or outsources its IdP provision - - and perhaps not even then, as it it sometimes unclear which of the scopes - it owns should be designated as 'primary'.

    -
    MemberIdPs SPs OSrcPrimary Scope
    - - - - - - - - - - - - -
    Primary ScopeMember
    - - - - -   - - - - - - @@ -1342,7 +1292,6 @@
  • : - [not-M] [IdP]
      +
    • : diff --git a/mdx/uk/strip_extensions.xsl b/mdx/uk/strip_extensions.xsl index edf0ca14..335a0236 100644 --- a/mdx/uk/strip_extensions.xsl +++ b/mdx/uk/strip_extensions.xsl @@ -22,7 +22,15 @@ --> - + + diff --git a/mdx/uk/strip_sirtfi_contacts.xsl b/mdx/uk/strip_sirtfi_contacts.xsl new file mode 100644 index 00000000..9975d051 --- /dev/null +++ b/mdx/uk/strip_sirtfi_contacts.xsl @@ -0,0 +1,34 @@ + + + + + + + + + + + + + + + + + + + + + diff --git a/mdx/uk/ukfederation-2014.jks b/mdx/uk/ukfederation-2014.jks deleted file mode 100644 index b06e2eb2..00000000 Binary files a/mdx/uk/ukfederation-2014.jks and /dev/null differ diff --git a/mdx/uk/ukfederation-mdq.pem b/mdx/uk/ukfederation-mdq.pem new file mode 100644 index 00000000..2b402a3a --- /dev/null +++ b/mdx/uk/ukfederation-mdq.pem @@ -0,0 +1,31 @@ +-----BEGIN CERTIFICATE----- +MIIFTTCCAzWgAwIBAgIEXGA32DANBgkqhkiG9w0BAQsFADBQMSEwHwYDVQQDExhV +SyBmZWRlcmF0aW9uIE1EUSBTaWduZXIxHjAcBgNVBAoTFUppc2MgU2VydmljZXMg +TGltaXRlZDELMAkGA1UEBhMCR0IwHhcNMTYxMTIzMTgxNjU2WhcNMzcxMjMxMTgx +NjU2WjBQMSEwHwYDVQQDExhVSyBmZWRlcmF0aW9uIE1EUSBTaWduZXIxHjAcBgNV +BAoTFUppc2MgU2VydmljZXMgTGltaXRlZDELMAkGA1UEBhMCR0IwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQCI5H5i6x+PJrKQyfI8ALGEisMiHwQLUbzs +h2Sx8ssRkldAohR5CHp5qeMMpBDb1Pv9bBGppe+10oh2URYcPE+gBuajZT1dL8pg +jE7F3UUOJa+MXh9jBeDmoiCmXO8V8T4DWtQAA2ObbYPKynCZ6FaGsGV8N7GYUsMK +SXT3dfkbAzk6J7l4Top4gg4yZd6ELQwarLG5M5h0xnIIaoNSIspxTLTkIMDgJRo8 +4VObLUriJwiLPzfHXAJxJdq+0AzHzhlDrg1hTtB82dOMGGyXZd4R6E6Aar8OrKa6 +uz8OYWj8oeLzHGmzdw7dr+7WesO+4ofNksPh3lyGoRlvhWTKgBIyzXTiPRWRl2k7 +b2EWEFBoBk4+GgVhi8hjA5yriTEe99RcigFq2Y1SemKYtz3ur2wmrBag+NsWm2rm +OHBehrYEDjlkHqzhvgqygoj2JFogP7L0ZvLh1VdU4waLAkLBLi5EJmlNjfN0b124 +UrJHXN7z/zFAl2r+Or1KZbZnWKBRD5IKZBAo/iRT4ULGqxImF+/yURXpuI12wz4P +JQXXmU9NNzJrWLaDH5mesCeVLWg64/RoqbIVIbMCd9FTxhJTH6rr/hLkldGtHjiy +EuvUE7lZ+2Xu2QAnW68tKmsSqk0/C3gt9l/3xhnUBaguhUo8OWrnZ1pxr+GSdnJ6 +NRm+f46RAQIDAQABoy8wLTAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBSbDGYuV4tc +bEWVEpPE3MjgF0c+UjANBgkqhkiG9w0BAQsFAAOCAgEAeBgy2CgA31Sriyw1tBnY +kzb6Vlemnv/UwZjivoOftqdp1TS8AeMs9qGgTBBeZkCV/6G8abq5gYBU8BETifR5 +FWxuIicU1oCNO4JwYoCpUNxwZfTbvuTKRcLia5o2OYvJo5friL5a8fWdhUy43tSh +ubOTRqeIPSDOYQif9D0Kq6A8+oURHEBA+wwDthkhRanvJYdHp6Z6YKiwTUXp1MCH +qe0q+LnoQ2ZRXRmSZ0y2t9ghPCFY9pD4OKnyyAxjQZdn1qFyMtYlkY9acT/ZdLDq +3LcmaGAJEqgH0dAbl3xRkwqotP//JJ/4ffTaJHF+D3yN9y2hJ1xYukfd8caRTB+W +O6yiQwcR7707irmF5HdW5hxIQlGgR1w/akz188KuGRP3MSWVIGEdwjCVz41XxI7V +0MC7tZs/gujXpb58BcWIog5fceTY2dux9g4MzYKifVAPORgVWXDyXtiyddWbVorI +He6vvbpRs5UaTyiLbUJkEs8ApJYHApZwJ2Ewz4Uea02qqP0nCVgcr+fnyugyVx4T +KWBrvb9T2A2Z2HuQlTWksTAdapluRUj3pvvzZ+tCTXYbW0YdYSMKKH+QEwzEe90+ +gy4dJqx8m9bQ3hOu60GqyYHT7ng+dx3SxZ8zA97iXEqJnqJksaIRhzLB/kku2obf +YC3UXJnkRumoAW1o2AjWQGg= +-----END CERTIFICATE----- diff --git a/mdx/validation-beans.xml b/mdx/validation-beans.xml index eb0b2633..3ded8bdf 100644 --- a/mdx/validation-beans.xml +++ b/mdx/validation-beans.xml @@ -311,6 +311,21 @@ p:XSLResource="classpath:_rules/check_shibboleth.xsl"/> + + + + + + orgid='$orgid'\n"; + $name_to_orgid{$name} = $orgid; +} +close(F); + +open(F, "ukid-to-name.txt") || die "could not open ukid-to-name map"; +while () { + my ($ukid, $name) = split /[\t\n]/; + # print "ukid='$ukid' --> name='$name'\n"; + if (defined $name_to_orgid{$name}) { + # print " --> orgid='$name_to_orgid{$name}'\n" + my $orgid = $name_to_orgid{$name}; + $command = "perl -i patch.pl $orgid entities/$ukid.xml"; + print "$ukid --> $orgid $command\n"; + system($command); + } else { + die "'$name' unmapped"; + # print " --> undefined\n"; + } +} +close(F); diff --git a/utilities/2016-09-16/gen-id-to-name.xsl b/utilities/2016-09-16/gen-id-to-name.xsl new file mode 100644 index 00000000..a2c477cc --- /dev/null +++ b/utilities/2016-09-16/gen-id-to-name.xsl @@ -0,0 +1,19 @@ + + + + + + + + + + + + + + + + diff --git a/utilities/2016-09-16/gen-ukid-to-name.xsl b/utilities/2016-09-16/gen-ukid-to-name.xsl new file mode 100644 index 00000000..3df2bd3b --- /dev/null +++ b/utilities/2016-09-16/gen-ukid-to-name.xsl @@ -0,0 +1,19 @@ + + + + + + + + + + + + + + + + diff --git a/utilities/2016-09-16/patch.pl b/utilities/2016-09-16/patch.pl new file mode 100755 index 00000000..c47766c3 --- /dev/null +++ b/utilities/2016-09-16/patch.pl @@ -0,0 +1,10 @@ +#!/usr/bin/env perl -W + +my $orgID = shift @ARGV; + +while (<>) { + if (/UKFederationMember/ && !/orgID/) { + s/UKFederationMember/UKFederationMember orgID="$orgID"/; + } + print $_; +} diff --git a/utilities/2016-10-06/README.md b/utilities/2016-10-06/README.md new file mode 100644 index 00000000..40080799 --- /dev/null +++ b/utilities/2016-10-06/README.md @@ -0,0 +1,25 @@ +# `utilities/2016-10-06` + +These transforms and scripts were used to add an `orgID` attribute to the +`Grant` and `GrantAll` elements on all participants in the `members.xml` file. + +## Step 1 + +Generate `id-to-name.txt` as follows: + + xsltproc --output id-to-name.txt gen-id-to-name.xsl members/members.xml + +This file contains a mapping between organization IDs and canonical +organization names, like this: + +ukforg4590 Ian A. Young + +The first field is separated from the second by a single tab character. + +## Step 2 + +Apply the `patch.pl` script to generate a new version of `members.xml`. + + ./patch.pl members/members.xml >members/members-new.xml + +Compare the two versions of the file before replacing the old one. diff --git a/utilities/2016-10-06/gen-id-to-name.xsl b/utilities/2016-10-06/gen-id-to-name.xsl new file mode 100644 index 00000000..a2c477cc --- /dev/null +++ b/utilities/2016-10-06/gen-id-to-name.xsl @@ -0,0 +1,19 @@ + + + + + + + + + + + + + + + + diff --git a/utilities/2016-10-06/patch.pl b/utilities/2016-10-06/patch.pl new file mode 100755 index 00000000..638f5d7d --- /dev/null +++ b/utilities/2016-10-06/patch.pl @@ -0,0 +1,32 @@ +#!/usr/bin/env perl -W + +open(F, "id-to-name.txt") || die "could not open id-to-name map"; +while () { + my ($orgid, $name) = split /[\t\n]/; + #print "name='$name' --> orgid='$orgid'\n"; + $name_to_orgid{$name} = $orgid; +} +close(F); + +while (<>) { + # 12 2 3 3 1 4 4 5 5 + if (/^((.*); - + # # Make an array of components, each something like "DNS:example.co.uk" # @@ -322,17 +303,17 @@ sub comment { my @altNames = split /\s*,\s*/, $next; # my $altSet = "{" . join(", ", @altNames) . "}"; # print "Alt set: $altSet\n"; - + # # Each "DNS" component is an additional name for this certificate. # while (@altNames) { my ($type, $altName) = split(":", pop @altNames); - $names{lc $altName}++ if $type eq 'DNS'; + $names{lc $altName}++ if $type eq 'DNS'; } next; } - + } close SSL; #print " text lines: $#lines\n"; @@ -376,27 +357,13 @@ sub comment { # close $fh; - # - # Add a warning for certain issuers. - # - if (defined $issuerMark{$issuerCN}) { - my $mark = $issuerMark{$issuerCN}; - if ($mark eq '?') { - warning("issuer '$issuerCN' suspect; verify"); - } - } - # # Count issuers. # if ($issuer eq $subject) { $issuers{'(self-signed certificate)'}++; } else { - if ($verboseIssuers) { - $issuers{$issuer}++; - } else { - $issuers{$issuerCN}++; - } + $issuers{'Other'}++; } # diff --git a/utilities/diff-between-publications.sh b/utilities/diff-between-publications.sh index 3b1dc26d..6928a14c 100755 --- a/utilities/diff-between-publications.sh +++ b/utilities/diff-between-publications.sh @@ -60,7 +60,7 @@ aggregatesizediffpc=$(echo "scale=5;$aggregatesizediff/$previousaggregatesize" | # -> Finally, get a git log between those two dates (epoch) in data repo currenttagdate=$(git --work-tree=$sharedwsdir/$repoproducts --git-dir=$sharedwsdir/$repoproducts/.git log -1 $currenttag --format=%ct) previoustagdate=$(git --work-tree=$sharedwsdir/$repoproducts --git-dir=$sharedwsdir/$repoproducts/.git log -1 $previoustag --format=%ct) -gitlog=$(git --work-tree=$sharedwsdir/$repodata --git-dir=$sharedwsdir/$repodata/.git log --format="" --after=$previoustagdate --before=$currenttagdate) +gitlog=$(git --work-tree=$sharedwsdir/$repodata --git-dir=$sharedwsdir/$repodata/.git log --format="" --after=$previoustagdate --before=$currenttagdate | sed "s/'//g") gitlognumentries=$(git --work-tree=$sharedwsdir/$repodata --git-dir=$sharedwsdir/$repodata/.git log --format="%h" --after=$previoustagdate --before=$currenttagdate | wc -l | awk '{print $1}') # ===== diff --git a/utilities/expiry_whitelist.txt b/utilities/expiry_whitelist.txt index 9bedfb6d..e3fd21fa 100644 --- a/utilities/expiry_whitelist.txt +++ b/utilities/expiry_whitelist.txt @@ -41,9 +41,6 @@ F9:04:F9:4A:4B:D4:7D:30:42:88:64:1B:C8:51:EF:CC:43:D9:30:10 \ 90:A3:BB:7B:C3:8E:EB:57:8D:DA:4E:42:01:64:3B:11:D9:B4:F5:75 \ Certificate expires 8 January 2015 - merger - Stourbridge College. Entity uk001743. Call 11565. -10:6D:8F:2D:14:31:B6:56:18:D8:CB:E9:BD:AB:96:DC:9D:ED:30:35 \ - Certificate expired 8 March 2015 - Shibboleth IdP for Southport College. Entity uk000308. Call 11905. - 64:44:D0:DF:86:52:F3:CD:3D:D6:75:8F:8E:84:82:92:7F:4E:93:C3 \ Certificate expired 10 April 2015 - Dawson Shibboleth SP for Semantico Limited. Entity uk002112. Call 12202. @@ -70,4 +67,7 @@ F3:63:1C:35:CC:BC:FD:E7:A4:B7:3B:C8:54:FF:AF:0F:0F:A2:66:04 \ 13:C7:EB:D0:42:30:4A:41:40:1C:6F:F8:08:AA:EB:89:B2:31:05:2B \ Expired certificate (09/05/2016) for a Shibboleth IdP for King George V College. Entity uk001322. Call 15465. + +F6:FF:A2:1A:61:1A:05:C0:2A:A3:5B:30:63:95:32:7D:16:39:D7:05 \ + Expired certificate in IdP for Henley College Coventry (uk001729) which is being replaced - SR00113049 # END diff --git a/build/normalise_all_fragments b/utilities/normalise_all_fragments similarity index 55% rename from build/normalise_all_fragments rename to utilities/normalise_all_fragments index 371cb0be..f19c6496 100755 --- a/build/normalise_all_fragments +++ b/utilities/normalise_all_fragments @@ -1,4 +1,4 @@ #!/bin/bash -find ../entities -name uk\*.xml \ +find ../../ukf-data/entities -name uk\*.xml \ -exec python normalise_fragment \{\} \; diff --git a/build/normalise_fragment b/utilities/normalise_fragment similarity index 78% rename from build/normalise_fragment rename to utilities/normalise_fragment index 06f58582..a5cc93ac 100755 --- a/build/normalise_fragment +++ b/utilities/normalise_fragment @@ -51,25 +51,27 @@ ED_TEMPLATE = Template(''' xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute" xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi" xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" + xmlns:remd="http://refeds.org/metadata" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" xmlns:ukfedlabel="http://ukfederation.org.uk/2006/11/label" xmlns:wayf="http://sdss.ac.uk/2006/06/WAYF" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" - xsi:schemaLocation="urn:oasis:names:tc:SAML:2.0:metadata ../xml/saml-schema-metadata-2.0.xsd - urn:oasis:names:tc:SAML:metadata:algsupport ../xml/sstc-saml-metadata-algsupport-v1.0.xsd - urn:oasis:names:tc:SAML:metadata:attribute ../xml/sstc-metadata-attr.xsd - urn:oasis:names:tc:SAML:metadata:rpi ../xml/saml-metadata-rpi-v1.0.xsd - urn:oasis:names:tc:SAML:metadata:ui ../xml/sstc-saml-metadata-ui-v1.0.xsd - urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol ../xml/sstc-saml-idp-discovery.xsd - urn:oasis:names:tc:SAML:profiles:SSO:request-init ../xml/sstc-request-initiation.xsd - urn:oasis:names:tc:SAML:2.0:assertion ../xml/saml-schema-assertion-2.0.xsd - urn:mace:shibboleth:metadata:1.0 ../xml/shibboleth-metadata-1.0.xsd - http://ukfederation.org.uk/2006/11/label ../xml/uk-fed-label.xsd - http://sdss.ac.uk/2006/06/WAYF ../xml/uk-wayf.xsd - http://www.w3.org/2001/04/xmlenc# ../xml/xenc-schema.xsd - http://www.w3.org/2009/xmlenc11# ../xml/xenc-schema-11.xsd - http://www.w3.org/2000/09/xmldsig# ../xml/xmldsig-core-schema.xsd" + xsi:schemaLocation="urn:oasis:names:tc:SAML:2.0:metadata saml-schema-metadata-2.0.xsd + urn:oasis:names:tc:SAML:metadata:algsupport sstc-saml-metadata-algsupport-v1.0.xsd + urn:oasis:names:tc:SAML:metadata:attribute sstc-metadata-attr.xsd + urn:oasis:names:tc:SAML:metadata:rpi saml-metadata-rpi-v1.0.xsd + urn:oasis:names:tc:SAML:metadata:ui sstc-saml-metadata-ui-v1.0.xsd + urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol sstc-saml-idp-discovery.xsd + urn:oasis:names:tc:SAML:profiles:SSO:request-init sstc-request-initiation.xsd + urn:oasis:names:tc:SAML:2.0:assertion saml-schema-assertion-2.0.xsd + urn:mace:shibboleth:metadata:1.0 shibboleth-metadata-1.0.xsd + http://ukfederation.org.uk/2006/11/label uk-fed-label.xsd + http://refeds.org/metadata refeds-metadata.xsd + http://sdss.ac.uk/2006/06/WAYF uk-wayf.xsd + http://www.w3.org/2001/04/xmlenc# xenc-schema.xsd + http://www.w3.org/2009/xmlenc11# xenc-schema-11.xsd + http://www.w3.org/2000/09/xmldsig# xmldsig-core-schema.xsd" ID="${ID}" entityID="${entityID}"> ''') diff --git a/utilities/stats-generate.sh b/utilities/stats-generate.sh new file mode 100755 index 00000000..3e694661 --- /dev/null +++ b/utilities/stats-generate.sh @@ -0,0 +1,766 @@ +#!/bin/bash + +# This script will calculate stats +# +# Expects the following to be provided as arguments: +# * Time period - day/month/year +# * Time - YYYY-MM-DD/YYYY-MM/YYYY + +# Assumes you've just run stats-sync.sh to make sure the source +# log files are up to date + + + + +# ===== +# = Some common functions +# ===== + +bytestohr() +{ + value=$1 + valueint=$1 + i=0 + suffix=" KMGTPEZY" + while [ $valueint -gt 1024 ]; do + i=$((i+1)) + valueint=$((valueint/1024)) + value=$(echo "scale=1;$value/1024" | bc) + done + echo $value ${suffix:$i:1}B +} + + + + +# ===== +# = Set some common options +# ===== + +logslocation="/var/stats" +usageerrormsg="usage: generate-stats.sh