Merged changes from RC1 (using command-line options to specify credentials)

diff --git a/org.glite.security.proxyrenewal/config/startup b/org.glite.security.proxyrenewal/config/startup
index db273c2..70d1c6b 100755 (executable)
--- a/org.glite.security.proxyrenewal/config/startup
+++ b/org.glite.security.proxyrenewal/config/startup
@@ -9,6 +9,8 @@ GLITE_LOCATION_VAR=${GLITE_LOCATION_VAR:-/opt/glite/var}
 
 PROXY_REPOSITORY="$GLITE_LOCATION_VAR/spool/glite-renewd"
 
+unset creds
+
 start()
 {
        if test -z "$GLITE_USER" ;then
@@ -17,15 +19,19 @@ start()
                return 1
        fi
 
-       if [ -n "$GLITE_HOST_CERT" ]; then 
-               X509_USER_CERT="$GLITE_HOST_CERT"
-               export X509_USER_CERT
-       fi
-       if [ -n "$GLITE_HOST_KEY" ]; then
-               X509_USER_KEY="$GLITE_HOST_KEY"
-               export X509_USER_KEY
+       [ -n "$GLITE_HOST_CERT" -a -n "$GLITE_HOST_KEY" ] &&
+               creds="-t $GLITE_HOST_CERT -k $GLITE_HOST_KEY"
+
+       if test -z "$creds"; then
+               if su - $GLITE_USER -c "test -r /etc/grid-security/hostkey.pem -a -r /etc/grid-security/hostcert.pem"; then
+                       echo "$0: WARNING: /etc/grid-security/hostkey.pem readable by $GLITE_USER"
+                       creds="-t /etc/grid-security/hostcert.pem -k /etc/grid-security/hostkey.pem"
+               fi
        fi
 
+       [ -z "$creds" ] &&
+               echo $0: WARNING: No credentials specified. Using default lookup which is dangerous. >&2
+
        echo -n Starting ProxyRenewal Daemon: glite-proxy-renewd ...
 
        if [ ! -d "$PROXY_REPOSITORY" ]; then
@@ -35,7 +41,7 @@ start()
        fi
        
        su - $GLITE_USER -c "$GLITE_LOCATION/bin/glite-proxy-renewd \
-               -r $PROXY_REPOSITORY" && echo " done"
+               -r $PROXY_REPOSITORY $creds" && echo " done"
 }
 
 stop()