From be154e9bb175026d62657d1d58d5d294bf07941d Mon Sep 17 00:00:00 2001
From: Mats Rynge <mats@rynge.net>
Date: Tue, 17 Dec 2024 08:27:34 -0800
Subject: [PATCH] vo-frontend: still need the SSL patch for 3.10.8

---
 opensciencegrid/vo-frontend/patches/3.10.8.sh | 35 +++++++++++++++++++
 1 file changed, 35 insertions(+)
 create mode 100755 opensciencegrid/vo-frontend/patches/3.10.8.sh

diff --git a/opensciencegrid/vo-frontend/patches/3.10.8.sh b/opensciencegrid/vo-frontend/patches/3.10.8.sh
new file mode 100755
index 00000000..bd3d3f87
--- /dev/null
+++ b/opensciencegrid/vo-frontend/patches/3.10.8.sh
@@ -0,0 +1,35 @@
+#!/bin/bash
+set -e
+# Use git diff in the glideinwms checkout to generate the patch
+SITE_PACKAGES=$(python3 -c 'import sysconfig; print(sysconfig.get_paths()["purelib"])')
+pushd $SITE_PACKAGES/glideinwms
+patch -p1 <<'__END_PATCH__'
+diff --git a/creation/lib/cvWCreate.py b/creation/lib/cvWCreate.py
+index f88353830..80e0c943a 100644
+--- a/creation/lib/cvWCreate.py
++++ b/creation/lib/cvWCreate.py
+@@ -210,7 +210,7 @@ def create_client_condor_config(config_fname, mapfile_fname, collector_nodes, cl
+         fd.write("############################\n")
+
+         fd.write("\n# Force GSI authentication\n")
+-        fd.write("SEC_DEFAULT_AUTHENTICATION_METHODS = IDTOKENS, GSI\n")
++        fd.write("SEC_DEFAULT_AUTHENTICATION_METHODS = IDTOKENS, SSL\n")
+         fd.write("SEC_DEFAULT_AUTHENTICATION = REQUIRED\n")
+
+         fd.write("\n#################################\n")
+@@ -224,7 +224,12 @@ def create_client_condor_config(config_fname, mapfile_fname, collector_nodes, cl
+         fd.write("# I.e. we only talk to servers that have \n")
+         fd.write("#  a DN mapped in our mapfile\n")
+         for context in condorSecurity.CONDOR_CONTEXT_LIST:
+-            fd.write("DENY_%s = anonymous@*\n" % context)
++            if context == "CLIENT":
++                # as we map SSL to anonymous, but want to allow
++                # anonymous clients, just put a placeholder for CLIENT
++                fd.write("DENY_%s = no-deny\n" % context)
++            else:
++                fd.write("DENY_%s = anonymous@*\n" % context)
+         fd.write("\n")
+         for context in condorSecurity.CONDOR_CONTEXT_LIST:
+             fd.write("ALLOW_%s = *@*\n" % context)
+__END_PATCH__
+popd