summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorZuul <zuul@review.openstack.org>2018-08-03 16:29:12 +0000
committerGerrit Code Review <review@openstack.org>2018-08-03 16:29:12 +0000
commit8837cfe7e74a6eaaf1433920b8d252db90ce23ee (patch)
tree160b891d08f4ab656a1a8ea04745e7a19879ce53
parent627224770e08e31d37a76c349804551f491abeab (diff)
parent87cea70474248ad64a376aa6b032622d35047f1c (diff)
Merge "Relocate python-keyring to stx-integ/security/python-keyring"
-rw-r--r--centos_pkg_dirs1
-rw-r--r--python-keyring/PKG-INFO16
-rw-r--r--python-keyring/centos/build_srpm.data2
-rw-r--r--python-keyring/centos/meta_patches/0001-move-package-from-tarball-to-srpm.patch78
-rw-r--r--python-keyring/centos/meta_patches/0002-meta-buildrequires-python-setuptools_scm.patch20
-rw-r--r--python-keyring/centos/meta_patches/PATCH_ORDER2
-rw-r--r--python-keyring/centos/srpm_path1
-rw-r--r--python-keyring/python-keyring/chmod_keyringlock2.patch37
-rw-r--r--python-keyring/python-keyring/chown_keyringlock_file.patch12
-rw-r--r--python-keyring/python-keyring/fix_keyring_lockfile_location.patch113
-rw-r--r--python-keyring/python-keyring/keyring_path_change.patch24
-rw-r--r--python-keyring/python-keyring/lock_keyring_file.patch45
-rw-r--r--python-keyring/python-keyring/lock_keyring_file2.patch42
-rw-r--r--python-keyring/python-keyring/no_keyring_password.patch70
-rw-r--r--python-keyring/python-keyring/remove-reader-lock.patch136
-rw-r--r--python-keyring/python-keyring/remove_others_perms_on_keyringcfg_file.patch15
-rw-r--r--python-keyring/python-keyring/use_new_lock.patch243
-rw-r--r--python-keyring/python-keyring/use_temporary_file.patch162
18 files changed, 0 insertions, 1019 deletions
diff --git a/centos_pkg_dirs b/centos_pkg_dirs
index 0fa12fc..278397a 100644
--- a/centos_pkg_dirs
+++ b/centos_pkg_dirs
@@ -1,3 +1,2 @@
1python-keyring
2seabios 1seabios
3grub2 2grub2
diff --git a/python-keyring/PKG-INFO b/python-keyring/PKG-INFO
deleted file mode 100644
index 6ee15e9..0000000
--- a/python-keyring/PKG-INFO
+++ /dev/null
@@ -1,16 +0,0 @@
1Metadata-Version: 1.1
2Name: python-keyring
3Version: 5.7
4Summary: Python 2 library to store and access passwords safely
5Home-page: https://github.com/jaraco/keyring
6Author:
7Author-email:
8License: MIT and Python
9
10Description:
11The Python keyring lib provides a easy way to access the system keyring
12service from python. It can be used in any application that needs safe
13password storage.
14
15
16Platform: UNKNOWN
diff --git a/python-keyring/centos/build_srpm.data b/python-keyring/centos/build_srpm.data
deleted file mode 100644
index 3ffb508..0000000
--- a/python-keyring/centos/build_srpm.data
+++ /dev/null
@@ -1,2 +0,0 @@
1COPY_LIST="python-keyring/*"
2TIS_PATCH_VER=2
diff --git a/python-keyring/centos/meta_patches/0001-move-package-from-tarball-to-srpm.patch b/python-keyring/centos/meta_patches/0001-move-package-from-tarball-to-srpm.patch
deleted file mode 100644
index 151ad3d..0000000
--- a/python-keyring/centos/meta_patches/0001-move-package-from-tarball-to-srpm.patch
+++ /dev/null
@@ -1,78 +0,0 @@
1From d7f5646de9ec990ed81489cc12d7942654bc017d Mon Sep 17 00:00:00 2001
2From: Kam Nasim <kam.nasim@windriver.com>
3Date: Fri, 23 Dec 2016 14:30:17 -0500
4Subject: [PATCH] first meta patch to move python-keyring package from download
5 tarball to srpm. Also updated to add tis patch versioning
6
7---
8 SPECS/python-keyring.spec | 30 +++++++++++++++++++++++++++---
9 1 file changed, 27 insertions(+), 3 deletions(-)
10
11diff --git a/SPECS/python-keyring.spec b/SPECS/python-keyring.spec
12index 14e4e93..60d05ee 100644
13--- a/SPECS/python-keyring.spec
14+++ b/SPECS/python-keyring.spec
15@@ -2,7 +2,7 @@
16
17 Name: python-keyring
18 Version: 5.7.1
19-Release: 1%{?dist}
20+Release: 1%{?_tis_dist}.%{tis_patch_ver}
21 Summary: Python 2 library to store and access passwords safely
22 License: MIT and Python
23 URL: http://bitbucket.org/kang/python-keyring-lib/
24@@ -10,10 +10,21 @@ Source0: https://pypi.io/packages/source/k/keyring/keyring-%{version}.tar
25 BuildArch: noarch
26 BuildRequires: python2-devel
27 BuildRequires: python-setuptools
28-BuildRequires: python-setuptools_scm
29 Obsoletes: %{name}-kwallet < %{version}-%{release}
30 Obsoletes: %{name}-gnome < %{version}-%{release}
31
32+Patch0: no_keyring_password.patch
33+Patch1: lock_keyring_file.patch
34+Patch2: lock_keyring_file2.patch
35+Patch3: use_new_lock.patch
36+Patch4: fix_keyring_lockfile_location.patch
37+Patch5: use_temporary_file.patch
38+Patch6: chown_keyringlock_file.patch
39+Patch7: chmod_keyringlock2.patch
40+Patch8: keyring_path_change.patch
41+Patch9: remove-reader-lock.patch
42+Patch10: remove_others_perms_on_keyringcfg_file.patch
43+
44 %description
45 The Python keyring lib provides a easy way to access the system keyring
46 service from python. It can be used in any application that needs safe
47@@ -39,7 +50,6 @@ Python keyring lib also provides following build-in keyrings.
48 Summary: Python 3 library to access the system keyring service
49 BuildRequires: python3-devel
50 BuildRequires: python3-setuptools
51-BuildRequires: python3-setuptools_scm
52
53 %description -n python3-keyring
54 The Python keyring lib provides a easy way to access the system keyring
55@@ -64,6 +74,20 @@ Python keyring lib also provides following build-in keyrings.
56
57 %prep
58 %setup -qn keyring-%{version}
59+
60+# WRS
61+%patch0 -p1
62+%patch1 -p1
63+%patch2 -p1
64+%patch3 -p1
65+%patch4 -p1
66+%patch5 -p1
67+%patch6 -p1
68+%patch7 -p1
69+%patch8 -p1
70+%patch9 -p1
71+%patch10 -p1
72+
73 rm -frv keyring.egg-info
74 # Drop redundant shebangs.
75 sed -i '1{\@^#!/usr/bin/env python@d}' keyring/cli.py
76--
771.8.3.1
78
diff --git a/python-keyring/centos/meta_patches/0002-meta-buildrequires-python-setuptools_scm.patch b/python-keyring/centos/meta_patches/0002-meta-buildrequires-python-setuptools_scm.patch
deleted file mode 100644
index 28c9e49..0000000
--- a/python-keyring/centos/meta_patches/0002-meta-buildrequires-python-setuptools_scm.patch
+++ /dev/null
@@ -1,20 +0,0 @@
1diff --git a/SPECS/python-keyring.spec b/SPECS/python-keyring.spec
2index 60d05ee..a41f849 100644
3--- a/SPECS/python-keyring.spec
4+++ b/SPECS/python-keyring.spec
5@@ -10,6 +10,7 @@ Source0: https://pypi.io/packages/source/k/keyring/keyring-%{version}.tar
6 BuildArch: noarch
7 BuildRequires: python2-devel
8 BuildRequires: python-setuptools
9+BuildRequires: python2-setuptools_scm
10 Obsoletes: %{name}-kwallet < %{version}-%{release}
11 Obsoletes: %{name}-gnome < %{version}-%{release}
12
13@@ -50,6 +51,7 @@ Python keyring lib also provides following build-in keyrings.
14 Summary: Python 3 library to access the system keyring service
15 BuildRequires: python3-devel
16 BuildRequires: python3-setuptools
17+BuildRequires: python3-setuptools_scm
18
19 %description -n python3-keyring
20 The Python keyring lib provides a easy way to access the system keyring
diff --git a/python-keyring/centos/meta_patches/PATCH_ORDER b/python-keyring/centos/meta_patches/PATCH_ORDER
deleted file mode 100644
index d6a7109..0000000
--- a/python-keyring/centos/meta_patches/PATCH_ORDER
+++ /dev/null
@@ -1,2 +0,0 @@
10001-move-package-from-tarball-to-srpm.patch
20002-meta-buildrequires-python-setuptools_scm.patch
diff --git a/python-keyring/centos/srpm_path b/python-keyring/centos/srpm_path
deleted file mode 100644
index 1dce707..0000000
--- a/python-keyring/centos/srpm_path
+++ /dev/null
@@ -1 +0,0 @@
1mirror:Source/python-keyring-5.7.1-1.el7.src.rpm
diff --git a/python-keyring/python-keyring/chmod_keyringlock2.patch b/python-keyring/python-keyring/chmod_keyringlock2.patch
deleted file mode 100644
index f95be88..0000000
--- a/python-keyring/python-keyring/chmod_keyringlock2.patch
+++ /dev/null
@@ -1,37 +0,0 @@
1Index: keyring-5.3/keyring/backends/file.py
2===================================================================
3--- keyring-5.3.orig/keyring/backends/file.py
4+++ keyring-5.3/keyring/backends/file.py
5@@ -68,6 +68,9 @@ class BaseKeyring(FileBacked, KeyringBac
6 service = escape_for_ini(service)
7 username = escape_for_ini(username)
8
9+ # ensure the file exists
10+ self._ensure_file_path()
11+
12 # load the passwords from the file
13 config = configparser.RawConfigParser()
14 if os.path.exists(self.file_path):
15@@ -146,12 +149,16 @@ class BaseKeyring(FileBacked, KeyringBac
16 user_read_write = 0o644
17 os.chmod(self.file_path, user_read_write)
18 if not os.path.isfile(lockdir + "/" + lockfile):
19- import stat
20- with open(lockdir + "/" + lockfile, 'w'):
21- pass
22- # must have the lock file with the correct group permissisions g+rw
23- os.chmod(lockdir + "/" + lockfile, stat.S_IRWXG | stat.S_IRWXU)
24- os.chown(lockdir + "/" + lockfile,-1,345)
25+ with open(lockdir + "/" + lockfile, 'w'):
26+ pass
27+ if os.path.isfile(lockdir + "/" + lockfile):
28+ import stat
29+ import grp
30+ if oct(stat.S_IMODE(os.stat(lockdir + "/" + lockfile).st_mode)) != '0770':
31+ # Must have the lock file with the correct group and permissisions g+rw
32+ os.chmod(lockdir + "/" + lockfile, stat.S_IRWXG | stat.S_IRWXU)
33+ groupinfo = grp.getgrnam('wrs_protected')
34+ os.chown(lockdir + "/" + lockfile,-1,groupinfo.gr_gid)
35
36
37 def delete_password(self, service, username):
diff --git a/python-keyring/python-keyring/chown_keyringlock_file.patch b/python-keyring/python-keyring/chown_keyringlock_file.patch
deleted file mode 100644
index 28c56bc..0000000
--- a/python-keyring/python-keyring/chown_keyringlock_file.patch
+++ /dev/null
@@ -1,12 +0,0 @@
1Index: keyring-5.3/keyring/backends/file.py
2===================================================================
3--- keyring-5.3.orig/keyring/backends/file.py
4+++ keyring-5.3/keyring/backends/file.py
5@@ -151,6 +151,7 @@ class BaseKeyring(FileBacked, KeyringBac
6 pass
7 # must have the lock file with the correct group permissisions g+rw
8 os.chmod(lockdir + "/" + lockfile, stat.S_IRWXG | stat.S_IRWXU)
9+ os.chown(lockdir + "/" + lockfile,-1,345)
10
11
12 def delete_password(self, service, username):
diff --git a/python-keyring/python-keyring/fix_keyring_lockfile_location.patch b/python-keyring/python-keyring/fix_keyring_lockfile_location.patch
deleted file mode 100644
index 4287256..0000000
--- a/python-keyring/python-keyring/fix_keyring_lockfile_location.patch
+++ /dev/null
@@ -1,113 +0,0 @@
1Index: keyring-5.3/keyring/backends/file.py
2===================================================================
3--- keyring-5.3.orig/keyring/backends/file.py
4+++ keyring-5.3/keyring/backends/file.py
5@@ -19,6 +19,8 @@ from ..util.escape import escape as esca
6 from oslo_concurrency import lockutils
7
8
9+lockfile = "keyringlock"
10+
11 class FileBacked(object):
12 @abc.abstractproperty
13 def filename(self):
14@@ -104,16 +106,18 @@ class BaseKeyring(FileBacked, KeyringBac
15 service = escape_for_ini(service)
16 username = escape_for_ini(username)
17
18+ # ensure the file exists
19+ self._ensure_file_path()
20+
21 # encrypt the password
22 password_encrypted = self.encrypt(password.encode('utf-8'))
23 # encode with base64
24 password_base64 = base64.encodestring(password_encrypted).decode()
25
26+ lockdir = os.path.dirname(self.file_path)
27
28- with lockutils.lock("keyringlock",external=True,lock_path="/tmp"):
29+ with lockutils.lock(lockfile,external=True,lock_path=lockdir):
30
31- # ensure the file exists
32- self._ensure_file_path()
33
34 config = None
35 try:
36@@ -159,14 +163,13 @@ class BaseKeyring(FileBacked, KeyringBac
37
38
39
40-
41-
42 def _ensure_file_path(self):
43 """
44 Ensure the storage path exists.
45 If it doesn't, create it with "go-rwx" permissions.
46 """
47 storage_root = os.path.dirname(self.file_path)
48+ lockdir = storage_root
49 if storage_root and not os.path.isdir(storage_root):
50 os.makedirs(storage_root)
51 if not os.path.isfile(self.file_path):
52@@ -175,13 +178,22 @@ class BaseKeyring(FileBacked, KeyringBac
53 pass
54 user_read_write = 0o644
55 os.chmod(self.file_path, user_read_write)
56+ if not os.path.isfile(lockdir + "/" + lockfile):
57+ import stat
58+ with open(lockdir + "/" + lockfile, 'w'):
59+ pass
60+ # must have the lock file with the correct group permissisions g+rw
61+ os.chmod(lockdir + "/" + lockfile, stat.S_IRWXG | stat.S_IRWXU)
62+
63
64 def delete_password(self, service, username):
65 """Delete the password for the username of the service.
66 """
67 service = escape_for_ini(service)
68 username = escape_for_ini(username)
69- with lockutils.lock("keyringlock",external=True,lock_path="/tmp"):
70+
71+ lockdir = os.path.dirname(self.file_path)
72+ with lockutils.lock(lockfile,external=True,lock_path=lockdir):
73 config = configparser.RawConfigParser()
74 if os.path.exists(self.file_path):
75 config.read(self.file_path)
76@@ -290,17 +302,6 @@ class EncryptedKeyring(Encrypted, BaseKe
77 # set a reference password, used to check that the password provided
78 # matches for subsequent checks.
79
80- # try to pre-create the /tmp/keyringlock if it doesn't exist
81- lockfile = "/tmp/keyringlock"
82- if os.geteuid() == 0 and (not os.path.exists(lockfile)):
83- from pwd import getpwnam
84- import stat
85- nonrootuser = "wrsroot"
86- with open(lockfile, 'w'):
87- pass
88- # must have the lock file with the correct group permissisions g+rw
89- os.chmod(lockfile, stat.S_IRWXG | stat.S_IRWXU)
90-
91
92 self.set_password('keyring-setting', 'password reference',
93 'password reference value')
94@@ -313,9 +314,10 @@ class EncryptedKeyring(Encrypted, BaseKe
95 return False
96 self._migrate()
97
98+ lockdir = os.path.dirname(self.file_path)
99 # lock access to the file_path here, make sure it's not being written
100 # to while while we're checking for keyring-setting
101- with lockutils.lock("keyringlock",external=True,lock_path="/tmp"):
102+ with lockutils.lock(lockfile,external=True,lock_path=lockdir):
103 config = configparser.RawConfigParser()
104 config.read(self.file_path)
105 try:
106@@ -325,7 +327,6 @@ class EncryptedKeyring(Encrypted, BaseKe
107 )
108 except (configparser.NoSectionError, configparser.NoOptionError):
109 # The current file doesn't have the keyring-setting, check the backup
110- logging.warning("_check_file: The current file doesn't have the keyring-setting, check the backup")
111 if os.path.exists(self.backup_file_path):
112 config = configparser.RawConfigParser()
113 config.read(self.backup_file_path)
diff --git a/python-keyring/python-keyring/keyring_path_change.patch b/python-keyring/python-keyring/keyring_path_change.patch
deleted file mode 100644
index 46aa235..0000000
--- a/python-keyring/python-keyring/keyring_path_change.patch
+++ /dev/null
@@ -1,24 +0,0 @@
1---
2 keyring/util/platform_.py | 4 +++-
3 1 file changed, 3 insertions(+), 1 deletion(-)
4
5--- a/keyring/util/platform_.py
6+++ b/keyring/util/platform_.py
7@@ -2,6 +2,7 @@ from __future__ import absolute_import
8
9 import os
10 import platform
11+from tsconfig.tsconfig import SW_VERSION
12
13 def _settings_root_XP():
14 return os.path.join(os.environ['USERPROFILE'], 'Local Settings')
15@@ -19,7 +20,8 @@ def _data_root_Linux():
16 Use freedesktop.org Base Dir Specfication to determine storage
17 location.
18 """
19- fallback = os.path.expanduser('/opt/platform/.keyring/')
20+ keyring_dir = os.path.join('/opt/platform/.keyring', SW_VERSION)
21+ fallback = os.path.expanduser(keyring_dir)
22 root = os.environ.get('XDG_DATA_HOME', None) or fallback
23 return os.path.join(root, 'python_keyring')
24
diff --git a/python-keyring/python-keyring/lock_keyring_file.patch b/python-keyring/python-keyring/lock_keyring_file.patch
deleted file mode 100644
index dab7248..0000000
--- a/python-keyring/python-keyring/lock_keyring_file.patch
+++ /dev/null
@@ -1,45 +0,0 @@
1Index: keyring-5.3/keyring/backends/file.py
2===================================================================
3--- keyring-5.3.orig/keyring/backends/file.py
4+++ keyring-5.3/keyring/backends/file.py
5@@ -6,6 +6,7 @@ import base64
6 import sys
7 import json
8 import abc
9+import time
10
11 from ..py27compat import configparser
12
13@@ -95,14 +96,29 @@ class BaseKeyring(FileBacked, KeyringBac
14 config = configparser.RawConfigParser()
15 config.read(self.file_path)
16
17+ # obtain lock for the keyring file
18+ lock = ''
19+ i = 60
20+ while i:
21+ if not os.path.isfile('/tmp/.keyringlock'):
22+ lock = open('/tmp/.keyringlock', 'w')
23+ break
24+ else:
25+ time.sleep(0.500)
26+ i=i-1
27+
28 # update the keyring with the password
29 if not config.has_section(service):
30 config.add_section(service)
31 config.set(service, username, password_base64)
32
33- # save the keyring back to the file
34- with open(self.file_path, 'w') as config_file:
35- config.write(config_file)
36+ if i:
37+ # save the keyring back to the file
38+ with open(self.file_path, 'w') as config_file:
39+ config.write(config_file)
40+ lock.close()
41+ os.remove('/tmp/.keyringlock')
42+
43
44 def _ensure_file_path(self):
45 """
diff --git a/python-keyring/python-keyring/lock_keyring_file2.patch b/python-keyring/python-keyring/lock_keyring_file2.patch
deleted file mode 100644
index 7633b5e..0000000
--- a/python-keyring/python-keyring/lock_keyring_file2.patch
+++ /dev/null
@@ -1,42 +0,0 @@
1Index: keyring-5.3/keyring/backends/file.py
2===================================================================
3--- keyring-5.3.orig/keyring/backends/file.py
4+++ keyring-5.3/keyring/backends/file.py
5@@ -92,10 +92,6 @@ class BaseKeyring(FileBacked, KeyringBac
6 # ensure the file exists
7 self._ensure_file_path()
8
9- # load the keyring from the disk
10- config = configparser.RawConfigParser()
11- config.read(self.file_path)
12-
13 # obtain lock for the keyring file
14 lock = ''
15 i = 60
16@@ -107,15 +103,21 @@ class BaseKeyring(FileBacked, KeyringBac
17 time.sleep(0.500)
18 i=i-1
19
20- # update the keyring with the password
21- if not config.has_section(service):
22- config.add_section(service)
23- config.set(service, username, password_base64)
24
25 if i:
26- # save the keyring back to the file
27+ # Load the keyring from the disk
28+ config = configparser.RawConfigParser()
29+ config.read(self.file_path)
30+
31+ # Update the keyring with the password
32+ if not config.has_section(service):
33+ config.add_section(service)
34+ config.set(service, username, password_base64)
35+
36+ # Save the keyring back to the file
37 with open(self.file_path, 'w') as config_file:
38 config.write(config_file)
39+
40 lock.close()
41 os.remove('/tmp/.keyringlock')
42
diff --git a/python-keyring/python-keyring/no_keyring_password.patch b/python-keyring/python-keyring/no_keyring_password.patch
deleted file mode 100644
index 6ea22fd..0000000
--- a/python-keyring/python-keyring/no_keyring_password.patch
+++ /dev/null
@@ -1,70 +0,0 @@
1Index: keyring-3.2/keyring/backends/file.py
2===================================================================
3--- keyring-3.2.orig/keyring/backends/file.py
4+++ keyring-3.2/keyring/backends/file.py
5@@ -114,7 +114,7 @@ class BaseKeyring(KeyringBackend):
6 # create the file without group/world permissions
7 with open(self.file_path, 'w'):
8 pass
9- user_read_write = 0o600
10+ user_read_write = 0o644
11 os.chmod(self.file_path, user_read_write)
12
13 def delete_password(self, service, username):
14@@ -188,12 +188,19 @@ class EncryptedKeyring(BaseKeyring):
15
16 def _get_new_password(self):
17 while True:
18- password = getpass.getpass(
19- "Please set a password for your new keyring: ")
20- confirm = getpass.getpass('Please confirm the password: ')
21- if password != confirm:
22- sys.stderr.write("Error: Your passwords didn't match\n")
23- continue
24+#****************************************************************
25+# Forging the Keyring password to allow automation and still keep
26+# the password encoded. TODO to be revisited when Barbican keyring
27+# Will be used with the complete PKI solution
28+#****************************************************************
29+# password = getpass.getpass(
30+# "Please set a password for your new keyring: ")
31+# confirm = getpass.getpass('Please confirm the password: ')
32+# if password != confirm:
33+# sys.stderr.write("Error: Your passwords didn't match\n")
34+# continue
35+ password = "Please set a password for your new keyring: "
36+
37 if '' == password.strip():
38 # forbid the blank password
39 sys.stderr.write("Error: blank passwords aren't allowed.\n")
40@@ -233,8 +240,15 @@ class EncryptedKeyring(BaseKeyring):
41 Unlock this keyring by getting the password for the keyring from the
42 user.
43 """
44- self.keyring_key = getpass.getpass(
45- 'Please enter password for encrypted keyring: ')
46+#****************************************************************
47+# Forging the Keyring password to allow automation and still keep
48+# the password encoded. TODO to be revisited when Barbican keyring
49+# Will be used with the complete PKI solution
50+#****************************************************************
51+# self.keyring_key = getpass.getpass(
52+# 'Please enter password for encrypted keyring: ')
53+ self.keyring_key = "Please set a password for your new keyring: "
54+
55 try:
56 ref_pw = self.get_password('keyring-setting', 'password reference')
57 assert ref_pw == 'password reference value'
58Index: keyring-3.2/keyring/util/platform_.py
59===================================================================
60--- keyring-3.2.orig/keyring/util/platform_.py
61+++ keyring-3.2/keyring/util/platform_.py
62@@ -16,7 +16,7 @@ def _data_root_Linux():
63 Use freedesktop.org Base Dir Specfication to determine storage
64 location.
65 """
66- fallback = os.path.expanduser('~/.local/share')
67+ fallback = os.path.expanduser('/opt/platform/.keyring/')
68 root = os.environ.get('XDG_DATA_HOME', None) or fallback
69 return os.path.join(root, 'python_keyring')
70
diff --git a/python-keyring/python-keyring/remove-reader-lock.patch b/python-keyring/python-keyring/remove-reader-lock.patch
deleted file mode 100644
index 137805d..0000000
--- a/python-keyring/python-keyring/remove-reader-lock.patch
+++ /dev/null
@@ -1,136 +0,0 @@
1---
2 keyring/backends/file.py | 85 ++++++++++++++++++++++-------------------------
3 1 file changed, 41 insertions(+), 44 deletions(-)
4
5--- a/keyring/backends/file.py
6+++ b/keyring/backends/file.py
7@@ -18,6 +18,7 @@ from ..backend import KeyringBackend
8 from ..util import platform_, properties
9 from ..util.escape import escape as escape_for_ini
10 from oslo_concurrency import lockutils
11+from tempfile import mkstemp
12
13
14 lockfile = "keyringlock"
15@@ -102,11 +103,9 @@ class BaseKeyring(FileBacked, KeyringBac
16 # encode with base64
17 password_base64 = base64.encodestring(password_encrypted).decode()
18
19- lockdir = os.path.dirname(self.file_path)
20-
21- with lockutils.lock(lockfile,external=True,lock_path=lockdir):
22-
23+ keyringdir = os.path.dirname(self.file_path)
24
25+ with lockutils.lock(lockfile, external=True, lock_path=keyringdir):
26 config = None
27 try:
28 # Load the keyring from the disk
29@@ -121,16 +120,20 @@ class BaseKeyring(FileBacked, KeyringBac
30 config.add_section(service)
31 config.set(service, username, password_base64)
32
33- # Save the keyring back to the file
34- storage_root = os.path.dirname(self.file_path)
35- tmpfile = "tmpfile.%s" % os.getpid()
36- with open(storage_root + "/" + tmpfile, 'w') as config_file:
37- config.write(config_file)
38- # copy will overwrite but move will not
39- shutil.copy(storage_root + "/" + tmpfile,self.file_path)
40- # wipe out tmpfile here
41- os.remove(storage_root + "/" + tmpfile)
42+ # remove any residual temporary files here
43+ try:
44+ for tmpfile in glob.glob("%s/tmp*" % keyringdir):
45+ os.remove(tmpfile)
46+ except:
47+ logging.warning("_check_file: tmpfile removal failed")
48
49+ # Write the keyring to a temp file, then move the new file
50+ # to avoid overwriting the existing inode
51+ (fd, fname) = mkstemp(dir=keyringdir)
52+ with os.fdopen(fd, "w") as config_file:
53+ config.write(config_file)
54+ os.chmod(fname, os.stat(self.file_path).st_mode)
55+ shutil.move(fname, self.file_path)
56
57
58 def _ensure_file_path(self):
59@@ -167,8 +170,8 @@ class BaseKeyring(FileBacked, KeyringBac
60 service = escape_for_ini(service)
61 username = escape_for_ini(username)
62
63- lockdir = os.path.dirname(self.file_path)
64- with lockutils.lock(lockfile,external=True,lock_path=lockdir):
65+ keyringdir = os.path.dirname(self.file_path)
66+ with lockutils.lock(lockfile, external=True, lock_path=keyringdir):
67 config = configparser.RawConfigParser()
68 if os.path.exists(self.file_path):
69 config.read(self.file_path)
70@@ -177,15 +180,21 @@ class BaseKeyring(FileBacked, KeyringBac
71 raise PasswordDeleteError("Password not found")
72 except configparser.NoSectionError:
73 raise PasswordDeleteError("Password not found")
74- # update the file
75- storage_root = os.path.dirname(self.file_path)
76- tmpfile = "tmpfile.%s" % os.getpid()
77- with open(storage_root + "/" + tmpfile, 'w') as config_file:
78+
79+ # remove any residual temporary files here
80+ try:
81+ for tmpfile in glob.glob("%s/tmp*" % keyringdir):
82+ os.remove(tmpfile)
83+ except:
84+ logging.warning("_check_file: tmpfile removal failed")
85+
86+ # Write the keyring to a temp file, then move the new file
87+ # to avoid overwriting the existing inode
88+ (fd, fname) = mkstemp(dir=keyringdir)
89+ with os.fdopen(fd, "w") as config_file:
90 config.write(config_file)
91- # copy will overwrite but move will not
92- shutil.copy(storage_root + "/" + tmpfile,self.file_path)
93- # wipe out tmpfile
94- os.remove(storage_root + "/" + tmpfile)
95+ os.chmod(fname, os.stat(self.file_path).st_mode)
96+ shutil.move(fname, self.file_path)
97
98
99 class PlaintextKeyring(BaseKeyring):
100@@ -294,27 +303,15 @@ class EncryptedKeyring(Encrypted, BaseKe
101 return False
102 self._migrate()
103
104- lockdir = os.path.dirname(self.file_path)
105- # lock access to the file_path here, make sure it's not being written
106- # to while while we're checking for keyring-setting
107- with lockutils.lock(lockfile,external=True,lock_path=lockdir):
108- config = configparser.RawConfigParser()
109- config.read(self.file_path)
110- try:
111- config.get(
112- escape_for_ini('keyring-setting'),
113- escape_for_ini('password reference'),
114- )
115- except (configparser.NoSectionError, configparser.NoOptionError):
116- return False
117-
118- # remove any residual temporary files here
119- try:
120- for tmpfile in glob.glob(os.path.dirname(self.file_path) + "/" + "tmpfile.*"):
121- os.remove(tmpfile)
122- except:
123- logging.warning("_check_file: tmpfile removal failed")
124-
125+ config = configparser.RawConfigParser()
126+ config.read(self.file_path)
127+ try:
128+ config.get(
129+ escape_for_ini('keyring-setting'),
130+ escape_for_ini('password reference'),
131+ )
132+ except (configparser.NoSectionError, configparser.NoOptionError):
133+ return False
134
135 return True
136
diff --git a/python-keyring/python-keyring/remove_others_perms_on_keyringcfg_file.patch b/python-keyring/python-keyring/remove_others_perms_on_keyringcfg_file.patch
deleted file mode 100644
index dcc4c2e..0000000
--- a/python-keyring/python-keyring/remove_others_perms_on_keyringcfg_file.patch
+++ /dev/null
@@ -1,15 +0,0 @@
1---
2 keyring/backends/file.py | 2 +-
3 1 file changed, 1 insertion(+), 1 deletion(-)
4
5--- a/keyring/backends/file.py
6+++ b/keyring/backends/file.py
7@@ -149,7 +149,7 @@ class BaseKeyring(FileBacked, KeyringBac
8 # create the file without group/world permissions
9 with open(self.file_path, 'w'):
10 pass
11- user_read_write = 0o644
12+ user_read_write = 0o640
13 os.chmod(self.file_path, user_read_write)
14 if not os.path.isfile(lockdir + "/" + lockfile):
15 with open(lockdir + "/" + lockfile, 'w'):
diff --git a/python-keyring/python-keyring/use_new_lock.patch b/python-keyring/python-keyring/use_new_lock.patch
deleted file mode 100644
index d1b483d..0000000
--- a/python-keyring/python-keyring/use_new_lock.patch
+++ /dev/null
@@ -1,243 +0,0 @@
1Index: keyring-5.3/keyring/backends/file.py
2===================================================================
3--- keyring-5.3.orig/keyring/backends/file.py
4+++ keyring-5.3/keyring/backends/file.py
5@@ -7,6 +7,8 @@ import sys
6 import json
7 import abc
8 import time
9+import logging
10+import shutil
11
12 from ..py27compat import configparser
13
14@@ -14,6 +16,7 @@ from ..errors import PasswordDeleteError
15 from ..backend import KeyringBackend
16 from ..util import platform_, properties
17 from ..util.escape import escape as escape_for_ini
18+from oslo_concurrency import lockutils
19
20
21 class FileBacked(object):
22@@ -31,6 +34,13 @@ class FileBacked(object):
23 """
24 return os.path.join(platform_.data_root(), self.filename)
25
26+ @properties.NonDataProperty
27+ def backup_file_path(self):
28+ """
29+ The path to the file where passwords are stored. This property
30+ may be overridden by the subclass or at the instance level.
31+ """
32+ return os.path.join(platform_.data_root(), self.backup_filename)
33
34 class BaseKeyring(FileBacked, KeyringBackend):
35 """
36@@ -78,6 +88,16 @@ class BaseKeyring(FileBacked, KeyringBac
37 password = None
38 return password
39
40+
41+ def filecopy(self,src,dest):
42+ """copy file src to dest with default buffer size
43+ """
44+ with open(src, 'r') as f1:
45+ with open(dest, 'w') as f2:
46+ shutil.copyfileobj(f1,f2)
47+ f2.flush()
48+
49+
50 def set_password(self, service, username, password):
51 """Write the password in the file.
52 """
53@@ -89,37 +109,56 @@ class BaseKeyring(FileBacked, KeyringBac
54 # encode with base64
55 password_base64 = base64.encodestring(password_encrypted).decode()
56
57- # ensure the file exists
58- self._ensure_file_path()
59
60- # obtain lock for the keyring file
61- lock = ''
62- i = 60
63- while i:
64- if not os.path.isfile('/tmp/.keyringlock'):
65- lock = open('/tmp/.keyringlock', 'w')
66- break
67- else:
68- time.sleep(0.500)
69- i=i-1
70+ with lockutils.lock("keyringlock",external=True,lock_path="/tmp"):
71
72+ # ensure the file exists
73+ self._ensure_file_path()
74+
75+ config = None
76+ try:
77+ # Load the keyring from the disk
78+ config = configparser.RawConfigParser()
79+ config.read(self.file_path)
80+ except configparser.ParsingError as e:
81+ logging.warning("set_password: keyring file corrupted, Reverting to Backup")
82+ # Revert to the backup file (copy backup over current file)
83+ try:
84+ src = self.backup_file_path
85+ dest = self.file_path
86+ self.filecopy(src,dest)
87+ except shutil.Error as e:
88+ logging.warning("set_password: Revert from Backup failed. Error: %s" % e)
89+ raise
90+ # Load the keyring from the disk, if this fails exception is raised
91+ try:
92+ config = configparser.RawConfigParser()
93+ config.read(self.file_path)
94+ except:
95+ e = sys.exc_info()[0]
96+ logging.warning("set_password: Both keyring files are non useable. Error: %s" % e)
97+ raise
98
99- if i:
100- # Load the keyring from the disk
101- config = configparser.RawConfigParser()
102- config.read(self.file_path)
103
104 # Update the keyring with the password
105 if not config.has_section(service):
106 config.add_section(service)
107 config.set(service, username, password_base64)
108
109+ # Make a back up of the keyring file here
110+ try:
111+ src = self.file_path
112+ dest = self.backup_file_path
113+ self.filecopy(src,dest)
114+ except shutil.Error as e:
115+ logging.warning("set_password: Backup failed. Error: %s" % e)
116+
117 # Save the keyring back to the file
118 with open(self.file_path, 'w') as config_file:
119 config.write(config_file)
120
121- lock.close()
122- os.remove('/tmp/.keyringlock')
123+
124+
125
126
127 def _ensure_file_path(self):
128@@ -142,17 +181,18 @@ class BaseKeyring(FileBacked, KeyringBac
129 """
130 service = escape_for_ini(service)
131 username = escape_for_ini(username)
132- config = configparser.RawConfigParser()
133- if os.path.exists(self.file_path):
134- config.read(self.file_path)
135- try:
136- if not config.remove_option(service, username):
137+ with lockutils.lock("keyringlock",external=True,lock_path="/tmp"):
138+ config = configparser.RawConfigParser()
139+ if os.path.exists(self.file_path):
140+ config.read(self.file_path)
141+ try:
142+ if not config.remove_option(service, username):
143+ raise PasswordDeleteError("Password not found")
144+ except configparser.NoSectionError:
145 raise PasswordDeleteError("Password not found")
146- except configparser.NoSectionError:
147- raise PasswordDeleteError("Password not found")
148- # update the file
149- with open(self.file_path, 'w') as config_file:
150- config.write(config_file)
151+ # update the file
152+ with open(self.file_path, 'w') as config_file:
153+ config.write(config_file)
154
155 class PlaintextKeyring(BaseKeyring):
156 """Simple File Keyring with no encryption"""
157@@ -161,6 +201,7 @@ class PlaintextKeyring(BaseKeyring):
158 "Applicable for all platforms, but not recommended"
159
160 filename = 'keyring_pass.cfg'
161+ backup_filename = 'crypted_pass_backup.cfg'
162
163 def encrypt(self, password):
164 """Directly return the password itself.
165@@ -214,6 +255,7 @@ class EncryptedKeyring(Encrypted, BaseKe
166 """PyCrypto File Keyring"""
167
168 filename = 'crypted_pass.cfg'
169+ backup_filename = 'crypted_pass_backup.cfg'
170 pw_prefix = 'pw:'.encode()
171
172 @properties.ClassProperty
173@@ -247,6 +289,19 @@ class EncryptedKeyring(Encrypted, BaseKe
174 self.keyring_key = self._get_new_password()
175 # set a reference password, used to check that the password provided
176 # matches for subsequent checks.
177+
178+ # try to pre-create the /tmp/keyringlock if it doesn't exist
179+ lockfile = "/tmp/keyringlock"
180+ if os.geteuid() == 0 and (not os.path.exists(lockfile)):
181+ from pwd import getpwnam
182+ import stat
183+ nonrootuser = "wrsroot"
184+ with open(lockfile, 'w'):
185+ pass
186+ # must have the lock file with the correct group permissisions g+rw
187+ os.chmod(lockfile, stat.S_IRWXG | stat.S_IRWXU)
188+
189+
190 self.set_password('keyring-setting', 'password reference',
191 'password reference value')
192
193@@ -257,15 +312,41 @@ class EncryptedKeyring(Encrypted, BaseKe
194 if not os.path.exists(self.file_path):
195 return False
196 self._migrate()
197- config = configparser.RawConfigParser()
198- config.read(self.file_path)
199- try:
200- config.get(
201- escape_for_ini('keyring-setting'),
202- escape_for_ini('password reference'),
203- )
204- except (configparser.NoSectionError, configparser.NoOptionError):
205- return False
206+
207+ # lock access to the file_path here, make sure it's not being written
208+ # to while while we're checking for keyring-setting
209+ with lockutils.lock("keyringlock",external=True,lock_path="/tmp"):
210+ config = configparser.RawConfigParser()
211+ config.read(self.file_path)
212+ try:
213+ config.get(
214+ escape_for_ini('keyring-setting'),
215+ escape_for_ini('password reference'),
216+ )
217+ except (configparser.NoSectionError, configparser.NoOptionError):
218+ # The current file doesn't have the keyring-setting, check the backup
219+ logging.warning("_check_file: The current file doesn't have the keyring-setting, check the backup")
220+ if os.path.exists(self.backup_file_path):
221+ config = configparser.RawConfigParser()
222+ config.read(self.backup_file_path)
223+ try:
224+ config.get(
225+ escape_for_ini('keyring-setting'),
226+ escape_for_ini('password reference'),
227+ )
228+ except (configparser.NoSectionError, configparser.NoOptionError):
229+ return False
230+ # backup file has it, let's use it
231+ try:
232+ src = self.backup_file_path
233+ dest = self.file_path
234+ shutil.copy(src,dest)
235+ except shutil.Error as e:
236+ logging.warning("Revert from Backup failed. Error: %s" % e)
237+ return False
238+ else:
239+ return False
240+
241 return True
242
243 def _unlock(self):
diff --git a/python-keyring/python-keyring/use_temporary_file.patch b/python-keyring/python-keyring/use_temporary_file.patch
deleted file mode 100644
index faa968d..0000000
--- a/python-keyring/python-keyring/use_temporary_file.patch
+++ /dev/null
@@ -1,162 +0,0 @@
1Index: keyring-5.3/keyring/backends/file.py
2===================================================================
3--- keyring-5.3.orig/keyring/backends/file.py
4+++ keyring-5.3/keyring/backends/file.py
5@@ -9,6 +9,7 @@ import abc
6 import time
7 import logging
8 import shutil
9+import glob
10
11 from ..py27compat import configparser
12
13@@ -36,13 +37,6 @@ class FileBacked(object):
14 """
15 return os.path.join(platform_.data_root(), self.filename)
16
17- @properties.NonDataProperty
18- def backup_file_path(self):
19- """
20- The path to the file where passwords are stored. This property
21- may be overridden by the subclass or at the instance level.
22- """
23- return os.path.join(platform_.data_root(), self.backup_filename)
24
25 class BaseKeyring(FileBacked, KeyringBackend):
26 """
27@@ -91,15 +85,6 @@ class BaseKeyring(FileBacked, KeyringBac
28 return password
29
30
31- def filecopy(self,src,dest):
32- """copy file src to dest with default buffer size
33- """
34- with open(src, 'r') as f1:
35- with open(dest, 'w') as f2:
36- shutil.copyfileobj(f1,f2)
37- f2.flush()
38-
39-
40 def set_password(self, service, username, password):
41 """Write the password in the file.
42 """
43@@ -125,23 +110,7 @@ class BaseKeyring(FileBacked, KeyringBac
44 config = configparser.RawConfigParser()
45 config.read(self.file_path)
46 except configparser.ParsingError as e:
47- logging.warning("set_password: keyring file corrupted, Reverting to Backup")
48- # Revert to the backup file (copy backup over current file)
49- try:
50- src = self.backup_file_path
51- dest = self.file_path
52- self.filecopy(src,dest)
53- except shutil.Error as e:
54- logging.warning("set_password: Revert from Backup failed. Error: %s" % e)
55- raise
56- # Load the keyring from the disk, if this fails exception is raised
57- try:
58- config = configparser.RawConfigParser()
59- config.read(self.file_path)
60- except:
61- e = sys.exc_info()[0]
62- logging.warning("set_password: Both keyring files are non useable. Error: %s" % e)
63- raise
64+ logging.warning("set_password: keyring file corrupted")
65
66
67 # Update the keyring with the password
68@@ -149,17 +118,15 @@ class BaseKeyring(FileBacked, KeyringBac
69 config.add_section(service)
70 config.set(service, username, password_base64)
71
72- # Make a back up of the keyring file here
73- try:
74- src = self.file_path
75- dest = self.backup_file_path
76- self.filecopy(src,dest)
77- except shutil.Error as e:
78- logging.warning("set_password: Backup failed. Error: %s" % e)
79-
80 # Save the keyring back to the file
81- with open(self.file_path, 'w') as config_file:
82+ storage_root = os.path.dirname(self.file_path)
83+ tmpfile = "tmpfile.%s" % os.getpid()
84+ with open(storage_root + "/" + tmpfile, 'w') as config_file:
85 config.write(config_file)
86+ # copy will overwrite but move will not
87+ shutil.copy(storage_root + "/" + tmpfile,self.file_path)
88+ # wipe out tmpfile here
89+ os.remove(storage_root + "/" + tmpfile)
90
91
92
93@@ -203,8 +170,15 @@ class BaseKeyring(FileBacked, KeyringBac
94 except configparser.NoSectionError:
95 raise PasswordDeleteError("Password not found")
96 # update the file
97- with open(self.file_path, 'w') as config_file:
98+ storage_root = os.path.dirname(self.file_path)
99+ tmpfile = "tmpfile.%s" % os.getpid()
100+ with open(storage_root + "/" + tmpfile, 'w') as config_file:
101 config.write(config_file)
102+ # copy will overwrite but move will not
103+ shutil.copy(storage_root + "/" + tmpfile,self.file_path)
104+ # wipe out tmpfile
105+ os.remove(storage_root + "/" + tmpfile)
106+
107
108 class PlaintextKeyring(BaseKeyring):
109 """Simple File Keyring with no encryption"""
110@@ -213,7 +187,6 @@ class PlaintextKeyring(BaseKeyring):
111 "Applicable for all platforms, but not recommended"
112
113 filename = 'keyring_pass.cfg'
114- backup_filename = 'crypted_pass_backup.cfg'
115
116 def encrypt(self, password):
117 """Directly return the password itself.
118@@ -267,7 +240,6 @@ class EncryptedKeyring(Encrypted, BaseKe
119 """PyCrypto File Keyring"""
120
121 filename = 'crypted_pass.cfg'
122- backup_filename = 'crypted_pass_backup.cfg'
123 pw_prefix = 'pw:'.encode()
124
125 @properties.ClassProperty
126@@ -326,27 +298,15 @@ class EncryptedKeyring(Encrypted, BaseKe
127 escape_for_ini('password reference'),
128 )
129 except (configparser.NoSectionError, configparser.NoOptionError):
130- # The current file doesn't have the keyring-setting, check the backup
131- if os.path.exists(self.backup_file_path):
132- config = configparser.RawConfigParser()
133- config.read(self.backup_file_path)
134- try:
135- config.get(
136- escape_for_ini('keyring-setting'),
137- escape_for_ini('password reference'),
138- )
139- except (configparser.NoSectionError, configparser.NoOptionError):
140- return False
141- # backup file has it, let's use it
142- try:
143- src = self.backup_file_path
144- dest = self.file_path
145- shutil.copy(src,dest)
146- except shutil.Error as e:
147- logging.warning("Revert from Backup failed. Error: %s" % e)
148- return False
149- else:
150- return False
151+ return False
152+
153+ # remove any residual temporary files here
154+ try:
155+ for tmpfile in glob.glob(os.path.dirname(self.file_path) + "/" + "tmpfile.*"):
156+ os.remove(tmpfile)
157+ except:
158+ logging.warning("_check_file: tmpfile removal failed")
159+
160
161 return True
162