From ccdfc3b71632ad2922c6c5a973acfaddd810d809 Mon Sep 17 00:00:00 2001 From: Dan Voiculeasa Date: Fri, 28 Jan 2022 13:59:16 +0200 Subject: [PATCH] debian: Fix openrc sourcing This work is part of Debian integration effort. This work only affects Debian. Cannot obtain password from keyring when doing 'source /etc/platform/openrc' from sysadmin user. Due to a comparison with a wrong octal permissions string, code that requires elevation is run. The code shouldn't run in the first place using sysadmin user. Fix the comparison string. Debian Bullseye tests: - PASS: build-pkgs and build-image - PASS: bootstrap - PASS: after bootstrap can source /etc/platform/openrc from sysadmin Story: 2009221 Task: 43438 Signed-off-by: Dan Voiculeasa Change-Id: I0c1f53c216f1a126280e0e27748fd50b2759f3c3 --- security/keyrings.alt/debian/patches/chmod_keyringlock2.patch | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/keyrings.alt/debian/patches/chmod_keyringlock2.patch b/security/keyrings.alt/debian/patches/chmod_keyringlock2.patch index 1b0380413..c84bcc854 100644 --- a/security/keyrings.alt/debian/patches/chmod_keyringlock2.patch +++ b/security/keyrings.alt/debian/patches/chmod_keyringlock2.patch @@ -31,7 +31,7 @@ Index: keyring-5.3/keyrings/alt/file_base.py + if os.path.isfile(lockdir + "/" + lockfile): + import stat + import grp -+ if oct(stat.S_IMODE(os.stat(lockdir + "/" + lockfile).st_mode)) != '0770': ++ if oct(stat.S_IMODE(os.stat(lockdir + "/" + lockfile).st_mode)) != '0o770': + # Must have the lock file with the correct group and permissisions g+rw + os.chmod(lockdir + "/" + lockfile, stat.S_IRWXG | stat.S_IRWXU) + groupinfo = grp.getgrnam('sys_protected')