starlingx
/
integ
Code Issues Proposed changes
integ/security/keyrings.alt/debian/patches/fix_keyring_lockfile_locati...

113 lines
4.6 KiB
Diff
Raw Blame History

The upstream commit 1e422ed of keyring moves non-preferred keyring
backends to keyrings.alt package, so moving fix_keyring_lockfile_location.patch
to package keyrings.alt
--- a/keyrings/alt/file_base.py
+++ b/keyrings/alt/file_base.py
@@ -14,6 +14,7 @@ from keyring.util import platform_, prop
from .escape import escape as escape_for_ini
from oslo_concurrency import lockutils
+lockfile = "keyringlock"
class FileBacked:
@abc.abstractproperty
@@ -153,11 +154,12 @@ class Keyring(FileBacked, KeyringBackend
return (escape_for_ini(service) + r'\0' + escape_for_ini(username)).encode()
def _write_config_value(self, service, key, value):
+ # ensure the file exists
+ self._ensure_file_path()
- with lockutils.lock("keyringlock",external=True,lock_path="/tmp"):
+ lockdir = os.path.dirname(self.file_path)
- # ensure the file exists
- self._ensure_file_path()
+ with lockutils.lock(lockfile,external=True,lock_path=lockdir):
config = None
try:
@@ -206,14 +208,13 @@ class Keyring(FileBacked, KeyringBackend
-
-
def _ensure_file_path(self):
"""
Ensure the storage path exists.
If it doesn't, create it with "go-rwx" permissions.
"""
storage_root = os.path.dirname(self.file_path)
+ lockdir = storage_root
needs_storage_root = storage_root and not os.path.isdir(storage_root)
if needs_storage_root: # pragma: no cover
os.makedirs(storage_root)
@@ -223,12 +224,21 @@ class Keyring(FileBacked, KeyringBackend
pass
user_read_write = 0o644
os.chmod(self.file_path, user_read_write)
+ if not os.path.isfile(lockdir + "/" + lockfile):
+ import stat
+ with open(lockdir + "/" + lockfile, 'w'):
+ pass
+ # must have the lock file with the correct group permissisions g+rw
+ os.chmod(lockdir + "/" + lockfile, stat.S_IRWXG | stat.S_IRWXU)
+
def delete_password(self, service, username):
"""Delete the password for the username of the service."""
service = escape_for_ini(service)
username = escape_for_ini(username)
- with lockutils.lock("keyringlock",external=True,lock_path="/tmp"):
+
+ lockdir = os.path.dirname(self.file_path)
+ with lockutils.lock(lockfile,external=True,lock_path=lockdir):
config = configparser.RawConfigParser()
if os.path.exists(self.file_path):
config.read(self.file_path)
Index: keyring-5.3/keyring/backends/file.py
===================================================================
--- keyring-5.3.orig/keyrings/alt/file.py
+++ keyring-5.3/keyrings/alt/file.py
@@ -108,18 +108,6 @@ class EncryptedKeyring(Encrypted, Keyrin
# set a reference password, used to check that the password provided
# matches for subsequent checks.
- # try to pre-create the /tmp/keyringlock if it doesn't exist
- lockfile = "/tmp/keyringlock"
- if os.geteuid() == 0 and (not os.path.exists(lockfile)):
- from pwd import getpwnam
- import stat
- nonrootuser = "sysadmin"
- with open(lockfile, 'w'):
- pass
- # must have the lock file with the correct group permissisions g+rw
- os.chmod(lockfile, stat.S_IRWXG | stat.S_IRWXU)
-
-
self.set_password(
'keyring-setting', 'password reference', 'password reference value'
)
@@ -134,9 +122,10 @@ class EncryptedKeyring(Encrypted, Keyrin
return False
self._migrate()
+ lockdir = os.path.dirname(self.file_path)
# lock access to the file_path here, make sure it's not being written
# to while while we're checking for keyring-setting
- with lockutils.lock("keyringlock",external=True,lock_path="/tmp"):
+ with lockutils.lock(lockfile,external=True,lock_path=lockdir):
config = configparser.RawConfigParser()
config.read(self.file_path)
try:
@@ -145,7 +134,6 @@ class EncryptedKeyring(Encrypted, Keyrin
)
except (configparser.NoSectionError, configparser.NoOptionError):
# The current file doesn't have the keyring-setting, check the backup
- logging.warning("_check_file: The current file doesn't have the keyring-setting, check the backup")
if os.path.exists(self.backup_file_path):
config = configparser.RawConfigParser()
config.read(self.backup_file_path)
View Git Blame Copy Permalink