Launchpad itself

Merge ~cjwatson/launchpad:signing-key-permissions into launchpad:master

Proposed by Colin Watson on 2020-04-20

Status:	Merged
Approved by:	Colin Watson on 2020-04-20
Approved revision:	4a0ebfc7d7ac80c21f996618db18b51ce82e9a89
Merge reported by:	Otto Co-Pilot
Merged at revision:	not available
Proposed branch:	~cjwatson/launchpad:signing-key-permissions
Merge into:	launchpad:master
Diff against target:	72 lines (+11/-4) 2 files modified database/schema/security.cfg (+2/-0) lib/lp/archivepublisher/tests/test_signing.py (+9/-4)
Related bugs:	Link a bug report

Reviewer	Review Type	Date Requested	Status
Thiago F. Pappacena (community)		2020-04-20	Approve on 2020-04-20
Review via email: mp+382592@code.launchpad.net

Commit message

Grant queued SELECT/INSERT on (Archive)SigningKey

Description of the change

Otherwise process-accepted can't use the signing service.

Revision history for this message

Thiago F. Pappacena (pappacena) wrote on 2020-04-20:

LGTM. Thanks!

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Canonical Launchpad Engineering

Christina A Reitbauer

Colin Watson

Edson_g2020_ubuntuone Gomes

Jordan

Kevin bush

Maximiliano Bertacchini

noômen

to status/vote changes:

asimbol83

1	diff --git a/database/schema/security.cfg b/database/schema/security.cfg
2	index d36a542..a0cf410 100644
3	--- a/database/schema/security.cfg
4	+++ b/database/schema/security.cfg
5	@@ -1508,6 +1508,7 @@ public.archive = SELECT, UPDATE
6	public.archivearch = SELECT, UPDATE
7	public.archivejob = SELECT, INSERT, UPDATE
8	public.archivepermission = SELECT
9	+public.archivesigningkey = SELECT, INSERT
10	public.binarypackagebuild = SELECT, INSERT, UPDATE
11	public.binarypackagefile = SELECT, UPDATE
12	public.binarypackagename = SELECT
13	@@ -1596,6 +1597,7 @@ public.questionsubscription = SELECT
14	public.section = SELECT
15	public.sectionselection = SELECT
16	public.sharingjob = SELECT, INSERT, UPDATE
17	+public.signingkey = SELECT, INSERT
18	public.snapbuild = SELECT
19	public.snapfile = SELECT, UPDATE
20	public.sourcepackagename = SELECT
21	diff --git a/lib/lp/archivepublisher/tests/test_signing.py b/lib/lp/archivepublisher/tests/test_signing.py
22	index 8295aef..87cf391 100644
23	--- a/lib/lp/archivepublisher/tests/test_signing.py
24	+++ b/lib/lp/archivepublisher/tests/test_signing.py
25	@@ -55,6 +55,7 @@ from lp.services.signing.tests.helpers import SigningServiceClientFixture
26	from lp.services.tarfile_helpers import LaunchpadWriteTarFile
27	from lp.soyuz.enums import ArchivePurpose
28	from lp.testing import TestCaseWithFactory
29	+from lp.testing.dbuser import dbuser
30	from lp.testing.fakemethod import FakeMethod
31	from lp.testing.gpgkeys import gpgkeysdir
32	from lp.testing.keyserver import InProcessKeyServerFixture
33	@@ -1562,7 +1563,8 @@ class TestSigningUploadWithSigningService(TestSigningHelpers):
34	self.buffer.close()
35
36	upload = SigningUpload()
37	- upload.process(self.archive, self.path, self.suite)
38	+ with dbuser("process_accepted"):
39	+ upload.process(self.archive, self.path, self.suite)
40	return upload
41
42	def test_set_target_directory_with_distroseries(self):
43	@@ -1771,7 +1773,8 @@ class TestSigningUploadWithSigningService(TestSigningHelpers):
44	self.buffer.close()
45
46	upload = SigningUpload()
47	- upload.process(self.archive, self.path, self.suite)
48	+ with dbuser("process_accepted"):
49	+ upload.process(self.archive, self.path, self.suite)
50
51	signed_path = self.getSignedPath("test", "amd64")
52	self.assertThat(signed_path, SignedMatches(
53	@@ -1854,7 +1857,8 @@ class TestSigningUploadWithSigningService(TestSigningHelpers):
54	self.buffer.close()
55
56	upload = SigningUpload()
57	- upload.process(self.archive, self.path, self.suite)
58	+ with dbuser("process_accepted"):
59	+ upload.process(self.archive, self.path, self.suite)
60
61	self.assertTrue(upload.autokey)
62
63	@@ -1981,7 +1985,8 @@ class TestSigningUploadWithSigningService(TestSigningHelpers):
64	# blocked.
65	upload.keyFilesExist = lambda _: True
66
67	- upload.process(self.archive, self.path, self.suite)
68	+ with dbuser("process_accepted"):
69	+ upload.process(self.archive, self.path, self.suite)
70
71	# Make sure it only used the existing keys and fallbacks. No new key
72	# should be generated.