Launchpad itself

Merge ~cjwatson/launchpad:signing-key-permissions into launchpad:master

  1. Git
  2. lp:~cjwatson/launchpad
  3. signing-key-permissions
  4. Merge into master
Proposed by Colin Watson
Status: Merged
Approved by: Colin Watson
Approved revision: 4a0ebfc7d7ac80c21f996618db18b51ce82e9a89
Merge reported by: Otto Co-Pilot
Merged at revision: not available
Proposed branch: ~cjwatson/launchpad:signing-key-permissions
Merge into: launchpad:master
Diff against target: 72 lines (+11/-4)
2 files modified
database/schema/security.cfg (+2/-0)
lib/lp/archivepublisher/tests/test_signing.py (+9/-4)
Reviewer Review Type Date Requested Status
Thiago F. Pappacena (community) Approve
Review via email: mp+382592@code.launchpad.net

Commit message

Grant queued SELECT/INSERT on (Archive)SigningKey

Description of the change

Otherwise process-accepted can't use the signing service.

To post a comment you must log in.
Revision history for this message
Thiago F. Pappacena (pappacena) wrote :

LGTM. Thanks!

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/database/schema/security.cfg b/database/schema/security.cfg
index d36a542..a0cf410 100644
--- a/database/schema/security.cfg
+++ b/database/schema/security.cfg
@@ -1508,6 +1508,7 @@ public.archive = SELECT, UPDATE
1508public.archivearch = SELECT, UPDATE1508public.archivearch = SELECT, UPDATE
1509public.archivejob = SELECT, INSERT, UPDATE1509public.archivejob = SELECT, INSERT, UPDATE
1510public.archivepermission = SELECT1510public.archivepermission = SELECT
1511public.archivesigningkey = SELECT, INSERT
1511public.binarypackagebuild = SELECT, INSERT, UPDATE1512public.binarypackagebuild = SELECT, INSERT, UPDATE
1512public.binarypackagefile = SELECT, UPDATE1513public.binarypackagefile = SELECT, UPDATE
1513public.binarypackagename = SELECT1514public.binarypackagename = SELECT
@@ -1596,6 +1597,7 @@ public.questionsubscription = SELECT
1596public.section = SELECT1597public.section = SELECT
1597public.sectionselection = SELECT1598public.sectionselection = SELECT
1598public.sharingjob = SELECT, INSERT, UPDATE1599public.sharingjob = SELECT, INSERT, UPDATE
1600public.signingkey = SELECT, INSERT
1599public.snapbuild = SELECT1601public.snapbuild = SELECT
1600public.snapfile = SELECT, UPDATE1602public.snapfile = SELECT, UPDATE
1601public.sourcepackagename = SELECT1603public.sourcepackagename = SELECT
diff --git a/lib/lp/archivepublisher/tests/test_signing.py b/lib/lp/archivepublisher/tests/test_signing.py
index 8295aef..87cf391 100644
--- a/lib/lp/archivepublisher/tests/test_signing.py
+++ b/lib/lp/archivepublisher/tests/test_signing.py
@@ -55,6 +55,7 @@ from lp.services.signing.tests.helpers import SigningServiceClientFixture
55from lp.services.tarfile_helpers import LaunchpadWriteTarFile55from lp.services.tarfile_helpers import LaunchpadWriteTarFile
56from lp.soyuz.enums import ArchivePurpose56from lp.soyuz.enums import ArchivePurpose
57from lp.testing import TestCaseWithFactory57from lp.testing import TestCaseWithFactory
58from lp.testing.dbuser import dbuser
58from lp.testing.fakemethod import FakeMethod59from lp.testing.fakemethod import FakeMethod
59from lp.testing.gpgkeys import gpgkeysdir60from lp.testing.gpgkeys import gpgkeysdir
60from lp.testing.keyserver import InProcessKeyServerFixture61from lp.testing.keyserver import InProcessKeyServerFixture
@@ -1562,7 +1563,8 @@ class TestSigningUploadWithSigningService(TestSigningHelpers):
1562 self.buffer.close()1563 self.buffer.close()
15631564
1564 upload = SigningUpload()1565 upload = SigningUpload()
1565 upload.process(self.archive, self.path, self.suite)1566 with dbuser("process_accepted"):
1567 upload.process(self.archive, self.path, self.suite)
1566 return upload1568 return upload
15671569
1568 def test_set_target_directory_with_distroseries(self):1570 def test_set_target_directory_with_distroseries(self):
@@ -1771,7 +1773,8 @@ class TestSigningUploadWithSigningService(TestSigningHelpers):
1771 self.buffer.close()1773 self.buffer.close()
17721774
1773 upload = SigningUpload()1775 upload = SigningUpload()
1774 upload.process(self.archive, self.path, self.suite)1776 with dbuser("process_accepted"):
1777 upload.process(self.archive, self.path, self.suite)
17751778
1776 signed_path = self.getSignedPath("test", "amd64")1779 signed_path = self.getSignedPath("test", "amd64")
1777 self.assertThat(signed_path, SignedMatches(1780 self.assertThat(signed_path, SignedMatches(
@@ -1854,7 +1857,8 @@ class TestSigningUploadWithSigningService(TestSigningHelpers):
1854 self.buffer.close()1857 self.buffer.close()
18551858
1856 upload = SigningUpload()1859 upload = SigningUpload()
1857 upload.process(self.archive, self.path, self.suite)1860 with dbuser("process_accepted"):
1861 upload.process(self.archive, self.path, self.suite)
18581862
1859 self.assertTrue(upload.autokey)1863 self.assertTrue(upload.autokey)
18601864
@@ -1981,7 +1985,8 @@ class TestSigningUploadWithSigningService(TestSigningHelpers):
1981 # blocked.1985 # blocked.
1982 upload.keyFilesExist = lambda _: True1986 upload.keyFilesExist = lambda _: True
19831987
1984 upload.process(self.archive, self.path, self.suite)1988 with dbuser("process_accepted"):
1989 upload.process(self.archive, self.path, self.suite)
19851990
1986 # Make sure it only used the existing keys and fallbacks. No new key1991 # Make sure it only used the existing keys and fallbacks. No new key
1987 # should be generated.1992 # should be generated.

Subscribers

People subscribed via source and target branches

to status/vote changes: