Merge ~cjwatson/launchpad:remove-buildd-secret into launchpad:master

Proposed by Colin Watson
Status: Merged
Approved by: Colin Watson
Approved revision: 755945ee58359a1ed8e105a1876e770589273d5f
Merge reported by: Otto Co-Pilot
Merged at revision: not available
Proposed branch: ~cjwatson/launchpad:remove-buildd-secret
Merge into: launchpad:master
Diff against target: 493 lines (+39/-146)
19 files modified
lib/lp/archivepublisher/tests/test_config.py (+0/-1)
lib/lp/archiveuploader/tests/test_ppauploadprocessor.py (+0/-2)
lib/lp/buildmaster/tests/test_packagebuild.py (+0/-1)
lib/lp/registry/browser/tests/test_person.py (+0/-1)
lib/lp/registry/model/distributionsourcepackage.py (+1/-1)
lib/lp/registry/vocabularies.py (+1/-1)
lib/lp/soyuz/browser/tests/archive-views.txt (+9/-9)
lib/lp/soyuz/browser/tests/test_archive_admin_view.py (+1/-3)
lib/lp/soyuz/configure.zcml (+1/-1)
lib/lp/soyuz/doc/archive.txt (+0/-4)
lib/lp/soyuz/interfaces/archive.py (+0/-5)
lib/lp/soyuz/model/archive.py (+8/-27)
lib/lp/soyuz/scripts/expire_archive_files.py (+1/-1)
lib/lp/soyuz/tests/test_archive.py (+0/-50)
lib/lp/soyuz/tests/test_archive_privacy.py (+0/-10)
lib/lp/soyuz/tests/test_binarypackagebuildbehaviour.py (+1/-1)
lib/lp/soyuz/xmlrpc/archive.py (+16/-17)
lib/lp/soyuz/xmlrpc/tests/test_archive.py (+0/-10)
lib/lp/testing/factory.py (+0/-1)
Reviewer Review Type Date Requested Status
Cristian Gonzalez Approve
Review via email: mp+402397@code.launchpad.net

Commit message

Remove Archive.buildd_secret

Description of the change

Now that we issue build-scoped macaroons to allow builders to access private archives when necessary, we no longer need static buildd secrets.

DB MP: https://code.launchpad.net/~cjwatson/launchpad/+git/launchpad/+merge/402376

To post a comment you must log in.
Revision history for this message
Cristian Gonzalez (cristiangsp) wrote :

Looks good!

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/lib/lp/archivepublisher/tests/test_config.py b/lib/lp/archivepublisher/tests/test_config.py
2index 09850a9..55ebba9 100644
3--- a/lib/lp/archivepublisher/tests/test_config.py
4+++ b/lib/lp/archivepublisher/tests/test_config.py
5@@ -162,7 +162,6 @@ class TestGetPubConfigPPA(TestCaseWithFactory):
6 owner=self.ppa.owner, name="myprivateppa",
7 distribution=self.ubuntutest, purpose=ArchivePurpose.PPA)
8 p3a.private = True
9- p3a.buildd_secret = "secret"
10 p3a_config = getPubConfig(p3a)
11 self.assertEqual(
12 config.personalpackagearchive.private_root, p3a_config.distroroot)
13diff --git a/lib/lp/archiveuploader/tests/test_ppauploadprocessor.py b/lib/lp/archiveuploader/tests/test_ppauploadprocessor.py
14index 899a85e..3c91839 100644
15--- a/lib/lp/archiveuploader/tests/test_ppauploadprocessor.py
16+++ b/lib/lp/archiveuploader/tests/test_ppauploadprocessor.py
17@@ -652,7 +652,6 @@ class TestPPAUploadProcessor(TestPPAUploadProcessorBase):
18
19 Make sure that the files are placed in the restricted librarian.
20 """
21- self.name16.archive.buildd_secret = "secret"
22 self.name16.archive.private = True
23 queue_item = self.doCustomUploadToPPA()
24 self.checkFilesRestrictedInLibrarian(queue_item, True)
25@@ -662,7 +661,6 @@ class TestPPAUploadProcessor(TestPPAUploadProcessorBase):
26
27 Make sure that the files are placed in the restricted librarian.
28 """
29- self.name16.archive.buildd_secret = "secret"
30 self.name16.archive.private = True
31
32 upload_dir = self.queueUpload("bar_1.0-1", "~name16/ubuntu")
33diff --git a/lib/lp/buildmaster/tests/test_packagebuild.py b/lib/lp/buildmaster/tests/test_packagebuild.py
34index 77d85a6..9ff5f97 100644
35--- a/lib/lp/buildmaster/tests/test_packagebuild.py
36+++ b/lib/lp/buildmaster/tests/test_packagebuild.py
37@@ -83,7 +83,6 @@ class TestPackageBuildMixin(TestCaseWithFactory):
38 # A private package build will store the upload log on the
39 # restricted librarian.
40 login('admin@canonical.com')
41- self.package_build.archive.buildd_secret = 'sekrit'
42 self.package_build.archive.private = True
43 self.assertTrue(self.package_build.is_private)
44 self.package_build.storeUploadLog("Some content")
45diff --git a/lib/lp/registry/browser/tests/test_person.py b/lib/lp/registry/browser/tests/test_person.py
46index 82dc89b..beb6b9e 100644
47--- a/lib/lp/registry/browser/tests/test_person.py
48+++ b/lib/lp/registry/browser/tests/test_person.py
49@@ -658,7 +658,6 @@ class TestShouldShowPpaSection(TestCaseWithFactory):
50 """Helper method to privatise a ppa."""
51 login('foo.bar@canonical.com')
52 ppa.private = True
53- ppa.buildd_secret = "secret"
54 login(ANONYMOUS)
55
56 def test_viewing_person_with_public_ppa(self):
57diff --git a/lib/lp/registry/model/distributionsourcepackage.py b/lib/lp/registry/model/distributionsourcepackage.py
58index 3224251..863ae85 100644
59--- a/lib/lp/registry/model/distributionsourcepackage.py
60+++ b/lib/lp/registry/model/distributionsourcepackage.py
61@@ -320,7 +320,7 @@ class DistributionSourcePackage(BugTargetBase,
62 Archive,
63 Archive.distribution == self.distribution,
64 Archive._enabled == True,
65- Archive._private == False,
66+ Archive.private == False,
67 SourcePackagePublishingHistory.archive == Archive.id,
68 (SourcePackagePublishingHistory.status ==
69 PackagePublishingStatus.PUBLISHED),
70diff --git a/lib/lp/registry/vocabularies.py b/lib/lp/registry/vocabularies.py
71index 315ab8f..f2154e3 100644
72--- a/lib/lp/registry/vocabularies.py
73+++ b/lib/lp/registry/vocabularies.py
74@@ -1982,7 +1982,7 @@ class SourcePackageNameVocabulary(NamedStormHugeVocabulary):
75 # can do is search for names that are present in public archives
76 # of any distribution.
77 where=Or(
78- Not(Archive._private),
79+ Not(Archive.private),
80 DistributionSourcePackageCache.archive == None),
81 tables=LeftJoin(
82 DistributionSourcePackageCache, Archive,
83diff --git a/lib/lp/soyuz/browser/tests/archive-views.txt b/lib/lp/soyuz/browser/tests/archive-views.txt
84index 859488d..7d90cf0 100644
85--- a/lib/lp/soyuz/browser/tests/archive-views.txt
86+++ b/lib/lp/soyuz/browser/tests/archive-views.txt
87@@ -986,12 +986,13 @@ option to be selected.
88
89 Dependencies on private PPAs can be only set if the user performing
90 the action also has permission to view the private PPA and if the
91-context PPA is also private.
92-
93-The latter guarantee that the P3A buildd_secret won't get exposed in
94-the buildlogs. The remaining risk is to have untrusted people in the
95-context PPA which would have a chance to expose the contents of the
96-other P3As dependencies while their sources get built.
97+context PPA is also private. This reduces the risk of confidential
98+information being leaked; it does not eliminate that risk, because it
99+is still possible for other people to be able to see the context PPA
100+who cannot see the dependencies directly, but who can see some of
101+their contents via builds. We currently assume that owners of private
102+PPAs are aware of this risk when adding other private PPAs as
103+dependencies.
104
105 Before testing we will create a new team owned by Mark Shutteworth,
106 with a private PPA attached to it.
107@@ -1023,9 +1024,8 @@ PPA the form fails because he has no permission to view its contents.
108 You don't have permission to use this dependency.
109
110 When we grant access to Celso for viewing the private PPA, by making
111-him a memeber of the new team, setting the private PPA as dependency
112-still denied since Celso's PPA still public and thus the dependencies
113-buildd_secret would leak through the public buildlogs.
114+him a member of the new team, setting the private PPA as dependency is
115+still denied since Celso's PPA is still public.
116
117 >>> login('foo.bar@canonical.com')
118 >>> ignored = a_team.addMember(cprov, mark)
119diff --git a/lib/lp/soyuz/browser/tests/test_archive_admin_view.py b/lib/lp/soyuz/browser/tests/test_archive_admin_view.py
120index 485898f..f7243bb 100644
121--- a/lib/lp/soyuz/browser/tests/test_archive_admin_view.py
122+++ b/lib/lp/soyuz/browser/tests/test_archive_admin_view.py
123@@ -53,12 +53,10 @@ class TestArchivePrivacySwitchingView(TestCaseWithFactory):
124
125 def test_set_private_without_packages(self):
126 # If a ppa does not have packages published, it is possible to
127- # update the private attribute. Marking the PPA private also
128- # generates a buildd secret.
129+ # update the private attribute.
130 view = self.initialize_admin_view(private=True)
131 self.assertEqual(0, len(view.errors))
132 self.assertTrue(view.context.private)
133- self.assertTrue(len(view.context.buildd_secret) > 4)
134
135 def test_set_public_without_packages(self):
136 # If a ppa does not have packages published, it is possible to
137diff --git a/lib/lp/soyuz/configure.zcml b/lib/lp/soyuz/configure.zcml
138index 9c05d32..5aec316 100644
139--- a/lib/lp/soyuz/configure.zcml
140+++ b/lib/lp/soyuz/configure.zcml
141@@ -365,7 +365,7 @@
142 <require
143 permission="launchpad.Admin"
144 interface="lp.soyuz.interfaces.archive.IArchiveAdmin"
145- set_attributes="authorized_size buildd_secret
146+ set_attributes="authorized_size
147 enabled_restricted_processors
148 external_dependencies name
149 permit_obsolete_series_uploads
150diff --git a/lib/lp/soyuz/doc/archive.txt b/lib/lp/soyuz/doc/archive.txt
151index 87b2cd9..e3799c7 100644
152--- a/lib/lp/soyuz/doc/archive.txt
153+++ b/lib/lp/soyuz/doc/archive.txt
154@@ -72,7 +72,6 @@ records to disk, including configuration and indexes.
155 ... owner=cprov, name='myprivateppa',
156 ... distribution=cprov_archive.distribution)
157 >>> login("foo.bar@canonical.com")
158- >>> cprov_private_ppa.buildd_secret = 'really secret'
159 >>> cprov_private_ppa.private = True
160 >>> login(ANONYMOUS)
161
162@@ -1487,11 +1486,9 @@ method will by default only return public archives:
163 >>> login("foo.bar@canonical.com")
164 >>> my_copy_archive = archive_set.getArchivesForDistribution(
165 ... ubuntu, name='my-copy-archive')[0]
166- >>> my_copy_archive.buildd_secret = 'really secret'
167 >>> my_copy_archive.private = True
168 >>> team_archive = archive_set.getArchivesForDistribution(
169 ... ubuntu, name='team-archive')[0]
170- >>> team_archive.buildd_secret = 'really secret'
171 >>> team_archive.private = True
172
173 >>> ubuntu_copy_archives = archive_set.getArchivesForDistribution(
174@@ -1714,7 +1711,6 @@ So even if Joe's PPA suddenly becomes private, Carlos rights will be
175 preserved.
176
177 >>> login('foo.bar@canonical.com')
178- >>> joes_ppa.buildd_secret = 'x'
179 >>> joes_ppa.private = True
180
181 >>> login("carlos@canonical.com")
182diff --git a/lib/lp/soyuz/interfaces/archive.py b/lib/lp/soyuz/interfaces/archive.py
183index ed35643..e4929b7 100644
184--- a/lib/lp/soyuz/interfaces/archive.py
185+++ b/lib/lp/soyuz/interfaces/archive.py
186@@ -1191,11 +1191,6 @@ class IArchiveView(IHasBuildRecords):
187 def getOverridePolicy(distroseries, pocket, phased_update_percentage=None):
188 """Returns an instantiated `IOverridePolicy` for the archive."""
189
190- buildd_secret = TextLine(
191- title=_("Build farm secret"), required=False,
192- description=_(
193- "The password used by the build farm to access the archive."))
194-
195 @call_with(eager_load=True)
196 @rename_parameters_as(
197 name="binary_name", distroarchseries="distro_arch_series")
198diff --git a/lib/lp/soyuz/model/archive.py b/lib/lp/soyuz/model/archive.py
199index 0fbca87..b549c13 100644
200--- a/lib/lp/soyuz/model/archive.py
201+++ b/lib/lp/soyuz/model/archive.py
202@@ -312,7 +312,7 @@ class Archive(SQLBase):
203
204 publish = BoolCol(dbName='publish', notNull=True, default=True)
205
206- _private = BoolCol(dbName='private', notNull=True, default=False,
207+ private = BoolCol(dbName='private', notNull=True, default=False,
208 storm_validator=_validate_archive_privacy)
209
210 require_virtualized = BoolCol(
211@@ -337,8 +337,6 @@ class Archive(SQLBase):
212 package_description_cache = StringCol(
213 dbName='package_description_cache', notNull=False, default=None)
214
215- buildd_secret = StringCol(dbName='buildd_secret', default=None)
216-
217 total_count = IntCol(dbName='total_count', notNull=True, default=0)
218
219 pending_count = IntCol(dbName='pending_count', notNull=True, default=0)
220@@ -385,22 +383,6 @@ class Archive(SQLBase):
221 else:
222 alsoProvides(self, IDistributionArchive)
223
224- # Note: You may safely ignore lint when it complains about this
225- # declaration. As of Python 2.6, this is a perfectly valid way
226- # of adding a setter
227- @property
228- def private(self):
229- return self._private
230-
231- @private.setter # pyflakes:ignore
232- def private(self, private):
233- self._private = private
234- if private:
235- if not self.buildd_secret:
236- self.buildd_secret = create_token(20)
237- else:
238- self.buildd_secret = None
239-
240 @property
241 def title(self):
242 """See `IArchive`."""
243@@ -2739,7 +2721,6 @@ class ArchiveSet:
244
245 # Private teams cannot have public PPAs.
246 if owner.visibility == PersonVisibility.PRIVATE:
247- new_archive.buildd_secret = create_token(20)
248 new_archive.private = True
249 else:
250 new_archive.private = private
251@@ -2854,7 +2835,7 @@ class ArchiveSet:
252 SourcePackagePublishingHistory,
253 SourcePackagePublishingHistory.archive == Archive.id,
254 SourcePackagePublishingHistory.distroseries == DistroSeries.id,
255- Archive._private == False,
256+ Archive.private == False,
257 Archive._enabled == True,
258 DistroSeries.distribution == distribution,
259 Archive.purpose == ArchivePurpose.PPA,
260@@ -2893,7 +2874,7 @@ class ArchiveSet:
261 """See `IArchiveSet`."""
262 return IStore(Archive).find(
263 Archive,
264- Archive._private == True, Archive.purpose == ArchivePurpose.PPA)
265+ Archive.private == True, Archive.purpose == ArchivePurpose.PPA)
266
267 def getArchivesForDistribution(self, distribution, name=None,
268 purposes=None,
269@@ -2914,7 +2895,7 @@ class ArchiveSet:
270 if name is not None:
271 extra_exprs.append(Archive.name == name)
272
273- public_archive = And(Archive._private == False,
274+ public_archive = And(Archive.private == False,
275 Archive._enabled == True)
276
277 if not check_permissions:
278@@ -3019,12 +3000,12 @@ def get_archive_privacy_filter(user):
279 Incorrect and deprecated. Use get_enabled_archive_filter instead.
280 """
281 if user is None:
282- privacy_filter = Not(Archive._private)
283+ privacy_filter = Not(Archive.private)
284 elif IPersonRoles(user).in_admin:
285 privacy_filter = True
286 else:
287 privacy_filter = Or(
288- Not(Archive._private),
289+ Not(Archive.private),
290 Archive.ownerID.is_in(
291 Select(
292 TeamParticipation.teamID,
293@@ -3044,7 +3025,7 @@ def get_enabled_archive_filter(user, purpose=None,
294 if user is None:
295 if include_public:
296 terms = [
297- purpose_term, Archive._private == False,
298+ purpose_term, Archive.private == False,
299 Archive._enabled == True]
300 return And(*terms)
301 else:
302@@ -3089,5 +3070,5 @@ def get_enabled_archive_filter(user, purpose=None,
303
304 if include_public:
305 filter_terms.append(
306- And(Archive._enabled == True, Archive._private == False))
307+ And(Archive._enabled == True, Archive.private == False))
308 return And(purpose_term, Or(*filter_terms))
309diff --git a/lib/lp/soyuz/scripts/expire_archive_files.py b/lib/lp/soyuz/scripts/expire_archive_files.py
310index 7ae54e8..e871fce 100755
311--- a/lib/lp/soyuz/scripts/expire_archive_files.py
312+++ b/lib/lp/soyuz/scripts/expire_archive_files.py
313@@ -131,7 +131,7 @@ class ArchiveExpirer(LaunchpadCronScript):
314 full_archive_name.is_in(self.blacklist)),
315 Archive.purpose == ArchivePurpose.PPA),
316 And(
317- IsTrue(Archive._private),
318+ IsTrue(Archive.private),
319 Not(full_archive_name.is_in(self.whitelist))),
320 Not(Archive.purpose.is_in(archive_types)),
321 xPPH.dateremoved > UTC_NOW - stay_of_execution,
322diff --git a/lib/lp/soyuz/tests/test_archive.py b/lib/lp/soyuz/tests/test_archive.py
323index 2d53207..425355b 100644
324--- a/lib/lp/soyuz/tests/test_archive.py
325+++ b/lib/lp/soyuz/tests/test_archive.py
326@@ -1268,56 +1268,6 @@ class TestProcessors(TestCaseWithFactory):
327 self.assertContentEqual([], self.archive.enabled_restricted_processors)
328
329
330-class TestBuilddSecret(TestCaseWithFactory):
331- """Test buildd_secret security.
332-
333- The buildd_secret is used by the slave scanner when generating a
334- sources.list entry for the builder to access a private archive. It is
335- essentially the password to the archive for the builder.
336- """
337-
338- layer = DatabaseFunctionalLayer
339-
340- def setUp(self):
341- super(TestBuilddSecret, self).setUp()
342- self.archive = self.factory.makeArchive()
343-
344- def test_anonymous_cannot_set_buildd_secret(self):
345- login(ANONYMOUS)
346- e = self.assertRaises(
347- Unauthorized, setattr, self.archive, "buildd_secret", "boing")
348- self.assertEqual("launchpad.Admin", e.args[2])
349-
350- def test_commercial_admin_can_set_buildd_secret(self):
351- with celebrity_logged_in("commercial_admin"):
352- self.archive.buildd_secret = "not so secret at all"
353-
354- def test_admin_can_set_buildd_secret(self):
355- with celebrity_logged_in("admin"):
356- self.archive.buildd_secret = "not so secret"
357-
358- def test_public_archive_has_public_buildd_secret(self):
359- # In a public PPA, the buildd "secret" is visible to anyone.
360- with celebrity_logged_in("admin"):
361- self.archive.buildd_secret = "not so secret"
362- login(ANONYMOUS)
363- self.assertFalse(self.archive.private)
364- self.assertEqual("not so secret", self.archive.buildd_secret)
365-
366- def test_private_archive_has_private_buildd_secret(self):
367- # In a private PPA, the buildd secret can only be read by users with
368- # launchpad.View on the archive.
369- with celebrity_logged_in("admin"):
370- self.archive.buildd_secret = "really secret"
371- self.archive.private = True
372- login(ANONYMOUS)
373- e = self.assertRaises(
374- Unauthorized, getattr, self.archive, "buildd_secret")
375- self.assertEqual("launchpad.View", e.args[2])
376- with person_logged_in(self.archive.owner):
377- self.assertEqual("really secret", self.archive.buildd_secret)
378-
379-
380 class TestNamedAuthTokenFeatureFlag(TestCaseWithFactory):
381 layer = LaunchpadZopelessLayer
382
383diff --git a/lib/lp/soyuz/tests/test_archive_privacy.py b/lib/lp/soyuz/tests/test_archive_privacy.py
384index c5b0605..57b1ce9 100644
385--- a/lib/lp/soyuz/tests/test_archive_privacy.py
386+++ b/lib/lp/soyuz/tests/test_archive_privacy.py
387@@ -98,13 +98,3 @@ class TestPrivacySwitching(TestCaseWithFactory):
388
389 self.assertRaises(
390 CannotSwitchPrivacy, setattr, private_ppa, 'private', False)
391-
392- def test_buildd_secret_was_generated(self):
393- public_ppa = self.factory.makeArchive()
394- public_ppa.private = True
395- self.assertNotEqual(public_ppa.buildd_secret, None)
396-
397- def test_discard_buildd_was_discarded(self):
398- private_ppa = self.factory.makeArchive(private=True)
399- private_ppa.private = False
400- self.assertEqual(private_ppa.buildd_secret, None)
401diff --git a/lib/lp/soyuz/tests/test_binarypackagebuildbehaviour.py b/lib/lp/soyuz/tests/test_binarypackagebuildbehaviour.py
402index 0131ffb..2ab0429 100644
403--- a/lib/lp/soyuz/tests/test_binarypackagebuildbehaviour.py
404+++ b/lib/lp/soyuz/tests/test_binarypackagebuildbehaviour.py
405@@ -709,7 +709,7 @@ class TestBinaryBuildPackageBehaviourBuildCollection(TestCaseWithFactory):
406 # Archive.private prevents us from setting it to True with
407 # existing published sources.
408 Store.of(self.build).execute("""
409- UPDATE archive SET private=True,buildd_secret='foo'
410+ UPDATE archive SET private=True
411 WHERE archive.id = %s""" % self.build.archive.id)
412 Store.of(self.build).invalidate()
413
414diff --git a/lib/lp/soyuz/xmlrpc/archive.py b/lib/lp/soyuz/xmlrpc/archive.py
415index 5acf7f3..8507873 100644
416--- a/lib/lp/soyuz/xmlrpc/archive.py
417+++ b/lib/lp/soyuz/xmlrpc/archive.py
418@@ -66,26 +66,25 @@ class ArchiveAPI(LaunchpadXMLRPCView):
419
420 # If the password is a serialized macaroon for the buildd user, then
421 # try macaroon authentication.
422- if (username == BUILDD_USER_NAME and
423- self._verifyMacaroon(archive, password)):
424- # Success.
425- return
426+ if username == BUILDD_USER_NAME:
427+ if self._verifyMacaroon(archive, password):
428+ # Success.
429+ return
430+ else:
431+ raise faults.Unauthorized()
432
433 # Fall back to checking archive auth tokens.
434- if username == BUILDD_USER_NAME:
435- secret = archive.buildd_secret
436+ if username.startswith("+"):
437+ token = token_set.getActiveNamedTokenForArchive(
438+ archive, username[1:])
439 else:
440- if username.startswith("+"):
441- token = token_set.getActiveNamedTokenForArchive(
442- archive, username[1:])
443- else:
444- token = token_set.getActiveTokenForArchiveAndPersonName(
445- archive, username)
446- if token is None:
447- raise faults.NotFound(
448- message="No valid tokens for '%s' in '%s'." % (
449- username, archive_reference))
450- secret = removeSecurityProxy(token).token
451+ token = token_set.getActiveTokenForArchiveAndPersonName(
452+ archive, username)
453+ if token is None:
454+ raise faults.NotFound(
455+ message="No valid tokens for '%s' in '%s'." % (
456+ username, archive_reference))
457+ secret = removeSecurityProxy(token).token
458 if password != secret:
459 raise faults.Unauthorized()
460
461diff --git a/lib/lp/soyuz/xmlrpc/tests/test_archive.py b/lib/lp/soyuz/xmlrpc/tests/test_archive.py
462index 3007668..86c6ffa 100644
463--- a/lib/lp/soyuz/xmlrpc/tests/test_archive.py
464+++ b/lib/lp/soyuz/xmlrpc/tests/test_archive.py
465@@ -60,16 +60,6 @@ class TestArchiveAPI(TestCaseWithFactory):
466 archive.reference, "+missing", "",
467 "No valid tokens for '+missing' in '%s'." % archive.reference)
468
469- def test_checkArchiveAuthToken_buildd_wrong_password(self):
470- archive = removeSecurityProxy(self.factory.makeArchive(private=True))
471- self.assertUnauthorized(
472- archive.reference, "buildd", archive.buildd_secret + "-bad")
473-
474- def test_checkArchiveAuthToken_buildd_correct_password(self):
475- archive = removeSecurityProxy(self.factory.makeArchive(private=True))
476- self.assertIsNone(self.archive_api.checkArchiveAuthToken(
477- archive.reference, "buildd", archive.buildd_secret))
478-
479 def test_checkArchiveAuthToken_buildd_macaroon_wrong_archive(self):
480 archive = self.factory.makeArchive(private=True)
481 build = self.factory.makeBinaryPackageBuild(archive=archive)
482diff --git a/lib/lp/testing/factory.py b/lib/lp/testing/factory.py
483index e95e83d..c74c7f6 100644
484--- a/lib/lp/testing/factory.py
485+++ b/lib/lp/testing/factory.py
486@@ -2943,7 +2943,6 @@ class BareLaunchpadObjectFactory(ObjectFactory):
487 if private:
488 naked_archive = removeSecurityProxy(archive)
489 naked_archive.private = True
490- naked_archive.buildd_secret = "sekrit"
491
492 if suppress_subscription_notifications:
493 naked_archive = removeSecurityProxy(archive)

Subscribers

People subscribed via source and target branches

to status/vote changes: