MAAS

Merge lp:~jtv/maas/bug-1042865 into lp:~maas-committers/maas/trunk

  1. bug-1042865
  2. Merge into trunk
Proposed by Jeroen T. Vermeulen
Status: Merged
Approved by: Jeroen T. Vermeulen
Approved revision: no longer in the source branch.
Merged at revision: 947
Proposed branch: lp:~jtv/maas/bug-1042865
Merge into: lp:~maas-committers/maas/trunk
Diff against target: 35 lines (+7/-4)
1 file modified
scripts/maas-import-ephemerals (+7/-4)
To merge this branch: bzr merge lp:~jtv/maas/bug-1042865
Reviewer Review Type Date Requested Status
Gavin Panella (community) Approve
Review via email: mp+121990@code.launchpad.net

Commit message

Fix permissions for ephemeral ("commissioning") PXE image directory in TFTP.

Description of the change

If the import scripts run with an overly strict umask, maas-import-ephemerals may produce a "commissioning" image directory that the TFTP server is not allowed to read.

The reason seems to be that the download code creates a temporary directory to download in, then sets a more permissive umask, and finally calls into maas-provision to install the new image — which copies the temporary directory including its permissions from the time with the stricter umask.

In this branch I address that in two ways:

1. The umask really didn't belong in the inner loop, since it affects global script state. I hoisted it up to a global level, so that the temporary directory is created with the new umask.

2. Before copying the image, I make it world-readable. The "X" flag on chmod pertains to the "search" permission. It sets the "x" bit on directories ("search") but not on files ("execute").

One open question is what happens to systems that had a non-world-readable directory created by an import script run from an older maas version. That might be worth fixing up in postinst for now. We don't need to carry it around forever: a permissions problem with the image go away as soon as the script downloads the first image update. (Also, chmod -R a+rX is much easier to do in shell than in python.)

Sadly, the ephemerals import script has not been made testable and is not tested. I can't even run it locally. We'll have to see in Q/A whether this really fixes the problem.

Jeroen

To post a comment you must log in.
Revision history for this message
Gavin Panella (allenap) wrote :

Nice.

review: Approve
Revision history for this message
Scott Moser (smoser) wrote :

I really think you fixed this in the wrong place.

 install_tftp_image "$wd" "$r_arch" "generic" "$r_release"

is what is called to "take this directory and install it to tftp".

it is *that* program that should take care to make sure it is consumable.
Not the caller.

Revision history for this message
Scott Moser (smoser) wrote :

Yeah.
This patch is wrong.
You should not globally change umask, which changes programs invoked by this program also.

Additionally, your change to umask is not even necessary as
 a.) mktemp is going to still do the right thing and make temporary directories with secure permissions
     $ sh -c 'umask a+r; d=$(mktemp -d); ls -ld $d; rmdir $d;'
     drwx------ 2 smoser smoser 4096 Aug 31 10:00 /tmp/tmp.Ez8zyx2rh9

 b.) you're doing a 'chmod -R' there anyway to open up permissions.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'scripts/maas-import-ephemerals'
2--- scripts/maas-import-ephemerals 2012-08-15 12:54:49 +0000
3+++ scripts/maas-import-ephemerals 2012-08-30 06:22:19 +0000
4@@ -295,10 +295,6 @@
5 cp -- "$src/$filename" "$tmpdir/"
6 done
7
8- # All files we create here are public. The TFTP user will need to be
9- # able to read them.
10- umask a+r
11-
12 debug 1 "maas-provision install-pxe-image --arch=$arch --subarch=$subarch --release=$release --purpose=commissioning --image=$tmpdir"
13 maas-provision install-pxe-image \
14 --arch=$arch --subarch=$subarch --release=$release \
15@@ -346,6 +342,12 @@
16 EOF
17 fi
18
19+
20+# All files we create here are public. The TFTP user will need to be
21+# able to read them.
22+umask a+r
23+
24+
25 updates=0
26 for release in $RELEASES; do
27 for arch in $ARCHES; do
28@@ -372,6 +374,7 @@
29 "$r_serial" "$r_arch" "$r_url" "$r_name" ||
30 fail "failed to prepare image for $release/$arch"
31
32+ chmod -R a+rX "$wd"
33 install_tftp_image "$wd" "$r_arch" "generic" "$r_release"
34
35 target_name="${TARGET_NAME_PREFIX}${r_name}"