MAAS

Merge lp:~jtv/maas/pkg-bug-1060095 into lp:~maas-maintainers/maas/packaging

  1. pkg-bug-1060095
  2. Merge into packaging
Proposed by Jeroen T. Vermeulen on 2012-10-02
Status: Merged
Approved by: Jeroen T. Vermeulen on 2012-10-02
Approved revision: 113
Merged at revision: 112
Proposed branch: lp:~jtv/maas/pkg-bug-1060095
Merge into: lp:~maas-maintainers/maas/packaging
Diff against target: 21 lines (+7/-3)
1 file modified
debian/maas-region-controller.postinst (+7/-3)
To merge this branch: bzr merge lp:~jtv/maas/pkg-bug-1060095
Reviewer Review Type Date Requested Status
Gavin Panella (community) 2012-10-02 Approve on 2012-10-02
Review via email: mp+127451@code.launchpad.net

This proposal supersedes a proposal from 2012-10-02.

Commit Message

Make maas_local_settings readable only to root & maas.

Description of the Change

As discussed with Raphael. This file should be private. Only the installation process has legitimate reason to write to it, and root aside, only maas has a legitimate reason to read from it.

Jeroen

To post a comment you must log in.
lp:~jtv/maas/pkg-bug-1060095 updated on 2012-10-02
113. By Jeroen T. Vermeulen on 2012-10-02

Review fix.

Gavin Panella (allenap) :
review: Approve
John A Meinel (jameinel) wrote : Posted in a previous version of this proposal

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/2/2012 2:26 PM, Jeroen T. Vermeulen wrote:
> Jeroen T. Vermeulen has proposed merging
> lp:~jtv/maas/pkg-bug-1060095 into lp:maas.
>
> Commit message: Make maas_local_settings readable only to root &
> maas.
>
> Requested reviews: Launchpad code reviewers (launchpad-reviewers)
> Related bugs: Bug #1060095 in MAAS: "Database password in
> maas_local_settings.py is world-readable"
> https://bugs.launchpad.net/maas/+bug/1060095
>
> For more details, see:
> https://code.launchpad.net/~jtv/maas/pkg-bug-1060095/+merge/127450
>
> As discussed with Raphael. This file should be private. Only the
> installation process has legitimate reason to write to it, and root
> aside, only maas has a legitimate reason to read from it.
>
>
> Jeroen
>

You are still targetting 'lp:maas' but with a branch that has the
debian/ directory. I think you mean ubuntu:maas or something along
those lines.

 review: needsfixing

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (Cygwin)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlBrDLwACgkQJdeBCYSNAAM2zQCeM9LHhteNn0QuvAUJhcL/Oulz
f6EAn3exBhbbu7eRUUPwLFl/Jf9rX+E2
=MM0V
-----END PGP SIGNATURE-----

review: Needs Fixing
Jeroen T. Vermeulen (jtv) wrote : Posted in a previous version of this proposal

It's a packaging branch. I *always* forget to set the target branch on my packaging MPs.

Note how this MP says it's "superseded" by an MP with a corrected target. That means that there's no point in looking at it at all.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'debian/maas-region-controller.postinst'
2--- debian/maas-region-controller.postinst 2012-10-01 10:35:56 +0000
3+++ debian/maas-region-controller.postinst 2012-10-02 11:03:19 +0000
4@@ -137,10 +137,14 @@
5 mkdir -p /var/lib/maas/media/storage
6 chown -R maas:maas /var/lib/maas/
7
8- # Local celery config may contain credentials, so should be readable
9+ # Config will contain credentials, so should be readable
10 # by the application but nobody else.
11- chown root:maas /etc/maas/maas_local_celeryconfig.py
12- chmod 0640 /etc/maas/maas_local_celeryconfig.py
13+ chown root:maas \
14+ /etc/maas/maas_local_celeryconfig.py \
15+ /etc/maas/maas_local_settings.py
16+ chmod 0640 \
17+ /etc/maas/maas_local_celeryconfig.py \
18+ /etc/maas/maas_local_settings.py
19
20 #########################################################
21 ################ Configure Apache2 ####################

Subscribers

People subscribed via source and target branches