Code review comment for ~litios/ubuntu-security-tools:build-sources-list/use-auth-conf

Revision history for this message
David Fernandez Gonzalez (litios) wrote (last edit ):

Hi everyone, thanks for the reviews.
I've made several changes based on the feedback:

----

> 1) Have the new esm-auth-conf script simply output the right auth configuration.

  - Updated!

> 2) Have build-sources-list.install run both build-sources-list and esm-auth-conf and then install both source list and auth file. Maybe also rename it to something like setup-sources-list.

  - Related to 1), now the installation is handled by setup-sources-list.install.

> 3) One comment I'd also make is that when I thought about doing this, my intent was to create an auth.conf.d file per ppa.

  - Applied too! This was an interesting combination with 2) so the bash to do so is not the easiest. It works though. One thing is that I'm using the auth.conf.d itself with a sudo tmp directory so everything stays "secure" and no race condition is present.

----

I did not rename the script to setup-esm-auth-conf as I think the word `setup` means we are actually installing something (as the other script called setup-sources-list)

In regards to:

> 3) Remove sudo from build-sources-list.install, let it produce an error if it is not run with sudo

I agree we can have a discussion for this but it seems like an issue for another PR. We need the -updates set up ASAP for OVAL and I feel like also dealing with the sudo issue in this PR may things take longer for this particular change.

In regards to:

> As to blatting over the existing one, I'm not sure the ppa
subscription credentials ever change -- maybe if you unsubscribe and
then resubscribe to the ppa -- but if they did, I'd want to think
carefully about what situations the existing file should or should
not get overwritten.

If it doesn't change, overriding it wouldn't make a difference. If it does change, that means the old credentials are no longer valid (I assume) and therefore there is no use in keeping it, overriding makes sense to me for that particular case.

Let me know of any improvements!

« Back to merge proposal