ubuntuone-credentials

Merge lp:~mardy/ubuntuone-credentials/lp1376445-migration into lp:ubuntuone-credentials

  1. lp1376445-migration
  2. Merge into trunk
Proposed by Alberto Mardegan
Status: Rejected
Rejected by: dobey
Proposed branch: lp:~mardy/ubuntuone-credentials/lp1376445-migration
Merge into: lp:ubuntuone-credentials
Diff against target: 219 lines (+165/-1)
7 files modified
CMakeLists.txt (+1/-0)
acl-updater/CMakeLists.txt (+19/-0)
acl-updater/acl-updater.cpp (+94/-0)
acl-updater/acl-updater.h (+48/-0)
debian/control (+1/-0)
debian/libubuntuoneauth-2.0-0.migrations (+1/-0)
debian/rules (+1/-1)
To merge this branch: bzr merge lp:~mardy/ubuntuone-credentials/lp1376445-migration
Reviewer Review Type Date Requested Status
dobey (community) Disapprove
PS Jenkins bot continuous-integration Approve
Review via email: mp+246553@code.launchpad.net

Commit message

Update the ACL of the U1 account in a session migration script

Description of the change

Update the ACL of the U1 account in a session migration script

We use the session-migration facility to update the ACL of the user's U1 account. The script looks for the U1 account, and adds the "unconfined" token to the ACL if it's not already there.

I tested this on my desktop, and it seems to work fine.

It works with the signon-apparmor-extension installed.

To post a comment you must log in.
Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

PASSED: Continuous integration, rev:163
http://jenkins.qa.ubuntu.com/job/ubuntuone-credentials-ci/114/
Executed test runs:
    SUCCESS: http://jenkins.qa.ubuntu.com/job/ubuntuone-credentials-vivid-amd64-ci/2
    SUCCESS: http://jenkins.qa.ubuntu.com/job/ubuntuone-credentials-vivid-armhf-ci/2
        deb: http://jenkins.qa.ubuntu.com/job/ubuntuone-credentials-vivid-armhf-ci/2/artifact/work/output/*zip*/output.zip
    SUCCESS: http://jenkins.qa.ubuntu.com/job/ubuntuone-credentials-vivid-i386-ci/2

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/ubuntuone-credentials-ci/114/rebuild

review: Approve (continuous-integration)
Revision history for this message
dobey (dobey) wrote :

I'm going to disapprove this. The code itself looks ok, but I think a migration script is a bit much to add here. It's more untested code, and more complexity. I don't think we should add it.

After poking at the code a little more, I've raise bug #1282392 to critical, as it is a big source of problems related to the signon-apparmor-extension addition. I will fix it today, and ping to get an approval for it in the next RTM milestone as well. With it fixed, I think we can then just treat the account as invalid, and send the user through the log-in process again, which, combined with the fix to add "unconfined" to the ACL, should be sufficient for migration.

review: Disapprove

Unmerged revisions

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'CMakeLists.txt'
2--- CMakeLists.txt 2014-08-11 15:14:54 +0000
3+++ CMakeLists.txt 2015-01-15 11:37:05 +0000
4@@ -52,6 +52,7 @@
5 add_subdirectory(signon-plugin)
6 add_subdirectory(qml-credentials-service)
7 add_subdirectory(online-accounts-provider)
8+add_subdirectory(acl-updater)
9 add_subdirectory(po)
10
11 # We need to add these here which simply depend on other test rules, as
12
13=== added directory 'acl-updater'
14=== added file 'acl-updater/CMakeLists.txt'
15--- acl-updater/CMakeLists.txt 1970-01-01 00:00:00 +0000
16+++ acl-updater/CMakeLists.txt 2015-01-15 11:37:05 +0000
17@@ -0,0 +1,19 @@
18+# Qt5 bits
19+SET (CMAKE_INCLUDE_CURRENT_DIR ON)
20+SET (CMAKE_AUTOMOC ON)
21+find_package(Qt5Core REQUIRED)
22+
23+# The sources for building the library
24+FILE (GLOB SOURCES *.cpp)
25+# HEADERS only includes the public headers for installation.
26+FILE (GLOB HEADERS *.h)
27+
28+SET (ACL_UPDATER acl-updater)
29+
30+add_executable (${ACL_UPDATER} ${SOURCES})
31+qt5_use_modules (${ACL_UPDATER} Core)
32+target_link_libraries (${ACL_UPDATER}
33+ ${LIBSIGNON_LDFLAGS}
34+)
35+
36+# We don't install this; dh-migrations will pick it up from the build dir.
37
38=== added file 'acl-updater/acl-updater.cpp'
39--- acl-updater/acl-updater.cpp 1970-01-01 00:00:00 +0000
40+++ acl-updater/acl-updater.cpp 2015-01-15 11:37:05 +0000
41@@ -0,0 +1,94 @@
42+/*
43+ * Copyright 2015 Canonical Ltd.
44+ *
45+ * This program is free software; you can redistribute it and/or
46+ * modify it under the terms of version 3 of the GNU Lesser General Public
47+ * License as published by the Free Software Foundation.
48+ *
49+ * This program is distributed in the hope that it will be useful,
50+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
51+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
52+ * General Public License for more details.
53+ *
54+ * You should have received a copy of the GNU Lesser General Public
55+ * License along with this library; if not, write to the
56+ * Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
57+ * Boston, MA 02110-1301, USA.
58+ */
59+
60+#include <Accounts/Account>
61+#include <Accounts/Manager>
62+
63+#include <QCoreApplication>
64+#include <QDebug>
65+
66+#include <SignOn/Identity>
67+#include <SignOn/IdentityInfo>
68+
69+#include "acl-updater.h"
70+
71+AclUpdater::AclUpdater(quint32 credentialsId, QObject *parent):
72+ QObject(parent),
73+ identity(0)
74+{
75+ qDebug() << "Loading identity" << credentialsId;
76+
77+ identity = SignOn::Identity::existingIdentity(credentialsId, this);
78+ QObject::connect(identity, SIGNAL(info(const SignOn::IdentityInfo&)),
79+ this, SLOT(onInfoReady(const SignOn::IdentityInfo&)));
80+ QObject::connect(identity, SIGNAL(error(const SignOn::Error&)),
81+ this, SLOT(onError(const SignOn::Error&)));
82+ identity->queryInfo();
83+}
84+
85+void AclUpdater::onInfoReady(const SignOn::IdentityInfo &info)
86+{
87+ QStringList currentAcl = info.accessControlList();
88+ QString unconfined = QStringLiteral("unconfined");
89+
90+ if (currentAcl.contains(unconfined)) {
91+ // nothing to do
92+ qDebug() << "ACL already contains 'unconfined'";
93+ Q_EMIT finished();
94+ return;
95+ }
96+
97+ qDebug() << "Updating identity";
98+ SignOn::IdentityInfo updatedInfo(info);
99+ updatedInfo.setAccessControlList(currentAcl << unconfined);
100+
101+ QObject::connect(identity, SIGNAL(credentialsStored(const quint32)),
102+ this, SIGNAL(finished()));
103+ identity->storeCredentials(updatedInfo);
104+}
105+
106+void AclUpdater::onError(const SignOn::Error &error)
107+{
108+ qWarning() << "Error updating identity" << identity->id() <<
109+ ":" << error.message();
110+ Q_EMIT finished();
111+}
112+
113+int main(int argc, char **argv)
114+{
115+ QCoreApplication app(argc, argv);
116+
117+ Accounts::Manager manager;
118+ AclUpdater *updater = 0;
119+
120+ Q_FOREACH(Accounts::AccountId accountId, manager.accountList()) {
121+ Accounts::Account *account = manager.account(accountId);
122+ if (account->providerName() == QStringLiteral("ubuntuone")) {
123+ updater = new AclUpdater(account->credentialsId());
124+ break;
125+ }
126+ }
127+
128+ if (updater) {
129+ QObject::connect(updater, SIGNAL(finished()),
130+ &app, SLOT(quit()));
131+ return app.exec();
132+ } else {
133+ return EXIT_SUCCESS;
134+ }
135+}
136
137=== added file 'acl-updater/acl-updater.h'
138--- acl-updater/acl-updater.h 1970-01-01 00:00:00 +0000
139+++ acl-updater/acl-updater.h 2015-01-15 11:37:05 +0000
140@@ -0,0 +1,48 @@
141+/*
142+ * Copyright 2015 Canonical Ltd.
143+ *
144+ * This program is free software; you can redistribute it and/or
145+ * modify it under the terms of version 3 of the GNU Lesser General Public
146+ * License as published by the Free Software Foundation.
147+ *
148+ * This program is distributed in the hope that it will be useful,
149+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
150+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
151+ * General Public License for more details.
152+ *
153+ * You should have received a copy of the GNU Lesser General Public
154+ * License along with this library; if not, write to the
155+ * Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
156+ * Boston, MA 02110-1301, USA.
157+ */
158+
159+#ifndef _ACL_UPDATER_H_
160+#define _ACL_UPDATER_H_
161+
162+#include <QObject>
163+
164+namespace SignOn {
165+ class Error;
166+ class Identity;
167+ class IdentityInfo;
168+};
169+
170+class AclUpdater : public QObject
171+{
172+ Q_OBJECT
173+
174+public:
175+ AclUpdater(quint32 credentialsId, QObject *parent = 0);
176+
177+Q_SIGNALS:
178+ void finished();
179+
180+private Q_SLOTS:
181+ void onInfoReady(const SignOn::IdentityInfo &info);
182+ void onError(const SignOn::Error &error);
183+
184+private:
185+ SignOn::Identity *identity;
186+};
187+
188+#endif // _ACL_UPDATER_H_
189
190=== modified file 'debian/control'
191--- debian/control 2014-08-20 14:33:41 +0000
192+++ debian/control 2015-01-15 11:37:05 +0000
193@@ -4,6 +4,7 @@
194 Build-Depends:
195 cmake,
196 debhelper (>= 9),
197+ dh-migrations,
198 libaccounts-qt5-dev,
199 liboauth-dev,
200 libsignon-qt5-dev,
201
202=== added file 'debian/libubuntuoneauth-2.0-0.migrations'
203--- debian/libubuntuoneauth-2.0-0.migrations 1970-01-01 00:00:00 +0000
204+++ debian/libubuntuoneauth-2.0-0.migrations 2015-01-15 11:37:05 +0000
205@@ -0,0 +1,1 @@
206+obj-*/acl-updater/acl-updater
207
208=== modified file 'debian/rules'
209--- debian/rules 2014-07-24 14:12:32 +0000
210+++ debian/rules 2015-01-15 11:37:05 +0000
211@@ -7,7 +7,7 @@
212
213
214 %:
215- dh $@ --buildsystem cmake --fail-missing
216+ dh $@ --buildsystem cmake --fail-missing --with migrations
217
218 override_dh_auto_configure:
219 dh_auto_configure -- -DLIB_SUFFIX=/$(DEB_HOST_MULTIARCH)

Subscribers

People subscribed via source and target branches