ubuntuone-credentials

Merge lp:~mardy/ubuntuone-credentials/lp1376445-migration into lp:ubuntuone-credentials/rtm-14.09

  1. lp1376445-migration
  2. Merge into rtm-14.09
Proposed by David Barth
Status: Rejected
Rejected by: dobey
Proposed branch: lp:~mardy/ubuntuone-credentials/lp1376445-migration
Merge into: lp:ubuntuone-credentials/rtm-14.09
Diff against target: 75 lines (+34/-1)
4 files modified
acl-updater/acl-updater (+29/-0)
debian/control (+3/-0)
debian/libubuntuoneauth-2.0-0.migrations (+1/-0)
debian/rules (+1/-1)
To merge this branch: bzr merge lp:~mardy/ubuntuone-credentials/lp1376445-migration
Reviewer Review Type Date Requested Status
PS Jenkins bot continuous-integration Approve
dobey (community) Disapprove
Review via email: mp+251235@code.launchpad.net

Commit message

Upgrades the ACL of U1 accounts registered in the Online Accounts database.
Add dependencies on sqlite3 and account-plugin-tools for migration script.

Description of the change

This branch upgrades the ACL of u1 accounts registered in the Online Accounts database. This avoids the bug where older accounts are removed by the u1 code to force their re-creation.

This is an old merge proposal, but I feel this would solve the problem in a more consistent way for users upgrading from old to newer releases.

To post a comment you must log in.
Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

PASSED: Continuous integration, rev:163
http://jenkins.qa.ubuntu.com/job/ubuntuone-credentials-rtm-14.09-ci/6/
Executed test runs:
    SUCCESS: http://jenkins.qa.ubuntu.com/job/ubuntuone-credentials-rtm-14.09-14.09-armhf-ci/3
        deb: http://jenkins.qa.ubuntu.com/job/ubuntuone-credentials-rtm-14.09-14.09-armhf-ci/3/artifact/work/output/*zip*/output.zip

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/ubuntuone-credentials-rtm-14.09-ci/6/rebuild

review: Approve (continuous-integration)
Revision history for this message
dobey (dobey) wrote :

This will break multi-arch support in the packages, as this "script" is a compiled binary and not actually an architecture-independent script.

From dh_migrations man page:

       debian/package.migrations
           List the files and migration scripts to install into each package.
           The format is a set of lines, where each line lists a script file
           to install into into usr/share/session-migration/scripts in the
           package build directory.

           The name of the files (or directories) to install should be given
           relative to the current directory.

I'm also not confident that this will even work. If I understand how the ACL works, this program won't work, as it will be running unconfined, and unconfined will not yet be in the ACL. So when it tries to access the identity info, the request will be denied, meaning it won't be able to add anything to the ACL. And if this does actually work when the program is not in the ACL, and signon-apparmor-extension is installed, would it not be better to just integrate this into the normal code flow, rather than as an external migration script?

review: Disapprove
Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

PASSED: Continuous integration, rev:165
http://jenkins.qa.ubuntu.com/job/ubuntuone-credentials-rtm-14.09-ci/7/
Executed test runs:
    SUCCESS: http://jenkins.qa.ubuntu.com/job/ubuntuone-credentials-rtm-14.09-14.09-armhf-ci/4
        deb: http://jenkins.qa.ubuntu.com/job/ubuntuone-credentials-rtm-14.09-14.09-armhf-ci/4/artifact/work/output/*zip*/output.zip

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/ubuntuone-credentials-rtm-14.09-ci/7/rebuild

review: Approve (continuous-integration)
Revision history for this message
dobey (dobey) wrote :

Please add dependencies on sqlite3 and account-plugin-tools to the libubuntuoneauth-2.0-0 package in debian/control.

Also, please submit an MP with these same changes to trunk, so we can land this in Vivid as well.

review: Needs Fixing
Revision history for this message
dobey (dobey) :
review: Approve
Revision history for this message
dobey (dobey) :
review: Needs Fixing
Revision history for this message
dobey (dobey) wrote :

replaced by https://code.launchpad.net/~dbarth/ubuntuone-credentials/acl-updater-script/+merge/252346

review: Disapprove
Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

PASSED: Continuous integration, rev:167
http://jenkins.qa.ubuntu.com/job/ubuntuone-credentials-rtm-14.09-ci/8/
Executed test runs:
    SUCCESS: http://jenkins.qa.ubuntu.com/job/ubuntuone-credentials-rtm-14.09-14.09-armhf-ci/5
        deb: http://jenkins.qa.ubuntu.com/job/ubuntuone-credentials-rtm-14.09-14.09-armhf-ci/5/artifact/work/output/*zip*/output.zip

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/ubuntuone-credentials-rtm-14.09-ci/8/rebuild

review: Approve (continuous-integration)

Unmerged revisions

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== added directory 'acl-updater'
2=== added file 'acl-updater/acl-updater'
3--- acl-updater/acl-updater 1970-01-01 00:00:00 +0000
4+++ acl-updater/acl-updater 2015-03-09 15:09:06 +0000
5@@ -0,0 +1,29 @@
6+#!/bin/sh
7+#
8+
9+export LC_ALL=C
10+SIGNON_DB="$HOME/.config/signond/signon.db"
11+
12+ACCOUNT_ID=`account-console list | grep -i ubuntuone | grep -o '[0-9]\+'`
13+if [ -z $ACCOUNT_ID ]; then
14+ echo "no U1 account found; exiting"
15+ exit 1
16+fi
17+CREDS_ID=`account-console show $ACCOUNT_ID | grep CredentialsId | grep -o '[0-9]\+'`
18+if [ -z $CREDS_ID ]; then
19+ echo "no U1 account found; exiting"
20+ exit 1
21+fi
22+
23+echo "Upgrading ACL for U1 account (id:$CREDS_ID)"
24+
25+# ensure the 'unconfined' element exists in the table
26+UNCONFINED=`sqlite3 $SIGNON_DB 'select id from TOKENS where token="unconfined"'`
27+if [ -z $UNCONFINED ]; then
28+ sqlite3 $SIGNON_DB 'insert or ignore into TOKENS(token) values ("unconfined")'
29+fi
30+
31+# add the ACL to protect the U1 account
32+sqlite3 $SIGNON_DB "insert or ignore into ACL (identity_id, token_id) values ($CREDS_ID, (select id from TOKENS where token='unconfined'))"
33+
34+echo "done"
35
36=== modified file 'debian/control'
37--- debian/control 2014-08-20 14:33:41 +0000
38+++ debian/control 2015-03-09 15:09:06 +0000
39@@ -4,6 +4,7 @@
40 Build-Depends:
41 cmake,
42 debhelper (>= 9),
43+ dh-migrations,
44 libaccounts-qt5-dev,
45 liboauth-dev,
46 libsignon-qt5-dev,
47@@ -70,7 +71,9 @@
48 multiarch-support,
49 ${misc:Pre-Depends},
50 Depends:
51+ account-plugin-tools,
52 signon-plugin-password,
53+ sqlite3,
54 ubuntuone-credentials-common (= ${source:Version}),
55 ${misc:Depends},
56 ${shlibs:Depends},
57
58=== added file 'debian/libubuntuoneauth-2.0-0.migrations'
59--- debian/libubuntuoneauth-2.0-0.migrations 1970-01-01 00:00:00 +0000
60+++ debian/libubuntuoneauth-2.0-0.migrations 2015-03-09 15:09:06 +0000
61@@ -0,0 +1,1 @@
62+obj-*/acl-updater/acl-updater
63
64=== modified file 'debian/rules'
65--- debian/rules 2014-07-24 14:12:32 +0000
66+++ debian/rules 2015-03-09 15:09:06 +0000
67@@ -7,7 +7,7 @@
68
69
70 %:
71- dh $@ --buildsystem cmake --fail-missing
72+ dh $@ --buildsystem cmake --fail-missing --with migrations
73
74 override_dh_auto_configure:
75 dh_auto_configure -- -DLIB_SUFFIX=/$(DEB_HOST_MULTIARCH)

Subscribers

People subscribed via source and target branches