Merge ~rodrigo-barbieri2010/ubuntu/+source/nova:bug/1904580 into ~ubuntu-openstack-dev/ubuntu/+source/nova:master

Proposed by Rodrigo Barbieri
Status: Merged
Merged at revision: 655b04243c5fd7e6dc32bb722b0242c4efbb65e7
Proposed branch: ~rodrigo-barbieri2010/ubuntu/+source/nova:bug/1904580
Merge into: ~ubuntu-openstack-dev/ubuntu/+source/nova:master
Diff against target: 29 lines (+9/-1)
2 files modified
debian/changelog (+7/-0)
debian/nova-common.postinst (+2/-1)
Reviewer Review Type Date Requested Status
Corey Bryant Pending
Review via email: mp+422028@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Corey Bryant (corey.bryant) wrote :

This looks good, thanks for the fix. I'm going to merge and test before backporting to other releases. I've also added the following comment above the find command to clarify why we aren't changing the mode of /var/lib/nova/.ssh/*:

# NOTE: /var/lib/nova/.ssh/ and its files aren't created by the package,
# therefore don't change their mode.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index 46a5759..29ef008 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,10 @@
6+nova (3:25.0.0-0ubuntu2) UNRELEASED; urgency=medium
7+
8+ * d/nova-common.postinst: Don't change file permissions under
9+ /var/lib/nova/.ssh (LP: #1904580).
10+
11+ -- Felipe Reyes <felipe.reyes@canonical.com> Fri, 6 May 2022 17:03:39 -0300
12+
13 nova (3:25.0.0-0ubuntu1) jammy; urgency=medium
14
15 * d/watch: Scope to 25.x series
16diff --git a/debian/nova-common.postinst b/debian/nova-common.postinst
17index 54abb23..c0943e3 100644
18--- a/debian/nova-common.postinst
19+++ b/debian/nova-common.postinst
20@@ -35,7 +35,8 @@ if [ "$1" = "configure" ]; then
21
22 # NOTE: file ownership changes from nova -> libvirt-qemu -> root
23 # as part of VM lifecycle so 0750 and 0640 are not suitable.
24- find /var/lib/nova -type f -exec chmod 0644 "{}" + -o -type d -exec chmod 0755 "{}" +
25+ find /var/lib/nova -type f -not -wholename '/var/lib/nova/.ssh/*' -exec chmod 0644 "{}" \
26+ + -o -type d -not -wholename '/var/lib/nova/.ssh' -exec chmod 0755 "{}" +
27 # NOTE: console.log files are always owned by root due to the way
28 # they get written to disk with limited permissions
29 find /var/lib/nova -name "console.log" -exec chmod 0600 "{}" +

Subscribers

People subscribed via source and target branches