Landscape Client

Merge lp:~therve/landscape-client/config-permissions into lp:~landscape/landscape-client/trunk

  1. config-permissions
  2. Merge into trunk
Proposed by Thomas Herve
Status: Merged
Approved by: Alberto Donato
Approved revision: 586
Merged at revision: 586
Proposed branch: lp:~therve/landscape-client/config-permissions
Merge into: lp:~landscape/landscape-client/trunk
Diff against target: 48 lines (+16/-0)
3 files modified
debian/landscape-client.postinst (+1/-0)
landscape/deployment.py (+3/-0)
landscape/tests/test_deployment.py (+12/-0)
To merge this branch: bzr merge lp:~therve/landscape-client/config-permissions
Reviewer Review Type Date Requested Status
Alberto Donato (community) Approve
Geoff Teale (community) Approve
Review via email: mp+129616@code.launchpad.net

Description of the change

The branch adds a chown call in the postinst for safety, and complains if we try to start the client with a config file that the landscape user can't read. In trunk it succeeds and use default values, which is less than useful. Maybe it should also fail if the config is not enough to run (ie can't register?), but I think it's enough for now.

To post a comment you must log in.
Revision history for this message
Geoff Teale (tealeg) wrote :

+1 All good.

review: Approve
Revision history for this message
Alberto Donato (ack) wrote :

Looks good, +1!

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'debian/landscape-client.postinst'
2--- debian/landscape-client.postinst 2012-05-16 20:59:14 +0000
3+++ debian/landscape-client.postinst 2012-10-15 08:20:24 +0000
4@@ -82,6 +82,7 @@
5 else
6 # Fix non-private permissions
7 chmod 0600 $CONFIG_FILE
8+ chown landscape $CONFIG_FILE
9 fi
10
11 # old monolithic clients have a single persist data file and a single
12
13=== modified file 'landscape/deployment.py'
14--- landscape/deployment.py 2012-09-20 08:49:50 +0000
15+++ landscape/deployment.py 2012-10-15 08:20:24 +0000
16@@ -144,6 +144,9 @@
17 # Parse configuration file, if found.
18 if self.config:
19 if os.path.isfile(self.config):
20+ if not os.access(self.config, os.R_OK):
21+ sys.exit(
22+ "error: config file %s can't be read" % self.config)
23 self.load_configuration_file(self.config)
24 elif not accept_nonexistent_config:
25 sys.exit("error: file not found: %s" % self.config)
26
27=== modified file 'landscape/tests/test_deployment.py'
28--- landscape/tests/test_deployment.py 2012-09-14 07:05:37 +0000
29+++ landscape/tests/test_deployment.py 2012-10-15 08:20:24 +0000
30@@ -297,6 +297,18 @@
31 self.config.reload()
32 self.assertEqual(self.config.hello, "world2")
33
34+ def test_load_cant_read(self):
35+ """
36+ C{config.load} exits the process if the specific config file can't be
37+ read because of permission reasons.
38+ """
39+ filename = self.makeFile("[client]\nhello = world1\n")
40+ os.chmod(filename, 0)
41+ error = self.assertRaises(
42+ SystemExit, self.config.load, ["--config", filename])
43+ self.assertEqual("error: config file %s can't be read" % filename,
44+ str(error))
45+
46 def test_data_directory_option(self):
47 """Ensure options.data_path option can be read by parse_args."""
48 options = self.parser.parse_args(["--data-path",

Subscribers

People subscribed via source and target branches

to all changes: