OpenStack Heat

Merge lp:~zulcss/heat/heat-mir into lp:~ubuntu-server-dev/heat/icehouse

  1. heat-mir
  2. Merge into icehouse
Proposed by Chuck Short
Status: Merged
Merged at revision: 48
Proposed branch: lp:~zulcss/heat/heat-mir
Merge into: lp:~ubuntu-server-dev/heat/icehouse
Diff against target: 82 lines (+31/-3)
5 files modified
debian/changelog (+12/-0)
debian/control (+0/-2)
debian/heat-common.postinst (+1/-1)
debian/patches/series (+1/-0)
debian/patches/suders_patch.patch (+17/-0)
To merge this branch: bzr merge lp:~zulcss/heat/heat-mir
Reviewer Review Type Date Requested Status
James Page Approve
Review via email: mp+215494@code.launchpad.net

Description of the change

Changes based on security team feedback.

To post a comment you must log in.
lp:~zulcss/heat/heat-mir updated
47. By Chuck Short

* Fix up packaging based on Ubuntu Security Team review (LP: #1267557):
  - debian/control: Drop python-sendfile since it is no longer
  - debian/heat-common.install: Correct permissions of /etc/heat.
  - debian/patches/suders_patch.patch: Change the directory location

Revision history for this message
James Page (james-page) wrote :

78 ++echo -e '%s\tALL=(ALL)\tNOPASSWD: ALL' >> /etc/sudoers.d/heat-instnace-%s
79 ++""" % (instance_user, instance_user,instance_user)

instnace -> instance

Other than that +1

review: Approve
lp:~zulcss/heat/heat-mir updated
48. By Chuck Short

Fix patch

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'debian/changelog'
2--- debian/changelog 2014-04-10 14:02:50 +0000
3+++ debian/changelog 2014-04-14 13:28:06 +0000
4@@ -1,3 +1,15 @@
5+heat (2014.1~rc2-0ubuntu2) UNRELEASED; urgency=medium
6+
7+ * Fix up packaging based on Ubuntu Security Team review (LP: #1267557):
8+ - debian/control: Drop python-sendfile since it is no longer
9+ needed.
10+ - debian/heat-common.install: Correct permissions of /etc/heat.
11+ - debian/patches/suders_patch.patch: Change the directory location
12+ for the sudoers so that it users the standard /etc/sudoers.d
13+ directory.
14+
15+ -- Chuck Short <zulcss@ubuntu.com> Fri, 11 Apr 2014 15:25:44 -0400
16+
17 heat (2014.1~rc2-0ubuntu1) trusty; urgency=medium
18
19 * New upstream release candidate (LP: #1299055).
20
21=== modified file 'debian/control'
22--- debian/control 2014-03-23 14:04:49 +0000
23+++ debian/control 2014-04-14 13:28:06 +0000
24@@ -43,7 +43,6 @@
25 python-paste,
26 python-pastedeploy,
27 python-routes,
28- python-sendfile,
29 python-setuptools,
30 python-six,
31 python-sphinx,
32@@ -88,7 +87,6 @@
33 python-paste,
34 python-pastedeploy,
35 python-routes,
36- python-sendfile,
37 python-setuptools,
38 python-six,
39 python-sqlalchemy (>= 0.7.8),
40
41=== modified file 'debian/heat-common.postinst'
42--- debian/heat-common.postinst 2013-08-08 13:55:17 +0000
43+++ debian/heat-common.postinst 2014-04-14 13:28:06 +0000
44@@ -11,7 +11,7 @@
45 --shell /bin/false heat
46 fi
47 chown -R heat:adm /var/log/heat
48- chmod 0750 /var/log/heat
49+ chmod 0750 /var/log/heat /etc/nova
50 mkdir -p /etc/heat
51 mkdir -p /var/lib/heat
52 chown heat:heat -R /var/lib/heat /etc/heat
53
54=== modified file 'debian/patches/series'
55--- debian/patches/series 2014-04-10 13:31:46 +0000
56+++ debian/patches/series 2014-04-14 13:28:06 +0000
57@@ -1,2 +1,3 @@
58 default-sqlite.patch
59 fix-requirements.patch
60+suders_patch.patch
61
62=== added file 'debian/patches/suders_patch.patch'
63--- debian/patches/suders_patch.patch 1970-01-01 00:00:00 +0000
64+++ debian/patches/suders_patch.patch 2014-04-14 13:28:06 +0000
65@@ -0,0 +1,17 @@
66+Description: Change sudoers directory to be sudoers.d
67+Author: Chuck Short <zulcss@ubuntu.com>
68+Forwarded: Not needed.
69+diff -Naurp heat-2014.1.rc2.orig/heat/engine/resources/nova_utils.py heat-2014.1.rc2/heat/engine/resources/nova_utils.py
70+--- heat-2014.1.rc2.orig/heat/engine/resources/nova_utils.py 2014-04-10 03:27:34.000000000 -0400
71++++ heat-2014.1.rc2/heat/engine/resources/nova_utils.py 2014-04-11 15:33:08.870985000 -0400
72+@@ -198,8 +198,8 @@ def build_userdata(resource, userdata=No
73+ #
74+ # See bug https://bugs.launchpad.net/heat/+bug/1257410
75+ boothook_custom_user = r"""useradd -m %s
76+-echo -e '%s\tALL=(ALL)\tNOPASSWD: ALL' >> /etc/sudoers
77+-""" % (instance_user, instance_user)
78++echo -e '%s\tALL=(ALL)\tNOPASSWD: ALL' >> /etc/sudoers.d/heat-instacce-%s
79++""" % (instance_user, instance_user,instance_user)
80+ else:
81+ config_custom_user = ''
82+ boothook_custom_user = ''

Subscribers

People subscribed via source and target branches