"sudo maas-import-ephemerals" steps on ~/.gnupg/pubring.gpg
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
MAAS |
Fix Released
|
High
|
Jeroen T. Vermeulen | ||
simplestreams |
Confirmed
|
Low
|
Unassigned |
Bug Description
Discovered on maas 1.4+bzr1693+
Steps to reproduce:
1. rm -Rf ~/.gnupg
2. cat > gen-key <<EOT
Key-Type: RSA
Key-Length: 1024
Name-Real: Test User
Name-Email: <email address hidden>
EOT
3. gpg --gen-key --batch gen-key
4. Create a simplestreams source in ~/streams. I presume this bug will reproduce without this though this is what I'm doing.
5. Observe that "ls -l ~/.gnupg" produces something like:
total 28
-rw------- 1 ubuntu ubuntu 9398 Nov 12 04:38 gpg.conf
-rw------- 1 ubuntu ubuntu 363 Nov 12 04:38 pubring.gpg
-rw------- 1 ubuntu ubuntu 0 Nov 12 04:38 pubring.gpg~
-rw------- 1 ubuntu ubuntu 600 Nov 12 04:38 random_seed
-rw------- 1 ubuntu ubuntu 695 Nov 12 04:38 secring.gpg
-rw------- 1 ubuntu ubuntu 1240 Nov 12 04:38 trustdb.gpg
6. Run "sudo maas-import-
Expected results: the same contents in ~/.gnupg.
Actual results:
"ls -l ~/.gnupg" now gives me:
total 32
-rw------- 1 ubuntu ubuntu 9398 Nov 12 04:38 gpg.conf
-rw------- 1 root root 363 Nov 12 04:39 pubring.gpg
-rw------- 1 ubuntu ubuntu 363 Nov 12 04:38 pubring.gpg~
-rw------- 1 ubuntu ubuntu 600 Nov 12 04:38 random_seed
-rw------- 1 ubuntu ubuntu 695 Nov 12 04:38 secring.gpg
-rw------- 1 ubuntu ubuntu 1280 Nov 12 04:39 trustdb.gpg
Why has root taken over my pubring.gpg? This stops future gpg calls as the normal user from working.
I accept that running "sudo" doesn't reset HOME, so one might expect it to hit the normal user's stuff for some tasks. But running "sudo maas-import-
Related branches
- Graham Binns (community): Approve
-
Diff: 101 lines (+53/-1)2 files modifiedsrc/provisioningserver/tests/test_upgrade_cluster.py (+43/-1)
src/provisioningserver/upgrade_cluster.py (+10/-0)
Changed in maas: | |
importance: | Critical → High |
Changed in maas: | |
assignee: | nobody → Jeroen T. Vermeulen (jtv) |
status: | Triaged → Fix Committed |
Changed in maas: | |
status: | Fix Committed → Fix Released |
Urgh, nasty. Ideally, this script should be dropping root privs for everything it doesn't need anyway.