Launchpad itself

poppy-sftp's signature checking relies on long-term survival of a directory in /tmp

Bug #757248 reported by William Grant
50
This bug affects 14 people
Affects Status Importance Assigned to Milestone
Launchpad itself
Fix Released
Critical
Ian Booth

Bug Description

GPGHandler keeps its GNUPGHOME and gpg.conf in /tmp/gpg-*. This is normally fine, since long-running daemons don't tend to use GPGHandler.

But poppy-sftp does. Once its gpg.conf is old enough, a /tmp pruner will delete it and it will no longer be able to retrieve keys.

Related branches

lp:~wallyworld/launchpad/poppy-sftp-gpgconf
Robert Collins (community): Approve
William Grant: Approve (code*)
Diff: 227 lines (+143/-10)
6 files modified
daemons/poppy-sftp.tac (+4/-0)
lib/canonical/launchpad/interfaces/gpghandler.py (+10/-0)
lib/canonical/launchpad/utilities/ftests/test_gpghandler.py (+33/-9)
lib/canonical/launchpad/utilities/gpghandler.py (+15/-1)
lib/lp/poppy/tests/test_twistedconfigreset.py (+31/-0)
lib/lp/poppy/twistedconfigreset.py (+50/-0)
Revision history for this message
Robert Collins (lifeless) wrote :

sinzui said on the dupe:

Sinzui: Does the fix for this entail preventing reaping or automatic recreation?

lifeless: long term is a code change to either stop using one long gpghandler or put it somewhere else. The problem isn't that its in /tmp, its that its written at daemon startup and untouched for 5 days or 4 days or whatever the reaper config is

/me ponders a hack to touch the file every 12 hours.

I do not see an issue with putting it somewhere else, but I think creating a new gpghandler every n hours is the better way to solve this.

Ian Booth (wallyworld)
Changed in launchpad:
assignee: nobody → Ian Booth (wallyworld)
Revision history for this message
Ian Booth (wallyworld) wrote :

After discussion with Curtis, we decided the best approach was to touch the config directory every 12 hours rather than creating a new handler or new config. This is the lowest risk, least invasive, most robust approach.

Changed in launchpad:
status: Triaged → In Progress
Revision history for this message
Launchpad QA Bot (lpqabot) wrote :

Fixed in stable r12987 <http://bazaar.launchpad.net/~launchpad-pqm/launchpad/stable/revision/12987>.

Changed in launchpad:
milestone: none → 11.05
tags: added: qa-needstesting
Changed in launchpad:
status: In Progress → Fix Committed
Curtis Hovey (sinzui)
Changed in launchpad:
milestone: 11.05 → 11.06
Revision history for this message
William Grant (wgrant) wrote :

An SFTPServer is instantiated for each authenticated SFTP session, so: A) it doesn't touch until the first SFTP user authenticates, despite it being required for FTP, and B) each new session will create the LoopingCall, and they won't be destroyed until the end.

I'm rolling this back. I'd suggest moving the scheduling into poppy-sftp.tac. Apart from that it looks OK.

William Grant (wgrant)
Changed in launchpad:
status: Fix Committed → In Progress
tags: added: bad-commit-12987 qa-bad
removed: qa-needstesting
William Grant (wgrant)
tags: removed: bad-commit-12987 qa-bad
Revision history for this message
Launchpad QA Bot (lpqabot) wrote :

Fixed in stable r13063 <http://bazaar.launchpad.net/~launchpad-pqm/launchpad/stable/revision/13063>.

Changed in launchpad:
milestone: 11.06 → none
tags: added: qa-needstesting
Changed in launchpad:
status: In Progress → Fix Committed
William Grant (wgrant)
tags: added: qa-ok
removed: qa-needstesting
William Grant (wgrant)
Changed in launchpad:
status: Fix Committed → Fix Released
Revision history for this message
Martin Pool (mbp) wrote :

see also bug 882324

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.