Gap between publishing custom uploads and signing them
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Launchpad itself |
Fix Released
|
Critical
|
Celso Providelo |
Bug Description
So, due to how the "security-only" pass works, we get this curious situation:
1) process-accepted runs and publishes dist-upgrader tarballs
2) No security pockets are dirty, so we do nothing
3) Mirrors push
4) A full publisher run is done
5) publish-distro.d is run, dist-upgrader tarball is signed
6) Mirror push a second time
Because of this, there's a (potentially large) gap where the dist-upgrader is published to mirrors but not signed.
Potential fixes for this include:
1) Always run publish-distro.d in the security pass, even if the security pockets weren't dirty and published nothing.
2) Run publish-distro.d if *anything* happened in the security pass, including process-accepted publishing something.
3) Don't run the security pass at all if the security pockets aren't dirty (this seems sanest, but possibly difficult?)
Related branches
- William Grant: Approve (code)
-
Diff: 150 lines (+68/-7)2 files modifiedlib/lp/archivepublisher/scripts/publish_ftpmaster.py (+16/-5)
lib/lp/archivepublisher/tests/test_publish_ftpmaster.py (+52/-2)
description: | updated |
Changed in launchpad: | |
status: | New → In Progress |
Changed in launchpad: | |
status: | Fix Committed → Fix Released |
Celso was working on this earlier, so formally assigning it to him.