Gap between publishing custom uploads and signing them
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Launchpad itself |
Fix Released
|
Critical
|
Celso Providelo | ||
Bug Description
So, due to how the "security-only" pass works, we get this curious situation:
1) process-accepted runs and publishes dist-upgrader tarballs
2) No security pockets are dirty, so we do nothing
3) Mirrors push
4) A full publisher run is done
5) publish-distro.d is run, dist-upgrader tarball is signed
6) Mirror push a second time
Because of this, there's a (potentially large) gap where the dist-upgrader is published to mirrors but not signed.
Potential fixes for this include:
1) Always run publish-distro.d in the security pass, even if the security pockets weren't dirty and published nothing.
2) Run publish-distro.d if *anything* happened in the security pass, including process-accepted publishing something.
3) Don't run the security pass at all if the security pockets aren't dirty (this seems sanest, but possibly difficult?)
Related branches
- William Grant: Approve (code)
-
Diff: 150 lines (+68/-7)2 files modifiedlib/lp/archivepublisher/scripts/publish_ftpmaster.py (+16/-5)
lib/lp/archivepublisher/tests/test_publish_ftpmaster.py (+52/-2)
| description: | updated |
| Adam Conrad (adconrad) wrote | #1 |
| Changed in launchpad: | |
| assignee: | nobody → Celso Providelo (cprov) |
| importance: | Undecided → High |
| importance: | High → Critical |
| Changed in launchpad: | |
| status: | New → In Progress |
| Launchpad QA Bot (lpqabot) wrote | #2 |
| tags: | added: qa-untestable |
| Changed in launchpad: | |
| status: | In Progress → Fix Committed |
| Changed in launchpad: | |
| status: | Fix Committed → Fix Released |
Celso was working on this earlier, so formally assigning it to him.