poppy-sftp's signature checking relies on long-term survival of a directory in /tmp
Bug #757248 reported by
William Grant
This bug affects 14 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Launchpad itself |
Fix Released
|
Critical
|
Ian Booth |
Bug Description
GPGHandler keeps its GNUPGHOME and gpg.conf in /tmp/gpg-*. This is normally fine, since long-running daemons don't tend to use GPGHandler.
But poppy-sftp does. Once its gpg.conf is old enough, a /tmp pruner will delete it and it will no longer be able to retrieve keys.
Related branches
lp:~wallyworld/launchpad/poppy-sftp-gpgconf
- Robert Collins (community): Approve
- William Grant (community): Approve (code*)
-
Diff: 227 lines (+143/-10)6 files modifieddaemons/poppy-sftp.tac (+4/-0)
lib/canonical/launchpad/interfaces/gpghandler.py (+10/-0)
lib/canonical/launchpad/utilities/ftests/test_gpghandler.py (+33/-9)
lib/canonical/launchpad/utilities/gpghandler.py (+15/-1)
lib/lp/poppy/tests/test_twistedconfigreset.py (+31/-0)
lib/lp/poppy/twistedconfigreset.py (+50/-0)
Changed in launchpad: | |
assignee: | nobody → Ian Booth (wallyworld) |
Changed in launchpad: | |
milestone: | 11.05 → 11.06 |
Changed in launchpad: | |
status: | Fix Committed → In Progress |
tags: |
added: bad-commit-12987 qa-bad removed: qa-needstesting |
tags: | removed: bad-commit-12987 qa-bad |
tags: |
added: qa-ok removed: qa-needstesting |
Changed in launchpad: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
sinzui said on the dupe:
Sinzui: Does the fix for this entail preventing reaping or automatic recreation?
lifeless: long term is a code change to either stop using one long gpghandler or put it somewhere else. The problem isn't that its in /tmp, its that its written at daemon startup and untouched for 5 days or 4 days or whatever the reaper config is
/me ponders a hack to touch the file every 12 hours.
I do not see an issue with putting it somewhere else, but I think creating a new gpghandler every n hours is the better way to solve this.