launchpadlib should not use keyring when running under sudo

Bug #1862948 reported by Dan Streetman on 2020-02-12
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
launchpadlib
High
Dan Streetman

Bug Description

when logging into LP, python-keyring will be used (by default) to store the oauth credentials locally. However, when running under sudo, keyring will store the credentials in the root keyring, not the calling user's keyring.

This is unlikely to be useful, since the root keyring is most likely does not exist, and the sudo session may not be able to connect to the normal keyring provider (e.g. gnome keyring).

The result may be the user will see a prompt to create a new keyring, without indicating it's for the root user.

Additionally, if multiple users have sudo on the same system, if user A creates a new root keyring (with new password), then user B will be prompted to enter that password which they do not know, instead of a prompt to create a new keyring, leading to user B being unable to successfully login to LP under sudo, without manually removing user A's keyring.

[other info]

this is specifically important for bug 645404; after add-apt-repository is updated to use python-launchpadlib to login, since it also (currently) requires being called as root, it makes using the script under sudo difficult or impossible.

Related branches

Dan Streetman (ddstreet) on 2020-02-12
description: updated
Colin Watson (cjwatson) wrote :

Fixed in launchpadlib 1.10.11. Thanks for the contribution.

Changed in launchpadlib:
assignee: nobody → Dan Streetman (ddstreet)
importance: Undecided → High
milestone: none → 1.10.11
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers