StarlingX

/etc/pki directory has permissions of 644 instead of 755

Bug #1999664 reported by Reinildes Oliveira
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
StarlingX
Fix Released
Low
Reinildes Oliveira

Bug Description

Brief Description
---------------------------

This is a follow-up on a code review comment in: https://review.opendev.org/c/starlingx/stx-puppet/+/867582

Severity
---------------------------
Unknown - currently not sure of the impact. No negative impact reported from the test team.

Steps to Reproduce
---------------------------
Check the directory permissions for /etc/pki

Expected Behavior
---------------------------
Permissions should be 755 as generally directories should be executable

Actual Behavior
---------------------------
Permissions are set to 644 (based on code review; not checked on the installed system)

https://github.com/starlingx/stx-puppet/commit/cc55a7a295243dba17a7d8fcc9c933a266eb1f4b#diff-fd624e0d526e664d5ae2c7d0a3b75f56605016b51aa238feff1d3536a0132b1bR288

Reproducibility
---------------------------

Reproducible
---------------------------
System Configuration
---------------------------
N/A

Load info (eg: 2022-03-10_20-00-07)
---------------------------

N/A - code has been there since July 28, 2022

Last Pass
---------------------------
N/A

Timestamp/Logs
---------------------------

Not Required

Alarms
---------------------------

N/A

Test Activity
---------------------------

Code review

Workaround
---------------------------
None

Reinildes Oliveira (rjosemat)
Changed in starlingx:
assignee: nobody → Reinildes Oliveira (rjosemat)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to stx-puppet (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/starlingx/stx-puppet/+/867673

Changed in starlingx:
status: New → In Progress
Ghada Khalil (gkhalil)
Changed in starlingx:
importance: Undecided → Low
tags: added: stx.8.0 stx.config stx.security
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to stx-puppet (master)

Reviewed: https://review.opendev.org/c/starlingx/stx-puppet/+/867673
Committed: https://opendev.org/starlingx/stx-puppet/commit/1111904ce992a2b11cd123cbba5f6b57f77c427e
Submitter: "Zuul (22348)"
Branch: master

commit 1111904ce992a2b11cd123cbba5f6b57f77c427e
Author: Rei Oliveira <email address hidden>
Date: Wed Dec 14 12:53:12 2022 -0300

    Make '/etc/pki' and children directories 755

    It was suggested in a code review that directories should be 755.
    To keep consistency with previous stx versions as well, it makes sense
    to have change it to 755 in order to avoid unintended side effects.

    This change affects the whole dir hierarchy:

    /etc/pki
    /etc/pki/ca-trust
    /etc/pki/ca-trust/source
    /etc/pki/ca-trust/source/anchors

    Test plan:

    PASS: Add a ssl_ca certificate with system certificate-install and
          verify that certificates where added to
          etc/pki/ca-trust/source/anchors/ca-cert.crt in a compute node.
    PASS: Run a full deploy of a standard lab and verify that compute nodes
          become unlocked and available.

    Closes-Bug: 1999664

    Signed-off-by: Rei Oliveira <email address hidden>
    Change-Id: I2a8bdbe1ca4b13275f85ef54bf261213cc6728bf

Changed in starlingx:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.