salt/0012-Bugfix-salt-key-crashes-if-tries-to-generate-keys-to.patch

70 lines
2.3 KiB
Diff
Raw Normal View History

Accepting request 391560 from systemsmanagement:saltstack:testing - Prevent crash if pygit2 package requests recompilation. Add: * 0013-Prevent-crash-if-pygit2-package-is-requesting-re-com.patch - Align OS grains from older SLES with the current one (bsc#975757) Add: * 0014-align-OS-grains-from-older-SLES-with-current-one-326.patch - remove patches which produce duplicate functions: Remove: * 0004-implement-version_cmp-for-zypper.patch * 0005-pylint-changes.patch * 0006-Check-if-rpm-python-can-be-imported.patch - remove patches which add and revert the same file Remove: * 0007-Initial-Zypper-Unit-Tests-and-bugfixes.patch * 0009-Bugfix-on-SLE11-series-base-product-reported-as-addi.patch - rename patches: 0008-do-not-generate-a-date-in-a-comment-to-prevent-rebui.patch to 0004-do-not-generate-a-date-in-a-comment-to-prevent-rebui.patch 0010-Use-SHA256-hash-type-by-default.patch to 0005-Use-SHA256-hash-type-by-default.patch 0011-Update-to-2015.8.8.2.patch to 0006-Update-to-2015.8.8.2.patch 0012-Force-sort-the-RPM-output-to-ensure-latest-version-o.patch to 0007-Force-sort-the-RPM-output-to-ensure-latest-version-o.patch 0013-Cleaner-deprecation-process-with-decorators.patch to 0008-Cleaner-deprecation-process-with-decorators.patch - fix sorting by latest package Add: * 0009-fix-sorting-by-latest-version-when-called-with-an-at.patch - Prevent metadata download when getting installed products Add: * 0010-Prevent-metadata-download-when-getting-installed-pro.patch - Check if EOL is available in a particular product (bsc#975093) Add: * 0011-Check-if-EOL-is-available-in-a-particular-product-bs.patch - Bugfix: salt-key crashes if tries to generate keys to the directory w/o write access (bsc#969320) Add: * 0012-Bugfix-salt-key-crashes-if-tries-to-generate-keys-to.patch - Deprecation process using decorators and re-implementation of status.update function. Add: * 0013-Cleaner-deprecation-process-with-decorators.patch - Reverted the fake 2015.8.8.2 patch, with the right one, - this patch only contains: - https://github.com/saltstack/salt/pull/32135 - https://github.com/saltstack/salt/pull/32023 - https://github.com/saltstack/salt/pull/32117 - Ensure that in case of multi-packages installed on the system, the latest is reported by pkg.info_installed (bsc#972490) Add: * 0012-Force-sort-the-RPM-output-to-ensure-latest-version-o.patch - Update to the fake 2015.8.8.2 release upstream released a bunch of fixes on top of 2015.8.8, without creating a new tag and proper release. This commit includes all the changes between tag v2015.8.8 and commit ID 596444e2b447b7378dbcdfeb9fc9610b90057745 which introduces the fake 2015.8.8.2 release. see https://docs.saltstack.com/en/latest/topics/releases/2015.8.8.html#salt-2015-8-8-2 - Update to 2015.8.8 see https://docs.saltstack.com/en/latest/topics/releases/2015.8.8.html Patches renamed: * 0004-implement-version_cmp-for-zypper.patch * 0005-pylint-changes.patch * 0006-Check-if-rpm-python-can-be-imported.patch * 0007-Initial-Zypper-Unit-Tests-and-bugfixes.patch * 0008-do-not-generate-a-date-in-a-comment-to-prevent-rebui.patch * 0009-Bugfix-on-SLE11-series-base-product-reported-as-addi.patch * 0010-Use-SHA256-hash-type-by-default.patch Patches removed: * 0004-Fix-pkg.latest-prevent-crash-on-multiple-package-ins.patch * 0005-Fix-package-status-filtering-on-latest-version-and-i.patch * 0006-add_key-reject_key-do-not-crash-w-Permission-denied-.patch * 0007-Force-kill-websocket-s-child-processes-faster-than-d.patch * 0008-Fix-types-in-the-output-data-and-return-just-a-list-.patch * 0009-The-functions-in-the-state-module-that-return-a-retc.patch * 0010-add-handling-for-OEM-products.patch * 0011-improve-doc-for-list_pkgs.patch * 0012-implement-version_cmp-for-zypper.patch * 0013-pylint-changes.patch * 0014-Check-if-rpm-python-can-be-imported.patch * 0015-call-zypper-with-option-non-interactive-everywhere.patch * 0016-write-a-zypper-command-builder-function.patch * 0017-Fix-crash-with-scheduler-and-runners-31106.patch * 0018-unify-behavior-of-refresh.patch * 0019-add-refresh-option-to-more-functions.patch * 0020-simplify-checking-the-refresh-paramater.patch * 0021-do-not-change-kwargs-in-refresh-while-checking-a-val.patch * 0022-fix-argument-handling-for-pkg.download.patch * 0023-Initial-Zypper-Unit-Tests-and-bugfixes.patch * 0024-proper-checking-if-zypper-exit-codes-and-handling-of.patch * 0025-adapt-tests-to-new-zypper_check_result-output.patch * 0026-do-not-generate-a-date-in-a-comment-to-prevent-rebui.patch * 0027-make-suse-check-consistent-with-rh_service.patch * 0028-fix-numerical-check-of-osrelease.patch * 0029-Make-use-of-checksum-configurable-defaults-to-MD5-SH.patch * 0030-Bugfix-on-SLE11-series-base-product-reported-as-addi.patch * 0031-Only-use-LONGSIZE-in-rpm.info-if-available.-Otherwis.patch * 0032-Add-error-check-when-retcode-is-0-but-stderr-is-pres.patch * 0033-fixing-init-system-dectection-on-sles-11-refs-31617.patch * 0034-Fix-git_pillar-race-condition.patch * 0035-Fix-the-always-false-behavior-on-checking-state.patch * 0036-Use-SHA256-hash-type-by-default.patch OBS-URL: https://build.opensuse.org/request/show/391560 OBS-URL: https://build.opensuse.org/package/show/systemsmanagement:saltstack/salt?expand=0&rev=66
2016-04-28 09:26:14 +02:00
From 5e99ee2bec1139b1944284975454c716d477f3e0 Mon Sep 17 00:00:00 2001
From: Bo Maryniuk <bo@maryniuk.net>
Date: Wed, 13 Apr 2016 16:15:37 +0200
Subject: [PATCH 12/12] Bugfix: salt-key crashes if tries to generate keys to
the directory w/o write access (#32436)
* Raise an exception if keys are tried to be written to the directory that has no write access permissions
* Show an reasonable error message instead of a traceback crash.
* Fix the unit tests
---
salt/crypt.py | 6 ++++++
salt/scripts.py | 2 ++
tests/unit/crypt_test.py | 1 +
3 files changed, 9 insertions(+)
diff --git a/salt/crypt.py b/salt/crypt.py
index 573a3c1..e5f3317 100644
--- a/salt/crypt.py
+++ b/salt/crypt.py
@@ -15,6 +15,7 @@ import logging
import traceback
import binascii
import weakref
+import getpass
from salt.ext.six.moves import zip # pylint: disable=import-error,redefined-builtin
# Import third party libs
@@ -94,6 +95,11 @@ def gen_keys(keydir, keyname, keysize, user=None):
# Between first checking and the generation another process has made
# a key! Use the winner's key
return priv
+
+ # Do not try writing anything, if directory has no permissions.
+ if not os.access(keydir, os.W_OK):
+ raise IOError('Write access denied to "{0}" for user "{1}".'.format(os.path.abspath(keydir), getpass.getuser()))
+
cumask = os.umask(191)
with salt.utils.fopen(priv, 'wb+') as f:
f.write(gen.exportKey('PEM'))
diff --git a/salt/scripts.py b/salt/scripts.py
index 7da79bf..38b100d 100644
--- a/salt/scripts.py
+++ b/salt/scripts.py
@@ -297,6 +297,8 @@ def salt_key():
SystemExit('\nExiting gracefully on Ctrl-c'),
err,
hardcrash, trace=trace)
+ except Exception as err:
+ sys.stderr.write("Error: {0}\n".format(err.message))
def salt_cp():
diff --git a/tests/unit/crypt_test.py b/tests/unit/crypt_test.py
index 3ff3b09..f548820 100644
--- a/tests/unit/crypt_test.py
+++ b/tests/unit/crypt_test.py
@@ -86,6 +86,7 @@ class CryptTestCase(TestCase):
@patch('os.umask', MagicMock())
@patch('os.chmod', MagicMock())
@patch('os.chown', MagicMock())
+ @patch('os.access', MagicMock(return_value=True))
def test_gen_keys(self):
with patch('salt.utils.fopen', mock_open()):
open_priv_wb = call('/keydir/keyname.pem', 'wb+')
--
2.1.4