salt/0012-Bugfix-salt-key-crashes-if-tries-to-generate-keys-to.patch
Klaus Kämpf 56c946e70f Accepting request 391560 from systemsmanagement:saltstack:testing
- Prevent crash if pygit2 package requests recompilation.
  Add:
  * 0013-Prevent-crash-if-pygit2-package-is-requesting-re-com.patch
- Align OS grains from older SLES with the current one (bsc#975757)
  Add:
  * 0014-align-OS-grains-from-older-SLES-with-current-one-326.patch

- remove patches which produce duplicate functions:
  Remove:
  * 0004-implement-version_cmp-for-zypper.patch
  * 0005-pylint-changes.patch
  * 0006-Check-if-rpm-python-can-be-imported.patch
- remove patches which add and revert the same file
  Remove:
  * 0007-Initial-Zypper-Unit-Tests-and-bugfixes.patch
  * 0009-Bugfix-on-SLE11-series-base-product-reported-as-addi.patch
- rename patches:
  0008-do-not-generate-a-date-in-a-comment-to-prevent-rebui.patch to
     0004-do-not-generate-a-date-in-a-comment-to-prevent-rebui.patch
  0010-Use-SHA256-hash-type-by-default.patch to
     0005-Use-SHA256-hash-type-by-default.patch
  0011-Update-to-2015.8.8.2.patch to
     0006-Update-to-2015.8.8.2.patch
  0012-Force-sort-the-RPM-output-to-ensure-latest-version-o.patch to
     0007-Force-sort-the-RPM-output-to-ensure-latest-version-o.patch
  0013-Cleaner-deprecation-process-with-decorators.patch  to
     0008-Cleaner-deprecation-process-with-decorators.patch
- fix sorting by latest package
  Add:
  * 0009-fix-sorting-by-latest-version-when-called-with-an-at.patch
- Prevent metadata download when getting installed products
  Add:
  * 0010-Prevent-metadata-download-when-getting-installed-pro.patch
- Check if EOL is available in a particular product (bsc#975093)
  Add:
  * 0011-Check-if-EOL-is-available-in-a-particular-product-bs.patch
- Bugfix: salt-key crashes if tries to generate keys 
  to the directory w/o write access (bsc#969320)
  Add:
  * 0012-Bugfix-salt-key-crashes-if-tries-to-generate-keys-to.patch

- Deprecation process using decorators and re-implementation
  of status.update function.
  Add:
  * 0013-Cleaner-deprecation-process-with-decorators.patch

- Reverted the fake 2015.8.8.2 patch, with the right one,
- this patch only contains:
  - https://github.com/saltstack/salt/pull/32135 
  - https://github.com/saltstack/salt/pull/32023 
  - https://github.com/saltstack/salt/pull/32117

- Ensure that in case of multi-packages installed on the system,
  the latest is reported by pkg.info_installed (bsc#972490)
  Add:
  * 0012-Force-sort-the-RPM-output-to-ensure-latest-version-o.patch

- Update to the fake 2015.8.8.2 release
  upstream released a bunch of fixes on top of 2015.8.8, without creating a new
  tag and proper release. This commit includes all the changes between tag
  v2015.8.8 and commit ID 596444e2b447b7378dbcdfeb9fc9610b90057745 which
  introduces the fake 2015.8.8.2 release.
  see https://docs.saltstack.com/en/latest/topics/releases/2015.8.8.html#salt-2015-8-8-2

- Update to 2015.8.8
  see https://docs.saltstack.com/en/latest/topics/releases/2015.8.8.html
  Patches renamed:
  * 0004-implement-version_cmp-for-zypper.patch
  * 0005-pylint-changes.patch
  * 0006-Check-if-rpm-python-can-be-imported.patch
  * 0007-Initial-Zypper-Unit-Tests-and-bugfixes.patch
  * 0008-do-not-generate-a-date-in-a-comment-to-prevent-rebui.patch
  * 0009-Bugfix-on-SLE11-series-base-product-reported-as-addi.patch
  * 0010-Use-SHA256-hash-type-by-default.patch
  Patches removed:
  * 0004-Fix-pkg.latest-prevent-crash-on-multiple-package-ins.patch
  * 0005-Fix-package-status-filtering-on-latest-version-and-i.patch
  * 0006-add_key-reject_key-do-not-crash-w-Permission-denied-.patch
  * 0007-Force-kill-websocket-s-child-processes-faster-than-d.patch
  * 0008-Fix-types-in-the-output-data-and-return-just-a-list-.patch
  * 0009-The-functions-in-the-state-module-that-return-a-retc.patch
  * 0010-add-handling-for-OEM-products.patch
  * 0011-improve-doc-for-list_pkgs.patch
  * 0012-implement-version_cmp-for-zypper.patch
  * 0013-pylint-changes.patch
  * 0014-Check-if-rpm-python-can-be-imported.patch
  * 0015-call-zypper-with-option-non-interactive-everywhere.patch
  * 0016-write-a-zypper-command-builder-function.patch
  * 0017-Fix-crash-with-scheduler-and-runners-31106.patch
  * 0018-unify-behavior-of-refresh.patch
  * 0019-add-refresh-option-to-more-functions.patch
  * 0020-simplify-checking-the-refresh-paramater.patch
  * 0021-do-not-change-kwargs-in-refresh-while-checking-a-val.patch
  * 0022-fix-argument-handling-for-pkg.download.patch
  * 0023-Initial-Zypper-Unit-Tests-and-bugfixes.patch
  * 0024-proper-checking-if-zypper-exit-codes-and-handling-of.patch
  * 0025-adapt-tests-to-new-zypper_check_result-output.patch
  * 0026-do-not-generate-a-date-in-a-comment-to-prevent-rebui.patch
  * 0027-make-suse-check-consistent-with-rh_service.patch
  * 0028-fix-numerical-check-of-osrelease.patch
  * 0029-Make-use-of-checksum-configurable-defaults-to-MD5-SH.patch
  * 0030-Bugfix-on-SLE11-series-base-product-reported-as-addi.patch
  * 0031-Only-use-LONGSIZE-in-rpm.info-if-available.-Otherwis.patch
  * 0032-Add-error-check-when-retcode-is-0-but-stderr-is-pres.patch
  * 0033-fixing-init-system-dectection-on-sles-11-refs-31617.patch
  * 0034-Fix-git_pillar-race-condition.patch
  * 0035-Fix-the-always-false-behavior-on-checking-state.patch
  * 0036-Use-SHA256-hash-type-by-default.patch

OBS-URL: https://build.opensuse.org/request/show/391560
OBS-URL: https://build.opensuse.org/package/show/systemsmanagement:saltstack/salt?expand=0&rev=66
2016-04-28 07:26:14 +00:00

70 lines
2.3 KiB
Diff

From 5e99ee2bec1139b1944284975454c716d477f3e0 Mon Sep 17 00:00:00 2001
From: Bo Maryniuk <bo@maryniuk.net>
Date: Wed, 13 Apr 2016 16:15:37 +0200
Subject: [PATCH 12/12] Bugfix: salt-key crashes if tries to generate keys to
the directory w/o write access (#32436)
* Raise an exception if keys are tried to be written to the directory that has no write access permissions
* Show an reasonable error message instead of a traceback crash.
* Fix the unit tests
---
salt/crypt.py | 6 ++++++
salt/scripts.py | 2 ++
tests/unit/crypt_test.py | 1 +
3 files changed, 9 insertions(+)
diff --git a/salt/crypt.py b/salt/crypt.py
index 573a3c1..e5f3317 100644
--- a/salt/crypt.py
+++ b/salt/crypt.py
@@ -15,6 +15,7 @@ import logging
import traceback
import binascii
import weakref
+import getpass
from salt.ext.six.moves import zip # pylint: disable=import-error,redefined-builtin
# Import third party libs
@@ -94,6 +95,11 @@ def gen_keys(keydir, keyname, keysize, user=None):
# Between first checking and the generation another process has made
# a key! Use the winner's key
return priv
+
+ # Do not try writing anything, if directory has no permissions.
+ if not os.access(keydir, os.W_OK):
+ raise IOError('Write access denied to "{0}" for user "{1}".'.format(os.path.abspath(keydir), getpass.getuser()))
+
cumask = os.umask(191)
with salt.utils.fopen(priv, 'wb+') as f:
f.write(gen.exportKey('PEM'))
diff --git a/salt/scripts.py b/salt/scripts.py
index 7da79bf..38b100d 100644
--- a/salt/scripts.py
+++ b/salt/scripts.py
@@ -297,6 +297,8 @@ def salt_key():
SystemExit('\nExiting gracefully on Ctrl-c'),
err,
hardcrash, trace=trace)
+ except Exception as err:
+ sys.stderr.write("Error: {0}\n".format(err.message))
def salt_cp():
diff --git a/tests/unit/crypt_test.py b/tests/unit/crypt_test.py
index 3ff3b09..f548820 100644
--- a/tests/unit/crypt_test.py
+++ b/tests/unit/crypt_test.py
@@ -86,6 +86,7 @@ class CryptTestCase(TestCase):
@patch('os.umask', MagicMock())
@patch('os.chmod', MagicMock())
@patch('os.chown', MagicMock())
+ @patch('os.access', MagicMock(return_value=True))
def test_gen_keys(self):
with patch('salt.utils.fopen', mock_open()):
open_priv_wb = call('/keydir/keyname.pem', 'wb+')
--
2.1.4