56c946e70f
- Prevent crash if pygit2 package requests recompilation.
Add:
* 0013-Prevent-crash-if-pygit2-package-is-requesting-re-com.patch
- Align OS grains from older SLES with the current one (bsc#975757)
Add:
* 0014-align-OS-grains-from-older-SLES-with-current-one-326.patch
- remove patches which produce duplicate functions:
Remove:
* 0004-implement-version_cmp-for-zypper.patch
* 0005-pylint-changes.patch
* 0006-Check-if-rpm-python-can-be-imported.patch
- remove patches which add and revert the same file
Remove:
* 0007-Initial-Zypper-Unit-Tests-and-bugfixes.patch
* 0009-Bugfix-on-SLE11-series-base-product-reported-as-addi.patch
- rename patches:
0008-do-not-generate-a-date-in-a-comment-to-prevent-rebui.patch to
0004-do-not-generate-a-date-in-a-comment-to-prevent-rebui.patch
0010-Use-SHA256-hash-type-by-default.patch to
0005-Use-SHA256-hash-type-by-default.patch
0011-Update-to-2015.8.8.2.patch to
0006-Update-to-2015.8.8.2.patch
0012-Force-sort-the-RPM-output-to-ensure-latest-version-o.patch to
0007-Force-sort-the-RPM-output-to-ensure-latest-version-o.patch
0013-Cleaner-deprecation-process-with-decorators.patch to
0008-Cleaner-deprecation-process-with-decorators.patch
- fix sorting by latest package
Add:
* 0009-fix-sorting-by-latest-version-when-called-with-an-at.patch
- Prevent metadata download when getting installed products
Add:
* 0010-Prevent-metadata-download-when-getting-installed-pro.patch
- Check if EOL is available in a particular product (bsc#975093)
Add:
* 0011-Check-if-EOL-is-available-in-a-particular-product-bs.patch
- Bugfix: salt-key crashes if tries to generate keys
to the directory w/o write access (bsc#969320)
Add:
* 0012-Bugfix-salt-key-crashes-if-tries-to-generate-keys-to.patch
- Deprecation process using decorators and re-implementation
of status.update function.
Add:
* 0013-Cleaner-deprecation-process-with-decorators.patch
- Reverted the fake 2015.8.8.2 patch, with the right one,
- this patch only contains:
- https://github.com/saltstack/salt/pull/32135
- https://github.com/saltstack/salt/pull/32023
- https://github.com/saltstack/salt/pull/32117
- Ensure that in case of multi-packages installed on the system,
the latest is reported by pkg.info_installed (bsc#972490)
Add:
* 0012-Force-sort-the-RPM-output-to-ensure-latest-version-o.patch
- Update to the fake 2015.8.8.2 release
upstream released a bunch of fixes on top of 2015.8.8, without creating a new
tag and proper release. This commit includes all the changes between tag
v2015.8.8 and commit ID 596444e2b447b7378dbcdfeb9fc9610b90057745 which
introduces the fake 2015.8.8.2 release.
see https://docs.saltstack.com/en/latest/topics/releases/2015.8.8.html#salt-2015-8-8-2
- Update to 2015.8.8
see https://docs.saltstack.com/en/latest/topics/releases/2015.8.8.html
Patches renamed:
* 0004-implement-version_cmp-for-zypper.patch
* 0005-pylint-changes.patch
* 0006-Check-if-rpm-python-can-be-imported.patch
* 0007-Initial-Zypper-Unit-Tests-and-bugfixes.patch
* 0008-do-not-generate-a-date-in-a-comment-to-prevent-rebui.patch
* 0009-Bugfix-on-SLE11-series-base-product-reported-as-addi.patch
* 0010-Use-SHA256-hash-type-by-default.patch
Patches removed:
* 0004-Fix-pkg.latest-prevent-crash-on-multiple-package-ins.patch
* 0005-Fix-package-status-filtering-on-latest-version-and-i.patch
* 0006-add_key-reject_key-do-not-crash-w-Permission-denied-.patch
* 0007-Force-kill-websocket-s-child-processes-faster-than-d.patch
* 0008-Fix-types-in-the-output-data-and-return-just-a-list-.patch
* 0009-The-functions-in-the-state-module-that-return-a-retc.patch
* 0010-add-handling-for-OEM-products.patch
* 0011-improve-doc-for-list_pkgs.patch
* 0012-implement-version_cmp-for-zypper.patch
* 0013-pylint-changes.patch
* 0014-Check-if-rpm-python-can-be-imported.patch
* 0015-call-zypper-with-option-non-interactive-everywhere.patch
* 0016-write-a-zypper-command-builder-function.patch
* 0017-Fix-crash-with-scheduler-and-runners-31106.patch
* 0018-unify-behavior-of-refresh.patch
* 0019-add-refresh-option-to-more-functions.patch
* 0020-simplify-checking-the-refresh-paramater.patch
* 0021-do-not-change-kwargs-in-refresh-while-checking-a-val.patch
* 0022-fix-argument-handling-for-pkg.download.patch
* 0023-Initial-Zypper-Unit-Tests-and-bugfixes.patch
* 0024-proper-checking-if-zypper-exit-codes-and-handling-of.patch
* 0025-adapt-tests-to-new-zypper_check_result-output.patch
* 0026-do-not-generate-a-date-in-a-comment-to-prevent-rebui.patch
* 0027-make-suse-check-consistent-with-rh_service.patch
* 0028-fix-numerical-check-of-osrelease.patch
* 0029-Make-use-of-checksum-configurable-defaults-to-MD5-SH.patch
* 0030-Bugfix-on-SLE11-series-base-product-reported-as-addi.patch
* 0031-Only-use-LONGSIZE-in-rpm.info-if-available.-Otherwis.patch
* 0032-Add-error-check-when-retcode-is-0-but-stderr-is-pres.patch
* 0033-fixing-init-system-dectection-on-sles-11-refs-31617.patch
* 0034-Fix-git_pillar-race-condition.patch
* 0035-Fix-the-always-false-behavior-on-checking-state.patch
* 0036-Use-SHA256-hash-type-by-default.patch
OBS-URL: https://build.opensuse.org/request/show/391560
OBS-URL: https://build.opensuse.org/package/show/systemsmanagement:saltstack/salt?expand=0&rev=66
70 lines
2.3 KiB
Diff
70 lines
2.3 KiB
Diff
From 5e99ee2bec1139b1944284975454c716d477f3e0 Mon Sep 17 00:00:00 2001
|
|
From: Bo Maryniuk <bo@maryniuk.net>
|
|
Date: Wed, 13 Apr 2016 16:15:37 +0200
|
|
Subject: [PATCH 12/12] Bugfix: salt-key crashes if tries to generate keys to
|
|
the directory w/o write access (#32436)
|
|
|
|
* Raise an exception if keys are tried to be written to the directory that has no write access permissions
|
|
|
|
* Show an reasonable error message instead of a traceback crash.
|
|
|
|
* Fix the unit tests
|
|
---
|
|
salt/crypt.py | 6 ++++++
|
|
salt/scripts.py | 2 ++
|
|
tests/unit/crypt_test.py | 1 +
|
|
3 files changed, 9 insertions(+)
|
|
|
|
diff --git a/salt/crypt.py b/salt/crypt.py
|
|
index 573a3c1..e5f3317 100644
|
|
--- a/salt/crypt.py
|
|
+++ b/salt/crypt.py
|
|
@@ -15,6 +15,7 @@ import logging
|
|
import traceback
|
|
import binascii
|
|
import weakref
|
|
+import getpass
|
|
from salt.ext.six.moves import zip # pylint: disable=import-error,redefined-builtin
|
|
|
|
# Import third party libs
|
|
@@ -94,6 +95,11 @@ def gen_keys(keydir, keyname, keysize, user=None):
|
|
# Between first checking and the generation another process has made
|
|
# a key! Use the winner's key
|
|
return priv
|
|
+
|
|
+ # Do not try writing anything, if directory has no permissions.
|
|
+ if not os.access(keydir, os.W_OK):
|
|
+ raise IOError('Write access denied to "{0}" for user "{1}".'.format(os.path.abspath(keydir), getpass.getuser()))
|
|
+
|
|
cumask = os.umask(191)
|
|
with salt.utils.fopen(priv, 'wb+') as f:
|
|
f.write(gen.exportKey('PEM'))
|
|
diff --git a/salt/scripts.py b/salt/scripts.py
|
|
index 7da79bf..38b100d 100644
|
|
--- a/salt/scripts.py
|
|
+++ b/salt/scripts.py
|
|
@@ -297,6 +297,8 @@ def salt_key():
|
|
SystemExit('\nExiting gracefully on Ctrl-c'),
|
|
err,
|
|
hardcrash, trace=trace)
|
|
+ except Exception as err:
|
|
+ sys.stderr.write("Error: {0}\n".format(err.message))
|
|
|
|
|
|
def salt_cp():
|
|
diff --git a/tests/unit/crypt_test.py b/tests/unit/crypt_test.py
|
|
index 3ff3b09..f548820 100644
|
|
--- a/tests/unit/crypt_test.py
|
|
+++ b/tests/unit/crypt_test.py
|
|
@@ -86,6 +86,7 @@ class CryptTestCase(TestCase):
|
|
@patch('os.umask', MagicMock())
|
|
@patch('os.chmod', MagicMock())
|
|
@patch('os.chown', MagicMock())
|
|
+ @patch('os.access', MagicMock(return_value=True))
|
|
def test_gen_keys(self):
|
|
with patch('salt.utils.fopen', mock_open()):
|
|
open_priv_wb = call('/keydir/keyname.pem', 'wb+')
|
|
--
|
|
2.1.4
|
|
|