On 2018-02-13 07:22, Aurelien Jarno wrote: > On 2018-02-01 22:17, Ansgar Burchardt wrote: > > Philipp Kern writes: > > > On 01.02.2018 10:30, Ansgar Burchardt wrote: > > [...] > > >> There is already a `buildd-uploader` role account on the upload hosts > > >> both main and security archive, a `rsync-ssh-wrap` script, and someone > > >> also set up authorized_keys. > > >> > > >> I'm just not sure if it is already in use for security uploads? I > > >> believe it was used for uploads to the main archive already (not sure if > > >> it currently is?). > > > > > > Indeed, it uses rsync over SSH through dupload. For security it uses > > > FTP. Interestingly an rsync-security dupload.conf entry exists, but it > > > doesn't seem to be used[1]. > > > > Hmm, maybe we should try if it does the right thing? The wrapper script > > should ignore the `chmod` call I mentioned in #876900, so the uploaded > > files shouldn't even be readable by other DDs.
Note that the chmod has been ignored in the wrapper script since almost the beginning of its existence. > The problem there is that rsync when used with dupload forces the > uploaded file to be world readable, until the package is moved out from > the upload directory by dupload. I have found a way to force rsync permissions to 0640. I have applied that to the wrapper script. Following that I have switched the upload queue on the build daemons to the SSH one. I guess this basically solves this bug. Aurelien -- Aurelien Jarno GPG: 4096R/1DDD8C9B aurel...@aurel32.net http://www.aurel32.net
