tag 496419 + patch
thanks
Hi,
attached is a patch for a tentative 0.8.2-3.1, that aims at handling
temporary files more securely by designating ~/.convirt/tmp as their
base path.
I do not use convirt myself, so if this patch raises additional issues
please let me know; it should at least provide the basis for a better
fix, if need be.
Cheers,
--Seb
diff -u -r ../convirt-0.8.2.bak/appliance_image_conf.template
./appliance_image_conf.template
--- ../convirt-0.8.2.bak/appliance_image_conf.template 2008-09-10
15:45:35.000000000 -0700
+++ ./appliance_image_conf.template 2008-09-10 16:20:36.000000000 -0700
@@ -1,2 +1,2 @@
-VM_DISKS_DIR='/tmp'
+VM_DISKS_DIR='~/.convirt/tmp'
VM_CONF_DIR='/etc/xen'
diff -u -r ../convirt-0.8.2.bak/config-scripts/xen-3.1/configure-xend.sh
./config-scripts/xen-3.1/configure-xend.sh
--- ../convirt-0.8.2.bak/config-scripts/xen-3.1/configure-xend.sh
2008-09-10 15:45:35.000000000 -0700
+++ ./config-scripts/xen-3.1/configure-xend.sh 2008-09-10 16:15:34.000000000
-0700
@@ -32,6 +32,8 @@
USE_SSL="SSL"
fi
+TMP_FILE=`mktemp`
+
OPENSSL=openssl
if [ "$USE_SSL" == "SSL" ]; then
python -c "import OpenSSL" &> /dev/null
@@ -61,7 +63,7 @@
# A challenge password
# An optional company name
- cat <<EOF > /tmp/open_ssl.res
+ cat <<EOF > "${TMP_FILE}"
US
CA
SF
@@ -76,9 +78,9 @@
CSR=/etc/xen/xmlrpc.csr
CRT=/etc/xen/xmlrpc.crt
$OPENSSL genrsa -out $KEY 1024
- $OPENSSL req -new -key $KEY -out $CSR < /tmp/open_ssl.res
+ $OPENSSL req -new -key $KEY -out $CSR < "${TMP_FILE}"
$OPENSSL x509 -req -in $CSR -signkey $KEY -out $CRT
- rm /tmp/open_ssl.res
+ rm "${TMP_FILE}"
fi
# Adjust the regexp for the config file
diff -u -r ../convirt-0.8.2.bak/config-scripts/xen-3.2/configure-xend.sh
./config-scripts/xen-3.2/configure-xend.sh
--- ../convirt-0.8.2.bak/config-scripts/xen-3.2/configure-xend.sh
2008-09-10 15:45:35.000000000 -0700
+++ ./config-scripts/xen-3.2/configure-xend.sh 2008-09-10 16:15:34.000000000
-0700
@@ -32,6 +32,8 @@
USE_SSL="SSL"
fi
+TMP_FILE=`mktemp`
+
OPENSSL=openssl
if [ "$USE_SSL" == "SSL" ]; then
python -c "import OpenSSL" &> /dev/null
@@ -61,7 +63,7 @@
# A challenge password
# An optional company name
- cat <<EOF > /tmp/open_ssl.res
+ cat <<EOF > "${TMP_FILE}"
US
CA
SF
@@ -76,9 +78,9 @@
CSR=/etc/xen/xmlrpc.csr
CRT=/etc/xen/xmlrpc.crt
$OPENSSL genrsa -out $KEY 1024
- $OPENSSL req -new -key $KEY -out $CSR < /tmp/open_ssl.res
+ $OPENSSL req -new -key $KEY -out $CSR < "${TMP_FILE}"
$OPENSSL x509 -req -in $CSR -signkey $KEY -out $CRT
- rm /tmp/open_ssl.res
+ rm "${TMP_FILE}"
fi
# Adjust the regexp for the config file
diff -u -r ../convirt-0.8.2.bak/debian/changelog ./debian/changelog
--- ../convirt-0.8.2.bak/debian/changelog 2008-09-10 15:45:35.000000000
-0700
+++ ./debian/changelog 2008-09-10 16:16:35.000000000 -0700
@@ -1,3 +1,11 @@
+convirt (0.8.2-3.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Put all the required temporary files in ~/.convirt/tmp
+ (Closes: #496419).
+
+ -- Sebastien Delafond <[EMAIL PROTECTED]> Wed, 10 Sep 2008 16:02:16 -0700
+
convirt (0.8.2-3) unstable; urgency=low
* Fixed (conflicting) dependencies on transitional package: Removed
diff -u -r ../convirt-0.8.2.bak/debian/convirt.sh ./debian/convirt.sh
--- ../convirt-0.8.2.bak/debian/convirt.sh 2008-09-10 15:45:35.000000000
-0700
+++ ./debian/convirt.sh 2008-09-10 16:16:22.000000000 -0700
@@ -8,4 +8,7 @@
exit 0
fi
+mkdir -p $HOME/.convirt/tmp
+chmod 755 $HOME/.convirt/tmp
+
PYTHONPATH=$PYTHONPATH:`convirt --xendir`/lib/python python
/usr/share/convirt/src/convirt.py
diff -u -r ../convirt-0.8.2.bak/doc/manual.html ./doc/manual.html
--- ../convirt-0.8.2.bak/doc/manual.html 2008-09-10 15:45:35.000000000
-0700
+++ ./doc/manual.html 2008-09-10 16:21:04.000000000 -0700
@@ -635,7 +635,7 @@
fully addressed in the 'Image Builder's Guide.'<BR>
</P>
<P STYLE="margin-left: 0.42in"><strong><a
name="initial_image_store_setup"></a>Initial setup : </strong>Out of the box
the images supplied would work with default values. You might want to do some
initial setup to suite to your environment. There are few options in the
provisioning area that are worth mentioning.<br>
- - VM_DISKS_DIR : Location where disks for newly created VMs would be placed.
Default /tmp. <br>
+ - VM_DISKS_DIR : Location where disks for newly created VMs would be placed.
Default ~/.convirt/tmp. <br>
- VM_CONF_DIR : Directory where the VM config files would be placed. Default
/etc/xen<br>
- http_proxy : Proxy to be used while provisioning. Default to no proxy
(blank). The format for the proxy is http://myproxyserver:myproxyport<br>
<br>
diff -u -r ../convirt-0.8.2.bak/image_store/CentOS_PV_Install/image.conf
./image_store/CentOS_PV_Install/image.conf
--- ../convirt-0.8.2.bak/image_store/CentOS_PV_Install/image.conf
2008-09-10 15:45:35.000000000 -0700
+++ ./image_store/CentOS_PV_Install/image.conf 2008-09-10 16:20:22.000000000
-0700
@@ -5,7 +5,7 @@
# kernel and ramdisk locations
kernel_src="http://mirrors.usc.edu/pub/linux/distributions/centos/5/os/i386/images/xen/vmlinuz";
ramdisk_src="http://mirrors.usc.edu/pub/linux/distributions/centos/5/os/i386/images/xen/initrd.img";
-VM_DISKS_DIR='/tmp'
+VM_DISKS_DIR='~/.convirt/tmp'
VM_CONF_DIR ='/etc/xen'
xvda_disk_type='VBD'
xvda_disk_create='yes'
diff -u -r ../convirt-0.8.2.bak/image_store/CentOS_PV_Install/provision.sh
./image_store/CentOS_PV_Install/provision.sh
--- ../convirt-0.8.2.bak/image_store/CentOS_PV_Install/provision.sh
2008-09-10 15:45:35.000000000 -0700
+++ ./image_store/CentOS_PV_Install/provision.sh 2008-09-10
16:20:22.000000000 -0700
@@ -67,7 +67,7 @@
source "$param_file"
# check that we got all the params
-set > /tmp/set_output
+set > ~/.convirt/tmp/set_output
# create a list from the disk directive
disk_list=`python <<EOF
diff -u -r ../convirt-0.8.2.bak/image_store/common/functions
./image_store/common/functions
--- ../convirt-0.8.2.bak/image_store/common/functions 2008-09-10
15:45:35.000000000 -0700
+++ ./image_store/common/functions 2008-09-10 16:20:22.000000000 -0700
@@ -24,7 +24,7 @@
#
# --- usage --
# SRC="http://www.google.com";
-# DEST="/tmp/google_home"
+# DEST="~/.convirt/tmp/google_home"
# fetch_file $SRC $DEST
#
#
diff -u -r ../convirt-0.8.2.bak/image_store/common/provision.sh
./image_store/common/provision.sh
--- ../convirt-0.8.2.bak/image_store/common/provision.sh 2008-09-10
15:45:35.000000000 -0700
+++ ./image_store/common/provision.sh 2008-09-10 16:20:22.000000000 -0700
@@ -67,7 +67,7 @@
source "$param_file"
# check that we got all the params
-set > /tmp/set_output
+set > ~/.convirt/tmp/set_output
# create a list from the disk directive
disk_list=`python <<EOF
diff -u -r ../convirt-0.8.2.bak/image_store/example/image.conf
./image_store/example/image.conf
--- ../convirt-0.8.2.bak/image_store/example/image.conf 2008-09-10
15:45:35.000000000 -0700
+++ ./image_store/example/image.conf 2008-09-10 16:20:22.000000000 -0700
@@ -47,7 +47,7 @@
# Location to create new disk VBDs
-VM_DISKS_DIR='/tmp'
+VM_DISKS_DIR='~/.convirt/tmp'
# Location of conf file
VM_CONF_DIR='/etc/xen'
diff -u -r ../convirt-0.8.2.bak/image_store/example/provision.sh
./image_store/example/provision.sh
--- ../convirt-0.8.2.bak/image_store/example/provision.sh 2008-09-10
15:45:35.000000000 -0700
+++ ./image_store/example/provision.sh 2008-09-10 16:20:22.000000000 -0700
@@ -67,7 +67,7 @@
source "$param_file"
# check that we got all the params
-set > /tmp/set_output
+set > ~/.convirt/tmp/set_output
# create a list from the disk directive
disk_list=`python <<EOF
diff -u -r ../convirt-0.8.2.bak/image_store/Fedora_PV_Install/image.conf
./image_store/Fedora_PV_Install/image.conf
--- ../convirt-0.8.2.bak/image_store/Fedora_PV_Install/image.conf
2008-09-10 15:45:35.000000000 -0700
+++ ./image_store/Fedora_PV_Install/image.conf 2008-09-10 16:20:22.000000000
-0700
@@ -9,7 +9,7 @@
xvda_disk_type='VBD'
xvda_disk_create='yes'
xvda_disk_size=5000
-VM_DISKS_DIR='/tmp'
+VM_DISKS_DIR='~/.convirt/tmp'
VM_CONF_DIR='/etc/xen'
#customizable_options=['xvda_disk_create', 'xvda_disk_size', 'xvda_disk_type']
diff -u -r ../convirt-0.8.2.bak/image_store/Fedora_PV_Install/provision.sh
./image_store/Fedora_PV_Install/provision.sh
--- ../convirt-0.8.2.bak/image_store/Fedora_PV_Install/provision.sh
2008-09-10 15:45:35.000000000 -0700
+++ ./image_store/Fedora_PV_Install/provision.sh 2008-09-10
16:20:22.000000000 -0700
@@ -67,7 +67,7 @@
source "$param_file"
# check that we got all the params
-set > /tmp/set_output
+set > ~/.convirt/tmp/set_output
# create a list from the disk directive
disk_list=`python <<EOF
diff -u -r ../convirt-0.8.2.bak/image_store/Linux_CD_Install/image.conf
./image_store/Linux_CD_Install/image.conf
--- ../convirt-0.8.2.bak/image_store/Linux_CD_Install/image.conf
2008-09-10 15:45:35.000000000 -0700
+++ ./image_store/Linux_CD_Install/image.conf 2008-09-10 16:20:22.000000000
-0700
@@ -1,7 +1,7 @@
# config file for kicking off CDROM install
# assume one disk
-VM_DISKS_DIR='/tmp'
+VM_DISKS_DIR='~/.convirt/tmp'
VM_CONF_DIR='/etc/xen'
hda_disk_type='VBD'
hda_disk_create='yes'
diff -u -r ../convirt-0.8.2.bak/image_store/Linux_CD_Install/provision.sh
./image_store/Linux_CD_Install/provision.sh
--- ../convirt-0.8.2.bak/image_store/Linux_CD_Install/provision.sh
2008-09-10 15:45:35.000000000 -0700
+++ ./image_store/Linux_CD_Install/provision.sh 2008-09-10 16:20:22.000000000
-0700
@@ -67,7 +67,7 @@
source "$param_file"
# check that we got all the params
-set > /tmp/set_output
+set > ~/.convirt/tmp/set_output
# create a list from the disk directive
disk_list=`python <<EOF
diff -u -r ../convirt-0.8.2.bak/image_store/_template_/provision.sh
./image_store/_template_/provision.sh
--- ../convirt-0.8.2.bak/image_store/_template_/provision.sh 2008-09-10
15:45:35.000000000 -0700
+++ ./image_store/_template_/provision.sh 2008-09-10 16:20:22.000000000
-0700
@@ -67,7 +67,7 @@
source "$param_file"
# check that we got all the params
-set > /tmp/set_output
+set > ~/.convirt/tmp/set_output
# create a list from the disk directive
disk_list=`python <<EOF
diff -u -r ../convirt-0.8.2.bak/image_store/Windows_CD_Install/image.conf
./image_store/Windows_CD_Install/image.conf
--- ../convirt-0.8.2.bak/image_store/Windows_CD_Install/image.conf
2008-09-10 15:45:35.000000000 -0700
+++ ./image_store/Windows_CD_Install/image.conf 2008-09-10 16:20:22.000000000
-0700
@@ -1,7 +1,7 @@
# config file for kicking off CDROM install
# assuming one disk
-VM_DISKS_DIR='/tmp'
+VM_DISKS_DIR='~/.convirt/tmp'
VM_CONF_DIR='/etc/xen'
hda_disk_type='VBD'
hda_disk_create='yes'
diff -u -r ../convirt-0.8.2.bak/image_store/Windows_CD_Install/provision.sh
./image_store/Windows_CD_Install/provision.sh
--- ../convirt-0.8.2.bak/image_store/Windows_CD_Install/provision.sh
2008-09-10 15:45:35.000000000 -0700
+++ ./image_store/Windows_CD_Install/provision.sh 2008-09-10
16:20:22.000000000 -0700
@@ -67,7 +67,7 @@
source "$param_file"
# check that we got all the params
-set > /tmp/set_output
+set > ~/.convirt/tmp/set_output
# create a list from the disk directive
disk_list=`python <<EOF
diff -u -r ../convirt-0.8.2.bak/src/constants.py ./src/constants.py
--- ../convirt-0.8.2.bak/src/constants.py 2008-09-10 15:45:35.000000000
-0700
+++ ./src/constants.py 2008-09-10 16:17:23.000000000 -0700
@@ -17,6 +17,7 @@
# http://www.fsf.org/licensing/licenses/lgpl.txt
#
+import os.path
_version = "0.8.2"
fox_header = "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.4)
Gecko/20070603 Fedora/2.0.0.4-2.fc7 Firefox/2.0.0.4 ConVirt/" + _version
@@ -26,6 +27,8 @@
# constants definitions
#
+prop_tmp_dir = os.path.expanduser('~/.conwirt/tmp')
+
# config properties
prop_disks_dir = 'disks_dir'
prop_snapshots_dir = 'snapshots_dir'
diff -u -r ../convirt-0.8.2.bak/src/GridManager.py ./src/GridManager.py
--- ../convirt-0.8.2.bak/src/GridManager.py 2008-09-10 15:45:35.000000000
-0700
+++ ./src/GridManager.py 2008-09-10 15:57:06.000000000 -0700
@@ -323,7 +323,7 @@
# create a temp file on the client node.
# and move it to the dest node.
(t_handle, t_name) = tempfile.mkstemp(prefix=dom_name,
- dir="/tmp")
+ dir=prop_tmp_dir)
try:
source_node.node_proxy.get(config.filename,
t_name)
diff -u -r ../convirt-0.8.2.bak/src/KVMProxy.py ./src/KVMProxy.py
--- ../convirt-0.8.2.bak/src/KVMProxy.py 2008-09-10 15:45:35.000000000
-0700
+++ ./src/KVMProxy.py 2008-09-10 15:56:33.000000000 -0700
@@ -26,6 +26,7 @@
from phelper import *
from NodeProxy import *
+import constants
import select
QEMU_PROMPT = "(qemu)"
@@ -258,7 +259,7 @@
# The following is done to have the convention and
# temporarily have the name of VM available in the command line.
if not config.get("monitor"):
- cmdline = cmdline + " -monitor unix:/tmp/" + config.get("name") + \
+ cmdline = cmdline + " -monitor unix:" + constants.prop_tmp_dir +
"/" + config.get("name") + \
",server,nowait"
# Add handling of nested options
@@ -354,7 +355,7 @@
config["type"]="KVM"
config["hda"]="/mnt/home/jd/kvm/kvm-19/ubuntu-6.qcow"
config["m"] = 1024
- config["monitor"] = "unix:/tmp/xyz"
+ config["monitor"] = "unix:" + constants.prop_tmp_dir + "/xyz"
config["vnc"] = ":5"
## vmm.start(config)
diff -u -r ../convirt-0.8.2.bak/src/NodeProxy.py ./src/NodeProxy.py
--- ../convirt-0.8.2.bak/src/NodeProxy.py 2008-09-10 15:45:35.000000000
-0700
+++ ./src/NodeProxy.py 2008-09-10 15:55:34.000000000 -0700
@@ -30,6 +30,8 @@
import threading
import _threading_local
+import constants
+
class CommandException(Exception):
def __init__(self, errno, description):
Exception.__init__(self, errno, description)
@@ -402,19 +404,19 @@
sys.exit(1)
# Test FTP
- node.put("/tmp/send", "/tmp/send_r")
- node.get("/tmp/send_r", "/tmp/received")
+ node.put(constants.prop_tmp_dir + "/send", constants.prop_tmp_dir +
"/send_r")
+ node.get(constants.prop_tmp_dir + "/send_r", constants.prop_tmp_dir +
"/received")
- fd = node.open('/tmp/test_writable','w')
+ fd = node.open(constants.prop_tmp_dir + '/test_writable','w')
off = 1024L
fd.seek(off,0)
fd.write('\x00')
fd.close()
- print 'exists?: ',node.file_exists('/tmp/test_writable')
- print 'isWritable?: ', node.file_is_writable('/tmp/test_writable')
- node.remove('/tmp/test_writable')
- print 'exists?: ', node.file_exists('/tmp/test_writable')
+ print 'exists?: ',node.file_exists(constants.prop_tmp_dir +
'/test_writable')
+ print 'isWritable?: ', node.file_is_writable(constants.prop_tmp_dir +
'/test_writable')
+ node.remove(constants.prop_tmp_dir + '/test_writable')
+ print 'exists?: ', node.file_exists(constants.prop_tmp_dir +
'/test_writable')
sys.exit(0)
@@ -446,23 +448,23 @@
f.close()
try:
- node.mkdir("/tmp/node_test")
+ node.mkdir(constants.prop_tmp_dir + "/node_test")
except (OSError, IOError), err:
print str(err)
- w = node.open("/tmp/node_test/test", "w")
+ w = node.open(constants.prop_tmp_dir + "/node_test/test", "w")
w.writelines(["hello this is test", "hello this is second test"])
w.close()
- r = node.open("/tmp/node_test/test")
+ r = node.open(constants.prop_tmp_dir + "/node_test/test")
x = r.readline()
while x != None and x != "":
print x
x= r.readline()
r.close()
- node.remove("/tmp/node_test/test")
- node.rmdir("/tmp/node_test")
+ node.remove(constants.prop_tmp_dir + "/node_test/test")
+ node.rmdir(constants.prop_tmp_dir + "/node_test")
@@ -470,11 +472,11 @@
print output
print "EXIT CODE = ", code
- output,code = node.exec_cmd('find /tmp')
+ output,code = node.exec_cmd('find ' + constants.prop_tmp_dir)
print output
print "EXIT CODE = ", code
- output,code = node.exec_cmd('junk /tmp')
+ output,code = node.exec_cmd('junk ' + constants.prop_tmp_dir)
print output
print "EXIT CODE = ", code
diff -u -r ../convirt-0.8.2.bak/src/utils.py ./src/utils.py
--- ../convirt-0.8.2.bak/src/utils.py 2008-09-10 15:45:35.000000000 -0700
+++ ./src/utils.py 2008-09-10 16:00:00.000000000 -0700
@@ -717,7 +717,7 @@
# can be used by UI to display the updates.
class UpdatesMgr:
update_url = "http://www.convirture.com/updates/updates.xml";
- updates_file = "/tmp/updates.xml"
+ updates_file = constants.prop_tmp_dir + "/updates.xml"
def __init__(self, config):
self.config = config
@@ -734,7 +734,7 @@
# file is not writable..lets create a tmp file
if not os.access(self.updates_file,os.W_OK):
(t_handle, t_name) = tempfile.mkstemp(prefix="updates.xml",
- dir="/tmp")
+
dir=constants.prop_tmp_dir)
self.updates_file = t_name
os.close(t_handle) # Use the name, close the handle.
@@ -1273,7 +1273,7 @@
# XMConfig tests
#
- TEST_CONFIGFILE = '/tmp/convirt.conf'
+ TEST_CONFIGFILE = constants.prop_tmp_dir + '/convirt.conf'
print "\nXMConfig interface test STARTING\n"
diff -u -r ../convirt-0.8.2.bak/src/XenNode.py ./src/XenNode.py
--- ../convirt-0.8.2.bak/src/XenNode.py 2008-09-10 15:45:35.000000000 -0700
+++ ./src/XenNode.py 2008-09-10 15:59:08.000000000 -0700
@@ -855,7 +855,7 @@
m = { 'VM_NAME':'foo', 'IMAGE_NAME':'anaconda' }
dom_config.instantiate_config(m)
print dom_config.default_computed_options,
dom_config.get_computed_options()
- dom_config.save("/tmp/test_config")
+ dom_config.save(constants.prop_tmp_dir + "/test_config")
sys.exit(0)
@@ -934,21 +934,21 @@
newcfg = XenConfig(managed_node)
newcfg["name"] = "Txx"
newcfg["memory"] = 299
- newcfg.set_filename("/tmp/Txx")
+ newcfg.set_filename(constants.prop_tmp_dir + "/Txx")
newcfg.write()
- f = managed_node.node_proxy.open("/tmp/Txx")
+ f = managed_node.node_proxy.open(constants.prop_tmp_dir + "/Txx")
x = f.read(1024)
print x
f.close()
- print "### read config from /etc/xen/auto and write them to /tmp"
+ print "### read config from /etc/xen/auto and write them to
constants.prop_tmp_dir"
## Dom Config
for f in managed_node.node_proxy.listdir("/etc/xen/auto"):
fin = "/etc/xen/auto/"+f
print fin
d = XenConfig(managed_node, fin)
- d.save("/tmp/" + f)
+ d.save(constants.prop_tmp_dir + "/" + f)
print "### get first file in /etc/xen/auto and dump its info"
