[Engine-patches] Change in ovirt-engine[ovirt-engine-3.3.1]: packaging: setup: generate answerfile readable by user only

Wed, 13 Nov 2013 23:29:53 -0800 

Hello Alon Bar-Lev,

I'd like you to do a code review.  Please visit

    http://gerrit.ovirt.org/21249

to review the following change.

Change subject: packaging: setup: generate answerfile readable by user only
......................................................................

packaging: setup: generate answerfile readable by user only

fix file mode of previous stored answer files at state.

Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=1028748
Change-Id: I3c1ca00b7a56216d7051c7625c5e983d422caab9
Signed-off-by: Alon Bar-Lev <alo...@redhat.com>
---
M packaging/setup/plugins/ovirt-engine-common/core/answerfile.py
M packaging/setup/plugins/ovirt-engine-setup/upgrade/__init__.py
A packaging/setup/plugins/ovirt-engine-setup/upgrade/answerfile_fixup.py
3 files changed, 65 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/49/21249/1

diff --git a/packaging/setup/plugins/ovirt-engine-common/core/answerfile.py 
b/packaging/setup/plugins/ovirt-engine-common/core/answerfile.py
index 92067df..0b1910d 100644
--- a/packaging/setup/plugins/ovirt-engine-common/core/answerfile.py
+++ b/packaging/setup/plugins/ovirt-engine-common/core/answerfile.py
@@ -76,6 +76,7 @@
                 )
             )
             with open(self.resolveFile(answer), 'w') as f:
+                os.fchmod(f.fileno(), 0o600)
                 f.write(
                     (
                         '# action=%s\n'
diff --git a/packaging/setup/plugins/ovirt-engine-setup/upgrade/__init__.py 
b/packaging/setup/plugins/ovirt-engine-setup/upgrade/__init__.py
index 7d962c2..ee20db6 100644
--- a/packaging/setup/plugins/ovirt-engine-setup/upgrade/__init__.py
+++ b/packaging/setup/plugins/ovirt-engine-setup/upgrade/__init__.py
@@ -24,12 +24,14 @@
 
 from . import dbvalidations
 from . import asynctasks
+from . import answerfile_fixup
 
 
 @util.export
 def createPlugins(context):
     dbvalidations.Plugin(context=context)
     asynctasks.Plugin(context=context)
+    answerfile_fixup.Plugin(context=context)
 
 
 # vim: expandtab tabstop=4 shiftwidth=4
diff --git 
a/packaging/setup/plugins/ovirt-engine-setup/upgrade/answerfile_fixup.py 
b/packaging/setup/plugins/ovirt-engine-setup/upgrade/answerfile_fixup.py
new file mode 100644
index 0000000..260a7e3
--- /dev/null
+++ b/packaging/setup/plugins/ovirt-engine-setup/upgrade/answerfile_fixup.py
@@ -0,0 +1,62 @@
+#
+# ovirt-engine-setup -- ovirt engine setup
+# Copyright (C) 2013 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+
+"""Answer file fixup plugin."""
+
+
+import os
+import glob
+import gettext
+_ = lambda m: gettext.dgettext(message=m, domain='ovirt-engine-setup')
+
+
+from otopi import util
+from otopi import plugin
+
+
+from ovirt_engine_setup import constants as osetupcons
+
+
+@util.export
+class Plugin(plugin.PluginBase):
+    """Temporary fixup for invalid permission of past answer files."""
+
+    def __init__(self, context):
+        super(Plugin, self).__init__(context=context)
+
+    @plugin.event(
+        stage=plugin.Stages.STAGE_MISC,
+    )
+    def _misc(self):
+        for f in glob.glob(
+            os.path.join(
+                osetupcons.FileLocations.OVIRT_SETUP_ANSWERS_DIR,
+                '*.conf',
+            )
+        ):
+            try:
+                os.chmod(f, 0o600)
+            except:
+                self.logger.debug(
+                    "Cannot modify permission for '%s'",
+                    f,
+                    exc_info=True,
+                )
+
+
+# vim: expandtab tabstop=4 shiftwidth=4


-- 
To view, visit http://gerrit.ovirt.org/21249
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I3c1ca00b7a56216d7051c7625c5e983d422caab9
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine
Gerrit-Branch: ovirt-engine-3.3.1
Gerrit-Owner: Sandro Bonazzola <sbona...@redhat.com>
Gerrit-Reviewer: Alon Bar-Lev <alo...@redhat.com>
_______________________________________________
Engine-patches mailing list
Engine-patches@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-patches

Reply via email to