The upstream commit 1e422ed of keyring moves non-preferred keyring backends to keyrings.alt package, so moving fix_keyring_lockfile_location.patch to package keyrings.alt --- a/keyrings/alt/file_base.py +++ b/keyrings/alt/file_base.py @@ -14,6 +14,7 @@ from keyring.util import platform_, prop from .escape import escape as escape_for_ini from oslo_concurrency import lockutils +lockfile = "keyringlock" class FileBacked: @abc.abstractproperty @@ -153,11 +154,12 @@ class Keyring(FileBacked, KeyringBackend return (escape_for_ini(service) + r'\0' + escape_for_ini(username)).encode() def _write_config_value(self, service, key, value): + # ensure the file exists + self._ensure_file_path() - with lockutils.lock("keyringlock",external=True,lock_path="/tmp"): + lockdir = os.path.dirname(self.file_path) - # ensure the file exists - self._ensure_file_path() + with lockutils.lock(lockfile,external=True,lock_path=lockdir): config = None try: @@ -206,14 +208,13 @@ class Keyring(FileBacked, KeyringBackend - - def _ensure_file_path(self): """ Ensure the storage path exists. If it doesn't, create it with "go-rwx" permissions. """ storage_root = os.path.dirname(self.file_path) + lockdir = storage_root needs_storage_root = storage_root and not os.path.isdir(storage_root) if needs_storage_root: # pragma: no cover os.makedirs(storage_root) @@ -223,12 +224,21 @@ class Keyring(FileBacked, KeyringBackend pass user_read_write = 0o644 os.chmod(self.file_path, user_read_write) + if not os.path.isfile(lockdir + "/" + lockfile): + import stat + with open(lockdir + "/" + lockfile, 'w'): + pass + # must have the lock file with the correct group permissisions g+rw + os.chmod(lockdir + "/" + lockfile, stat.S_IRWXG | stat.S_IRWXU) + def delete_password(self, service, username): """Delete the password for the username of the service.""" service = escape_for_ini(service) username = escape_for_ini(username) - with lockutils.lock("keyringlock",external=True,lock_path="/tmp"): + + lockdir = os.path.dirname(self.file_path) + with lockutils.lock(lockfile,external=True,lock_path=lockdir): config = configparser.RawConfigParser() if os.path.exists(self.file_path): config.read(self.file_path) Index: keyring-5.3/keyring/backends/file.py =================================================================== --- keyring-5.3.orig/keyrings/alt/file.py +++ keyring-5.3/keyrings/alt/file.py @@ -108,18 +108,6 @@ class EncryptedKeyring(Encrypted, Keyrin # set a reference password, used to check that the password provided # matches for subsequent checks. - # try to pre-create the /tmp/keyringlock if it doesn't exist - lockfile = "/tmp/keyringlock" - if os.geteuid() == 0 and (not os.path.exists(lockfile)): - from pwd import getpwnam - import stat - nonrootuser = "sysadmin" - with open(lockfile, 'w'): - pass - # must have the lock file with the correct group permissisions g+rw - os.chmod(lockfile, stat.S_IRWXG | stat.S_IRWXU) - - self.set_password( 'keyring-setting', 'password reference', 'password reference value' ) @@ -134,9 +122,10 @@ class EncryptedKeyring(Encrypted, Keyrin return False self._migrate() + lockdir = os.path.dirname(self.file_path) # lock access to the file_path here, make sure it's not being written # to while while we're checking for keyring-setting - with lockutils.lock("keyringlock",external=True,lock_path="/tmp"): + with lockutils.lock(lockfile,external=True,lock_path=lockdir): config = configparser.RawConfigParser() config.read(self.file_path) try: @@ -145,7 +134,6 @@ class EncryptedKeyring(Encrypted, Keyrin ) except (configparser.NoSectionError, configparser.NoOptionError): # The current file doesn't have the keyring-setting, check the backup - logging.warning("_check_file: The current file doesn't have the keyring-setting, check the backup") if os.path.exists(self.backup_file_path): config = configparser.RawConfigParser() config.read(self.backup_file_path)