de2af4d74d
The upstream commit 1e422ed of python-keyring moved non-preferred keyring backends to separated package "keyrings.alt", so adding the keyrings.alt and porting the patches related to non-preferred keyring backends to keyrings.alt. Patches are not up to our standard. Bringing them up to standard is future work, tracked by: https://bugs.launchpad.net/starlingx/+bug/1950506. Related-Bug: 1950506 Building successfully. Installing python3-keyrings.alt, python3-keyring and the dependence package tsconfig successfully. Booting up ISO successfully on qemu. Story: 2009221 Task: 43438 Signed-off-by: Yue Tao <yue.tao@windriver.com> Change-Id: I4b70927709f0cc968e32af1d0e2a9402f47b2fe9
113 lines
4.6 KiB
Diff
113 lines
4.6 KiB
Diff
The upstream commit 1e422ed of keyring moves non-preferred keyring
|
|
backends to keyrings.alt package, so moving fix_keyring_lockfile_location.patch
|
|
to package keyrings.alt
|
|
|
|
--- a/keyrings/alt/file_base.py
|
|
+++ b/keyrings/alt/file_base.py
|
|
@@ -14,6 +14,7 @@ from keyring.util import platform_, prop
|
|
from .escape import escape as escape_for_ini
|
|
from oslo_concurrency import lockutils
|
|
|
|
+lockfile = "keyringlock"
|
|
|
|
class FileBacked:
|
|
@abc.abstractproperty
|
|
@@ -153,11 +154,12 @@ class Keyring(FileBacked, KeyringBackend
|
|
return (escape_for_ini(service) + r'\0' + escape_for_ini(username)).encode()
|
|
|
|
def _write_config_value(self, service, key, value):
|
|
+ # ensure the file exists
|
|
+ self._ensure_file_path()
|
|
|
|
- with lockutils.lock("keyringlock",external=True,lock_path="/tmp"):
|
|
+ lockdir = os.path.dirname(self.file_path)
|
|
|
|
- # ensure the file exists
|
|
- self._ensure_file_path()
|
|
+ with lockutils.lock(lockfile,external=True,lock_path=lockdir):
|
|
|
|
config = None
|
|
try:
|
|
@@ -206,14 +208,13 @@ class Keyring(FileBacked, KeyringBackend
|
|
|
|
|
|
|
|
-
|
|
-
|
|
def _ensure_file_path(self):
|
|
"""
|
|
Ensure the storage path exists.
|
|
If it doesn't, create it with "go-rwx" permissions.
|
|
"""
|
|
storage_root = os.path.dirname(self.file_path)
|
|
+ lockdir = storage_root
|
|
needs_storage_root = storage_root and not os.path.isdir(storage_root)
|
|
if needs_storage_root: # pragma: no cover
|
|
os.makedirs(storage_root)
|
|
@@ -223,12 +224,21 @@ class Keyring(FileBacked, KeyringBackend
|
|
pass
|
|
user_read_write = 0o644
|
|
os.chmod(self.file_path, user_read_write)
|
|
+ if not os.path.isfile(lockdir + "/" + lockfile):
|
|
+ import stat
|
|
+ with open(lockdir + "/" + lockfile, 'w'):
|
|
+ pass
|
|
+ # must have the lock file with the correct group permissisions g+rw
|
|
+ os.chmod(lockdir + "/" + lockfile, stat.S_IRWXG | stat.S_IRWXU)
|
|
+
|
|
|
|
def delete_password(self, service, username):
|
|
"""Delete the password for the username of the service."""
|
|
service = escape_for_ini(service)
|
|
username = escape_for_ini(username)
|
|
- with lockutils.lock("keyringlock",external=True,lock_path="/tmp"):
|
|
+
|
|
+ lockdir = os.path.dirname(self.file_path)
|
|
+ with lockutils.lock(lockfile,external=True,lock_path=lockdir):
|
|
config = configparser.RawConfigParser()
|
|
if os.path.exists(self.file_path):
|
|
config.read(self.file_path)
|
|
Index: keyring-5.3/keyring/backends/file.py
|
|
===================================================================
|
|
--- keyring-5.3.orig/keyrings/alt/file.py
|
|
+++ keyring-5.3/keyrings/alt/file.py
|
|
@@ -108,18 +108,6 @@ class EncryptedKeyring(Encrypted, Keyrin
|
|
# set a reference password, used to check that the password provided
|
|
# matches for subsequent checks.
|
|
|
|
- # try to pre-create the /tmp/keyringlock if it doesn't exist
|
|
- lockfile = "/tmp/keyringlock"
|
|
- if os.geteuid() == 0 and (not os.path.exists(lockfile)):
|
|
- from pwd import getpwnam
|
|
- import stat
|
|
- nonrootuser = "sysadmin"
|
|
- with open(lockfile, 'w'):
|
|
- pass
|
|
- # must have the lock file with the correct group permissisions g+rw
|
|
- os.chmod(lockfile, stat.S_IRWXG | stat.S_IRWXU)
|
|
-
|
|
-
|
|
self.set_password(
|
|
'keyring-setting', 'password reference', 'password reference value'
|
|
)
|
|
@@ -134,9 +122,10 @@ class EncryptedKeyring(Encrypted, Keyrin
|
|
return False
|
|
self._migrate()
|
|
|
|
+ lockdir = os.path.dirname(self.file_path)
|
|
# lock access to the file_path here, make sure it's not being written
|
|
# to while while we're checking for keyring-setting
|
|
- with lockutils.lock("keyringlock",external=True,lock_path="/tmp"):
|
|
+ with lockutils.lock(lockfile,external=True,lock_path=lockdir):
|
|
config = configparser.RawConfigParser()
|
|
config.read(self.file_path)
|
|
try:
|
|
@@ -145,7 +134,6 @@ class EncryptedKeyring(Encrypted, Keyrin
|
|
)
|
|
except (configparser.NoSectionError, configparser.NoOptionError):
|
|
# The current file doesn't have the keyring-setting, check the backup
|
|
- logging.warning("_check_file: The current file doesn't have the keyring-setting, check the backup")
|
|
if os.path.exists(self.backup_file_path):
|
|
config = configparser.RawConfigParser()
|
|
config.read(self.backup_file_path)
|