Bug#689289: unblock: keystone/2012.1.1-9 (CVE-2012-445{6,7}, +policy RC fixes)
On Wed, Oct 10, 2012 at 06:52:16PM +0200, Julien Cristau wrote:
> On Mon, Oct 1, 2012 at 15:00:25 +0800, Thomas Goirand wrote:
>
> > diff -Nru keystone-2012.1.1/debian/keystone.postinst keystone-2012.1.1/debian/keystone.postinst
> > --- keystone-2012.1.1/debian/keystone.postinst 2012-09-12 16:33:13.000000000 +0000
> > +++ keystone-2012.1.1/debian/keystone.postinst 2012-10-01 06:51:43.000000000 +0000
> > @@ -1,77 +1,64 @@
> [...]
> > + chown keystone:keystone -R /var/lib/keystone /var/log/keystone /etc/keystone
> > + chmod 0750 /etc/keystone
> > + chmod 0750 /var/log/keystone
>
> What's the point of this (in particular the recursive chown)? Why is it
> done every time the package is configured, rather than when these
> directories are initially created?
>
> [...]
> > diff -Nru keystone-2012.1.1/debian/rules keystone-2012.1.1/debian/rules
> > --- keystone-2012.1.1/debian/rules 2012-09-12 16:33:13.000000000 +0000
> > +++ keystone-2012.1.1/debian/rules 2012-10-01 06:51:43.000000000 +0000
> > @@ -42,6 +42,11 @@
> > rm -rf debian/python-keystone/usr/lib/python*/*/doc
> > rm -rf debian/python-keystone/usr/lib/python*/*/tools
> > rm -rf debian/python-keystone/usr/lib/python*/*/examples
> > + install -D -m 0640 etc/keystone.conf debian/keystone/usr/share/keystone/keystone.conf
> > +
> > +override_dh_fixperms:
> > + dh_fixperms
> > + chmod 0640 debian/keystone/usr/share/keystone/keystone.conf
> >
> > override_dh_clean:
> > rm -rf $(CURDIR)/build $(CURDIR)/keystone.egg-info $(CURDIR)/.cache
>
> I don't think that (overriding fixperms) should be necessary, can't the
> permissions be set when installing the file in postinst?
Thomas,
what's the status?
Cheers,
Moritz
Reply to: