Xenial verification has completed successfully using xenial-proposed with the following packages:
openstack-dashboard: 2:9.1.2-0ubuntu5 python-sahara-dashboard: 4.0.0-1ubuntu1.1 python-murano-dashboard: 1:2.0.0-1ubuntu1 python-trove-dashboard: 6.0.0-1ubuntu1 After installing each package, permissions for /etc/openstack-dashboard and /var/lib/openstack-dashboard remains as follows and the dashboard continues to function as expected: /etc/openstack-dashboard: total 36 drwxr-xr-x 2 horizon horizon 4096 Mar 16 13:26 . drwxr-xr-x 101 root root 4096 Mar 16 13:27 .. -rw-r----- 1 root horizon 26775 Mar 16 13:29 local_settings.py /var/lib/openstack-dashboard: total 12 drwx------ 2 horizon horizon 4096 Mar 16 13:26 . drwxr-xr-x 48 root root 4096 Mar 16 13:26 .. -rw------- 1 horizon horizon 64 Mar 16 13:26 secret_key -rw-r--r-- 1 horizon horizon 0 Mar 16 13:26 _var_lib_openstack-dashboard_secret_key.lock ** Tags removed: verification-mitaka-needed verification-needed ** Tags added: verification-done ** Also affects: cloud-archive/pike Importance: Undecided Status: New -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1755027 Title: [SRU] local_settings.py is world readable and contains passwords Status in OpenStack openstack-dashboard charm: Fix Released Status in Ubuntu Cloud Archive: Invalid Status in Ubuntu Cloud Archive kilo series: Fix Released Status in Ubuntu Cloud Archive mitaka series: Fix Committed Status in Ubuntu Cloud Archive newton series: Fix Released Status in Ubuntu Cloud Archive ocata series: Fix Released Status in Ubuntu Cloud Archive pike series: Fix Committed Status in designate-dashboard package in Ubuntu: Invalid Status in horizon package in Ubuntu: Invalid Status in murano-dashboard package in Ubuntu: Invalid Status in neutron-lbaas-dashboard package in Ubuntu: Invalid Status in sahara-dashboard package in Ubuntu: Invalid Status in trove-dashboard package in Ubuntu: Invalid Status in horizon source package in Trusty: Fix Committed Status in horizon source package in Xenial: Fix Committed Status in murano-dashboard source package in Xenial: Fix Committed Status in sahara-dashboard source package in Xenial: Fix Committed Status in trove-dashboard source package in Xenial: Fix Committed Status in designate-dashboard source package in Artful: Fix Committed Status in murano-dashboard source package in Artful: Fix Committed Status in sahara-dashboard source package in Artful: Fix Committed Status in trove-dashboard source package in Artful: Fix Committed Bug description: [Impact] nobody@juju-a45617-0-lxd-4:/$ grep PASSWORD /etc/openstack-dashboard/local_settings.py 'PASSWORD': 'yNXwml0TXuWjcW19jDzE49IiohSIMY', #EMAIL_HOST_PASSWORD = 'top-secret!' #OPENSTACK_ENABLE_PASSWORD_RETRIEVE = False OPENSTACK_ENABLE_PASSWORD_RETRIEVE = True #ENFORCE_PASSWORD_CHECK = False nobody@juju-a45617-0-lxd-4:/$ Needless to say, I should not be able to see passwords as 'nobody'. This is on a customer site, but I've reproduced at least the world readableness with a fresh deploy of cs:openstack-dashboard locally. This release sports mostly bug-fixes and we would like to make sure all of our supported customers have access to these improvements. The update contains the following package updates: * <TODO: Create list with package names and versions> [Test Case] apt install openstack-dashboard sudo ls -al /etc/openstack-dashboard/ permissions should be: -rw-r----- 1 root horizon 30995 Mar 13 14:12 local_settings.py sudo ls -al /var/lib/openstack-dashboard/ # should be recursively owned by horizon:horizon before and after installing any dashboard plugins [Regression Potential] Very minimal regression potential. The fix is already in artful/pike and bionic/queens. [Discussion] The following comment is copied from comment #30 below but important to call out for SRU review: coreycb: I've uploaded designate-dashboard, murano-dashboard, trove- dashboard, and sahara-dashboard to the Artful Unapproved queue where they are awaiting review by the SRU team. Note that these changes are only updating these dashboard to use the proper user:group when performing chown on /var/lib/openstack-dashboard. This may look tengential when just looking at the Artful packages but it aligns with the changes being made for the Ocata cloud-archive (and already made in Bionic) that run openstack-dashboard under horizon:horizon instead of under www-data:www-data. To manage notifications about this bug go to: https://bugs.launchpad.net/charm-openstack-dashboard/+bug/1755027/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp