This bug was fixed in the package curtin - 0.1.0~bzr195-0ubuntu1~14.04.1
---
curtin (0.1.0~bzr195-0ubuntu1~14.04.1) trusty-proposed; urgency=medium
* New upstream snapshot.
- hardware enablement: ppc64 support (LP: #1386394)
- hardware enablement: know kernel mapping for
** Changed in: horizon (Ubuntu Vivid)
Status: Confirmed = Invalid
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to horizon in Ubuntu.
https://bugs.launchpad.net/bugs/1382632
Title:
Insecure key file permissions
To manage
This bug was fixed in the package curtin - 0.1.0~bzr195-0ubuntu1~14.10.1
---
curtin (0.1.0~bzr195-0ubuntu1~14.10.1) utopic-proposed; urgency=medium
* New upstream snapshot / sync to vivid version.
- move install log from /var/log/curtin_install.log to
This has been tested and works as expected!
** Tags removed: verification-needed
** Tags added: verification-done
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to horizon in Ubuntu.
https://bugs.launchpad.net/bugs/1382632
Title:
Hello Andreas, or anyone else affected,
Accepted curtin into trusty-proposed. The package will build now and be
available at
http://launchpad.net/ubuntu/+source/curtin/0.1.0~bzr195-0ubuntu1~14.04.1
in a few hours, and then in the -proposed repository.
Please help us by testing this new package.
** Branch linked: lp:ubuntu/trusty-proposed/curtin
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to horizon in Ubuntu.
https://bugs.launchpad.net/bugs/1382632
Title:
Insecure key file permissions
To manage notifications about this
Hello Andreas, or anyone else affected,
Accepted curtin into utopic-proposed. The package will build now and be
available at
http://launchpad.net/ubuntu/+source/curtin/0.1.0~bzr195-0ubuntu1~14.10.1
in a few hours, and then in the -proposed repository.
Please help us by testing this new package.
** Branch linked: lp:ubuntu/utopic-proposed/curtin
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to horizon in Ubuntu.
https://bugs.launchpad.net/bugs/1382632
Title:
Insecure key file permissions
To manage notifications about this
** Branch linked: lp:ubuntu/curtin
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to horizon in Ubuntu.
https://bugs.launchpad.net/bugs/1382632
Title:
Insecure key file permissions
To manage notifications about this bug go to:
** Tags added: oil
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to horizon in Ubuntu.
https://bugs.launchpad.net/bugs/1382632
Title:
Insecure key file permissions
To manage notifications about this bug go to:
How do we get this on trusty? Or the MAAS PPA perhaps?
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to horizon in Ubuntu.
https://bugs.launchpad.net/bugs/1382632
Title:
Insecure key file permissions
To manage notifications about
** Changed in: curtin (Ubuntu)
Status: New = Confirmed
** Also affects: horizon (Ubuntu Trusty)
Importance: Undecided
Status: New
** Also affects: curtin (Ubuntu Trusty)
Importance: Undecided
Status: New
** Also affects: horizon (Ubuntu Vivid)
Importance: Undecided
** Description changed:
openstack-dashboard 1:2014.2-0ubuntu1~cloud0 from
http://ppa.launchpad.net/ubuntu-cloud-archive/juno-staging/ubuntu/
Got this during installation with the charm:
(...)
2014-10-17 17:17:07 INFO install Setting up openstack-dashboard
(1:2014.2-0ubuntu1~cloud0)
** Changed in: curtin (Ubuntu Utopic)
Status: New = Confirmed
** Changed in: curtin (Ubuntu Trusty)
Status: New = Confirmed
** Changed in: curtin (Ubuntu Trusty)
Importance: Undecided = High
** Changed in: curtin (Ubuntu Utopic)
Importance: Undecided = High
** Changed in:
** Branch linked: lp:~smoser/ubuntu/trusty/curtin/sru-utopic-level
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to horizon in Ubuntu.
https://bugs.launchpad.net/bugs/1382632
Title:
Insecure key file permissions
To manage
This bug was fixed in the package curtin - 0.1.0~bzr195-0ubuntu1
---
curtin (0.1.0~bzr195-0ubuntu1) vivid; urgency=medium
* New upstream snapshot.
* move install log from /var/log/curtin_install.log to
/var/log/curtin/install.log (LP: #1378910)
* to not use '--acl'
** Description changed:
+ === SRU Information ===
+ [Impact]
+ Systems installed using curtin inadvertantly have a default set of acl applied
+ to the root directory. Those default acl can wreak havoc with seemingly
+ sane expectations of users or packages or administrators.
+
+ For example,
This ends up being a regression of the curtin changes in bug 1313550.
curtin is extracting a tarball with '--xattrs --xattrs-include=* --acl'.
Its the '--acl' that is problematic.
Even though the tarball being extracted did not have acl stored in it
tar creates default acl on extraction.
The
** Branch linked: lp:curtin
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to horizon in Ubuntu.
https://bugs.launchpad.net/bugs/1382632
Title:
Insecure key file permissions
To manage notifications about this bug go to:
fixed in revno 194 of trunk.
** Changed in: curtin
Importance: Undecided = High
** Changed in: curtin
Status: New = Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to horizon in Ubuntu.
I don't think the ordering of the package installs are important. They
run the same command. The problem seem to be that the code that creates
the secret key doesn't create it with the right permissions. The current
code in horizon/utils/secret_key.py does this:
old_umask =
Of course the problem isn't that it is run twice :) I said above that
in the first run the file is created with the incorrect permissions, and
then the second run barfs at that :)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to
** Summary changed:
- Insecure key file permissions
+ Insecure key file permissions when running under LXC
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to horizon in Ubuntu.
https://bugs.launchpad.net/bugs/1382632
Title:
Insecure
The system where we saw this bug uses file system ACLs, with defauls,
and thus the umask is ignored:
ubuntu@juju-machine-0-lxc-5:/var/lib/openstack-dashboard$ getfacl .
# file: .
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
default:user::rwx
default:group::r-x
default:other::r-x
** Summary changed:
- Insecure key file permissions when running under LXC
+ Insecure key file permissions
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to horizon in Ubuntu.
https://bugs.launchpad.net/bugs/1382632
Title:
Insecure
To clarify, I see the same behavior on bare metal, deploying machines
with MAAS using the fast-path installer, so it's not LXC-specific.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to horizon in Ubuntu.
** Tags added: openstack
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to horizon in Ubuntu.
https://bugs.launchpad.net/bugs/1382632
Title:
Insecure key file permissions
To manage notifications about this bug go to:
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: horizon (Ubuntu)
Status: New = Confirmed
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to horizon in Ubuntu.
The secret_key file is created when python manage.py collectstatic is
run, it seems.
We have two packages that run this command in postinst: openstack-
dashboard-ubuntu-theme and openstack-dashboard. In this scenario,
-ubuntu-theme is installed first. It runs that command in postinst, the
file is
29 matches
Mail list logo
