meta-starlingx/meta-stx-cloud/recipes-devtools/python/files/python-keyring/fix_keyring_lockfile_location.patch

   1 Index: keyring-5.3/keyring/backends/file.py
   2 ===================================================================
   3 --- keyring-5.3.orig/keyring/backends/file.py
   4 +++ keyring-5.3/keyring/backends/file.py
   5 @@ -19,6 +19,8 @@ from ..util.escape import escape as esca
   6  from oslo_concurrency import lockutils
   7
   8
   9 +lockfile = "keyringlock"
  10 +
  11  class FileBacked(object):
  12      @abc.abstractproperty
  13      def filename(self):
  14 @@ -104,16 +106,18 @@ class BaseKeyring(FileBacked, KeyringBac
  15          service = escape_for_ini(service)
  16          username = escape_for_ini(username)
  17
  18 +        # ensure the file exists
  19 +        self._ensure_file_path()
  20 +
  21          # encrypt the password
  22          password_encrypted = self.encrypt(password.encode('utf-8'))
  23          # encode with base64
  24          password_base64 = base64.encodestring(password_encrypted).decode()
  25
  26 +        lockdir = os.path.dirname(self.file_path)
  27
  28 -        with lockutils.lock("keyringlock",external=True,lock_path="/tmp"):
  29 +        with lockutils.lock(lockfile,external=True,lock_path=lockdir):
  30
  31 -            # ensure the file exists
  32 -            self._ensure_file_path()
  33
  34              config = None
  35              try:
  36 @@ -159,14 +163,13 @@ class BaseKeyring(FileBacked, KeyringBac
  37
  38
  39
  40 -
  41 -
  42      def _ensure_file_path(self):
  43          """
  44          Ensure the storage path exists.
  45          If it doesn't, create it with "go-rwx" permissions.
  46          """
  47          storage_root = os.path.dirname(self.file_path)
  48 +        lockdir = storage_root
  49          if storage_root and not os.path.isdir(storage_root):
  50              os.makedirs(storage_root)
  51          if not os.path.isfile(self.file_path):
  52 @@ -175,13 +178,22 @@ class BaseKeyring(FileBacked, KeyringBac
  53                  pass
  54              user_read_write = 0o644
  55              os.chmod(self.file_path, user_read_write)
  56 +        if not os.path.isfile(lockdir + "/" + lockfile):
  57 +             import stat
  58 +             with open(lockdir + "/" + lockfile, 'w'):
  59 +                 pass
  60 +             # must have the lock file with the correct group permissisions g+rw
  61 +             os.chmod(lockdir + "/" + lockfile, stat.S_IRWXG | stat.S_IRWXU)
  62 +
  63
  64      def delete_password(self, service, username):
  65          """Delete the password for the username of the service.
  66          """
  67          service = escape_for_ini(service)
  68          username = escape_for_ini(username)
  69 -        with lockutils.lock("keyringlock",external=True,lock_path="/tmp"):
  70 +
  71 +        lockdir = os.path.dirname(self.file_path)
  72 +        with lockutils.lock(lockfile,external=True,lock_path=lockdir):
  73              config = configparser.RawConfigParser()
  74              if os.path.exists(self.file_path):
  75                  config.read(self.file_path)
  76 @@ -290,17 +302,6 @@ class EncryptedKeyring(Encrypted, BaseKe
  77          # set a reference password, used to check that the password provided
  78          #  matches for subsequent checks.
  79
  80 -        # try to pre-create the /tmp/keyringlock if it doesn't exist
  81 -        lockfile = "/tmp/keyringlock"
  82 -        if os.geteuid() == 0 and (not os.path.exists(lockfile)):
  83 -             from pwd import getpwnam
  84 -             import stat
  85 -             nonrootuser = "sysadmin"
  86 -             with open(lockfile, 'w'):
  87 -                 pass
  88 -             # must have the lock file with the correct group permissisions g+rw
  89 -             os.chmod(lockfile, stat.S_IRWXG | stat.S_IRWXU)
  90 -
  91
  92          self.set_password('keyring-setting', 'password reference',
  93              'password reference value')
  94 @@ -313,9 +314,10 @@ class EncryptedKeyring(Encrypted, BaseKe
  95              return False
  96          self._migrate()
  97
  98 +        lockdir = os.path.dirname(self.file_path)
  99          # lock access to the file_path here, make sure it's not being written
 100          # to while while we're checking for keyring-setting
 101 -        with lockutils.lock("keyringlock",external=True,lock_path="/tmp"):
 102 +        with lockutils.lock(lockfile,external=True,lock_path=lockdir):
 103              config = configparser.RawConfigParser()
 104              config.read(self.file_path)
 105              try:
 106 @@ -325,7 +327,6 @@ class EncryptedKeyring(Encrypted, BaseKe
 107                  )
 108              except (configparser.NoSectionError, configparser.NoOptionError):
 109                  # The current file doesn't have the keyring-setting, check the backup
 110 -                logging.warning("_check_file: The current file doesn't have the keyring-setting, check the backup")
 111                  if os.path.exists(self.backup_file_path):
 112                      config = configparser.RawConfigParser()
 113                      config.read(self.backup_file_path)