launchpad-reviewers team mailing list archive

["Jeroen T. Vermeulen" <jtv@xxxxxxxxxxxxx>]

Jeroen T. Vermeulen has proposed merging lp:~jtv/launchpad/db-bug-752179 into lp:launchpad/db-devel.

Requested reviews:
  Launchpad code reviewers (launchpad-reviewers)
Related bugs:
  Bug #752179 in Launchpad itself: "PublishFTPMaster runs hooks with a bad GNUPGHOME"
  https://bugs.launchpad.net/launchpad/+bug/752179

For more details, see:
https://code.launchpad.net/~jtv/launchpad/db-bug-752179/+merge/56896

= Summary =

The new, distro-agnostic python replacement for the cron.publish-ftpmaster script "outsources" distribution-specific or system-specific jobs to plugin scripts run through run-parts.

William found a problem however.  Of the production scripts bundled with the LP source tree, the script tasked with signing Ubuntu releases didn't have its GNUPGROOT set up.  Instead, it improperly inherited a temporary setup created by the LaunchpadScript.


== Proposed fix ==

Set the GNUPGHOME to the value the cron.publish-ftpmaster script used in production.


== Pre-implementation notes ==

On dogfood, William had to clear the variable.  If we ever want to use the production scripts that are currently still in the Launchpad tree, we could set them up locally; edit them locally; or even just create the same GNUPGHOME directory as on production.

The default however is not to use these scripts on dogfood.  This can be changed in the LAZR config.


== Implementation details ==

Doing this in the plugin script, not the LaunchpadScript, since it's system-specific and distro-specific, and since other scripts might conceivably want to access the inherited configuration.


== Tests ==

It's hard to test this, partly because it all happens in a shell script and partly because it lies somewhere between code and configuration.


== Demo and Q/A ==

William has already tried this on dogfood, though with a different value.


= Launchpad lint =

Checking for conflicts and issues in changed files.

Linting changed files:
  cronscripts/publishing/distro-parts/ubuntu/publish-distro.d/10-sign-releases
-- 
https://code.launchpad.net/~jtv/launchpad/db-bug-752179/+merge/56896
Your team Launchpad code reviewers is requested to review the proposed merge of lp:~jtv/launchpad/db-bug-752179 into lp:launchpad/db-devel.

=== modified file 'cronscripts/publishing/distro-parts/ubuntu/publish-distro.d/10-sign-releases'
--- cronscripts/publishing/distro-parts/ubuntu/publish-distro.d/10-sign-releases	2011-03-29 14:09:31 +0000
+++ cronscripts/publishing/distro-parts/ubuntu/publish-distro.d/10-sign-releases	2011-04-08 08:35:50 +0000
@@ -1,5 +1,11 @@
 #!/bin/sh -e
 
+# The calling script may set GNUPGHOME to a value set up by Launchpad's
+# script machinery.  In production, we have a dedicated directory set up
+# for this.
+GNUPGHOME=/srv/launchpad.net/ubuntu-archive/gnupg-home
+
+
 RELEASE_FILES=`find "$DISTSROOT".new -maxdepth 2 -name Release`
 DIST_UPGRADER_TARBALLS=`
 	find "$DISTSROOT".new"/*/*/dist-upgrader* -name "*.tar.gz" || true`