launchpad-reviewers team mailing list archive

["Jeroen T. Vermeulen" <jtv@xxxxxxxxxxxxx>]

Jeroen T. Vermeulen has proposed merging lp:~jtv/maas/p-sru-pkg-bug-1089802 into lp:~maas-maintainers/maas/packaging.precise.sru.

Commit message:
Backport packaging r159: Make maas_cluster.conf non-world-readable, now that it contains the cluster UUID.

Requested reviews:
  MAAS Maintainers (maas-maintainers)
Related bugs:
  Bug #1089802 in MAAS: "maas_cluster.conf is world-readable, but now holds cluster uuid"
  https://bugs.launchpad.net/maas/+bug/1089802

For more details, see:
https://code.launchpad.net/~jtv/maas/p-sru-pkg-bug-1089802/+merge/139666
-- 
https://code.launchpad.net/~jtv/maas/p-sru-pkg-bug-1089802/+merge/139666
Your team MAAS Maintainers is requested to review the proposed merge of lp:~jtv/maas/p-sru-pkg-bug-1089802 into lp:~maas-maintainers/maas/packaging.precise.sru.

=== modified file 'debian/maas-cluster-controller.postinst'
--- debian/maas-cluster-controller.postinst	2012-12-13 02:27:55 +0000
+++ debian/maas-cluster-controller.postinst	2012-12-13 11:10:24 +0000
@@ -69,12 +69,6 @@
 if [ "$1" = "configure" ] && [ -z "$2" ]; then
     # logging
     create_log_dir
-
-    # The local celery config may contain a private cluster UUID.  Only
-    # maas can read it; only root can write it.
-    chown root:maas /etc/maas/maas_local_celeryconfig_cluster.py
-    chmod 0640 /etc/maas/maas_local_celeryconfig_cluster.py
-
     configure_maas_tgt
 fi
 
@@ -97,6 +91,15 @@
 fi
 
 if [ "$1" = "configure" ]; then
+    # These config files may contain a private cluster UUID.  Only maas
+    # can read them; only root can write them
+    chown root:maas \
+        /etc/maas/maas_local_celeryconfig_cluster.py \
+        /etc/maas/maas_cluster.conf
+    chmod 0640 \
+        /etc/maas/maas_local_celeryconfig_cluster.py \
+        /etc/maas/maas_cluster.conf
+
     configure_cluster_uuid
 fi