launchpad-reviewers team mailing list archive
-
launchpad-reviewers team
-
Mailing list archive
-
Message #24603
[Merge] ~cjwatson/launchpad:signing-key-permissions into launchpad:master
Colin Watson has proposed merging ~cjwatson/launchpad:signing-key-permissions into launchpad:master.
Commit message:
Grant queued SELECT/INSERT on (Archive)SigningKey
Requested reviews:
Launchpad code reviewers (launchpad-reviewers)
For more details, see:
https://code.launchpad.net/~cjwatson/launchpad/+git/launchpad/+merge/382592
Otherwise process-accepted can't use the signing service.
--
Your team Launchpad code reviewers is requested to review the proposed merge of ~cjwatson/launchpad:signing-key-permissions into launchpad:master.
diff --git a/database/schema/security.cfg b/database/schema/security.cfg
index d36a542..a0cf410 100644
--- a/database/schema/security.cfg
+++ b/database/schema/security.cfg
@@ -1508,6 +1508,7 @@ public.archive = SELECT, UPDATE
public.archivearch = SELECT, UPDATE
public.archivejob = SELECT, INSERT, UPDATE
public.archivepermission = SELECT
+public.archivesigningkey = SELECT, INSERT
public.binarypackagebuild = SELECT, INSERT, UPDATE
public.binarypackagefile = SELECT, UPDATE
public.binarypackagename = SELECT
@@ -1596,6 +1597,7 @@ public.questionsubscription = SELECT
public.section = SELECT
public.sectionselection = SELECT
public.sharingjob = SELECT, INSERT, UPDATE
+public.signingkey = SELECT, INSERT
public.snapbuild = SELECT
public.snapfile = SELECT, UPDATE
public.sourcepackagename = SELECT
diff --git a/lib/lp/archivepublisher/tests/test_signing.py b/lib/lp/archivepublisher/tests/test_signing.py
index 8295aef..87cf391 100644
--- a/lib/lp/archivepublisher/tests/test_signing.py
+++ b/lib/lp/archivepublisher/tests/test_signing.py
@@ -55,6 +55,7 @@ from lp.services.signing.tests.helpers import SigningServiceClientFixture
from lp.services.tarfile_helpers import LaunchpadWriteTarFile
from lp.soyuz.enums import ArchivePurpose
from lp.testing import TestCaseWithFactory
+from lp.testing.dbuser import dbuser
from lp.testing.fakemethod import FakeMethod
from lp.testing.gpgkeys import gpgkeysdir
from lp.testing.keyserver import InProcessKeyServerFixture
@@ -1562,7 +1563,8 @@ class TestSigningUploadWithSigningService(TestSigningHelpers):
self.buffer.close()
upload = SigningUpload()
- upload.process(self.archive, self.path, self.suite)
+ with dbuser("process_accepted"):
+ upload.process(self.archive, self.path, self.suite)
return upload
def test_set_target_directory_with_distroseries(self):
@@ -1771,7 +1773,8 @@ class TestSigningUploadWithSigningService(TestSigningHelpers):
self.buffer.close()
upload = SigningUpload()
- upload.process(self.archive, self.path, self.suite)
+ with dbuser("process_accepted"):
+ upload.process(self.archive, self.path, self.suite)
signed_path = self.getSignedPath("test", "amd64")
self.assertThat(signed_path, SignedMatches(
@@ -1854,7 +1857,8 @@ class TestSigningUploadWithSigningService(TestSigningHelpers):
self.buffer.close()
upload = SigningUpload()
- upload.process(self.archive, self.path, self.suite)
+ with dbuser("process_accepted"):
+ upload.process(self.archive, self.path, self.suite)
self.assertTrue(upload.autokey)
@@ -1981,7 +1985,8 @@ class TestSigningUploadWithSigningService(TestSigningHelpers):
# blocked.
upload.keyFilesExist = lambda _: True
- upload.process(self.archive, self.path, self.suite)
+ with dbuser("process_accepted"):
+ upload.process(self.archive, self.path, self.suite)
# Make sure it only used the existing keys and fallbacks. No new key
# should be generated.
