Browse Source

Merge "Relocate python-keyring to stx-integ/security/python-keyring"

changes/73/600173/1
Zuul 9 months ago
parent
commit
8837cfe7e7

+ 0
- 1
centos_pkg_dirs View File

@@ -1,3 +1,2 @@
1
-python-keyring
2 1
 seabios
3 2
 grub2

+ 0
- 16
python-keyring/PKG-INFO View File

@@ -1,16 +0,0 @@
1
-Metadata-Version: 1.1
2
-Name: python-keyring
3
-Version: 5.7
4
-Summary: Python 2 library to store and access passwords safely
5
-Home-page: https://github.com/jaraco/keyring
6
-Author:
7
-Author-email:
8
-License: MIT and Python
9
-
10
-Description:
11
-The Python keyring lib provides a easy way to access the system keyring
12
-service from python. It can be used in any application that needs safe
13
-password storage.
14
-
15
-        
16
-Platform: UNKNOWN

+ 0
- 2
python-keyring/centos/build_srpm.data View File

@@ -1,2 +0,0 @@
1
-COPY_LIST="python-keyring/*"
2
-TIS_PATCH_VER=2

+ 0
- 77
python-keyring/centos/meta_patches/0001-move-package-from-tarball-to-srpm.patch View File

@@ -1,78 +0,0 @@
1
-From d7f5646de9ec990ed81489cc12d7942654bc017d Mon Sep 17 00:00:00 2001
2
-From: Kam Nasim <kam.nasim@windriver.com>
3
-Date: Fri, 23 Dec 2016 14:30:17 -0500
4
-Subject: [PATCH] first meta patch to move python-keyring package from download
5
- tarball to srpm. Also updated to add tis patch versioning
6
-
7
----
8
- SPECS/python-keyring.spec | 30 +++++++++++++++++++++++++++---
9
- 1 file changed, 27 insertions(+), 3 deletions(-)
10
-
11
-diff --git a/SPECS/python-keyring.spec b/SPECS/python-keyring.spec
12
-index 14e4e93..60d05ee 100644
13
---- a/SPECS/python-keyring.spec
14
-+++ b/SPECS/python-keyring.spec
15
-@@ -2,7 +2,7 @@
16
- 
17
- Name:           python-keyring
18
- Version:        5.7.1
19
--Release:        1%{?dist}
20
-+Release:        1%{?_tis_dist}.%{tis_patch_ver}
21
- Summary:        Python 2 library to store and access passwords safely
22
- License:        MIT and Python
23
- URL:            http://bitbucket.org/kang/python-keyring-lib/
24
-@@ -10,10 +10,21 @@ Source0:        https://pypi.io/packages/source/k/keyring/keyring-%{version}.tar
25
- BuildArch:      noarch
26
- BuildRequires:  python2-devel
27
- BuildRequires:  python-setuptools
28
--BuildRequires:  python-setuptools_scm
29
- Obsoletes:      %{name}-kwallet < %{version}-%{release}
30
- Obsoletes:      %{name}-gnome < %{version}-%{release}
31
- 
32
-+Patch0: no_keyring_password.patch
33
-+Patch1: lock_keyring_file.patch
34
-+Patch2: lock_keyring_file2.patch
35
-+Patch3: use_new_lock.patch
36
-+Patch4: fix_keyring_lockfile_location.patch
37
-+Patch5: use_temporary_file.patch
38
-+Patch6: chown_keyringlock_file.patch
39
-+Patch7: chmod_keyringlock2.patch
40
-+Patch8: keyring_path_change.patch
41
-+Patch9: remove-reader-lock.patch
42
-+Patch10: remove_others_perms_on_keyringcfg_file.patch
43
-+
44
- %description
45
- The Python keyring lib provides a easy way to access the system keyring
46
- service from python. It can be used in any application that needs safe
47
-@@ -39,7 +50,6 @@ Python keyring lib also provides following build-in keyrings.
48
- Summary:        Python 3 library to access the system keyring service
49
- BuildRequires:  python3-devel
50
- BuildRequires:  python3-setuptools
51
--BuildRequires:  python3-setuptools_scm
52
- 
53
- %description -n python3-keyring
54
- The Python keyring lib provides a easy way to access the system keyring
55
-@@ -64,6 +74,20 @@ Python keyring lib also provides following build-in keyrings.
56
- 
57
- %prep
58
- %setup -qn keyring-%{version}
59
-+
60
-+# WRS
61
-+%patch0 -p1
62
-+%patch1 -p1
63
-+%patch2 -p1
64
-+%patch3 -p1
65
-+%patch4 -p1
66
-+%patch5 -p1
67
-+%patch6 -p1
68
-+%patch7 -p1
69
-+%patch8 -p1
70
-+%patch9 -p1
71
-+%patch10 -p1
72
-+
73
- rm -frv keyring.egg-info
74
- # Drop redundant shebangs.
75
- sed -i '1{\@^#!/usr/bin/env python@d}' keyring/cli.py
76
-1.8.3.1
77
-

+ 0
- 20
python-keyring/centos/meta_patches/0002-meta-buildrequires-python-setuptools_scm.patch View File

@@ -1,20 +0,0 @@
1
-diff --git a/SPECS/python-keyring.spec b/SPECS/python-keyring.spec
2
-index 60d05ee..a41f849 100644
3
---- a/SPECS/python-keyring.spec
4
-+++ b/SPECS/python-keyring.spec
5
-@@ -10,6 +10,7 @@ Source0:        https://pypi.io/packages/source/k/keyring/keyring-%{version}.tar
6
- BuildArch:      noarch
7
- BuildRequires:  python2-devel
8
- BuildRequires:  python-setuptools
9
-+BuildRequires:  python2-setuptools_scm
10
- Obsoletes:      %{name}-kwallet < %{version}-%{release}
11
- Obsoletes:      %{name}-gnome < %{version}-%{release}
12
- 
13
-@@ -50,6 +51,7 @@ Python keyring lib also provides following build-in keyrings.
14
- Summary:        Python 3 library to access the system keyring service
15
- BuildRequires:  python3-devel
16
- BuildRequires:  python3-setuptools
17
-+BuildRequires:  python3-setuptools_scm
18
- 
19
- %description -n python3-keyring
20
- The Python keyring lib provides a easy way to access the system keyring

+ 0
- 2
python-keyring/centos/meta_patches/PATCH_ORDER View File

@@ -1,2 +0,0 @@
1
-0001-move-package-from-tarball-to-srpm.patch
2
-0002-meta-buildrequires-python-setuptools_scm.patch

+ 0
- 1
python-keyring/centos/srpm_path View File

@@ -1 +0,0 @@
1
-mirror:Source/python-keyring-5.7.1-1.el7.src.rpm

+ 0
- 37
python-keyring/python-keyring/chmod_keyringlock2.patch View File

@@ -1,37 +0,0 @@
1
-Index: keyring-5.3/keyring/backends/file.py
2
-===================================================================
3
---- keyring-5.3.orig/keyring/backends/file.py
4
-+++ keyring-5.3/keyring/backends/file.py
5
-@@ -68,6 +68,9 @@ class BaseKeyring(FileBacked, KeyringBac
6
-         service = escape_for_ini(service)
7
-         username = escape_for_ini(username)
8
- 
9
-+        # ensure the file exists
10
-+        self._ensure_file_path()
11
-+
12
-         # load the passwords from the file
13
-         config = configparser.RawConfigParser()
14
-         if os.path.exists(self.file_path):
15
-@@ -146,12 +149,16 @@ class BaseKeyring(FileBacked, KeyringBac
16
-             user_read_write = 0o644
17
-             os.chmod(self.file_path, user_read_write)
18
-         if not os.path.isfile(lockdir + "/" + lockfile):
19
--             import stat
20
--             with open(lockdir + "/" + lockfile, 'w'):
21
--                 pass
22
--             # must have the lock file with the correct group permissisions g+rw
23
--             os.chmod(lockdir + "/" + lockfile, stat.S_IRWXG | stat.S_IRWXU)
24
--             os.chown(lockdir + "/" + lockfile,-1,345)
25
-+            with open(lockdir + "/" + lockfile, 'w'):
26
-+                pass
27
-+        if os.path.isfile(lockdir + "/" + lockfile):
28
-+            import stat
29
-+            import grp
30
-+            if oct(stat.S_IMODE(os.stat(lockdir + "/" + lockfile).st_mode)) != '0770':
31
-+                # Must have the lock file with the correct group and permissisions g+rw
32
-+                os.chmod(lockdir + "/" + lockfile, stat.S_IRWXG | stat.S_IRWXU)
33
-+                groupinfo = grp.getgrnam('wrs_protected')
34
-+                os.chown(lockdir + "/" + lockfile,-1,groupinfo.gr_gid)
35
- 
36
- 
37
-     def delete_password(self, service, username):

+ 0
- 12
python-keyring/python-keyring/chown_keyringlock_file.patch View File

@@ -1,12 +0,0 @@
1
-Index: keyring-5.3/keyring/backends/file.py
2
-===================================================================
3
---- keyring-5.3.orig/keyring/backends/file.py
4
-+++ keyring-5.3/keyring/backends/file.py
5
-@@ -151,6 +151,7 @@ class BaseKeyring(FileBacked, KeyringBac
6
-                  pass
7
-              # must have the lock file with the correct group permissisions g+rw
8
-              os.chmod(lockdir + "/" + lockfile, stat.S_IRWXG | stat.S_IRWXU)
9
-+             os.chown(lockdir + "/" + lockfile,-1,345)
10
- 
11
- 
12
-     def delete_password(self, service, username):

+ 0
- 113
python-keyring/python-keyring/fix_keyring_lockfile_location.patch View File

@@ -1,113 +0,0 @@
1
-Index: keyring-5.3/keyring/backends/file.py
2
-===================================================================
3
---- keyring-5.3.orig/keyring/backends/file.py
4
-+++ keyring-5.3/keyring/backends/file.py
5
-@@ -19,6 +19,8 @@ from ..util.escape import escape as esca
6
- from oslo_concurrency import lockutils
7
- 
8
- 
9
-+lockfile = "keyringlock"
10
-+
11
- class FileBacked(object):
12
-     @abc.abstractproperty
13
-     def filename(self):
14
-@@ -104,16 +106,18 @@ class BaseKeyring(FileBacked, KeyringBac
15
-         service = escape_for_ini(service)
16
-         username = escape_for_ini(username)
17
- 
18
-+        # ensure the file exists
19
-+        self._ensure_file_path()
20
-+
21
-         # encrypt the password
22
-         password_encrypted = self.encrypt(password.encode('utf-8'))
23
-         # encode with base64
24
-         password_base64 = base64.encodestring(password_encrypted).decode()
25
- 
26
-+        lockdir = os.path.dirname(self.file_path)
27
- 
28
--        with lockutils.lock("keyringlock",external=True,lock_path="/tmp"):
29
-+        with lockutils.lock(lockfile,external=True,lock_path=lockdir):
30
- 
31
--            # ensure the file exists
32
--            self._ensure_file_path()
33
- 
34
-             config = None
35
-             try:
36
-@@ -159,14 +163,13 @@ class BaseKeyring(FileBacked, KeyringBac
37
- 
38
- 
39
- 
40
--
41
--
42
-     def _ensure_file_path(self):
43
-         """
44
-         Ensure the storage path exists.
45
-         If it doesn't, create it with "go-rwx" permissions.
46
-         """
47
-         storage_root = os.path.dirname(self.file_path)
48
-+        lockdir = storage_root
49
-         if storage_root and not os.path.isdir(storage_root):
50
-             os.makedirs(storage_root)
51
-         if not os.path.isfile(self.file_path):
52
-@@ -175,13 +178,22 @@ class BaseKeyring(FileBacked, KeyringBac
53
-                 pass
54
-             user_read_write = 0o644
55
-             os.chmod(self.file_path, user_read_write)
56
-+        if not os.path.isfile(lockdir + "/" + lockfile):
57
-+             import stat
58
-+             with open(lockdir + "/" + lockfile, 'w'):
59
-+                 pass
60
-+             # must have the lock file with the correct group permissisions g+rw
61
-+             os.chmod(lockdir + "/" + lockfile, stat.S_IRWXG | stat.S_IRWXU)
62
-+
63
- 
64
-     def delete_password(self, service, username):
65
-         """Delete the password for the username of the service.
66
-         """
67
-         service = escape_for_ini(service)
68
-         username = escape_for_ini(username)
69
--        with lockutils.lock("keyringlock",external=True,lock_path="/tmp"):
70
-+
71
-+        lockdir = os.path.dirname(self.file_path)
72
-+        with lockutils.lock(lockfile,external=True,lock_path=lockdir):
73
-             config = configparser.RawConfigParser()
74
-             if os.path.exists(self.file_path):
75
-                 config.read(self.file_path)
76
-@@ -290,17 +302,6 @@ class EncryptedKeyring(Encrypted, BaseKe
77
-         # set a reference password, used to check that the password provided
78
-         #  matches for subsequent checks.
79
- 
80
--        # try to pre-create the /tmp/keyringlock if it doesn't exist
81
--        lockfile = "/tmp/keyringlock"
82
--        if os.geteuid() == 0 and (not os.path.exists(lockfile)):
83
--             from pwd import getpwnam
84
--             import stat
85
--             nonrootuser = "wrsroot"
86
--             with open(lockfile, 'w'):
87
--                 pass
88
--             # must have the lock file with the correct group permissisions g+rw
89
--             os.chmod(lockfile, stat.S_IRWXG | stat.S_IRWXU)
90
--
91
- 
92
-         self.set_password('keyring-setting', 'password reference',
93
-             'password reference value')
94
-@@ -313,9 +314,10 @@ class EncryptedKeyring(Encrypted, BaseKe
95
-             return False
96
-         self._migrate()
97
- 
98
-+        lockdir = os.path.dirname(self.file_path)
99
-         # lock access to the file_path here, make sure it's not being written
100
-         # to while while we're checking for keyring-setting
101
--        with lockutils.lock("keyringlock",external=True,lock_path="/tmp"):
102
-+        with lockutils.lock(lockfile,external=True,lock_path=lockdir):
103
-             config = configparser.RawConfigParser()
104
-             config.read(self.file_path)
105
-             try:
106
-@@ -325,7 +327,6 @@ class EncryptedKeyring(Encrypted, BaseKe
107
-                 )
108
-             except (configparser.NoSectionError, configparser.NoOptionError):
109
-                 # The current file doesn't have the keyring-setting, check the backup
110
--                logging.warning("_check_file: The current file doesn't have the keyring-setting, check the backup")
111
-                 if os.path.exists(self.backup_file_path):
112
-                     config = configparser.RawConfigParser()
113
-                     config.read(self.backup_file_path)

+ 0
- 24
python-keyring/python-keyring/keyring_path_change.patch View File

@@ -1,24 +0,0 @@
1
----
2
- keyring/util/platform_.py |    4 +++-
3
- 1 file changed, 3 insertions(+), 1 deletion(-)
4
-
5
---- a/keyring/util/platform_.py
6
-+++ b/keyring/util/platform_.py
7
-@@ -2,6 +2,7 @@ from __future__ import absolute_import
8
- 
9
- import os
10
- import platform
11
-+from tsconfig.tsconfig import SW_VERSION
12
- 
13
- def _settings_root_XP():
14
- 	return os.path.join(os.environ['USERPROFILE'], 'Local Settings')
15
-@@ -19,7 +20,8 @@ def _data_root_Linux():
16
- 	Use freedesktop.org Base Dir Specfication to determine storage
17
- 	location.
18
- 	"""
19
--	fallback = os.path.expanduser('/opt/platform/.keyring/')
20
-+	keyring_dir = os.path.join('/opt/platform/.keyring', SW_VERSION)
21
-+	fallback = os.path.expanduser(keyring_dir)
22
- 	root = os.environ.get('XDG_DATA_HOME', None) or fallback
23
- 	return os.path.join(root, 'python_keyring')
24
- 

+ 0
- 45
python-keyring/python-keyring/lock_keyring_file.patch View File

@@ -1,45 +0,0 @@
1
-Index: keyring-5.3/keyring/backends/file.py
2
-===================================================================
3
---- keyring-5.3.orig/keyring/backends/file.py
4
-+++ keyring-5.3/keyring/backends/file.py
5
-@@ -6,6 +6,7 @@ import base64
6
- import sys
7
- import json
8
- import abc
9
-+import time
10
- 
11
- from ..py27compat import configparser
12
- 
13
-@@ -95,14 +96,29 @@ class BaseKeyring(FileBacked, KeyringBac
14
-         config = configparser.RawConfigParser()
15
-         config.read(self.file_path)
16
- 
17
-+        # obtain lock for the keyring file
18
-+        lock = ''
19
-+        i = 60
20
-+        while i:
21
-+            if not os.path.isfile('/tmp/.keyringlock'):
22
-+                lock = open('/tmp/.keyringlock', 'w')
23
-+                break
24
-+            else:
25
-+                time.sleep(0.500)
26
-+                i=i-1
27
-+
28
-         # update the keyring with the password
29
-         if not config.has_section(service):
30
-             config.add_section(service)
31
-         config.set(service, username, password_base64)
32
- 
33
--        # save the keyring back to the file
34
--        with open(self.file_path, 'w') as config_file:
35
--            config.write(config_file)
36
-+        if i:
37
-+            # save the keyring back to the file
38
-+            with open(self.file_path, 'w') as config_file:
39
-+                config.write(config_file)
40
-+            lock.close()
41
-+            os.remove('/tmp/.keyringlock')
42
-+
43
- 
44
-     def _ensure_file_path(self):
45
-         """

+ 0
- 42
python-keyring/python-keyring/lock_keyring_file2.patch View File

@@ -1,42 +0,0 @@
1
-Index: keyring-5.3/keyring/backends/file.py
2
-===================================================================
3
---- keyring-5.3.orig/keyring/backends/file.py
4
-+++ keyring-5.3/keyring/backends/file.py
5
-@@ -92,10 +92,6 @@ class BaseKeyring(FileBacked, KeyringBac
6
-         # ensure the file exists
7
-         self._ensure_file_path()
8
- 
9
--        # load the keyring from the disk
10
--        config = configparser.RawConfigParser()
11
--        config.read(self.file_path)
12
--
13
-         # obtain lock for the keyring file
14
-         lock = ''
15
-         i = 60
16
-@@ -107,15 +103,21 @@ class BaseKeyring(FileBacked, KeyringBac
17
-                 time.sleep(0.500)
18
-                 i=i-1
19
- 
20
--        # update the keyring with the password
21
--        if not config.has_section(service):
22
--            config.add_section(service)
23
--        config.set(service, username, password_base64)
24
- 
25
-         if i:
26
--            # save the keyring back to the file
27
-+            # Load the keyring from the disk
28
-+            config = configparser.RawConfigParser()
29
-+            config.read(self.file_path)
30
-+
31
-+            # Update the keyring with the password
32
-+            if not config.has_section(service):
33
-+                config.add_section(service)
34
-+            config.set(service, username, password_base64)
35
-+
36
-+            # Save the keyring back to the file
37
-             with open(self.file_path, 'w') as config_file:
38
-                 config.write(config_file)
39
-+
40
-             lock.close()
41
-             os.remove('/tmp/.keyringlock')
42
- 

+ 0
- 70
python-keyring/python-keyring/no_keyring_password.patch View File

@@ -1,70 +0,0 @@
1
-Index: keyring-3.2/keyring/backends/file.py
2
-===================================================================
3
---- keyring-3.2.orig/keyring/backends/file.py
4
-+++ keyring-3.2/keyring/backends/file.py
5
-@@ -114,7 +114,7 @@ class BaseKeyring(KeyringBackend):
6
-             # create the file without group/world permissions
7
-             with open(self.file_path, 'w'):
8
-                 pass
9
--            user_read_write = 0o600
10
-+            user_read_write = 0o644
11
-             os.chmod(self.file_path, user_read_write)
12
- 
13
-     def delete_password(self, service, username):
14
-@@ -188,12 +188,19 @@ class EncryptedKeyring(BaseKeyring):
15
- 
16
-     def _get_new_password(self):
17
-         while True:
18
--            password = getpass.getpass(
19
--                "Please set a password for your new keyring: ")
20
--            confirm = getpass.getpass('Please confirm the password: ')
21
--            if password != confirm:
22
--                sys.stderr.write("Error: Your passwords didn't match\n")
23
--                continue
24
-+#****************************************************************
25
-+# Forging the Keyring password to allow automation and still keep
26
-+# the password encoded. TODO to be revisited when Barbican keyring
27
-+# Will be used with the complete PKI solution
28
-+#****************************************************************
29
-+#            password = getpass.getpass(
30
-+#                "Please set a password for your new keyring: ")
31
-+#            confirm = getpass.getpass('Please confirm the password: ')
32
-+#            if password != confirm:
33
-+#                sys.stderr.write("Error: Your passwords didn't match\n")
34
-+#                continue
35
-+            password =  "Please set a password for your new keyring: "
36
-+
37
-             if '' == password.strip():
38
-                 # forbid the blank password
39
-                 sys.stderr.write("Error: blank passwords aren't allowed.\n")
40
-@@ -233,8 +240,15 @@ class EncryptedKeyring(BaseKeyring):
41
-         Unlock this keyring by getting the password for the keyring from the
42
-         user.
43
-         """
44
--        self.keyring_key = getpass.getpass(
45
--            'Please enter password for encrypted keyring: ')
46
-+#****************************************************************
47
-+# Forging the Keyring password to allow automation and still keep
48
-+# the password encoded. TODO to be revisited when Barbican keyring
49
-+# Will be used with the complete PKI solution
50
-+#****************************************************************
51
-+#        self.keyring_key = getpass.getpass(
52
-+#            'Please enter password for encrypted keyring: ')
53
-+        self.keyring_key = "Please set a password for your new keyring: "
54
-+
55
-         try:
56
-             ref_pw = self.get_password('keyring-setting', 'password reference')
57
-             assert ref_pw == 'password reference value'
58
-Index: keyring-3.2/keyring/util/platform_.py
59
-===================================================================
60
---- keyring-3.2.orig/keyring/util/platform_.py
61
-+++ keyring-3.2/keyring/util/platform_.py
62
-@@ -16,7 +16,7 @@ def _data_root_Linux():
63
- 	Use freedesktop.org Base Dir Specfication to determine storage
64
- 	location.
65
- 	"""
66
--	fallback = os.path.expanduser('~/.local/share')
67
-+	fallback = os.path.expanduser('/opt/platform/.keyring/')
68
- 	root = os.environ.get('XDG_DATA_HOME', None) or fallback
69
- 	return os.path.join(root, 'python_keyring')
70
- 

+ 0
- 136
python-keyring/python-keyring/remove-reader-lock.patch View File

@@ -1,136 +0,0 @@
1
----
2
- keyring/backends/file.py |   85 ++++++++++++++++++++++-------------------------
3
- 1 file changed, 41 insertions(+), 44 deletions(-)
4
-
5
---- a/keyring/backends/file.py
6
-+++ b/keyring/backends/file.py
7
-@@ -18,6 +18,7 @@ from ..backend import KeyringBackend
8
- from ..util import platform_, properties
9
- from ..util.escape import escape as escape_for_ini
10
- from oslo_concurrency import lockutils
11
-+from tempfile import mkstemp
12
- 
13
- 
14
- lockfile = "keyringlock"
15
-@@ -102,11 +103,9 @@ class BaseKeyring(FileBacked, KeyringBac
16
-         # encode with base64
17
-         password_base64 = base64.encodestring(password_encrypted).decode()
18
- 
19
--        lockdir = os.path.dirname(self.file_path)
20
--
21
--        with lockutils.lock(lockfile,external=True,lock_path=lockdir):
22
--
23
-+        keyringdir = os.path.dirname(self.file_path)
24
- 
25
-+        with lockutils.lock(lockfile, external=True, lock_path=keyringdir):
26
-             config = None
27
-             try:
28
-                 # Load the keyring from the disk
29
-@@ -121,16 +120,20 @@ class BaseKeyring(FileBacked, KeyringBac
30
-                 config.add_section(service)
31
-             config.set(service, username, password_base64)
32
- 
33
--            # Save the keyring back to the file
34
--            storage_root = os.path.dirname(self.file_path)
35
--            tmpfile = "tmpfile.%s" % os.getpid()
36
--            with open(storage_root + "/" + tmpfile, 'w') as config_file:
37
--                config.write(config_file)
38
--            # copy will overwrite but move will not
39
--            shutil.copy(storage_root + "/" + tmpfile,self.file_path)
40
--            # wipe out tmpfile here
41
--            os.remove(storage_root + "/" + tmpfile)
42
-+            # remove any residual temporary files here
43
-+            try:
44
-+                for tmpfile in glob.glob("%s/tmp*" % keyringdir):
45
-+                    os.remove(tmpfile)
46
-+            except:
47
-+                logging.warning("_check_file: tmpfile removal failed")
48
- 
49
-+            # Write the keyring to a temp file, then move the new file
50
-+            # to avoid overwriting the existing inode
51
-+            (fd, fname) = mkstemp(dir=keyringdir)
52
-+            with os.fdopen(fd, "w") as config_file:
53
-+                config.write(config_file)
54
-+            os.chmod(fname, os.stat(self.file_path).st_mode)
55
-+            shutil.move(fname, self.file_path)
56
- 
57
- 
58
-     def _ensure_file_path(self):
59
-@@ -167,8 +170,8 @@ class BaseKeyring(FileBacked, KeyringBac
60
-         service = escape_for_ini(service)
61
-         username = escape_for_ini(username)
62
- 
63
--        lockdir = os.path.dirname(self.file_path)
64
--        with lockutils.lock(lockfile,external=True,lock_path=lockdir):
65
-+        keyringdir = os.path.dirname(self.file_path)
66
-+        with lockutils.lock(lockfile, external=True, lock_path=keyringdir):
67
-             config = configparser.RawConfigParser()
68
-             if os.path.exists(self.file_path):
69
-                 config.read(self.file_path)
70
-@@ -177,15 +180,21 @@ class BaseKeyring(FileBacked, KeyringBac
71
-                     raise PasswordDeleteError("Password not found")
72
-             except configparser.NoSectionError:
73
-                 raise PasswordDeleteError("Password not found")
74
--            # update the file
75
--            storage_root = os.path.dirname(self.file_path)
76
--            tmpfile = "tmpfile.%s" % os.getpid()
77
--            with open(storage_root + "/" + tmpfile, 'w') as config_file:
78
-+
79
-+            # remove any residual temporary files here
80
-+            try:
81
-+                for tmpfile in glob.glob("%s/tmp*" % keyringdir):
82
-+                    os.remove(tmpfile)
83
-+            except:
84
-+                logging.warning("_check_file: tmpfile removal failed")
85
-+
86
-+            # Write the keyring to a temp file, then move the new file
87
-+            # to avoid overwriting the existing inode
88
-+            (fd, fname) = mkstemp(dir=keyringdir)
89
-+            with os.fdopen(fd, "w") as config_file:
90
-                 config.write(config_file)
91
--            # copy will overwrite but move will not
92
--            shutil.copy(storage_root + "/" + tmpfile,self.file_path)
93
--            # wipe out tmpfile
94
--            os.remove(storage_root + "/" + tmpfile)
95
-+            os.chmod(fname, os.stat(self.file_path).st_mode)
96
-+            shutil.move(fname, self.file_path)
97
- 
98
- 
99
- class PlaintextKeyring(BaseKeyring):
100
-@@ -294,27 +303,15 @@ class EncryptedKeyring(Encrypted, BaseKe
101
-             return False
102
-         self._migrate()
103
- 
104
--        lockdir = os.path.dirname(self.file_path)
105
--        # lock access to the file_path here, make sure it's not being written
106
--        # to while while we're checking for keyring-setting
107
--        with lockutils.lock(lockfile,external=True,lock_path=lockdir):
108
--            config = configparser.RawConfigParser()
109
--            config.read(self.file_path)
110
--            try:
111
--                config.get(
112
--                    escape_for_ini('keyring-setting'),
113
--                    escape_for_ini('password reference'),
114
--                )
115
--            except (configparser.NoSectionError, configparser.NoOptionError):
116
--                return False
117
--
118
--            # remove any residual temporary files here
119
--            try:
120
--                for tmpfile in glob.glob(os.path.dirname(self.file_path) + "/" + "tmpfile.*"):
121
--                    os.remove(tmpfile)
122
--            except:
123
--                logging.warning("_check_file: tmpfile removal failed")
124
--
125
-+        config = configparser.RawConfigParser()
126
-+        config.read(self.file_path)
127
-+        try:
128
-+            config.get(
129
-+                escape_for_ini('keyring-setting'),
130
-+                escape_for_ini('password reference'),
131
-+            )
132
-+        except (configparser.NoSectionError, configparser.NoOptionError):
133
-+            return False
134
- 
135
-         return True
136
- 

+ 0
- 15
python-keyring/python-keyring/remove_others_perms_on_keyringcfg_file.patch View File

@@ -1,15 +0,0 @@
1
----
2
- keyring/backends/file.py |    2 +-
3
- 1 file changed, 1 insertion(+), 1 deletion(-)
4
-
5
---- a/keyring/backends/file.py
6
-+++ b/keyring/backends/file.py
7
-@@ -149,7 +149,7 @@ class BaseKeyring(FileBacked, KeyringBac
8
-             # create the file without group/world permissions
9
-             with open(self.file_path, 'w'):
10
-                 pass
11
--            user_read_write = 0o644
12
-+            user_read_write = 0o640
13
-             os.chmod(self.file_path, user_read_write)
14
-         if not os.path.isfile(lockdir + "/" + lockfile):
15
-             with open(lockdir + "/" + lockfile, 'w'):

+ 0
- 243
python-keyring/python-keyring/use_new_lock.patch View File

@@ -1,243 +0,0 @@
1
-Index: keyring-5.3/keyring/backends/file.py
2
-===================================================================
3
---- keyring-5.3.orig/keyring/backends/file.py
4
-+++ keyring-5.3/keyring/backends/file.py
5
-@@ -7,6 +7,8 @@ import sys
6
- import json
7
- import abc
8
- import time
9
-+import logging
10
-+import shutil
11
-
12
- from ..py27compat import configparser
13
-
14
-@@ -14,6 +16,7 @@ from ..errors import PasswordDeleteError
15
- from ..backend import KeyringBackend
16
- from ..util import platform_, properties
17
- from ..util.escape import escape as escape_for_ini
18
-+from oslo_concurrency import lockutils
19
-
20
-
21
- class FileBacked(object):
22
-@@ -31,6 +34,13 @@ class FileBacked(object):
23
-         """
24
-         return os.path.join(platform_.data_root(), self.filename)
25
-
26
-+    @properties.NonDataProperty
27
-+    def backup_file_path(self):
28
-+        """
29
-+        The path to the file where passwords are stored. This property
30
-+        may be overridden by the subclass or at the instance level.
31
-+        """
32
-+        return os.path.join(platform_.data_root(), self.backup_filename)
33
-
34
- class BaseKeyring(FileBacked, KeyringBackend):
35
-     """
36
-@@ -78,6 +88,16 @@ class BaseKeyring(FileBacked, KeyringBac
37
-             password = None
38
-         return password
39
-
40
-+
41
-+    def filecopy(self,src,dest):
42
-+        """copy file src to dest with default buffer size
43
-+        """
44
-+        with open(src, 'r') as f1:
45
-+            with open(dest, 'w') as f2:
46
-+                shutil.copyfileobj(f1,f2)
47
-+                f2.flush()
48
-+
49
-+
50
-     def set_password(self, service, username, password):
51
-         """Write the password in the file.
52
-         """
53
-@@ -89,37 +109,56 @@ class BaseKeyring(FileBacked, KeyringBac
54
-         # encode with base64
55
-         password_base64 = base64.encodestring(password_encrypted).decode()
56
-
57
--        # ensure the file exists
58
--        self._ensure_file_path()
59
-
60
--        # obtain lock for the keyring file
61
--        lock = ''
62
--        i = 60
63
--        while i:
64
--            if not os.path.isfile('/tmp/.keyringlock'):
65
--                lock = open('/tmp/.keyringlock', 'w')
66
--                break
67
--            else:
68
--                time.sleep(0.500)
69
--                i=i-1
70
-+        with lockutils.lock("keyringlock",external=True,lock_path="/tmp"):
71
-
72
-+            # ensure the file exists
73
-+            self._ensure_file_path()
74
-+
75
-+            config = None
76
-+            try:
77
-+                # Load the keyring from the disk
78
-+                config = configparser.RawConfigParser()
79
-+                config.read(self.file_path)
80
-+            except configparser.ParsingError as e:
81
-+                logging.warning("set_password: keyring file corrupted, Reverting to Backup")
82
-+                # Revert to the backup file (copy backup over current file)
83
-+                try:
84
-+                    src = self.backup_file_path
85
-+                    dest = self.file_path
86
-+                    self.filecopy(src,dest)
87
-+                except shutil.Error as e:
88
-+                    logging.warning("set_password: Revert from Backup failed. Error: %s" % e)
89
-+                    raise
90
-+                # Load the keyring from the disk, if this fails exception is raised
91
-+                try:
92
-+                    config = configparser.RawConfigParser()
93
-+                    config.read(self.file_path)
94
-+                except:
95
-+                    e = sys.exc_info()[0]
96
-+                    logging.warning("set_password: Both keyring files are non useable. Error: %s" % e)
97
-+                    raise
98
-
99
--        if i:
100
--            # Load the keyring from the disk
101
--            config = configparser.RawConfigParser()
102
--            config.read(self.file_path)
103
-
104
-             # Update the keyring with the password
105
-             if not config.has_section(service):
106
-                 config.add_section(service)
107
-             config.set(service, username, password_base64)
108
-
109
-+            # Make a back up of the keyring file here
110
-+            try:
111
-+                src = self.file_path
112
-+                dest = self.backup_file_path
113
-+                self.filecopy(src,dest)
114
-+            except shutil.Error as e:
115
-+                logging.warning("set_password: Backup failed. Error: %s" % e)
116
-+
117
-             # Save the keyring back to the file
118
-             with open(self.file_path, 'w') as config_file:
119
-                 config.write(config_file)
120
-
121
--            lock.close()
122
--            os.remove('/tmp/.keyringlock')
123
-+
124
-+
125
-
126
-
127
-     def _ensure_file_path(self):
128
-@@ -142,17 +181,18 @@ class BaseKeyring(FileBacked, KeyringBac
129
-         """
130
-         service = escape_for_ini(service)
131
-         username = escape_for_ini(username)
132
--        config = configparser.RawConfigParser()
133
--        if os.path.exists(self.file_path):
134
--            config.read(self.file_path)
135
--        try:
136
--            if not config.remove_option(service, username):
137
-+        with lockutils.lock("keyringlock",external=True,lock_path="/tmp"):
138
-+            config = configparser.RawConfigParser()
139
-+            if os.path.exists(self.file_path):
140
-+                config.read(self.file_path)
141
-+            try:
142
-+                if not config.remove_option(service, username):
143
-+                    raise PasswordDeleteError("Password not found")
144
-+            except configparser.NoSectionError:
145
-                 raise PasswordDeleteError("Password not found")
146
--        except configparser.NoSectionError:
147
--            raise PasswordDeleteError("Password not found")
148
--        # update the file
149
--        with open(self.file_path, 'w') as config_file:
150
--            config.write(config_file)
151
-+            # update the file
152
-+            with open(self.file_path, 'w') as config_file:
153
-+                config.write(config_file)
154
-
155
- class PlaintextKeyring(BaseKeyring):
156
-     """Simple File Keyring with no encryption"""
157
-@@ -161,6 +201,7 @@ class PlaintextKeyring(BaseKeyring):
158
-     "Applicable for all platforms, but not recommended"
159
-
160
-     filename = 'keyring_pass.cfg'
161
-+    backup_filename = 'crypted_pass_backup.cfg'
162
-
163
-     def encrypt(self, password):
164
-         """Directly return the password itself.
165
-@@ -214,6 +255,7 @@ class EncryptedKeyring(Encrypted, BaseKe
166
-     """PyCrypto File Keyring"""
167
-
168
-     filename = 'crypted_pass.cfg'
169
-+    backup_filename = 'crypted_pass_backup.cfg'
170
-     pw_prefix = 'pw:'.encode()
171
-
172
-     @properties.ClassProperty
173
-@@ -247,6 +289,19 @@ class EncryptedKeyring(Encrypted, BaseKe
174
-         self.keyring_key = self._get_new_password()
175
-         # set a reference password, used to check that the password provided
176
-         #  matches for subsequent checks.
177
-+
178
-+        # try to pre-create the /tmp/keyringlock if it doesn't exist
179
-+        lockfile = "/tmp/keyringlock"
180
-+        if os.geteuid() == 0 and (not os.path.exists(lockfile)):
181
-+             from pwd import getpwnam
182
-+             import stat
183
-+             nonrootuser = "wrsroot"
184
-+             with open(lockfile, 'w'):
185
-+                 pass
186
-+             # must have the lock file with the correct group permissisions g+rw
187
-+             os.chmod(lockfile, stat.S_IRWXG | stat.S_IRWXU)
188
-+
189
-+
190
-         self.set_password('keyring-setting', 'password reference',
191
-             'password reference value')
192
-
193
-@@ -257,15 +312,41 @@ class EncryptedKeyring(Encrypted, BaseKe
194
-         if not os.path.exists(self.file_path):
195
-             return False
196
-         self._migrate()
197
--        config = configparser.RawConfigParser()
198
--        config.read(self.file_path)
199
--        try:
200
--            config.get(
201
--                escape_for_ini('keyring-setting'),
202
--                escape_for_ini('password reference'),
203
--            )
204
--        except (configparser.NoSectionError, configparser.NoOptionError):
205
--            return False
206
-+
207
-+        # lock access to the file_path here, make sure it's not being written
208
-+        # to while while we're checking for keyring-setting
209
-+        with lockutils.lock("keyringlock",external=True,lock_path="/tmp"):
210
-+            config = configparser.RawConfigParser()
211
-+            config.read(self.file_path)
212
-+            try:
213
-+                config.get(
214
-+                    escape_for_ini('keyring-setting'),
215
-+                    escape_for_ini('password reference'),
216
-+                )
217
-+            except (configparser.NoSectionError, configparser.NoOptionError):
218
-+                # The current file doesn't have the keyring-setting, check the backup
219
-+                logging.warning("_check_file: The current file doesn't have the keyring-setting, check the backup")
220
-+                if os.path.exists(self.backup_file_path):
221
-+                    config = configparser.RawConfigParser()
222
-+                    config.read(self.backup_file_path)
223
-+                    try:
224
-+                        config.get(
225
-+                            escape_for_ini('keyring-setting'),
226
-+                            escape_for_ini('password reference'),
227
-+                        )
228
-+                    except (configparser.NoSectionError, configparser.NoOptionError):
229
-+                        return False
230
-+                    # backup file has it, let's use it
231
-+                    try:
232
-+                        src = self.backup_file_path
233
-+                        dest = self.file_path
234
-+                        shutil.copy(src,dest)
235
-+                    except shutil.Error as e:
236
-+                        logging.warning("Revert from Backup failed. Error: %s" % e)
237
-+                        return False
238
-+                else:
239
-+                    return False
240
-+
241
-         return True
242
-
243
-     def _unlock(self):

+ 0
- 162
python-keyring/python-keyring/use_temporary_file.patch View File

@@ -1,162 +0,0 @@
1
-Index: keyring-5.3/keyring/backends/file.py
2
-===================================================================
3
---- keyring-5.3.orig/keyring/backends/file.py
4
-+++ keyring-5.3/keyring/backends/file.py
5
-@@ -9,6 +9,7 @@ import abc
6
- import time
7
- import logging
8
- import shutil
9
-+import glob
10
- 
11
- from ..py27compat import configparser
12
- 
13
-@@ -36,13 +37,6 @@ class FileBacked(object):
14
-         """
15
-         return os.path.join(platform_.data_root(), self.filename)
16
- 
17
--    @properties.NonDataProperty
18
--    def backup_file_path(self):
19
--        """
20
--        The path to the file where passwords are stored. This property
21
--        may be overridden by the subclass or at the instance level.
22
--        """
23
--        return os.path.join(platform_.data_root(), self.backup_filename)
24
- 
25
- class BaseKeyring(FileBacked, KeyringBackend):
26
-     """
27
-@@ -91,15 +85,6 @@ class BaseKeyring(FileBacked, KeyringBac
28
-         return password
29
- 
30
- 
31
--    def filecopy(self,src,dest):
32
--        """copy file src to dest with default buffer size
33
--        """
34
--        with open(src, 'r') as f1:
35
--            with open(dest, 'w') as f2:
36
--                shutil.copyfileobj(f1,f2)
37
--                f2.flush()
38
--
39
--
40
-     def set_password(self, service, username, password):
41
-         """Write the password in the file.
42
-         """
43
-@@ -125,23 +110,7 @@ class BaseKeyring(FileBacked, KeyringBac
44
-                 config = configparser.RawConfigParser()
45
-                 config.read(self.file_path)
46
-             except configparser.ParsingError as e:
47
--                logging.warning("set_password: keyring file corrupted, Reverting to Backup")
48
--                # Revert to the backup file (copy backup over current file)
49
--                try:
50
--                    src = self.backup_file_path
51
--                    dest = self.file_path
52
--                    self.filecopy(src,dest)
53
--                except shutil.Error as e:
54
--                    logging.warning("set_password: Revert from Backup failed. Error: %s" % e)
55
--                    raise
56
--                # Load the keyring from the disk, if this fails exception is raised
57
--                try:
58
--                    config = configparser.RawConfigParser()
59
--                    config.read(self.file_path)
60
--                except:
61
--                    e = sys.exc_info()[0]
62
--                    logging.warning("set_password: Both keyring files are non useable. Error: %s" % e)
63
--                    raise
64
-+                logging.warning("set_password: keyring file corrupted")
65
- 
66
- 
67
-             # Update the keyring with the password
68
-@@ -149,17 +118,15 @@ class BaseKeyring(FileBacked, KeyringBac
69
-                 config.add_section(service)
70
-             config.set(service, username, password_base64)
71
- 
72
--            # Make a back up of the keyring file here
73
--            try:
74
--                src = self.file_path
75
--                dest = self.backup_file_path
76
--                self.filecopy(src,dest)
77
--            except shutil.Error as e:
78
--                logging.warning("set_password: Backup failed. Error: %s" % e)
79
--
80
-             # Save the keyring back to the file
81
--            with open(self.file_path, 'w') as config_file:
82
-+            storage_root = os.path.dirname(self.file_path)
83
-+            tmpfile = "tmpfile.%s" % os.getpid()
84
-+            with open(storage_root + "/" + tmpfile, 'w') as config_file:
85
-                 config.write(config_file)
86
-+            # copy will overwrite but move will not
87
-+            shutil.copy(storage_root + "/" + tmpfile,self.file_path)
88
-+            # wipe out tmpfile here
89
-+            os.remove(storage_root + "/" + tmpfile)
90
- 
91
- 
92
- 
93
-@@ -203,8 +170,15 @@ class BaseKeyring(FileBacked, KeyringBac
94
-             except configparser.NoSectionError:
95
-                 raise PasswordDeleteError("Password not found")
96
-             # update the file
97
--            with open(self.file_path, 'w') as config_file:
98
-+            storage_root = os.path.dirname(self.file_path)
99
-+            tmpfile = "tmpfile.%s" % os.getpid()
100
-+            with open(storage_root + "/" + tmpfile, 'w') as config_file:
101
-                 config.write(config_file)
102
-+            # copy will overwrite but move will not
103
-+            shutil.copy(storage_root + "/" + tmpfile,self.file_path)
104
-+            # wipe out tmpfile
105
-+            os.remove(storage_root + "/" + tmpfile)
106
-+
107
- 
108
- class PlaintextKeyring(BaseKeyring):
109
-     """Simple File Keyring with no encryption"""
110
-@@ -213,7 +187,6 @@ class PlaintextKeyring(BaseKeyring):
111
-     "Applicable for all platforms, but not recommended"
112
- 
113
-     filename = 'keyring_pass.cfg'
114
--    backup_filename = 'crypted_pass_backup.cfg'
115
- 
116
-     def encrypt(self, password):
117
-         """Directly return the password itself.
118
-@@ -267,7 +240,6 @@ class EncryptedKeyring(Encrypted, BaseKe
119
-     """PyCrypto File Keyring"""
120
- 
121
-     filename = 'crypted_pass.cfg'
122
--    backup_filename = 'crypted_pass_backup.cfg'
123
-     pw_prefix = 'pw:'.encode()
124
- 
125
-     @properties.ClassProperty
126
-@@ -326,27 +298,15 @@ class EncryptedKeyring(Encrypted, BaseKe
127
-                     escape_for_ini('password reference'),
128
-                 )
129
-             except (configparser.NoSectionError, configparser.NoOptionError):
130
--                # The current file doesn't have the keyring-setting, check the backup
131
--                if os.path.exists(self.backup_file_path):
132
--                    config = configparser.RawConfigParser()
133
--                    config.read(self.backup_file_path)
134
--                    try:
135
--                        config.get(
136
--                            escape_for_ini('keyring-setting'),
137
--                            escape_for_ini('password reference'),
138
--                        )
139
--                    except (configparser.NoSectionError, configparser.NoOptionError):
140
--                        return False
141
--                    # backup file has it, let's use it
142
--                    try:
143
--                        src = self.backup_file_path
144
--                        dest = self.file_path
145
--                        shutil.copy(src,dest)
146
--                    except shutil.Error as e:
147
--                        logging.warning("Revert from Backup failed. Error: %s" % e)
148
--                        return False
149
--                else:
150
--                    return False
151
-+                return False
152
-+
153
-+            # remove any residual temporary files here
154
-+            try:
155
-+                for tmpfile in glob.glob(os.path.dirname(self.file_path) + "/" + "tmpfile.*"):
156
-+                    os.remove(tmpfile)
157
-+            except:
158
-+                logging.warning("_check_file: tmpfile removal failed")
159
-+
160
- 
161
-         return True
162
- 

Loading…
Cancel
Save