On 2018-02-13 07:22, Aurelien Jarno wrote:
> On 2018-02-01 22:17, Ansgar Burchardt wrote:
> > Philipp Kern writes:
> > > On 01.02.2018 10:30, Ansgar Burchardt wrote:
> > [...]
> > >> There is already a `buildd-uploader` role account on the upload hosts
> > >> both main and security archive, a `rsync-ssh-wrap` script, and someone
> > >> also set up authorized_keys.
> > >>
> > >> I'm just not sure if it is already in use for security uploads? I
> > >> believe it was used for uploads to the main archive already (not sure if
> > >> it currently is?).
> > >
> > > Indeed, it uses rsync over SSH through dupload. For security it uses
> > > FTP. Interestingly an rsync-security dupload.conf entry exists, but it
> > > doesn't seem to be used.
> > Hmm, maybe we should try if it does the right thing? The wrapper script
> > should ignore the `chmod` call I mentioned in #876900, so the uploaded
> > files shouldn't even be readable by other DDs.
Note that the chmod has been ignored in the wrapper script since almost
the beginning of its existence.
> The problem there is that rsync when used with dupload forces the
> uploaded file to be world readable, until the package is moved out from
> the upload directory by dupload.
I have found a way to force rsync permissions to 0640. I have applied
that to the wrapper script. Following that I have switched the upload
queue on the build daemons to the SSH one.
I guess this basically solves this bug.
Aurelien Jarno GPG: 4096R/1DDD8C9B