Yedidyah Bar David has uploaded a new change for review. Change subject: pki: enforce lock file permissions same as ca private key ......................................................................
pki: enforce lock file permissions same as ca private key Change-Id: Ia2bc8c6cea013079d2e5612e61b99ce1f1c68f8f Bug-Url: https://bugzilla.redhat.com/1075209 Signed-off-by: Yedidyah Bar David <[email protected]> --- M packaging/bin/pki-enroll-request.sh 1 file changed, 24 insertions(+), 1 deletion(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/63/25663/1 diff --git a/packaging/bin/pki-enroll-request.sh b/packaging/bin/pki-enroll-request.sh index 47bc8fa..0484117 100755 --- a/packaging/bin/pki-enroll-request.sh +++ b/packaging/bin/pki-enroll-request.sh @@ -89,7 +89,30 @@ # same file at any environment # path must be local as remote filesystems # do not [always] support flock. -LOCKFILE="/tmp/ovirt-engine-pki.lock" +LOCKDIR="/tmp/ovirt-engine-pki-lock" +LOCKFILE="${LOCKDIR}/ovirt-engine-pki-v2.lock" +LOCKDIR_REF="${PKIDIR}/private" + +mk_lockdir() { + mkdir -m 700 "${LOCKDIR}" || die "Failed creating lockdir '${LOCKDIR}'" + chown --reference="${LOCKDIR_REF}" "${LOCKDIR}" || die "Cannot set ownership of lockdir '${LOCKDIR}'" + chmod --reference="${LOCKDIR_REF}" "${LOCKDIR}" || die "Cannot set permissions of lockfile '${LOCKTMP}'" +} + +lockdir_is_ok() { + [ "$(stat --printf "%F-%u-%g-%a\n" "${LOCKDIR}" "${LOCKDIR_REF}" 2>&1 | uniq | wc -l)" = 1 ] +} + +if [ -e "${LOCKDIR}" -o -L "${LOCKDIR}" ]; then + if ! lockdir_is_ok; then + rm -fr "${LOCKDIR}" + mk_lockdir + fi +else + mk_lockdir +fi + +lockdir_is_ok || die "Invalid permissions for '${LOCKDIR}', please remove" # create lock file if not already exists # make sure it is world readable so we can -- To view, visit http://gerrit.ovirt.org/25663 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ia2bc8c6cea013079d2e5612e61b99ce1f1c68f8f Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Yedidyah Bar David <[email protected]> _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
