Alon Bar-Lev has uploaded a new change for review. Change subject: packaging: /etc/ovirt-engine/engine.conf* should not be owned by engine ......................................................................
packaging: /etc/ovirt-engine/engine.conf* should not be owned by engine engine does not and should not write into it. if there is secret configuration it can be explicitly written owned by engine. Change-Id: I6d9ca270bd1d3a16591a3d4fae65bbaac65c8654 Signed-off-by: Alon Bar-Lev <[email protected]> --- M Makefile M packaging/fedora/setup/common_utils.py M packaging/fedora/spec/ovirt-engine.spec.in 3 files changed, 7 insertions(+), 4 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/36/13436/1 diff --git a/Makefile b/Makefile index e123c0c..ad69267 100644 --- a/Makefile +++ b/Makefile @@ -386,9 +386,9 @@ # Other misc things: install -m 644 backend/manager/conf/jaas.conf $(DESTDIR)$(DATA_DIR)/conf - install -m 640 backend/manager/conf/engine.conf $(DESTDIR)$(PKG_SYSCONF_DIR)/ install -m 644 backend/manager/conf/engine.conf.defaults $(DESTDIR)$(DATA_DIR)/conf - install -dm 750 $(DESTDIR)$(PKG_SYSCONF_DIR)/engine.conf.d + install -m 644 backend/manager/conf/engine.conf $(DESTDIR)$(PKG_SYSCONF_DIR)/ + install -dm 755 $(DESTDIR)$(PKG_SYSCONF_DIR)/engine.conf.d install -m 755 packaging/resources/ovirtlogrot.sh ${DESTDIR}$(DATA_DIR)/scripts/ install -m 755 packaging/resources/ovirt-cron ${DESTDIR}$(SYSCONF_DIR)/cron.daily/ diff --git a/packaging/fedora/setup/common_utils.py b/packaging/fedora/setup/common_utils.py index 888aa98..d9d6656 100755 --- a/packaging/fedora/setup/common_utils.py +++ b/packaging/fedora/setup/common_utils.py @@ -1256,6 +1256,9 @@ handler.close() + chownToEngine(basedefs.FILE_ENGINE_CONF_DATABASE) + os.chmod(basedefs.FILE_ENGINE_CONF_DATABASE, 0o640) + # TODO: Support SystemD services class Service(): def __init__(self, name): diff --git a/packaging/fedora/spec/ovirt-engine.spec.in b/packaging/fedora/spec/ovirt-engine.spec.in index d9c9ca9..35d06f2 100644 --- a/packaging/fedora/spec/ovirt-engine.spec.in +++ b/packaging/fedora/spec/ovirt-engine.spec.in @@ -424,8 +424,8 @@ # Engine configuration files: %dir %{engine_etc} -%config(noreplace) %attr(-, %{engine_user}, %{engine_group}) %{engine_etc}/engine.conf -%dir %attr(-, %{engine_user}, %{engine_group}) %{engine_etc}/engine.conf.d +%config(noreplace) %{engine_etc}/engine.conf +%dir %{engine_etc}/engine.conf.d # File containing the version number of the engine: %{engine_data}/conf/version -- To view, visit http://gerrit.ovirt.org/13436 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I6d9ca270bd1d3a16591a3d4fae65bbaac65c8654 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Alon Bar-Lev <[email protected]> _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
