Alon Bar-Lev has posted comments on this change. Change subject: packaging: setup: allow interactive PKI cleanup ......................................................................
Patch Set 6: (1 inline comment) .................................................... File packaging/setup/plugins/ovirt-engine-remove/config/ca.py Line 67: dir=osetupcons.FileLocations.OVIRT_ENGINE_DB_BACKUP_DIR, Line 68: ) Line 69: os.close(fd) Line 70: Line 71: with tarfile.open(self._bkpfile, 'w:gz') as f: I would like to take extra caution... Can you please open the file, change its ownership and mode, then create the tar within the opened file (I think tar support that)? This way the file will not be accessible to world at any given point in time. Line 72: f.add(osetupcons.FileLocations.OVIRT_ENGINE_SERVICE_CONFIG_PKI) Line 73: f.add(osetupcons.FileLocations.OVIRT_ENGINE_PKIDIR) Line 74: os.chmod(self._bkpfile, 0o400) Line 75: os.chown( -- To view, visit http://gerrit.ovirt.org/14732 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: Ib6efe201ed5a9dee7f681ffd61c8f988d24a33a7 Gerrit-PatchSet: 6 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Sandro Bonazzola <[email protected]> Gerrit-Reviewer: Alex Lourie <[email protected]> Gerrit-Reviewer: Alon Bar-Lev <[email protected]> Gerrit-Reviewer: Moran Goldboim <[email protected]> Gerrit-Reviewer: Ofer Schreiber <[email protected]> Gerrit-Reviewer: Sandro Bonazzola <[email protected]> Gerrit-Reviewer: Yedidyah Bar David <[email protected]> _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
