[Freeipa-devel] [freeipa PR#4913][opened] vault.py: flush the certificate after renaming

Fri, 10 Jul 2020 13:35:58 -0700 

   URL: https://github.com/freeipa/freeipa/pull/4913
Author: fcami
 Title: #4913: vault.py: flush the certificate after renaming
Action: opened

PR body:
"""
store_cert() does f.write, flush_sync, f.close, os.rename(f.name)
in that order. The directory is not flushed.
* get rid of f.close as this is taken care of by the nested block
* rename the file first then use f.flush_sync

Signed-off-by: François Cami <fc...@redhat.com>
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/4913/head:pr4913
git checkout pr4913

From 5abeae8366fcd06e6401879dd1531ad6b5f27441 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fran=C3=A7ois=20Cami?= <fc...@redhat.com>
Date: Fri, 10 Jul 2020 22:22:01 +0200
Subject: [PATCH] vault.py: flush the certificate after renaming
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

store_cert() does f.write, flush_sync, f.close, os.rename(f.name)
in that order. The directory is not flushed.
* get rid of f.close as this is taken care of by the nested block
* rename the file first then use f.flush_sync

Signed-off-by: François Cami <fc...@redhat.com>
---
 ipaclient/plugins/vault.py | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/ipaclient/plugins/vault.py b/ipaclient/plugins/vault.py
index bd9c967ba7..43c9ca2dc3 100644
--- a/ipaclient/plugins/vault.py
+++ b/ipaclient/plugins/vault.py
@@ -591,9 +591,8 @@ def store_cert(self, domain, transport_cert):
                                              mode='wb') as f:
                 try:
                     f.write(pem)
-                    ipautil.flush_sync(f)
-                    f.close()
                     os.rename(f.name, filename)
+                    ipautil.flush_sync(f)
                 except Exception:
                     os.unlink(f.name)
                     raise

_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org

Reply via email to