I don't think the ordering of the package installs are important. They
run the same command. The problem seem to be that the code that creates
the secret key doesn't create it with the right permissions. The current
code in horizon/utils/secret_key.py does this:
old_umask = os.umask(0o177) # Use '0600' file permissions
with open(key_file, 'w') as f:
f.write(key)
os.umask(old_umask)
That doesn't work on the systems we're installing to. It works if I
change the code to:
with open(key_file, 'w') as f:
os.chmod(key_file, 0o600)
f.write(key)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1382632
Title:
Insecure key file permissions
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/horizon/+bug/1382632/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
