[Freeipa-devel] [PATCH 0034] Secure permissions of Custodia server.keys
Christian Heimes
cheimes at redhat.com
Wed Aug 24 09:09:49 UTC 2016
On 2016-08-23 12:49, Petr Vobornik wrote:
> On 08/09/2016 01:53 PM, Martin Basti wrote:
>>
>>
>> On 08.08.2016 16:09, Christian Heimes wrote:
>>> I have split up patch 0032 into two smaller patches. This patch only
>>> addresses the server.keys file.
>>>
>>> Custodia's server.keys file contain the private RSA keys for encrypting
>>> and signing Custodia messages. The file was created with permission 644
>>> and is only secured by permission 700 of the directory
>>> /etc/ipa/custodia. The installer and upgrader ensure that the file
>>> has 600.
>>>
>>> https://bugzilla.redhat.com/show_bug.cgi?id=1353936
>>> https://fedorahosted.org/freeipa/ticket/6056
>>>
>>>
>> Pylint is running, please wait ...
>> ************* Module ipapython.secrets.kem
>> ipapython/secrets/kem.py:147: [E0602(undefined-variable), newServerKeys]
>> Undefined variable 'os')
>> ipapython/secrets/kem.py:148: [E0602(undefined-variable), newServerKeys]
>> Undefined variable 'os')
>> ************* Module ipaserver.install.custodiainstance
>> ipaserver/install/custodiainstance.py:77: [E0602(undefined-variable),
>> CustodiaInstance.upgrade_instance] Undefined variable 'stat')
>>
>>
>>
>
> this review looks stuck
Thanks, I didn't notice that it was stuck. I have pushed it to github
and made a PR:
https://github.com/freeipa/freeipa/pull/15
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20160824/e8fc6a91/attachment.sig>
More information about the Freeipa-devel
mailing list