Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Log and config file generation as 0640 root:adm #1182

Merged
merged 5 commits into from
Feb 14, 2022
Merged

Log and config file generation as 0640 root:adm #1182

merged 5 commits into from
Feb 14, 2022

Conversation

dbungert
Copy link
Collaborator

  • Implement file mode 0640, owner root:adm for log files and config files that will be copied to the target system and may contain sensitive information.
  • Centralize on subiquity-specific write_file & helper funtions rather than a mix of curtin / cloud-init / subiquity versions

ogayot
ogayot reviewed Feb 11, 2022
View reviewed changes
Copy link
Member

@ogayot ogayot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't have much context to lean on. But I think we want to keep more restrictive permissions for /autoinstall.yaml

subiquitycore/log.py Outdated Show resolved Hide resolved
subiquity/server/server.py Show resolved Hide resolved
subiquity/server/controllers/install.py Show resolved Hide resolved
@dbungert dbungert force-pushed the log-visibility branch 2 times, most recently from 8443b75 to fe67168 Compare February 11, 2022 23:30
mwhudson
mwhudson approved these changes Feb 12, 2022
View reviewed changes
Copy link
Collaborator

@mwhudson mwhudson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a couple of comments. Sorry for the slow review!

subiquitycore/file_util.py Outdated Show resolved Hide resolved
subiquitycore/file_util.py Outdated Show resolved Hide resolved
@dbungert
file_util: add open_perms and generate_config
9b5513f 
Create open_perms context manager for custom or multiple writes.
Create generate_config for a small removal of redundancy.
0640 root:adm the resulting files.
@dbungert
logging: log files 0640 root:adm
fae24f3
@dbungert
standardize on useage of file_util methods
b734924
@dbungert
file_util generate_config -> generate_config_yaml
f4a9836 
The two usages of generate_config were both for yaml, so make that
simpler.
@dbungert
file_util: remove omode / copy_mode
42db747 
omode used to be in use, but has been standardized to 'w'.
copy_mode was unused.  Remove both.
@dbungert dbungert merged commit eab1758 into canonical:main Feb 14, 2022
@dbungert dbungert deleted the log-visibility branch February 14, 2022 18:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ogayot ogayot ogayot left review comments

@mwhudson mwhudson mwhudson approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@dbungert @mwhudson @ogayot