Skip to content

/salt

Loading…

Use the existing pubkey for the sign in payload #10672

Merged
merged 1 commit into from
+1 −5

Labels

None yet

Milestone

No milestone

Assignee

No one assigned

3 participants

@dwfreed @salt-jenkins @thatch45
@dwfreed
dwfreed commented

Rather than making a temp file to save out the public key just to read it back in to give to the master for sign in, we can just read the existing public key file that was just created. I should mention that I have not tested this change, as I do not yet have a salt environment up and running. I have looked through the minion sign in flow, and by this point, the keys have already been created if they didn't exist, so removing the call to salt.get_keys() is perfectly safe. I would highly suggest testing starting up a minion, both a fresh one and one that has been running for a while, to verify that both cases don't run into any issues.

@dwfreed dwfreed Use the existing pubkey for the sign in payload 
Rather than making a temp file to save out the public key just to read
it back in to give to the master for sign in, we can just read the
existing public key file that was just created.
a92adfa
@salt-jenkins
Collaborator
salt-jenkins commented

Test FAILed.
Refer to this link for build results: http://jenkins.saltstack.com/job/salt-pr-build/1712/

@thatch45 thatch45 merged commit d4d9ed0 into saltstack:develop
1 check failed

1 check failed

Details default Merged build finished.
@thatch45
Owner
thatch45 commented

@dwfreed, please rebase your fork, you are running on a very old checkout which is why the tests have so many lint failures

@dwfreed dwfreed deleted the dwfreed:no-need-for-mkstemp branch
@dwfreed
dwfreed commented

I've since updated the develop branch on my fork, but I forgot to rebase this branch before opening the pull request. To be fair, when doing pull request builds, Jenkins should be merging the pull request with develop locally, and then initiate the build process. Thanks for merging this :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Dec 30, 2013
  1. @dwfreed

    Use the existing pubkey for the sign in payload

    dwfreed committed 
    Rather than making a temp file to save out the public key just to read
it back in to give to the master for sign in, we can just read the
existing public key file that was just created.
    a92adfa
This page is out of date. Refresh to see the latest.
Unified Split
Showing with 1 addition and 5 deletions.
  1. +1 −5 salt/crypt.py
View
6 salt/crypt.py
@@ -237,9 +237,6 @@ def minion_sign_in_payload(self):
public key to encrypt the AES key sent back form the master.
'''
payload = {}
- key = self.get_keys()
- tmp_pub = salt.utils.mkstemp()
- key.save_pub_key(tmp_pub)
payload['enc'] = 'clear'
payload['load'] = {}
payload['load']['cmd'] = '_auth'
@@ -251,9 +248,8 @@ def minion_sign_in_payload(self):
payload['load']['token'] = pub.public_encrypt(self.token, RSA.pkcs1_oaep_padding)
except Exception:
pass
- with salt.utils.fopen(tmp_pub, 'r') as fp_:
+ with salt.utils.fopen(self.pub_path, 'r') as fp_:
payload['load']['pub'] = fp_.read()
- os.remove(tmp_pub)
return payload
def decrypt_aes(self, payload, master_pub=True):
Something went wrong with that request. Please try again.