Hide Forgot
There are two RHOSP certs, we found some files of openstack-dashboard are modified and partner confirmed they didn't do any manual modification to these files and file /etc/openstack-dashboard/local_settings. Following are the list: Error: Verification failed for 'openstack-dashboard-9.0.1-3.el7ost.noarch' SM5....T. /usr/share/openstack-dashboard/openstack_dashboard/local/local_settings.pyc ..5....T. /usr/share/openstack-dashboard/static/dashboard/manifest.json S.5....T. /usr/share/openstack-dashboard/static/horizon/lib/jquery-ui/ui/jquery-ui.js If they are configuration files, they should be labeled with "c" in rpm package.
I'm looking at this, and here's what I found so far: * All the .pyc and .pyo files are generated automatically, and re-generated when their corresponding .py files change. I'm not sure we should be including any of the .pyo and .pyc files in the rpm, or if they should be generated automatically when the rpm is being installed. * Still, even if the local_settings file is modified, the user Horizon runs at shouldn't have the permissions to change the corresponding .pyc file, unless someone ran it as root? * We probably should exclude the .pyc and .pyo files for local_settings anyways, as it is supposed to be edited by users. * The static files, including manifest, are generated once Horiozn is installed, we probably shouldn't be including them in the rpm at all. I will work on applying those and testing the resulting builds.
The relevant files have been removed from the spec file, and the next build will not contain them.
Hi Radomir, Ask one question, whether "/usr/share/openstack-dashboard/static/dashboard/manifest.json" is it a config file? Sincerely, Jinhua Li
I'm not sure what you mean by "config file" exactly. This file (and everything else under /usr/share/openstack-dashboard/static/) is automatically generated from other files in Horizon every time the httpd service is restarted. On the other hand, that file is then served by the http server and used by the JavaScript code in the client's browser as configuration. So it really depends on what is your definition of "config file". If it's a file that would be edited by the user, then no, this is not a configuration file, because any changes made to it will be overwritten next time you restart the httpd service. If it's a file that controls how the application works, then yes. In the end, since the file is generated anyways, there is no point of including it inside the RPM package, so I removed it.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2017:3462