Bug 978408 - Add a static directory for signing_dir
Add a static directory for signing_dir
Product: Fedora
Classification: Fedora
Component: openstack-swift (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Pete Zaitcev
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2013-06-26 10:30 EDT by Pete Zaitcev
Modified: 2013-10-23 07:53 EDT (History)
11 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2013-10-23 07:53:00 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Pete Zaitcev 2013-06-26 10:30:31 EDT
Description of problem:

The signing dir has to be relocated into home directory of user swift.
The RHOS already does this, although it's in a one-time directory
after bug 967631.

In 1.8.0-2 we have signing_dir = /tmp/keystone-signing-swift,
which is not too bad, but should be moved all the same.

Version-Release number of selected component (if applicable):


Actual results:

Uncertain of security implications of /tmp/keystone-signing-swift.

Expected results:

/var/cache/swift (which cannot be used since recon lives there)
/var/lib/swift (needs verifying w/Adam and an LSB expert)

Additional info:

All this can easily be overridden by sysadmin. An update does not
override proxy-server.conf due to %config, so this is not a huge
deal. However, Packstack people are going to rely on us to make
it right (see bug 976081).
Comment 1 Pete Zaitcev 2013-06-26 10:30:56 EDT
see also
Comment 2 Fedora End Of Life 2013-09-16 10:16:03 EDT
This bug appears to have been reported against 'rawhide' during the Fedora 20 development cycle.
Changing version to '20'.

More information and reason for this action is here:
Comment 3 Alan Pevec 2013-10-23 07:53:00 EDT
(In reply to Pete Zaitcev from comment #1)
> see also
>  https://bugs.launchpad.net/keystone/+bug/1036847/comments/10

and also https://bugs.launchpad.net/keystone/+bug/1036847/comments/12
"current default in authtoken is tempfile.mkdtemp(prefix='keystone-signing-') so best is not to set signing_dir parameter and leave to authtoken to generate a tempdir which should be safe and secure"

Setting signing_dir is not needed since default was changed in https://github.com/openstack/python-keystoneclient/commit/03012e641d6c2a98fbfe3780102e28a65d11a887

Note You need to log in before you can comment on or make changes to this bug.