Red Hat Bugzilla – Bug 978408
Add a static directory for signing_dir
Last modified: 2013-10-23 07:53:00 EDT
Description of problem:
The signing dir has to be relocated into home directory of user swift.
The RHOS already does this, although it's in a one-time directory
after bug 967631.
In 1.8.0-2 we have signing_dir = /tmp/keystone-signing-swift,
which is not too bad, but should be moved all the same.
Version-Release number of selected component (if applicable):
Uncertain of security implications of /tmp/keystone-signing-swift.
/var/cache/swift (which cannot be used since recon lives there)
/var/lib/swift (needs verifying w/Adam and an LSB expert)
All this can easily be overridden by sysadmin. An update does not
override proxy-server.conf due to %config, so this is not a huge
deal. However, Packstack people are going to rely on us to make
it right (see bug 976081).
This bug appears to have been reported against 'rawhide' during the Fedora 20 development cycle.
Changing version to '20'.
More information and reason for this action is here:
(In reply to Pete Zaitcev from comment #1)
> see also
and also https://bugs.launchpad.net/keystone/+bug/1036847/comments/12
"current default in authtoken is tempfile.mkdtemp(prefix='keystone-signing-') so best is not to set signing_dir parameter and leave to authtoken to generate a tempdir which should be safe and secure"
Setting signing_dir is not needed since default was changed in https://github.com/openstack/python-keystoneclient/commit/03012e641d6c2a98fbfe3780102e28a65d11a887