[SRU] local_settings.py is world readable and contains passwords

Bug #1755027 reported by James Troup
282
This bug affects 2 people
Affects Status Importance Assigned to Milestone
OpenStack Dashboard Charm
Fix Released
Critical
Unassigned
Ubuntu Cloud Archive
Invalid
Undecided
Unassigned
Kilo
Fix Released
Critical
Corey Bryant
Mitaka
Fix Released
Critical
Corey Bryant
Newton
Fix Released
Critical
Corey Bryant
Ocata
Fix Released
Critical
Corey Bryant
Pike
Fix Released
Critical
Unassigned
designate-dashboard (Ubuntu)
Invalid
Undecided
Unassigned
Artful
Fix Released
Critical
Corey Bryant
horizon (Ubuntu)
Invalid
Undecided
Unassigned
Trusty
Fix Released
Critical
Corey Bryant
Xenial
Fix Released
Critical
Corey Bryant
murano-dashboard (Ubuntu)
Invalid
Undecided
Unassigned
Xenial
Fix Released
Critical
Unassigned
Artful
Fix Released
Critical
Unassigned
neutron-lbaas-dashboard (Ubuntu)
Invalid
Undecided
Unassigned
sahara-dashboard (Ubuntu)
Invalid
Undecided
Unassigned
Xenial
Fix Released
Critical
Unassigned
Artful
Fix Released
Critical
Corey Bryant
trove-dashboard (Ubuntu)
Invalid
Undecided
Unassigned
Xenial
Fix Released
Critical
Unassigned
Artful
Fix Released
Critical
Unassigned

Bug Description

[Impact]

nobody@juju-a45617-0-lxd-4:/$ grep PASSWORD /etc/openstack-dashboard/local_settings.py
        'PASSWORD': 'yNXwml0TXuWjcW19jDzE49IiohSIMY',
#EMAIL_HOST_PASSWORD = 'top-secret!'
#OPENSTACK_ENABLE_PASSWORD_RETRIEVE = False
OPENSTACK_ENABLE_PASSWORD_RETRIEVE = True
#ENFORCE_PASSWORD_CHECK = False
nobody@juju-a45617-0-lxd-4:/$

Needless to say, I should not be able to see passwords as 'nobody'.

This is on a customer site, but I've reproduced at least the world readableness with a fresh deploy of cs:openstack-dashboard locally.

This release sports mostly bug-fixes and we would like to make sure all of our
supported customers have access to these improvements.
The update contains the following package updates:

   * <TODO: Create list with package names and versions>

[Test Case]
apt install openstack-dashboard
sudo ls -al /etc/openstack-dashboard/

permissions should be:
-rw-r----- 1 root horizon 30995 Mar 13 14:12 local_settings.py

sudo ls -al /var/lib/openstack-dashboard/ # should be recursively owned by horizon:horizon before and after installing any dashboard plugins

[Regression Potential]
Very minimal regression potential. The fix is already in artful/pike and bionic/queens.

[Discussion]
The following comment is copied from comment #30 below but important to call out for SRU review:

coreycb: I've uploaded designate-dashboard, murano-dashboard, trove-dashboard, and sahara-dashboard to the Artful Unapproved queue where they are awaiting review by the SRU team. Note that these changes are only updating these dashboard to use the proper user:group when performing chown on /var/lib/openstack-dashboard. This may look tengential when just looking at the Artful packages but it aligns with the changes being made for the Ocata cloud-archive (and already made in Bionic) that run openstack-dashboard under horizon:horizon instead of under www-data:www-data.

Revision history for this message
Xav Paice (xavpaice) wrote :

I've just confirmed this at a site with 17.02 charms, and indeed the perms on the file are -rw-r--r--

Changed in charm-openstack-dashboard:
status: New → Confirmed
Ryan Beisner (1chb1n)
Changed in charm-openstack-dashboard:
milestone: none → 18.05
assignee: nobody → Corey Bryant (corey.bryant)
importance: Undecided → Critical
tags: added: uosci
Revision history for this message
Ryan Beisner (1chb1n) wrote :

Underway, presuming comment #1 intended 18.02 and not 17.02.

Revision history for this message
Corey Bryant (corey.bryant) wrote :

I've confirmed this is not a package bug.

The postinst package script has:

  if [ -f /etc/openstack-dashboard/local_settings.py ]; then
    chown root:horizon /etc/openstack-dashboard/local_settings.py
    chmod 0640 /etc/openstack-dashboard/local_settings.py
  fi

And a xenial-pike install of openstack-dashboard has:

root@x1:~# ls -al /etc/openstack-dashboard/local_settings.py
-rw-r----- 1 root horizon 34432 Dec 1 13:16 /etc/openstack-dashboard/local_settings.py

I'll focus on the charm now.

Revision history for this message
Corey Bryant (corey.bryant) wrote :

I just completed a small deployment on xenial-pike with only mysql, keystone, and openstack-dashboard charms and after deployment completes, the permissions look ok:

ubuntu@juju-bdca29-coreycb2-2:~$ sudo ls -al /etc/openstack-dashboard/
total 40
drwxr-x--- 2 root horizon 4096 Mar 13 14:11 .
drwxr-xr-x 101 root root 4096 Mar 13 14:07 ..
-rw-r----- 1 root horizon 30995 Mar 13 14:12 local_settings.py

Attempting a larger deployment this time, and I'll use ocata for variation.

Revision history for this message
Corey Bryant (corey.bryant) wrote :

Xav/James, What release of openstack is this? Also are there any other details for reproducing?

Revision history for this message
Alvaro Uria (aluria) wrote :

It was on a xenial-ocata cloud.

openstack-dashboard-internal is cs:openstack-dashboard-250

$ juju ssh openstack-dashboard-internal/0 'sudo ls -l /etc/openstack-dashboard'
total 32
-rw-r--r-- 1 root root 32133 Dec 19 12:04 local_settings.py

Revision history for this message
Corey Bryant (corey.bryant) wrote :

Mid-deployment and I seem to be reproducing this on xenial-ocata.

Revision history for this message
Corey Bryant (corey.bryant) wrote :

Ok I've confirmed this is a packaging issue after all. It was fixed in pike and not backported.

Revision history for this message
Corey Bryant (corey.bryant) wrote :

This appears to affect all supported releases prior to pike.

summary: - local_settings.py is world readable and contains passwords
+ [SRU] local_settings.py is world readable and contains passwords
Changed in horizon (Ubuntu):
status: New → Invalid
Changed in horizon (Ubuntu Trusty):
status: New → Triaged
importance: Undecided → Critical
Changed in horizon (Ubuntu Xenial):
importance: Undecided → Critical
status: New → Triaged
Changed in cloud-archive:
status: New → Invalid
no longer affects: cloud-archive/icehouse
description: updated
Ryan Beisner (1chb1n)
Changed in cloud-archive:
assignee: nobody → Corey Bryant (corey.bryant)
Changed in horizon (Ubuntu Trusty):
assignee: nobody → Corey Bryant (corey.bryant)
Changed in horizon (Ubuntu Xenial):
assignee: nobody → Corey Bryant (corey.bryant)
Changed in charm-openstack-dashboard:
status: Confirmed → Invalid
Revision history for this message
Corey Bryant (corey.bryant) wrote : Please test proposed package

Hello James, or anyone else affected,

Accepted horizon into ocata-proposed. The package will build now and be available in the Ubuntu Cloud Archive in a few hours, and then in the -proposed repository.

Please help us by testing this new package. To enable the -proposed repository:

  sudo add-apt-repository cloud-archive:ocata-proposed
  sudo apt-get update

Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-ocata-needed to verification-ocata-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-ocata-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

tags: added: verification-ocata-needed
Revision history for this message
Corey Bryant (corey.bryant) wrote :

Hello James, or anyone else affected,

Accepted horizon into newton-proposed. The package will build now and be available in the Ubuntu Cloud Archive in a few hours, and then in the -proposed repository.

Please help us by testing this new package. To enable the -proposed repository:

  sudo add-apt-repository cloud-archive:newton-proposed
  sudo apt-get update

Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-newton-needed to verification-newton-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-newton-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

tags: added: verification-newton-needed
Revision history for this message
Corey Bryant (corey.bryant) wrote :

Hello James, or anyone else affected,

Accepted horizon into kilo-proposed. The package will build now and be available in the Ubuntu Cloud Archive in a few hours, and then in the -proposed repository.

Please help us by testing this new package. To enable the -proposed repository:

  sudo add-apt-repository cloud-archive:kilo-proposed
  sudo apt-get update

Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-kilo-needed to verification-kilo-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-kilo-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

tags: added: verification-kilo-needed
Changed in charm-openstack-dashboard:
importance: Critical → Undecided
assignee: Corey Bryant (corey.bryant) → nobody
milestone: 18.05 → none
Changed in cloud-archive:
assignee: Corey Bryant (corey.bryant) → nobody
Revision history for this message
Xav Paice (xavpaice) wrote :

FWIW, using charm cs:openstack-dashboard-257 and Xenial/Mitaka:

ubuntu@juju-e9c2ed-20:~$ ls -l /etc/openstack-dashboard
total 28
-rw-r--r-- 1 root root 26770 Mar 13 05:36 local_settings.py
ubuntu@juju-e9c2ed-20:~$ sudo su - nobody -s /bin/bash
No directory, logging in with HOME=/
nobody@juju-e9c2ed-20:/$ head /etc/openstack-dashboard/local_settings.py
# -*- coding: utf-8 -*-

The difference is that in Mitaka there's not the 'PASSWORD' setting, however there is other potentially sensitive info in that file.

Revision history for this message
Xav Paice (xavpaice) wrote :

Installed 9.1.2-0ubuntu4 from xenial-proposed, took the package maintainer's config file, and re-ran the config-changed hook. No change, file permissions still -rw-r--r--

Revision history for this message
Corey Bryant (corey.bryant) wrote :

Xav, xenial hasn't received any updates for this bug yet. We currently have updates available for ocata-proposed, newton-proposed, and kilo-proposed.

Trusty is in the SRU unapproved queue awaiting review from the SRU team.

Xenial is blocked at the moment by https://bugs.launchpad.net/ubuntu/+source/horizon/+bug/1725421 and Shane is reporting back to me by EOD on testing results. If verification for that bug is still failing at EOD today we're going to reject that fix from xenial-proposed and push the fix for this bug (1755027) ahead of that.

Revision history for this message
Corey Bryant (corey.bryant) wrote :

The versions uploaded yesterday caused a regression resulting in permission denied to /var/lib/openstack-dashboard/secret_key. I have a tested fix that I'm working on uploading.

Revision history for this message
Ryan Beisner (1chb1n) wrote :

FYI, a charm gate regression test is proposed @:

https://review.openstack.org/#/c/552901

Revision history for this message
Corey Bryant (corey.bryant) wrote :

Hello James, or anyone else affected,

Accepted horizon into ocata-proposed. The package will build now and be available in the Ubuntu Cloud Archive in a few hours, and then in the -proposed repository.

Please help us by testing this new package. To enable the -proposed repository:

  sudo add-apt-repository cloud-archive:ocata-proposed
  sudo apt-get update

Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-ocata-needed to verification-ocata-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-ocata-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Revision history for this message
Corey Bryant (corey.bryant) wrote :

Sorry for the churn, there's a new version of the package that is yet to be uploaded for ocata. Ocata was running the apache conf under www-data:www-data whereas all other releases run under horizon:horizon. The next version will fix this bug and include other changes needed to run under horizon:horizon.

This will also require a charm template update for ocata.

Changed in charm-openstack-dashboard:
status: Invalid → Triaged
importance: Undecided → Critical
assignee: nobody → Corey Bryant (corey.bryant)
assignee: Corey Bryant (corey.bryant) → nobody
Revision history for this message
Ryan Beisner (1chb1n) wrote :

FYI: 11.0.4-0ubuntu1~cloud2.2 package from ocata/proposed was exercised via charm gate tests, and is passing: http://paste.ubuntu.com/p/ptNXFv3QJv/

Revision history for this message
Corey Bryant (corey.bryant) wrote :

The following packages have chown www-data /var/lib/openstack-dashboard/ after collecting/compressing static assets which can disable access to important files such as static assets when the openstack-dashboard apache2 conf is run under horizon:horizon.

The following releases are affected:
openstack-dashboard ocata
designate-dashboard ocata, pike
sahara-dashboard xenial, ocata, pike
murano-dashboard xenial, ocata, pike
neutron-lbaas-dashboard ocata
trove-dashboard xenial, ocata, pike

no longer affects: designate-dashboard (Ubuntu Trusty)
no longer affects: designate-dashboard (Ubuntu Xenial)
Changed in designate-dashboard (Ubuntu Artful):
importance: Undecided → Critical
status: New → Triaged
assignee: nobody → Corey Bryant (corey.bryant)
Changed in designate-dashboard (Ubuntu):
status: New → Invalid
Changed in sahara-dashboard (Ubuntu):
importance: Undecided → Critical
status: New → Triaged
assignee: nobody → Corey Bryant (corey.bryant)
assignee: Corey Bryant (corey.bryant) → nobody
importance: Critical → Undecided
status: Triaged → Invalid
Changed in sahara-dashboard (Ubuntu Artful):
assignee: nobody → Corey Bryant (corey.bryant)
importance: Undecided → Critical
status: New → Triaged
no longer affects: horizon (Ubuntu Artful)
Revision history for this message
Corey Bryant (corey.bryant) wrote :

Ok can't target xenial for some reason with Launchpad atm.

Revision history for this message
Corey Bryant (corey.bryant) wrote :

Or artful.

Revision history for this message
Corey Bryant (corey.bryant) wrote :

Hello James, or anyone else affected,

Accepted designate-dashboard into ocata-proposed. The package will build now and be available in the Ubuntu Cloud Archive in a few hours, and then in the -proposed repository.

Please help us by testing this new package. To enable the -proposed repository:

  sudo add-apt-repository cloud-archive:ocata-proposed
  sudo apt-get update

Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-ocata-needed to verification-ocata-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-ocata-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Revision history for this message
Corey Bryant (corey.bryant) wrote :

Hello James, or anyone else affected,

Accepted horizon into ocata-proposed. The package will build now and be available in the Ubuntu Cloud Archive in a few hours, and then in the -proposed repository.

Please help us by testing this new package. To enable the -proposed repository:

  sudo add-apt-repository cloud-archive:ocata-proposed
  sudo apt-get update

Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-ocata-needed to verification-ocata-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-ocata-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Revision history for this message
Corey Bryant (corey.bryant) wrote :

Hello James, or anyone else affected,

Accepted murano-dashboard into ocata-proposed. The package will build now and be available in the Ubuntu Cloud Archive in a few hours, and then in the -proposed repository.

Please help us by testing this new package. To enable the -proposed repository:

  sudo add-apt-repository cloud-archive:ocata-proposed
  sudo apt-get update

Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-ocata-needed to verification-ocata-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-ocata-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Revision history for this message
Corey Bryant (corey.bryant) wrote :

Hello James, or anyone else affected,

Accepted neutron-lbaas-dashboard into ocata-proposed. The package will build now and be available in the Ubuntu Cloud Archive in a few hours, and then in the -proposed repository.

Please help us by testing this new package. To enable the -proposed repository:

  sudo add-apt-repository cloud-archive:ocata-proposed
  sudo apt-get update

Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-ocata-needed to verification-ocata-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-ocata-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Revision history for this message
Corey Bryant (corey.bryant) wrote :

Hello James, or anyone else affected,

Accepted sahara-dashboard into ocata-proposed. The package will build now and be available in the Ubuntu Cloud Archive in a few hours, and then in the -proposed repository.

Please help us by testing this new package. To enable the -proposed repository:

  sudo add-apt-repository cloud-archive:ocata-proposed
  sudo apt-get update

Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-ocata-needed to verification-ocata-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-ocata-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Revision history for this message
Corey Bryant (corey.bryant) wrote :

Hello James, or anyone else affected,

Accepted trove-dashboard into ocata-proposed. The package will build now and be available in the Ubuntu Cloud Archive in a few hours, and then in the -proposed repository.

Please help us by testing this new package. To enable the -proposed repository:

  sudo add-apt-repository cloud-archive:ocata-proposed
  sudo apt-get update

Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-ocata-needed to verification-ocata-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-ocata-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Revision history for this message
Corey Bryant (corey.bryant) wrote :

I've uploaded designate-dashboard, murano-dashboard, trove-dashboard, and sahara-dashboard to the Artful Unapproved queue where they are awaiting review by the SRU team. Note that these changes are only updating these dashboard to use the proper user:group when performing chown on /var/lib/openstack-dashboard. This may look tengential when just looking at the Artful packages but it aligns with the changes being made for the Ocata cloud-archive (and already made in Bionic) that run openstack-dashboard under horizon:horizon instead of under www-data:www-data.

Artful Unapproved queue: https://launchpad.net/ubuntu/artful/+queue?queue_state=1&queue_text=

description: updated
Revision history for this message
Corey Bryant (corey.bryant) wrote :

I've successfully verified horizon from ocata-proposed:

* sets /etc/openstack-dashboard/local_settings.py -rw-r----- 1 root horizon 30915 Mar 15 14:25 local_settings.py
* runs openstack-dashboard apache conf under horizon:horizon (both from package-only and charm install with tempate override)
* upgraded from openstack-dashboard 3:11.0.4-0ubuntu1~cloud1 in cloud-archive:ocata to openstack-dashboard 3:11.0.4-0ubuntu1~cloud2.3 in cloud-archive:ocata-proposed
* performed various tasks from dashboard (create instance, delete instance, create volume, create user, create project)
* installation of openstack-dashboard and plugin dashboards keeps owner of /var/lib/openstack-dashboard/* as horizon:horizon

Releasing to ocata-updates will need to be coordinated with the following ocata charm fixes:
https://review.openstack.org/#/c/553410
https://review.openstack.org/#/c/552971
https://review.openstack.org/#/c/552901

Since the world-readable issue doesn't affect Artful, I'd like to release Ocata as soon as we're ready, and not wait for Artful/Pike fixes to land as we would normally do.

Revision history for this message
Corey Bryant (corey.bryant) wrote :

Hello James, or anyone else affected,

Accepted horizon into newton-proposed. The package will build now and be available in the Ubuntu Cloud Archive in a few hours, and then in the -proposed repository.

Please help us by testing this new package. To enable the -proposed repository:

  sudo add-apt-repository cloud-archive:newton-proposed
  sudo apt-get update

Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-newton-needed to verification-newton-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-newton-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Revision history for this message
Corey Bryant (corey.bryant) wrote : Update Released

The verification of the Stable Release Update for designate-dashboard has completed successfully and the package has now been released to -updates. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Corey Bryant (corey.bryant) wrote :

This bug was fixed in the package designate-dashboard - 4.0.0-0ubuntu1~cloud1
---------------

 designate-dashboard (4.0.0-0ubuntu1~cloud1) xenial-ocata; urgency=medium
 .
   * d/python-designate-dashboard.postinst: Align with openstack-dashboard
     and use chown horizon instead of www-data (LP: #1755027).

Revision history for this message
Corey Bryant (corey.bryant) wrote :

The verification of the Stable Release Update for horizon has completed successfully and the package has now been released to -updates. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Corey Bryant (corey.bryant) wrote :

This bug was fixed in the package horizon - 3:11.0.4-0ubuntu1~cloud2.3
---------------

 horizon (3:11.0.4-0ubuntu1~cloud2.3) xenial-ocata; urgency=medium
 .
   * d/openstack-dashboard.postinst, d/openstack-dashboard.conf: Align
     with other releases of horizon and use horizon:horizon instead of
     www-data:www-data.
   * d/openstack-dashboard.postinst: Ensure permissions are not
     world-readable for /etc/openstack-dashboard/local_settings.py
     (LP: #1755027).

Revision history for this message
Corey Bryant (corey.bryant) wrote :

The verification of the Stable Release Update for murano-dashboard has completed successfully and the package has now been released to -updates. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Corey Bryant (corey.bryant) wrote :

This bug was fixed in the package murano-dashboard - 1:3.2.0-0ubuntu2~cloud1
---------------

 murano-dashboard (1:3.2.0-0ubuntu2~cloud1) xenial-ocata; urgency=medium
 .
   * d/python-murano-dashboard.postinst: Align with openstack-dashboard
     and use chown horizon instead of www-data (LP: #1755027).

Revision history for this message
Corey Bryant (corey.bryant) wrote :

The verification of the Stable Release Update for neutron-lbaas-dashboard has completed successfully and the package has now been released to -updates. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Corey Bryant (corey.bryant) wrote :

This bug was fixed in the package neutron-lbaas-dashboard - 2.0.0-0ubuntu1.1~cloud1
---------------

 neutron-lbaas-dashboard (2.0.0-0ubuntu1.1~cloud1) xenial-ocata; urgency=medium
 .
   * d/python-neutron-lbaas-dashboard.postinst: Align with pike and other
     releases of horizon and use horizon:horizon instead of www-data:www-data
     (LP: #1755027).

Revision history for this message
Corey Bryant (corey.bryant) wrote :

The verification of the Stable Release Update for sahara-dashboard has completed successfully and the package has now been released to -updates. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Corey Bryant (corey.bryant) wrote :

This bug was fixed in the package sahara-dashboard - 6.0.0-0ubuntu1~cloud1
---------------

 sahara-dashboard (6.0.0-0ubuntu1~cloud1) xenial-ocata; urgency=medium
 .
   * d/python-sahara-dashboard.postinst: Align with openstack-dashboard
     and use chown horizon instead of www-data (LP: #1755027).

Revision history for this message
Corey Bryant (corey.bryant) wrote :

The verification of the Stable Release Update for trove-dashboard has completed successfully and the package has now been released to -updates. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Corey Bryant (corey.bryant) wrote :

This bug was fixed in the package trove-dashboard - 8.0.0-0ubuntu1~cloud1
---------------

 trove-dashboard (8.0.0-0ubuntu1~cloud1) xenial-ocata; urgency=medium
 .
   * d/python-trove-dashboard.postinst: Align with openstack-dashboard
     and use chown horizon instead of www-data (LP: #1755027).

Revision history for this message
Corey Bryant (corey.bryant) wrote :

Verified successfully on newton-proposed.

tags: added: verification-newton-done verification-ocata-done
removed: verification-newton-needed verification-ocata-needed
Revision history for this message
Corey Bryant (corey.bryant) wrote :

The verification of the Stable Release Update for horizon has completed successfully and the package has now been released to -updates. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Corey Bryant (corey.bryant) wrote :

This bug was fixed in the package horizon - 3:10.0.5-0ubuntu1~cloud3.1
---------------

 horizon (3:10.0.5-0ubuntu1~cloud3.1) xenial-newton; urgency=medium
 .
   * d/openstack-dashboard.postinst: Ensure permissions are not
     world-readable for /etc/openstack-dashboard/local_settings.py
     (LP: #1755027).

Revision history for this message
Corey Bryant (corey.bryant) wrote : Please test proposed package

Hello James, or anyone else affected,

Accepted horizon into kilo-proposed. The package will build now and be available in the Ubuntu Cloud Archive in a few hours, and then in the -proposed repository.

Please help us by testing this new package. To enable the -proposed repository:

  sudo add-apt-repository cloud-archive:kilo-proposed
  sudo apt-get update

Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-kilo-needed to verification-kilo-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-kilo-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

description: updated
information type: Private Security → Public Security
no longer affects: trove-dashboard (Ubuntu)
Revision history for this message
Brian Murray (brian-murray) wrote :

Hello James, or anyone else affected,

Accepted trove-dashboard into artful-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/trove-dashboard/9.0.0-0ubuntu1.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-artful to verification-done-artful. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-artful. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in trove-dashboard (Ubuntu Artful):
status: New → Fix Committed
tags: added: verification-needed verification-needed-artful
Changed in designate-dashboard (Ubuntu Artful):
status: Triaged → Fix Committed
Revision history for this message
Brian Murray (brian-murray) wrote :

Hello James, or anyone else affected,

Accepted designate-dashboard into artful-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/designate-dashboard/5.0.1-0ubuntu1.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-artful to verification-done-artful. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-artful. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in murano-dashboard (Ubuntu Artful):
status: New → Fix Committed
Revision history for this message
Brian Murray (brian-murray) wrote :

Hello James, or anyone else affected,

Accepted murano-dashboard into artful-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/murano-dashboard/1:4.0.0-0ubuntu1.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-artful to verification-done-artful. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-artful. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Revision history for this message
Corey Bryant (corey.bryant) wrote : Update Released

The verification of the Stable Release Update for horizon has completed successfully and the package has now been released to -updates. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Corey Bryant (corey.bryant) wrote :

This bug was fixed in the package horizon - 1:2015.1.4-0ubuntu4.1
---------------

 horizon (1:2015.1.4-0ubuntu4.1) trusty-kilo; urgency=medium
 .
   * d/openstack-dashboard.postinst: Ensure permissions are not
     world-readable for /etc/openstack-dashboard/local_settings.py
     (LP: #1755027).

Revision history for this message
Brian Murray (brian-murray) wrote : Please test proposed package

Hello James, or anyone else affected,

Accepted trove-dashboard into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/trove-dashboard/6.0.0-1ubuntu1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in trove-dashboard (Ubuntu Xenial):
status: New → Fix Committed
Changed in murano-dashboard (Ubuntu Xenial):
status: New → Fix Committed
Revision history for this message
Brian Murray (brian-murray) wrote :

Hello James, or anyone else affected,

Accepted murano-dashboard into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/murano-dashboard/1:2.0.0-1ubuntu1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in sahara-dashboard (Ubuntu Xenial):
status: New → Fix Committed
Revision history for this message
Brian Murray (brian-murray) wrote :

Hello James, or anyone else affected,

Accepted sahara-dashboard into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/sahara-dashboard/4.0.0-1ubuntu1.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in horizon (Ubuntu Xenial):
status: Triaged → Fix Committed
Revision history for this message
Brian Murray (brian-murray) wrote :

Hello James, or anyone else affected,

Accepted horizon into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/horizon/2:9.1.2-0ubuntu5 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Revision history for this message
Brian Murray (brian-murray) wrote :

Hello James, or anyone else affected,

Accepted horizon into trusty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/horizon/1:2014.1.5-0ubuntu2.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in horizon (Ubuntu Trusty):
status: Triaged → Fix Committed
Revision history for this message
Brian Murray (brian-murray) wrote :

Hello James, or anyone else affected,

Accepted sahara-dashboard into artful-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/sahara-dashboard/6.0.0-0ubuntu1.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in sahara-dashboard (Ubuntu Artful):
status: Triaged → Fix Committed
Changed in trove-dashboard (Ubuntu):
status: New → Invalid
Changed in neutron-lbaas-dashboard (Ubuntu):
status: New → Invalid
Changed in murano-dashboard (Ubuntu):
status: New → Invalid
Changed in trove-dashboard (Ubuntu Xenial):
importance: Undecided → Critical
Changed in trove-dashboard (Ubuntu Artful):
importance: Undecided → Critical
Changed in murano-dashboard (Ubuntu Xenial):
importance: Undecided → Critical
Changed in murano-dashboard (Ubuntu Artful):
importance: Undecided → Critical
Changed in sahara-dashboard (Ubuntu Xenial):
importance: Undecided → Critical
Changed in charm-openstack-dashboard:
status: Triaged → Fix Released
Revision history for this message
Corey Bryant (corey.bryant) wrote :

Artful verification has completed successfully using artful-proposed with the following packages:

python-designate-dashboard: 5.0.1-0ubuntu1.1
python-murano-dashboard: 1:4.0.0-0ubuntu1.2
python-sahara-dashboard: 6.0.0-0ubuntu1.2
python-trove-dashboard: 9.0.0-0ubuntu1.1

After installing each package, permissions for /var/lib/openstack-dashboard remained as follows:
/var/lib/openstack-dashboard:
total 24
drwxr-xr-x 5 horizon horizon 4096 Mar 16 12:49 .
drwxr-xr-x 41 root root 4096 Mar 16 12:00 ..
drwxr-xr-x 3 horizon horizon 4096 Mar 16 12:49 .novaclient
-rw-r--r-- 1 horizon horizon 0 Mar 16 12:01 _var_lib_openstack-dashboard_secret_key.lock
drwxr-xr-x 2 horizon horizon 4096 Feb 2 20:24 secret-key
-rw------- 1 horizon horizon 64 Mar 16 12:01 secret_key
drwxr-xr-x 13 horizon horizon 4096 Mar 16 12:57 static

tags: added: verification-done-artful verification-kilo-done
removed: verification-kilo-needed verification-needed-artful
Revision history for this message
Corey Bryant (corey.bryant) wrote :

I also verified and promoted kilo yesterday, tagging appropriately.

Revision history for this message
Corey Bryant (corey.bryant) wrote :

Hello James, or anyone else affected,

Accepted horizon into mitaka-proposed. The package will build now and be available in the Ubuntu Cloud Archive in a few hours, and then in the -proposed repository.

Please help us by testing this new package. To enable the -proposed repository:

  sudo add-apt-repository cloud-archive:mitaka-proposed
  sudo apt-get update

Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-mitaka-needed to verification-mitaka-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-mitaka-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

tags: added: verification-mitaka-needed
Revision history for this message
Corey Bryant (corey.bryant) wrote :

Xenial verification has completed successfully using xenial-proposed with the following packages:

openstack-dashboard: 2:9.1.2-0ubuntu5
python-sahara-dashboard: 4.0.0-1ubuntu1.1
python-murano-dashboard: 1:2.0.0-1ubuntu1
python-trove-dashboard: 6.0.0-1ubuntu1

After installing each package, permissions for /etc/openstack-dashboard and /var/lib/openstack-dashboard remains as follows and the dashboard continues to function as expected:

/etc/openstack-dashboard:
total 36
drwxr-xr-x 2 horizon horizon 4096 Mar 16 13:26 .
drwxr-xr-x 101 root root 4096 Mar 16 13:27 ..
-rw-r----- 1 root horizon 26775 Mar 16 13:29 local_settings.py

/var/lib/openstack-dashboard:
total 12
drwx------ 2 horizon horizon 4096 Mar 16 13:26 .
drwxr-xr-x 48 root root 4096 Mar 16 13:26 ..
-rw------- 1 horizon horizon 64 Mar 16 13:26 secret_key
-rw-r--r-- 1 horizon horizon 0 Mar 16 13:26 _var_lib_openstack-dashboard_secret_key.lock

tags: added: verification-done
removed: verification-mitaka-needed verification-needed
Revision history for this message
Corey Bryant (corey.bryant) wrote :

Affected packages are now in pike-proposed.

Revision history for this message
Corey Bryant (corey.bryant) wrote :

Pike verification has completed successfully using pike-proposed with the following packages:

python-designate-dashboard: 5.0.1-0ubuntu1.1~cloud0
python-murano-dashboard: 1:4.0.0-0ubuntu1.2~cloud0
python-sahara-dashboard: 6.0.0-0ubuntu1.2~cloud0
python-trove-dashboard: 9.0.0-0ubuntu1.1~cloud0

After installing each package, permissions for /var/lib/openstack-dashboard remained as follows:
/var/lib/openstack-dashboard:

/var/lib/openstack-dashboard:
total 28
drwxr-xr-x 6 horizon horizon 4096 Mar 16 13:39 .
drwxr-xr-x 48 root root 4096 Mar 16 13:19 ..
drwxr-xr-x 3 horizon horizon 4096 Mar 16 13:39 .cinderclient
drwxr-xr-x 3 horizon horizon 4096 Mar 16 13:35 .novaclient
-rw------- 1 horizon horizon 64 Mar 16 13:19 secret_key
drwxr-xr-x 2 horizon horizon 4096 Feb 6 03:07 secret-key
drwxr-xr-x 12 horizon horizon 4096 Mar 16 13:53 static
-rw-r--r-- 1 horizon horizon 0 Mar 16 13:19 _var_lib_openstack-dashboard_secret_key.lock

Also worth nothing dashboard continues to function after each install and /etc/openstack-dashboard perms are:

/etc/openstack-dashboard:
total 40
drwxr-x--- 2 root horizon 4096 Mar 16 13:19 .
drwxr-xr-x 101 root root 4096 Mar 16 13:21 ..
-rw-r----- 1 root horizon 31002 Mar 16 13:24 local_settings.py

Revision history for this message
Corey Bryant (corey.bryant) wrote : Update Released

The verification of the Stable Release Update for designate-dashboard has completed successfully and the package has now been released to -updates. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Corey Bryant (corey.bryant) wrote :

This bug was fixed in the package designate-dashboard - 5.0.1-0ubuntu1.1~cloud0
---------------

 designate-dashboard (5.0.1-0ubuntu1.1~cloud0) xenial-pike; urgency=medium
 .
   * New update for the Ubuntu Cloud Archive.
 .
 designate-dashboard (5.0.1-0ubuntu1.1) artful; urgency=medium
 .
   * d/python-designate-dashboard.postinst: Align with openstack-dashboard
     and use chown horizon instead of www-data (LP: #1755027).

Revision history for this message
Corey Bryant (corey.bryant) wrote :

The verification of the Stable Release Update for murano-dashboard has completed successfully and the package has now been released to -updates. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Corey Bryant (corey.bryant) wrote :

This bug was fixed in the package murano-dashboard - 1:4.0.0-0ubuntu1.2~cloud0
---------------

 murano-dashboard (1:4.0.0-0ubuntu1.2~cloud0) xenial-pike; urgency=medium
 .
   * New update for the Ubuntu Cloud Archive.
 .
 murano-dashboard (1:4.0.0-0ubuntu1.2) artful; urgency=medium
 .
   * d/python-murano-dashboard.postinst: Align with openstack-dashboard
     and use chown horizon instead of www-data (LP: #1755027).

Revision history for this message
Corey Bryant (corey.bryant) wrote :

The verification of the Stable Release Update for sahara-dashboard has completed successfully and the package has now been released to -updates. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Corey Bryant (corey.bryant) wrote :

This bug was fixed in the package sahara-dashboard - 6.0.0-0ubuntu1.2~cloud0
---------------

 sahara-dashboard (6.0.0-0ubuntu1.2~cloud0) xenial-pike; urgency=medium
 .
   * New update for the Ubuntu Cloud Archive.
 .
 sahara-dashboard (6.0.0-0ubuntu1.2) artful; urgency=medium
 .
   * d/gbp.conf: Create stable/pike branch.
   * d/python-sahara-dashboard.postinst: Align with openstack-dashboard
     and use chown horizon instead of www-data (LP: #1755027).
   * d/p/fix-neutron-related-openstack_dashboard-imports.patch: Cherry-picked
     patch from upstream to fix AttributeError's such as "AttributeError:
     'module' object has no attribute 'floating_ip_pools_list'" (LP: #1756189).

Revision history for this message
Corey Bryant (corey.bryant) wrote :

The verification of the Stable Release Update for trove-dashboard has completed successfully and the package has now been released to -updates. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Corey Bryant (corey.bryant) wrote :

This bug was fixed in the package trove-dashboard - 9.0.0-0ubuntu1.1~cloud0
---------------

 trove-dashboard (9.0.0-0ubuntu1.1~cloud0) xenial-pike; urgency=medium
 .
   * New update for the Ubuntu Cloud Archive.
 .
 trove-dashboard (9.0.0-0ubuntu1.1) artful; urgency=medium
 .
   * d/gbp.conf: Create stable/pike branch.
   * d/python-trove-dashboard.postinst: Align with openstack-dashboard
     and use chown horizon instead of www-data (LP: #1755027).

Revision history for this message
Corey Bryant (corey.bryant) wrote :

Trusty verification has completed successfully using trusty-proposed with the following package:
openstack-dashboard: 1:2014.1.5-0ubuntu2.2

After installation, permissions for /etc/openstack-dashboard are:

/etc/openstack-dashboard:
total 28
drwxr-xr-x 2 horizon horizon 4096 Mar 16 14:13 .
drwxr-xr-x 94 root root 4096 Mar 16 14:13 ..
-rw-r----- 1 root horizon 15180 Mar 16 14:16 local_settings.py
-rw-r--r-- 1 root root 333 Jul 29 2015 ubuntu_theme.py

And dashboard functions as expected.

tags: added: verification-done-trusty verification-done-xenial
Revision history for this message
Corey Bryant (corey.bryant) wrote :

Mitaka verification has completed successfully using mtiaka-proposed with the following package:
openstack-dashboard: 2:9.1.2-0ubuntu5~cloud0

After installation, permissions for /etc/openstack-dashboard are:

ubuntu@juju-1ece6c-coreycb2-21:~$ ls -al /etc/openstack-dashboard
total 64
drwxr-xr-x 2 horizon horizon 4096 Mar 16 15:08 .
drwxr-xr-x 96 root root 4096 Mar 16 14:10 ..
-rw-r----- 1 root horizon 26766 Mar 16 14:16 local_settings.py

And dashboard functions as expected.

Revision history for this message
Corey Bryant (corey.bryant) wrote :

The verification of the Stable Release Update for horizon has completed successfully and the package has now been released to -updates. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Corey Bryant (corey.bryant) wrote :

This bug was fixed in the package horizon - 2:9.1.2-0ubuntu5~cloud0
---------------

 horizon (2:9.1.2-0ubuntu5~cloud0) trusty-mitaka; urgency=medium
 .
   * New update for the Ubuntu Cloud Archive.
 .
 horizon (2:9.1.2-0ubuntu5) xenial; urgency=medium
 .
   [ Seyeong Kim ]
   * Hide unused consistency groups tab (LP: #1582725)
     - d/p/hide-unused-consistency-groups.patch: Pick some policies from
       upstream commit 388708b251b0487bb22fb3ebb8fcb36ee4ffdc4f to hide
       unused consistency groups tab.
 .
   [ Corey Bryant ]
   * d/openstack-dashboard.postinst: Ensure permissions are not
     world-readable for /etc/openstack-dashboard/local_settings.py
     (LP: #1755027).
 .
   [ Shane Peters ]
   * d/p/let-nova-to-pick-availability-zone.patch:
     In the Angular Launch Instance, if there is more than one
     availability zone default to the option for the Nova scheduler to pick.
     This is regression from the legacy Launch Instance feature (LP: #1613900).

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package murano-dashboard - 1:4.0.0-0ubuntu1.2

---------------
murano-dashboard (1:4.0.0-0ubuntu1.2) artful; urgency=medium

  * d/python-murano-dashboard.postinst: Align with openstack-dashboard
    and use chown horizon instead of www-data (LP: #1755027).

 -- Corey Bryant <email address hidden> Wed, 14 Mar 2018 21:15:35 -0400

Changed in murano-dashboard (Ubuntu Artful):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package trove-dashboard - 9.0.0-0ubuntu1.1

---------------
trove-dashboard (9.0.0-0ubuntu1.1) artful; urgency=medium

  * d/gbp.conf: Create stable/pike branch.
  * d/python-trove-dashboard.postinst: Align with openstack-dashboard
    and use chown horizon instead of www-data (LP: #1755027).

 -- Corey Bryant <email address hidden> Wed, 14 Mar 2018 21:25:42 -0400

Changed in trove-dashboard (Ubuntu Artful):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package designate-dashboard - 5.0.1-0ubuntu1.1

---------------
designate-dashboard (5.0.1-0ubuntu1.1) artful; urgency=medium

  * d/python-designate-dashboard.postinst: Align with openstack-dashboard
    and use chown horizon instead of www-data (LP: #1755027).

 -- Corey Bryant <email address hidden> Wed, 14 Mar 2018 21:18:33 -0400

Changed in designate-dashboard (Ubuntu Artful):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package sahara-dashboard - 6.0.0-0ubuntu1.2

---------------
sahara-dashboard (6.0.0-0ubuntu1.2) artful; urgency=medium

  * d/gbp.conf: Create stable/pike branch.
  * d/python-sahara-dashboard.postinst: Align with openstack-dashboard
    and use chown horizon instead of www-data (LP: #1755027).
  * d/p/fix-neutron-related-openstack_dashboard-imports.patch: Cherry-picked
    patch from upstream to fix AttributeError's such as "AttributeError:
    'module' object has no attribute 'floating_ip_pools_list'" (LP: #1756189).

 -- Corey Bryant <email address hidden> Wed, 14 Mar 2018 21:20:49 -0400

Changed in sahara-dashboard (Ubuntu Artful):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package murano-dashboard - 1:2.0.0-1ubuntu1

---------------
murano-dashboard (1:2.0.0-1ubuntu1) xenial; urgency=medium

  * d/python-murano-dashboard.postinst: Align with openstack-dashboard
    and use chown horizon instead of www-data (LP: #1755027).

 -- Corey Bryant <email address hidden> Thu, 15 Mar 2018 09:20:46 -0400

Changed in murano-dashboard (Ubuntu Xenial):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package trove-dashboard - 6.0.0-1ubuntu1

---------------
trove-dashboard (6.0.0-1ubuntu1) xenial; urgency=medium

  * d/python-trove-dashboard.postinst: Align with openstack-dashboard
    and use chown horizon instead of www-data (LP: #1755027).

 -- Corey Bryant <email address hidden> Thu, 15 Mar 2018 09:27:44 -0400

Changed in trove-dashboard (Ubuntu Xenial):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package sahara-dashboard - 4.0.0-1ubuntu1.1

---------------
sahara-dashboard (4.0.0-1ubuntu1.1) xenial; urgency=medium

  * d/python-sahara-dashboard.postinst: Align with openstack-dashboard
    and use chown horizon instead of www-data (LP: #1755027).

 -- Corey Bryant <email address hidden> Thu, 15 Mar 2018 09:24:45 -0400

Changed in sahara-dashboard (Ubuntu Xenial):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package horizon - 2:9.1.2-0ubuntu5

---------------
horizon (2:9.1.2-0ubuntu5) xenial; urgency=medium

  [ Seyeong Kim ]
  * Hide unused consistency groups tab (LP: #1582725)
    - d/p/hide-unused-consistency-groups.patch: Pick some policies from
      upstream commit 388708b251b0487bb22fb3ebb8fcb36ee4ffdc4f to hide
      unused consistency groups tab.

  [ Corey Bryant ]
  * d/openstack-dashboard.postinst: Ensure permissions are not
    world-readable for /etc/openstack-dashboard/local_settings.py
    (LP: #1755027).

  [ Shane Peters ]
  * d/p/let-nova-to-pick-availability-zone.patch:
    In the Angular Launch Instance, if there is more than one
    availability zone default to the option for the Nova scheduler to pick.
    This is regression from the legacy Launch Instance feature (LP: #1613900).

 -- Corey Bryant <email address hidden> Thu, 15 Mar 2018 13:57:14 -0400

Changed in horizon (Ubuntu Xenial):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package horizon - 1:2014.1.5-0ubuntu2.2

---------------
horizon (1:2014.1.5-0ubuntu2.2) trusty; urgency=medium

  * d/openstack-dashboard.postinst: Ensure permissions are not
    world-readable for /etc/openstack-dashboard/local_settings.py
    (LP: #1755027).

 -- Corey Bryant <email address hidden> Wed, 14 Mar 2018 08:55:44 -0400

Changed in horizon (Ubuntu Trusty):
status: Fix Committed → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to charm-openstack-dashboard (master)

Reviewed: https://review.openstack.org/552901
Committed: https://git.openstack.org/cgit/openstack/charm-openstack-dashboard/commit/?id=eb9e0b839110c6949b16b3dcd5ec705093bdeb35
Submitter: Zuul
Branch: master

commit eb9e0b839110c6949b16b3dcd5ec705093bdeb35
Author: Ryan Beisner <email address hidden>
Date: Wed Mar 14 13:18:12 2018 +0000

    Add regression test coverage for conf file permissions

    Change-Id: I8e7f986035935a742b4acb320f71887e23989dbb
    Partial-bug: #1755027

To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.