Mailinglist Archive: opensuse-buildservice (207 mails)

< Previous Next >
Re: [opensuse-buildservice] Should osc support global oscrc ?
On Tue, Mar 1, 2011 at 12:45 AM, Marcus Hüwe <suse-tux@xxxxxx> wrote:
On 2011-02-28 13:22:40 +0000, Anas Nashif wrote:

On 28 Feb 2011, at 12:59, Marcus Hüwe wrote:

Hi,

On 2011-02-28 11:34:07 +0000, Anas Nashif wrote:
Actually, osc should not touch or change anything in the home directory,
if the permissions of oscrc are not right, then it should just refuse to
run and ask the user to change the permissions of .oscrc.
Hmm yes we could implement this easily.

Another thing I noticed is that it manipulates the user credentials,
removes password entries and such without asking the user, which is
really a bad behaviour IMO, such changes should be confirmed or done by
the user.

This shouldn't be the case with osc from git master anymore.

What is wrong with having a system level oscrc file? For example in
/etc/oscrc? This is not less secure, since the the permissions of the
file /etc can be set to prevent other's from reading it.

There's no need for a "system level" oscrc, just tell osc which
configfile it should use: "osc --config /path/to/file" or set
the "OSC_CONFIG" environment variable.


Using environment variable for something like that really makes things
harder than they should be, especially if we are not using the command line
but osc as a module. We should be able to override the configuration when
initialising osc in some other python program for example. That should work
fine if we do not try to change the permissions mentioned above I guess..

As I said it's possible to change the code so that it raises an
exception if the permissions of the config are "wrong". If you're
writing a python module using osc you can specify a different config
with "get_config(override_conffile='/path/to/config', ...)".
Yes, we can use it (and currently using) to specify the oscrc. But the
problem is the oscrc must be writable for current user, for osc.conf
will try to
chmod it always.
Would osc can do it like this:
1. get the permission of specified oscrc
2. chmod it for safety only if the permission != 0600

Thanks,
jf.ding




Marcus
--
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-buildservice+help@xxxxxxxxxxxx


--
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-buildservice+help@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages