CondorCORE/condorcore-keyring
CondorCORE/condorcore-keyring
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix(keyringctl): avoid leaking unclosed file descriptors

Browse Source
This commit is contained in:
Levente Polyak 2021-10-25 19:39:20 +02:00
parent 10d54ac35d
commit 878752dc13
No known key found for this signature in database
GPG Key ID: FC1B547C8D8172C8
1 changed files with 29 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
libkeyringctl/keyring.py
View File

@ -11,8 +11,8 @@ from re import sub
from shutil import copytree from shutil import copytree
from subprocess import PIPE from subprocess import PIPE
from subprocess import Popen from subprocess import Popen
from tempfile import NamedTemporaryFile
from tempfile import mkdtemp from tempfile import mkdtemp
from tempfile import mkstemp
from typing import Dict from typing import Dict
from typing import List from typing import List
from typing import Optional from typing import Optional
@ -993,18 +993,19 @@ def inspect_keyring(working_dir: Path, keyring_root: Path, sources: Optional[Lis
transform_username_to_keyring_path(keyring_dir=keyring_root / "packager", paths=sources) transform_username_to_keyring_path(keyring_dir=keyring_root / "packager", paths=sources)
transform_fingerprint_to_keyring_path(keyring_root=keyring_root, paths=sources) transform_fingerprint_to_keyring_path(keyring_root=keyring_root, paths=sources)
keyring = Path(mkstemp(dir=working_dir, prefix="packet-", suffix=".asc")[1]).absolute() with NamedTemporaryFile(dir=working_dir, prefix="packet-", suffix=".asc") as keyring:
export(working_dir=working_dir, keyring_root=keyring_root, sources=sources, output=keyring) keyring_path = Path(keyring.name)
export(working_dir=working_dir, keyring_root=keyring_root, sources=sources, output=keyring_path)
fingerprints: Dict[Fingerprint, Username] = get_fingerprints_from_certificate_directory( fingerprints: Dict[Fingerprint, Username] = get_fingerprints_from_certificate_directory(
paths=[keyring_root / "packager"] paths=[keyring_root / "packager"]
) | get_fingerprints_from_certificate_directory(paths=[keyring_root / "main"], postfix=" (main)") ) | get_fingerprints_from_certificate_directory(paths=[keyring_root / "main"], postfix=" (main)")
return inspect( return inspect(
packet=keyring, packet=keyring_path,
certifications=True, certifications=True,
fingerprints=fingerprints, fingerprints=fingerprints,
) )
def verify( def verify(
@ -1037,17 +1038,20 @@ def verify(
for certificate in sorted(cert_paths): for certificate in sorted(cert_paths):
print(f"Verify {certificate.name} owned by {certificate.parent.name}") print(f"Verify {certificate.name} owned by {certificate.parent.name}")
keyring = Path(
mkstemp(dir=working_dir, prefix=f"{certificate.parent.name}-{certificate.name}", suffix=".asc")[1] with NamedTemporaryFile(
).absolute() dir=working_dir, prefix=f"{certificate.parent.name}-{certificate.name}", suffix=".asc"
export( ) as keyring:
working_dir=working_dir, keyring_path = Path(keyring.name)
keyring_root=keyring_root, export(
sources=[certificate], working_dir=working_dir,
output=keyring, keyring_root=keyring_root,
) sources=[certificate],
if lint_hokey: output=keyring_path,
keyring_fd = Popen(("sq", "dearmor", f"{str(keyring)}"), stdout=PIPE) )
print(system(["hokey", "lint"], _stdin=keyring_fd.stdout), end="")
if lint_sq_keyring: if lint_hokey:
print(system(["sq-keyring-linter", f"{str(keyring)}"]), end="") keyring_fd = Popen(("sq", "dearmor", f"{str(keyring_path)}"), stdout=PIPE)
print(system(["hokey", "lint"], _stdin=keyring_fd.stdout), end="")
if lint_sq_keyring:
print(system(["sq-keyring-linter", f"{str(keyring_path)}"]), end="")