-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[stable9.1] Setupfs before access a users keys #26824
[stable9.1] Setupfs before access a users keys #26824
Conversation
Cherry-picked the additional commit |
Looks like we still have some unit test failures. Automated tests will be added as part of #26844. |
Cherry-picked additional test fixes from the master branch. @jvillafanez please review |
Argh, need to replace |
4bcd7bd
to
54eefbd
Compare
Okay, should be good to go now. |
👍 |
Let's wait before merging. Need to investigate this (not-so-critical-but-still) regression #26935 |
I'll adjust this later when rebasing. |
|
fix works fine in my production environment |
54eefbd
to
a18a264
Compare
Need rereview, I cherry-picked backports of master to fix a regression and incomplete cases. |
My only worry is that this should be done after deleting the user. If the user isn't deleted, we'd already have deleted the keys with the current code. Maybe if the keys are stored in the user's home and we can't access to it, we could suppose the keys are already deleted. If they're stored elsewhere we can delete them without problem after the user is deleted. |
Hmm, then I should revert #26938 and find a better way |
|
@jvillafanez please review #26968 with an alternative solution to the preDelete problem. Have to revert and refix on master before I can cherry-pick the new solution here. |
When encryption keys are stored outside the user's homes, there is no need to mount said homes.
Whenever a user was deleted for encryption where the keys are stored in the home, we can ignore user existence exceptions because it means the keys are already gone.
a18a264
to
9ccc59b
Compare
Rebased and removed the "preDelete" commit and cherry-picked the better fix from #26968 |
After all these additions, let's retest this:
|
|
😢 |
Integrations test backport pending to be merged #26976 |
Changes look good 👍 |
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
port of #26820