diff options
author | Alex Gaynor <alex.gaynor@gmail.com> | 2014-10-01 09:58:32 -0700 |
---|---|---|
committer | Alex Gaynor <alex.gaynor@gmail.com> | 2014-10-01 10:21:42 -0700 |
commit | 260b3803f39438ff0c61d079962bfbe78fe4a848 (patch) | |
tree | 1e4f124c7c9fdefa6945e214d629087031ac480d /nova/crypto.py | |
parent | 3d84df312c7d27a237e3fe5df87d056206801a2c (diff) | |
download | nova-260b3803f39438ff0c61d079962bfbe78fe4a848.tar.gz |
Ensure files are closed promptly when generating a key pair
On Python's without reference counting (e.g. PyPy) the current code will keep
the file descriptors open for an arbitrary length of time, until the GC runs.
Change-Id: Idf81df95894fed1d13a68705ef490d5a29367ff1
Diffstat (limited to 'nova/crypto.py')
-rw-r--r-- | nova/crypto.py | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/nova/crypto.py b/nova/crypto.py index cecd1846bc..e5c4161433 100644 --- a/nova/crypto.py +++ b/nova/crypto.py @@ -153,11 +153,13 @@ def generate_key_pair(bits=None): fingerprint = _generate_fingerprint('%s.pub' % (keyfile)) if not os.path.exists(keyfile): raise exception.FileNotFound(keyfile) - private_key = open(keyfile).read() + with open(keyfile) as f: + private_key = f.read() public_key_path = keyfile + '.pub' if not os.path.exists(public_key_path): raise exception.FileNotFound(public_key_path) - public_key = open(public_key_path).read() + with open(public_key_path) as f: + public_key = f.read() return (private_key, public_key, fingerprint) @@ -332,8 +334,10 @@ def generate_x509_cert(user_id, project_id, bits=2048): utils.execute('openssl', 'genrsa', '-out', keyfile, str(bits)) utils.execute('openssl', 'req', '-new', '-key', keyfile, '-out', csrfile, '-batch', '-subj', subject) - private_key = open(keyfile).read() - csr = open(csrfile).read() + with open(keyfile) as f: + private_key = f.read() + with open(csrfile) as f: + csr = f.read() (serial, signed_csr) = sign_csr(csr, project_id) fname = os.path.join(ca_folder(project_id), 'newcerts/%s.pem' % serial) |