From 260b3803f39438ff0c61d079962bfbe78fe4a848 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Wed, 1 Oct 2014 09:58:32 -0700 Subject: Ensure files are closed promptly when generating a key pair On Python's without reference counting (e.g. PyPy) the current code will keep the file descriptors open for an arbitrary length of time, until the GC runs. Change-Id: Idf81df95894fed1d13a68705ef490d5a29367ff1 --- nova/crypto.py | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'nova/crypto.py') diff --git a/nova/crypto.py b/nova/crypto.py index cecd1846bc..e5c4161433 100644 --- a/nova/crypto.py +++ b/nova/crypto.py @@ -153,11 +153,13 @@ def generate_key_pair(bits=None): fingerprint = _generate_fingerprint('%s.pub' % (keyfile)) if not os.path.exists(keyfile): raise exception.FileNotFound(keyfile) - private_key = open(keyfile).read() + with open(keyfile) as f: + private_key = f.read() public_key_path = keyfile + '.pub' if not os.path.exists(public_key_path): raise exception.FileNotFound(public_key_path) - public_key = open(public_key_path).read() + with open(public_key_path) as f: + public_key = f.read() return (private_key, public_key, fingerprint) @@ -332,8 +334,10 @@ def generate_x509_cert(user_id, project_id, bits=2048): utils.execute('openssl', 'genrsa', '-out', keyfile, str(bits)) utils.execute('openssl', 'req', '-new', '-key', keyfile, '-out', csrfile, '-batch', '-subj', subject) - private_key = open(keyfile).read() - csr = open(csrfile).read() + with open(keyfile) as f: + private_key = f.read() + with open(csrfile) as f: + csr = f.read() (serial, signed_csr) = sign_csr(csr, project_id) fname = os.path.join(ca_folder(project_id), 'newcerts/%s.pem' % serial) -- cgit v1.2.1