792622 - Whitelist the signed apps directories for X-Sendfile

Status: RESOLVED FIXED

(Cloud Services :: Operations: Marketplace, task)

Description

[Andy McKay]

We'll need to server signed apps from our server and they are going into directories pointed to by:

SIGNED_APP_PATH
SIGNED_APP_REVIEWER_PATH

Let's assume for the moment that SIGNED_APP_PATH can be placed on the CDN. But that SIGNED_APP_REVIEWER_PATH will not be on the CDN.

Comment 1

[Jeremy Orem [:oremj]]

Is this just for dev at the moment?

Comment 2

[Andy McKay]

Yes, we will probably be pushing to dev on the 27th.

I realised I made a typo, its:

SIGNED_APPS_PATH
SIGNED_APPS_REVIEWER_PATH

Missed the S in APPS.

Comment 3

[Andy McKay]

And we got permission denied on trying to write to that directory too:

http://sentry.dmz.phx1.mozilla.com/marketplace-dev/group/2436/

Comment 4

[Jeremy Orem [:oremj]]

> Index: webapp/files/addons-dev/etc-nginx/domains/addons-dev.allizom.org.conf
> ===================================================================
> --- webapp/files/addons-dev/etc-nginx/domains/addons-dev.allizom.org.conf	(revision 48407)
> +++ webapp/files/addons-dev/etc-nginx/domains/addons-dev.allizom.org.conf	(revision 48408)
> @@ -125,6 +125,10 @@
>          internal;
>          alias /mnt/netapp_amo_dev/addons-dev.allizom.org/shared_storage/tmp/packager/;
>      }
> +    location /mnt/netapp_amo_dev/addons-dev.allizom.org/signed_apps_reviewer/ {
> +        internal;
> +        alias /mnt/netapp_amo_dev/addons-dev.allizom.org/signed_apps_reviewer/;
> +    }
>  
>      location ^~ /media/js/workers/ {
>      }
> Index: webapp/files/addons-dev/etc-nginx/domains/marketplace-dev.allizom.org.conf
> ===================================================================
> --- webapp/files/addons-dev/etc-nginx/domains/marketplace-dev.allizom.org.conf	(revision 48407)
> +++ webapp/files/addons-dev/etc-nginx/domains/marketplace-dev.allizom.org.conf	(revision 48408)
> @@ -124,6 +124,10 @@
>          internal;
>          alias /mnt/netapp_amo_dev/addons-dev.allizom.org/shared_storage/tmp/packager/;
>      }
> +    location /mnt/netapp_amo_dev/addons-dev.allizom.org/signed_apps_reviewer/ {
> +        internal;
> +        alias /mnt/netapp_amo_dev/addons-dev.allizom.org/signed_apps_reviewer/;
> +    }
>  
>      location ^~ /media/js/workers/ {
>      }
> Index: webapp/templates/addons/settings/zamboni/dev/settings_local_base.py
> ===================================================================
> --- webapp/templates/addons/settings/zamboni/dev/settings_local_base.py	(revision 48407)
> +++ webapp/templates/addons/settings/zamboni/dev/settings_local_base.py	(revision 48408)
> @@ -99,6 +99,8 @@
>  IMAGEASSET_FULL_PATH = IMAGEASSETS_PATH + '/%s/%d.%s'
>  PERSONAS_PATH = UPLOADS_PATH + '/personas'
>  PREVIEWS_PATH = UPLOADS_PATH + '/previews'
> +SIGNED_APPS_PATH = UPLOADS_PATH + '/signed_apps'
> +SIGNED_APPS_REVIEWER_PATH = NETAPP_STORAGE + '/signed_apps_reviewer'
>  PREVIEW_THUMBNAIL_PATH = PREVIEWS_PATH + '/thumbs/%s/%d.png'
>  PREVIEW_FULL_PATH = PREVIEWS_PATH + '/full/%s/%d.%s'
>

Comment 5

[Andy McKay]

Can we double this is working?

We are returning:

/mnt/netapp_amo_dev/addons-dev.allizom.org/shared_storage/signed_apps_reviewer/387989/malcal-ererly-io-2.0.signed.webapp

In the X-SendFile and we are getting a 404 in browser.

Sample URL (if you are a reviewer):

https://marketplace-dev.allizom.org/reviewers/signed/malcal-ererly-io/1360949

And the log path says:

Sep 25 13:37:26 dev2.addons.phx1.mozilla.com: [1df0320c-8a69-11e1-bf36-441ea15c3000][173.180.222.166] z.reviewers:INFO Returning signed package addon: 387989, version: 1360949, path: /mnt/netapp_amo_dev/addons-dev.allizom.org/shared_storage/signed_apps_reviewer/387989/malcal-ererly-io-2.0.signed.webapp :/data/www/addons-dev.allizom.org/zamboni/mkt/reviewers/views.py:706

It looks that file exists.