Possiblity to delete report data (blob) gathered by apport?

Asked by Mikkel Kirkgaard Nielsen on 2018-12-12

Since giving my consent to upload I've realised that data relating to an Ubuntu bug automatically gathered by apport contains information that is somewhat sensitive.

I've saved the URL generated by apport and reckons that the reference to the data is most likely through the UUID I see as a part of that (document path ends on "/+filebug/$UUID").

Investigating the source code of apport to see what mechanisms are involved in the upload reveals that apport does a POST to a "/+storeblob" API entry point (https://git.launchpad.net/ubuntu/+source/apport/tree/apport/crashdb_impl/launchpad.py#n246) which in its response returns an "X-Launchpad-Blob-Token" header with the reference.

I guess the blob is currently a temporary blob (https://launchpad.net/+apidoc/1.0.html#temporary_blob) and that when a bug report is submitted referencing the blob the data is pulled into the bug and the temporary blob discarded. I can however find no documentation on this or if an end user can view and/or delete this data if needed. Even from the filebug page itself the data is not visible and submitting the bug would obviously make its content public.

Question information

English Edit question
Launchpad itself Edit question
No assignee Edit question
Last query:
Last reply:
Colin Watson (cjwatson) said : #1

If you don't go through with filing the bug, then we automatically delete the temporary data after a short time (currently a week plus time for the garbage-collection job to run; see https://git.launchpad.net/launchpad/tree/lib/lp/services/temporaryblobstorage/model.py#n93 and https://git.launchpad.net/launchpad/tree/lib/lp/services/librarianserver/librariangc.py#n130).

There is some limited support for viewing a temporary blob using the Launchpad webservice, depending on its exact state; it's really only intended for use by automated tools, but you can poke at it yourself if you want. Install the "lptools" package, run "lp-shell production devel", and do something like this:

  >>> blob = lp.load('/temporary-blobs/$UUID')
  >>> blob.hasBeenProcessed()
  # or False if it hasn't been processed, in which case you won't be able to see anything useful
  >>> blob.getProcessedData()

The UUID is treated as a secret, of course.

It would be possible to add deletion support to this webservice interface if we needed it, but so far the fairly short automatic expiry has been good enough.

Can you help with this problem?

Provide an answer of your own, or ask Mikkel Kirkgaard Nielsen for more information if necessary.

To post a message you must log in.