From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: X-Spam-Status: No, score=-4.0 required=3.0 tests=ALL_TRUSTED,BAYES_00 shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2 Received: from localhost (dcvr.yhbt.net [127.0.0.1]) by dcvr.yhbt.net (Postfix) with ESMTP id 677341F9F3 for ; Thu, 14 Oct 2021 04:32:55 +0000 (UTC) From: Eric Wong To: meta@public-inbox.org Subject: [PATCH 1/3] clone+fetch: respect umask for all downloaded files Date: Thu, 14 Oct 2021 04:32:53 +0000 Message-Id: <20211014043255.19545-2-e@80x24.org> In-Reply-To: <20211014043255.19545-1-e@80x24.org> References: <20211014043255.19545-1-e@80x24.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit List-Id: Since public inboxes are usually intended to be public, the File::Temp default permission of 0600 is wrong. Just respect the user's umask in this case as git-clone does. This doesn't work for "lei add-external --mirror", yet; but it will... --- lib/PublicInbox/Fetch.pm | 5 ++--- lib/PublicInbox/LeiMirror.pm | 30 ++++++++++++++++++------------ 2 files changed, 20 insertions(+), 15 deletions(-) diff --git a/lib/PublicInbox/Fetch.pm b/lib/PublicInbox/Fetch.pm index 0d4badbf216f..5261cad19855 100644 --- a/lib/PublicInbox/Fetch.pm +++ b/lib/PublicInbox/Fetch.pm @@ -218,13 +218,12 @@ EOM } for my $i (@new_epoch) { $mg->epoch_cfg_set($i) } if ($ft) { - my $fn = $ft->filename; if ($mculled) { my $json = PublicInbox::Config->json->encode($m1); + my $fn = $ft->filename; gzip(\$json => $fn) or die "gzip: $GzipError"; } - rename($fn, $mf) or die "E: rename($fn, $mf): $!\n"; - $ft->unlink_on_destroy(0); + PublicInbox::LeiMirror::ft_rename($ft, $mf, 0666); } $lei->child_error($xit << 8) if $fp2 && $xit; } diff --git a/lib/PublicInbox/LeiMirror.pm b/lib/PublicInbox/LeiMirror.pm index ec41bec6f16b..1369c00c57fd 100644 --- a/lib/PublicInbox/LeiMirror.pm +++ b/lib/PublicInbox/LeiMirror.pm @@ -12,6 +12,7 @@ use IO::Compress::Gzip qw(gzip $GzipError); use PublicInbox::Spawn qw(popen_rd spawn run_die); use File::Temp (); use Fcntl qw(SEEK_SET O_CREAT O_EXCL O_WRONLY); +use Carp qw(croak); sub _wq_done_wait { # dwaitpid callback (via wq_eof) my ($arg, $pid) = @_; @@ -89,24 +90,31 @@ sub clone_cmd { @cmd; } +sub ft_rename ($$$) { + my ($ft, $dst, $open_mode) = @_; + my $fn = $ft->filename; + my @st = stat($dst); + my $mode = @st ? ($st[2] & 07777) : ($open_mode & ~umask); + chmod($mode, $ft) or croak "E: chmod $fn: $!"; + rename($fn, $dst) or croak "E: rename($fn => $ft): $!"; + $ft->unlink_on_destroy(0); +} + sub _get_txt { # non-fatal - my ($self, $endpoint, $file) = @_; + my ($self, $endpoint, $file, $mode) = @_; my $uri = URI->new($self->{src}); my $lei = $self->{lei}; my $path = $uri->path; chop($path) eq '/' or die "BUG: $uri not canonicalized"; $uri->path("$path/$endpoint"); my $ft = File::Temp->new(TEMPLATE => "$file-XXXX", DIR => $self->{dst}); - my $f = $ft->filename; my $opt = { 0 => $lei->{0}, 1 => $lei->{1}, 2 => $lei->{2} }; my $cmd = $self->{curl}->for_uri($lei, $uri, - qw(--compressed -R -o), $f); + qw(--compressed -R -o), $ft->filename); my $cerr = run_reap($lei, $cmd, $opt); return "$uri missing" if ($cerr >> 8) == 22; return "# @$cmd failed (non-fatal)" if $cerr; - my $ce = "$self->{dst}/$file"; - rename($f, $ce) or return "rename($f, $ce): $! (non-fatal)"; - $ft->unlink_on_destroy(0); + ft_rename($ft, "$self->{dst}/$file", $mode); undef; # success } @@ -119,10 +127,10 @@ sub _try_config { File::Path::mkpath($dst); -d $dst or die "mkpath($dst): $!\n"; } - my $err = _get_txt($self, qw(_/text/config/raw inbox.config.example)); + my $err = _get_txt($self, + qw(_/text/config/raw inbox.config.example), 0444); return warn($err, "\n") if $err; my $f = "$self->{dst}/inbox.config.example"; - chmod((stat($f))[2] & 0444, $f) or die "chmod(a-w, $f): $!"; my $cfg = PublicInbox::Config->git_config_dump($f, $self->{lei}->{2}); my $ibx = $self->{ibx} = {}; for my $sec (grep(/\Apublicinbox\./, @{$cfg->{-section_order}})) { @@ -150,7 +158,7 @@ sub set_description ($) { sub index_cloned_inbox { my ($self, $iv) = @_; my $lei = $self->{lei}; - my $err = _get_txt($self, qw(description description)); + my $err = _get_txt($self, qw(description description), 0666); warn($err, "\n") if $err; # non fatal eval { set_description($self) }; warn $@ if $@; @@ -404,9 +412,7 @@ EOM my $json = PublicInbox::Config->json->encode($m); gzip(\$json => $fn) or die "gzip: $GzipError"; } - my $fin = "$self->{dst}/manifest.js.gz"; - rename($fn, $fin) or die "E: rename($fn, $fin): $!"; - $ft->unlink_on_destroy(0); + ft_rename($ft, "$self->{dst}/manifest.js.gz", 0666); } sub start_clone_url {