user/dev discussion of public-inbox itself
 help / color / mirror / code / Atom feed
From: Eric Wong <e@80x24.org>
To: meta@public-inbox.org
Subject: [PATCH 1/3] clone+fetch: respect umask for all downloaded files
Date: Thu, 14 Oct 2021 04:32:53 +0000	[thread overview]
Message-ID: <20211014043255.19545-2-e@80x24.org> (raw)
In-Reply-To: <20211014043255.19545-1-e@80x24.org>

Since public inboxes are usually intended to be public,
the File::Temp default permission of 0600 is wrong.
Just respect the user's umask in this case as git-clone
does.

This doesn't work for "lei add-external --mirror", yet;
but it will...
---
 lib/PublicInbox/Fetch.pm     |  5 ++---
 lib/PublicInbox/LeiMirror.pm | 30 ++++++++++++++++++------------
 2 files changed, 20 insertions(+), 15 deletions(-)

diff --git a/lib/PublicInbox/Fetch.pm b/lib/PublicInbox/Fetch.pm
index 0d4badbf216f..5261cad19855 100644
--- a/lib/PublicInbox/Fetch.pm
+++ b/lib/PublicInbox/Fetch.pm
@@ -218,13 +218,12 @@ EOM
 	}
 	for my $i (@new_epoch) { $mg->epoch_cfg_set($i) }
 	if ($ft) {
-		my $fn = $ft->filename;
 		if ($mculled) {
 			my $json = PublicInbox::Config->json->encode($m1);
+			my $fn = $ft->filename;
 			gzip(\$json => $fn) or die "gzip: $GzipError";
 		}
-		rename($fn, $mf) or die "E: rename($fn, $mf): $!\n";
-		$ft->unlink_on_destroy(0);
+		PublicInbox::LeiMirror::ft_rename($ft, $mf, 0666);
 	}
 	$lei->child_error($xit << 8) if $fp2 && $xit;
 }
diff --git a/lib/PublicInbox/LeiMirror.pm b/lib/PublicInbox/LeiMirror.pm
index ec41bec6f16b..1369c00c57fd 100644
--- a/lib/PublicInbox/LeiMirror.pm
+++ b/lib/PublicInbox/LeiMirror.pm
@@ -12,6 +12,7 @@ use IO::Compress::Gzip qw(gzip $GzipError);
 use PublicInbox::Spawn qw(popen_rd spawn run_die);
 use File::Temp ();
 use Fcntl qw(SEEK_SET O_CREAT O_EXCL O_WRONLY);
+use Carp qw(croak);
 
 sub _wq_done_wait { # dwaitpid callback (via wq_eof)
 	my ($arg, $pid) = @_;
@@ -89,24 +90,31 @@ sub clone_cmd {
 	@cmd;
 }
 
+sub ft_rename ($$$) {
+	my ($ft, $dst, $open_mode) = @_;
+	my $fn = $ft->filename;
+	my @st = stat($dst);
+	my $mode = @st ? ($st[2] & 07777) : ($open_mode & ~umask);
+	chmod($mode, $ft) or croak "E: chmod $fn: $!";
+	rename($fn, $dst) or croak "E: rename($fn => $ft): $!";
+	$ft->unlink_on_destroy(0);
+}
+
 sub _get_txt { # non-fatal
-	my ($self, $endpoint, $file) = @_;
+	my ($self, $endpoint, $file, $mode) = @_;
 	my $uri = URI->new($self->{src});
 	my $lei = $self->{lei};
 	my $path = $uri->path;
 	chop($path) eq '/' or die "BUG: $uri not canonicalized";
 	$uri->path("$path/$endpoint");
 	my $ft = File::Temp->new(TEMPLATE => "$file-XXXX", DIR => $self->{dst});
-	my $f = $ft->filename;
 	my $opt = { 0 => $lei->{0}, 1 => $lei->{1}, 2 => $lei->{2} };
 	my $cmd = $self->{curl}->for_uri($lei, $uri,
-					qw(--compressed -R -o), $f);
+					qw(--compressed -R -o), $ft->filename);
 	my $cerr = run_reap($lei, $cmd, $opt);
 	return "$uri missing" if ($cerr >> 8) == 22;
 	return "# @$cmd failed (non-fatal)" if $cerr;
-	my $ce = "$self->{dst}/$file";
-	rename($f, $ce) or return "rename($f, $ce): $! (non-fatal)";
-	$ft->unlink_on_destroy(0);
+	ft_rename($ft, "$self->{dst}/$file", $mode);
 	undef; # success
 }
 
@@ -119,10 +127,10 @@ sub _try_config {
 		File::Path::mkpath($dst);
 		-d $dst or die "mkpath($dst): $!\n";
 	}
-	my $err = _get_txt($self, qw(_/text/config/raw inbox.config.example));
+	my $err = _get_txt($self,
+			qw(_/text/config/raw inbox.config.example), 0444);
 	return warn($err, "\n") if $err;
 	my $f = "$self->{dst}/inbox.config.example";
-	chmod((stat($f))[2] & 0444, $f) or die "chmod(a-w, $f): $!";
 	my $cfg = PublicInbox::Config->git_config_dump($f, $self->{lei}->{2});
 	my $ibx = $self->{ibx} = {};
 	for my $sec (grep(/\Apublicinbox\./, @{$cfg->{-section_order}})) {
@@ -150,7 +158,7 @@ sub set_description ($) {
 sub index_cloned_inbox {
 	my ($self, $iv) = @_;
 	my $lei = $self->{lei};
-	my $err = _get_txt($self, qw(description description));
+	my $err = _get_txt($self, qw(description description), 0666);
 	warn($err, "\n") if $err; # non fatal
 	eval { set_description($self) };
 	warn $@ if $@;
@@ -404,9 +412,7 @@ EOM
 		my $json = PublicInbox::Config->json->encode($m);
 		gzip(\$json => $fn) or die "gzip: $GzipError";
 	}
-	my $fin = "$self->{dst}/manifest.js.gz";
-	rename($fn, $fin) or die "E: rename($fn, $fin): $!";
-	$ft->unlink_on_destroy(0);
+	ft_rename($ft, "$self->{dst}/manifest.js.gz", 0666);
 }
 
 sub start_clone_url {

  reply	other threads:[~2021-10-14  4:32 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-10-14  4:32 [PATCH 0/3] clone+fetch stuff Eric Wong
2021-10-14  4:32 ` Eric Wong [this message]
2021-10-14  4:32 ` [PATCH 2/3] lei add-external --mirror: respect client umask Eric Wong
2021-10-14  4:32 ` [PATCH 3/3] lei: give workers their own process group Eric Wong
2021-10-14 13:16   ` [PATCH 0/7] lei: more process handling fixes Eric Wong
2021-10-14 13:16     ` [PATCH 1/7] lei: use send() perlop for signals Eric Wong
2021-10-14 13:16     ` [PATCH 2/7] git: async_err shows retried requests properly Eric Wong
2021-10-14 13:16     ` [PATCH 3/7] git: ->fail invokes current callback Eric Wong
2021-10-14 13:16     ` [PATCH 4/7] git: cat-file --batch are their own pgrp Eric Wong
2021-10-14 13:16     ` [PATCH 5/7] lei: TSTP affects all curl and related subprocesses Eric Wong
2021-10-14 13:16     ` [PATCH 6/7] lei up: actually rely on DESTROY for --alllll Eric Wong
2021-10-14 13:16     ` [PATCH 7/7] lei up --all: send signals to workers, receive errors Eric Wong

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://public-inbox.org/README

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20211014043255.19545-2-e@80x24.org \
    --to=e@80x24.org \
    --cc=meta@public-inbox.org \
    --subject='Re: [PATCH 1/3] clone+fetch: respect umask for all downloaded files' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Code repositories for project(s) associated with this inbox:

	https://80x24.org/public-inbox.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).