From: Eric Wong <e@80x24.org>
To: meta@public-inbox.org
Subject: [PATCH 1/3] clone+fetch: respect umask for all downloaded files
Date: Thu, 14 Oct 2021 04:32:53 +0000 [thread overview]
Message-ID: <20211014043255.19545-2-e@80x24.org> (raw)
In-Reply-To: <20211014043255.19545-1-e@80x24.org>
Since public inboxes are usually intended to be public,
the File::Temp default permission of 0600 is wrong.
Just respect the user's umask in this case as git-clone
does.
This doesn't work for "lei add-external --mirror", yet;
but it will...
---
lib/PublicInbox/Fetch.pm | 5 ++---
lib/PublicInbox/LeiMirror.pm | 30 ++++++++++++++++++------------
2 files changed, 20 insertions(+), 15 deletions(-)
diff --git a/lib/PublicInbox/Fetch.pm b/lib/PublicInbox/Fetch.pm
index 0d4badbf216f..5261cad19855 100644
--- a/lib/PublicInbox/Fetch.pm
+++ b/lib/PublicInbox/Fetch.pm
@@ -218,13 +218,12 @@ EOM
}
for my $i (@new_epoch) { $mg->epoch_cfg_set($i) }
if ($ft) {
- my $fn = $ft->filename;
if ($mculled) {
my $json = PublicInbox::Config->json->encode($m1);
+ my $fn = $ft->filename;
gzip(\$json => $fn) or die "gzip: $GzipError";
}
- rename($fn, $mf) or die "E: rename($fn, $mf): $!\n";
- $ft->unlink_on_destroy(0);
+ PublicInbox::LeiMirror::ft_rename($ft, $mf, 0666);
}
$lei->child_error($xit << 8) if $fp2 && $xit;
}
diff --git a/lib/PublicInbox/LeiMirror.pm b/lib/PublicInbox/LeiMirror.pm
index ec41bec6f16b..1369c00c57fd 100644
--- a/lib/PublicInbox/LeiMirror.pm
+++ b/lib/PublicInbox/LeiMirror.pm
@@ -12,6 +12,7 @@ use IO::Compress::Gzip qw(gzip $GzipError);
use PublicInbox::Spawn qw(popen_rd spawn run_die);
use File::Temp ();
use Fcntl qw(SEEK_SET O_CREAT O_EXCL O_WRONLY);
+use Carp qw(croak);
sub _wq_done_wait { # dwaitpid callback (via wq_eof)
my ($arg, $pid) = @_;
@@ -89,24 +90,31 @@ sub clone_cmd {
@cmd;
}
+sub ft_rename ($$$) {
+ my ($ft, $dst, $open_mode) = @_;
+ my $fn = $ft->filename;
+ my @st = stat($dst);
+ my $mode = @st ? ($st[2] & 07777) : ($open_mode & ~umask);
+ chmod($mode, $ft) or croak "E: chmod $fn: $!";
+ rename($fn, $dst) or croak "E: rename($fn => $ft): $!";
+ $ft->unlink_on_destroy(0);
+}
+
sub _get_txt { # non-fatal
- my ($self, $endpoint, $file) = @_;
+ my ($self, $endpoint, $file, $mode) = @_;
my $uri = URI->new($self->{src});
my $lei = $self->{lei};
my $path = $uri->path;
chop($path) eq '/' or die "BUG: $uri not canonicalized";
$uri->path("$path/$endpoint");
my $ft = File::Temp->new(TEMPLATE => "$file-XXXX", DIR => $self->{dst});
- my $f = $ft->filename;
my $opt = { 0 => $lei->{0}, 1 => $lei->{1}, 2 => $lei->{2} };
my $cmd = $self->{curl}->for_uri($lei, $uri,
- qw(--compressed -R -o), $f);
+ qw(--compressed -R -o), $ft->filename);
my $cerr = run_reap($lei, $cmd, $opt);
return "$uri missing" if ($cerr >> 8) == 22;
return "# @$cmd failed (non-fatal)" if $cerr;
- my $ce = "$self->{dst}/$file";
- rename($f, $ce) or return "rename($f, $ce): $! (non-fatal)";
- $ft->unlink_on_destroy(0);
+ ft_rename($ft, "$self->{dst}/$file", $mode);
undef; # success
}
@@ -119,10 +127,10 @@ sub _try_config {
File::Path::mkpath($dst);
-d $dst or die "mkpath($dst): $!\n";
}
- my $err = _get_txt($self, qw(_/text/config/raw inbox.config.example));
+ my $err = _get_txt($self,
+ qw(_/text/config/raw inbox.config.example), 0444);
return warn($err, "\n") if $err;
my $f = "$self->{dst}/inbox.config.example";
- chmod((stat($f))[2] & 0444, $f) or die "chmod(a-w, $f): $!";
my $cfg = PublicInbox::Config->git_config_dump($f, $self->{lei}->{2});
my $ibx = $self->{ibx} = {};
for my $sec (grep(/\Apublicinbox\./, @{$cfg->{-section_order}})) {
@@ -150,7 +158,7 @@ sub set_description ($) {
sub index_cloned_inbox {
my ($self, $iv) = @_;
my $lei = $self->{lei};
- my $err = _get_txt($self, qw(description description));
+ my $err = _get_txt($self, qw(description description), 0666);
warn($err, "\n") if $err; # non fatal
eval { set_description($self) };
warn $@ if $@;
@@ -404,9 +412,7 @@ EOM
my $json = PublicInbox::Config->json->encode($m);
gzip(\$json => $fn) or die "gzip: $GzipError";
}
- my $fin = "$self->{dst}/manifest.js.gz";
- rename($fn, $fin) or die "E: rename($fn, $fin): $!";
- $ft->unlink_on_destroy(0);
+ ft_rename($ft, "$self->{dst}/manifest.js.gz", 0666);
}
sub start_clone_url {
next prev parent reply other threads:[~2021-10-14 4:32 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-14 4:32 [PATCH 0/3] clone+fetch stuff Eric Wong
2021-10-14 4:32 ` Eric Wong [this message]
2021-10-14 4:32 ` [PATCH 2/3] lei add-external --mirror: respect client umask Eric Wong
2021-10-14 4:32 ` [PATCH 3/3] lei: give workers their own process group Eric Wong
2021-10-14 13:16 ` [PATCH 0/7] lei: more process handling fixes Eric Wong
2021-10-14 13:16 ` [PATCH 1/7] lei: use send() perlop for signals Eric Wong
2021-10-14 13:16 ` [PATCH 2/7] git: async_err shows retried requests properly Eric Wong
2021-10-14 13:16 ` [PATCH 3/7] git: ->fail invokes current callback Eric Wong
2021-10-14 13:16 ` [PATCH 4/7] git: cat-file --batch are their own pgrp Eric Wong
2021-10-14 13:16 ` [PATCH 5/7] lei: TSTP affects all curl and related subprocesses Eric Wong
2021-10-14 13:16 ` [PATCH 6/7] lei up: actually rely on DESTROY for --alllll Eric Wong
2021-10-14 13:16 ` [PATCH 7/7] lei up --all: send signals to workers, receive errors Eric Wong
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://public-inbox.org/README
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211014043255.19545-2-e@80x24.org \
--to=e@80x24.org \
--cc=meta@public-inbox.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).