make viaTmp honor umask

Fixed several cases where files were created without file mode bits that
the umask would usually set. This included exports to the directory special
remote, torrent files used by the bittorrent special remote, hooks written
by git-annex init, and some log files in .git/annex/

Audited all calls, looking for ones that didn't want the umask bits to be
set. All such turned out to already set the specific restrictive file mode
they wanted.

CHANGELOG

@@ -8,6 +8,10 @@ git-annex (8.20200815) UNRELEASED; urgency=medium
     started, when that is more efficient.
   * Display warning when external special remote does not start up
     properly, or is not usable.
+  * Fixed several cases where files were created without file mode bits
+    that the umask would usually set. This included exports to the
+    directory special remote, torrent files used by the bittorrent special
+    remote, hooks written by git-annex init, and some log files in .git/annex/
   * stack.yaml: Updated to lts-16.10.
   * Fix reversion in 7.20190322 that made addurl --file not be honored
     when youtube-dl was used to download media.

Utility/Tmp.hs

@@ -1,6 +1,6 @@
 {- Temporary files.
  -
- - Copyright 2010-2013 Joey Hess <id@joeyh.name>
+ - Copyright 2010-2020 Joey Hess <id@joeyh.name>
  -
  - License: BSD-2-clause
  -}
@@ -24,12 +24,17 @@ import System.PosixCompat.Files
 
 import Utility.Exception
 import Utility.FileSystemEncoding
+import Utility.FileMode
 
 type Template = String
 
 {- Runs an action like writeFile, writing to a temp file first and
  - then moving it into place. The temp file is stored in the same
  - directory as the final file to avoid cross-device renames.
+ -
+ - While this uses a temp file, the file will end up with the same
+ - mode as it would when using writeFile, unless the writer action changes
+ - it.
  -}
 viaTmp :: (MonadMask m, MonadIO m) => (FilePath -> v -> m ()) -> FilePath -> v -> m ()
 viaTmp a file content = bracketIO setup cleanup use
@@ -43,6 +48,11 @@ viaTmp a file content = bracketIO setup cleanup use
 		_ <- tryIO $ hClose h
 		tryIO $ removeFile tmpfile
 	use (tmpfile, h) = do
+		-- Make mode the same as if the file were created usually,
+		-- not as a temp file. (This may fail on some filesystems
+		-- that don't support file modes well, so ignore
+		-- exceptions.)
+		void $ tryIO $ setFileMode tmpfile =<< defaultFileMode
 		liftIO $ hClose h
 		a tmpfile content
 		liftIO $ rename tmpfile file

doc/bugs/directory_special_remote_export_file_mode.mdwn

@@ -8,6 +8,8 @@ umask perms, or all callers that don't explicitly set perms should.
 This also affects some other things, eg hook files written by git-annex
 init, and some stuff in ~/.config/git-annex like autostart.
 
+> [[fixed|done]] --[[Joey]]
+
 `withTmpFileIn` also uses openTempFile, and probably its callers do need to
 adjust perms if desired since it could be used with a real temp directory.