mirrors/git-annex
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

Better workaround for problem umasks when eg, setting up ssh keys.

Browse source
This commit is contained in:
Joey Hess 2014-03-14 13:37:58 -04:00
parent 8602a766f7
commit b7b9afa9ad
3 changed files with 26 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
Utility/FileMode.hs
View file

@ -99,13 +99,20 @@ noUmask :: FileMode -> IO a -> IO a
#ifndef mingw32_HOST_OS #ifndef mingw32_HOST_OS
noUmask mode a noUmask mode a
| mode == stdFileMode = a | mode == stdFileMode = a
| otherwise = bracket setup cleanup go | otherwise = withUmask nullFileMode a
#else
noUmask _ a = a
#endif
withUmask :: FileMode -> IO a -> IO a
#ifndef mingw32_HOST_OS
withUmask umask a = bracket setup cleanup go
where where
setup = setFileCreationMask nullFileMode setup = setFileCreationMask umask
cleanup = setFileCreationMask cleanup = setFileCreationMask
go _ = a go _ = a
#else #else
noUmask _ a = a withUmask _ a = a
#endif #endif
combineModes :: [FileMode] -> FileMode combineModes :: [FileMode] -> FileMode
@ -127,14 +134,20 @@ setSticky f = modifyFileMode f $ addModes [stickyMode]
#endif #endif
{- Writes a file, ensuring that its modes do not allow it to be read {- Writes a file, ensuring that its modes do not allow it to be read
- by anyone other than the current user, before any content is written. - or written by anyone other than the current user,
- before any content is written.
-
- When possible, this is done using the umask.
- -
- On a filesystem that does not support file permissions, this is the same - On a filesystem that does not support file permissions, this is the same
- as writeFile. - as writeFile.
-} -}
writeFileProtected :: FilePath -> String -> IO () writeFileProtected :: FilePath -> String -> IO ()
writeFileProtected file content = withFile file WriteMode $ \h -> do writeFileProtected file content = withUmask 0o0077 $
void $ tryIO $ withFile file WriteMode $ \h -> do
modifyFileMode file $ void $ tryIO $ modifyFileMode file $
removeModes [groupReadMode, otherReadMode] removeModes
hPutStr h content [ groupReadMode, otherReadMode
, groupWriteMode, otherWriteMode
]
hPutStr h content

1
debian/changelog vendored
View file

@ -16,6 +16,7 @@ git-annex (5.20140307) UNRELEASED; urgency=medium
(So will --in=) (So will --in=)
* Fix ssh connection caching stop method to work with openssh 6.5p1, * Fix ssh connection caching stop method to work with openssh 6.5p1,
which broke the old method. which broke the old method.
* Better workaround for problem umasks when eg, setting up ssh keys.
-- Joey Hess <joeyh@debian.org> Thu, 06 Mar 2014 16:17:01 -0400 -- Joey Hess <joeyh@debian.org> Thu, 06 Mar 2014 16:17:01 -0400

3
doc/bugs/ssh:_unprotected_private_key_file.mdwn
View file

@ -57,3 +57,6 @@ bad permissions: ignore key: ABC/.ssh/git-annex/key.git-annex-XYZ_annex
# End of transcript or log. # End of transcript or log.
"""]] """]]
> [[Fixed|done]]; the code made sure the file did not have any group or
> world read bits, but did not clear write bits. --[[Joey]]