branch master updated: publish: Create files in the cache as #o644.

guix-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

branch master updated: publish: Create files in the cache as #o644.

From:	guix-commits
Subject:	branch master updated: publish: Create files in the cache as #o644.
Date:	Sun, 08 Nov 2020 17:41:56 -0500

This is an automated email from the git hooks/post-receive script.

civodul pushed a commit to branch master
in repository guix.

The following commit(s) were added to refs/heads/master by this push:
     new 464e743  publish: Create files in the cache as #o644.
464e743 is described below

commit 464e7437f46e7c4199fa98dcc52b4d46e8d8a48e
Author: Ludovic Courtès <ludo@gnu.org>
AuthorDate: Sun Nov 8 23:35:45 2020 +0100

    publish: Create files in the cache as #o644.
    
    Reported by Ricardo Wurmus <rekado@elephly.net>.
    
    * guix/scripts/publish.scm (compress-nar): Add 'chmod' call to ensure
    PORT is #o644, in the uncompressed case.
    (bake-narinfo+nar): Likewise for the narinfo file.
    * tests/publish.scm ("with cache"): Check permissions on CACHED and NAR.
---
 guix/scripts/publish.scm | 12 ++++++++++--
 tests/publish.scm        |  5 +++++
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/guix/scripts/publish.scm b/guix/scripts/publish.scm
index e8faf37..e3c8711 100644
--- a/guix/scripts/publish.scm
+++ b/guix/scripts/publish.scm
@@ -583,7 +583,10 @@ requested using POOL."
      ;; guarantee the TTL (see <https://bugs.gnu.org/28664>.)
      (with-atomic-file-output nar
        (lambda (port)
-         (write-file item port))))))
+         (write-file item port)
+         ;; Make the file world-readable, contrary to what
+         ;; 'with-atomic-file-output' does.
+         (chmod port (logand #o644 (lognot (umask)))))))))
 
 (define* (bake-narinfo+nar cache item
                            #:key ttl (compressions (list %no-compression))
@@ -615,7 +618,12 @@ requested using POOL."
                                           #:nar-path nar-path
                                           #:compressions compressions
                                           #:file-sizes sizes)
-                          port)))))
+                          port)))
+
+             ;; Make the cached narinfo world-readable, contrary to what
+             ;; 'with-atomic-file-output' does, so that other users can rsync
+             ;; the whole cache.
+             (chmod port (logand #o644 (lognot (umask))))))
 
          ;; Make narinfo files for OTHERS hard links to NARINFO such that the
          ;; atime-based cache eviction considers either all the nars or none
diff --git a/tests/publish.scm b/tests/publish.scm
index e46e625..cafd0f1 100644
--- a/tests/publish.scm
+++ b/tests/publish.scm
@@ -434,6 +434,11 @@ References: ~%"
                  (< ttl 3600)))
 
               (wait-for-file cached)
+
+              ;; Both the narinfo and nar should be world-readable.
+              (= #o644 (stat:perms (lstat cached)))
+              (= #o644 (stat:perms (lstat nar)))
+
               (let* ((body         (http-get-port url))
                      (compressed   (http-get nar-url))
                      (uncompressed (http-get (string-append base "nar/"

[Prev in Thread]

Current Thread

[Next in Thread]

branch master updated: publish: Create files in the cache as #o644., guix-commits <=

Prev by Date: branch master updated: website: guix-data-service-missing-blog-post: Fix typos.
Next by Date: branch master updated: website: guix-data-service-missing-blog-post: Fix typo.
Previous by thread: branch master updated: website: guix-data-service-missing-blog-post: Fix typos.
Next by thread: branch master updated: website: guix-data-service-missing-blog-post: Fix typo.
Index(es):
- Date
- Thread