me
/
guix
Archived
1
0
Fork 0
Code

publish: Create files in the cache as #o644. 

Reported by Ricardo Wurmus <rekado@elephly.net>.

* guix/scripts/publish.scm (compress-nar): Add 'chmod' call to ensure
PORT is #o644, in the uncompressed case.
(bake-narinfo+nar): Likewise for the narinfo file.
* tests/publish.scm ("with cache"): Check permissions on CACHED and NAR.
master
Ludovic Courtès 2020-11-08 23:35:45 +01:00
parent 86e9e5cb23
commit d754757628
No known key found for this signature in database
GPG Key ID: 090B11993D9AEBB5
2 changed files with 15 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
guix/scripts/publish.scm
View File

@ -583,7 +583,10 @@ requested using POOL."
;; guarantee the TTL (see <https://bugs.gnu.org/28664>.) ;; guarantee the TTL (see <https://bugs.gnu.org/28664>.)
(with-atomic-file-output nar (with-atomic-file-output nar
(lambda (port) (lambda (port)
(write-file item port)))))) (write-file item port)
;; Make the file world-readable, contrary to what
;; 'with-atomic-file-output' does.
(chmod port (logand #o644 (lognot (umask)))))))))
(define* (bake-narinfo+nar cache item (define* (bake-narinfo+nar cache item
#:key ttl (compressions (list %no-compression)) #:key ttl (compressions (list %no-compression))
@ -615,7 +618,12 @@ requested using POOL."
#:nar-path nar-path #:nar-path nar-path
#:compressions compressions #:compressions compressions
#:file-sizes sizes) #:file-sizes sizes)
port))))) port)))
;; Make the cached narinfo world-readable, contrary to what
;; 'with-atomic-file-output' does, so that other users can rsync
;; the whole cache.
(chmod port (logand #o644 (lognot (umask))))))
;; Make narinfo files for OTHERS hard links to NARINFO such that the ;; Make narinfo files for OTHERS hard links to NARINFO such that the
;; atime-based cache eviction considers either all the nars or none ;; atime-based cache eviction considers either all the nars or none

5
tests/publish.scm
View File

@ -434,6 +434,11 @@ References: ~%"
(< ttl 3600))) (< ttl 3600)))
(wait-for-file cached) (wait-for-file cached)
;; Both the narinfo and nar should be world-readable.
(= #o644 (stat:perms (lstat cached)))
(= #o644 (stat:perms (lstat nar)))
(let* ((body (http-get-port url)) (let* ((body (http-get-port url))
(compressed (http-get nar-url)) (compressed (http-get nar-url))
(uncompressed (http-get (string-append base "nar/" (uncompressed (http-get (string-append base "nar/"