Skip to content

Commit

Permalink
Remove the writable flag, don't set too many permission bits (#718)
Browse files Browse the repository at this point in the history
Making everything 0o555 is too much, since many files in the store
are not supposed to be executable. Those should be 0o444. Instead
of splatting 0o555 out, take a more measured approach and remove
the writable flag from the on-disk mode.
  • Loading branch information
grahamc authored Nov 14, 2023
1 parent dac0adc commit 01a3447
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 3 deletions.
13 changes: 10 additions & 3 deletions src/action/base/move_unpacked_nix.rs
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
use std::{
fs::Permissions,
os::unix::prelude::PermissionsExt,
path::{Path, PathBuf},
};
Expand Down Expand Up @@ -110,13 +109,21 @@ impl Action for MoveUnpackedNix {
.map_err(|e| ActionErrorKind::Rename(entry.path(), entry_dest.to_owned(), e))
.map_err(Self::error)?;

let perms: Permissions = PermissionsExt::from_mode(0o555);
for entry_item in WalkDir::new(&entry_dest)
.into_iter()
.filter_map(Result::ok)
.filter(|e| !e.file_type().is_symlink())
{
tokio::fs::set_permissions(&entry_item.path(), perms.clone())
let path = entry_item.path();

let mut perms = path
.metadata()
.map_err(|e| ActionErrorKind::GetMetadata(path.to_owned(), e))
.map_err(Self::error)?
.permissions();
perms.set_readonly(true);

tokio::fs::set_permissions(path, perms.clone())
.await
.map_err(|e| {
ActionErrorKind::SetPermissions(
Expand Down
2 changes: 2 additions & 0 deletions src/action/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -422,6 +422,8 @@ pub enum ActionErrorKind {
std::path::PathBuf,
#[source] std::io::Error,
),
#[error("Getting filesystem metadata for `{0}` on `{1}`")]
GetMetadata(std::path::PathBuf, #[source] std::io::Error),
#[error("Set mode `{0:#o}` on `{1}`")]
SetPermissions(u32, std::path::PathBuf, #[source] std::io::Error),
#[error("Remove file `{0}`")]
Expand Down

0 comments on commit 01a3447

Please sign in to comment.