Closed praiskup closed 3 years ago
praiskup
commented
3 years ago We use this (not really correct) hack for a long time, and it shouldn't be needed ideally: https://pagure.io/copr/copr/blob/60a7edfae8e5f3722eab539bcb44898fb4d6553c/f/backend/run/copr-repo#_266-268
hughsie
commented
3 years ago IIRC, don't we just use g_file_set_contents?
praiskup
commented
3 years ago Ah, it turns out we have only problems with directories created by appstream-builder.
hughsie
commented
3 years ago I'm using g_mkdir_with_parents (directory, 0700) -- what's more suitable?
praiskup
commented
3 years ago Hmpfs, something which respects the pre-set umask, but I don't know the glib API
smcv
commented
3 years ago I think g_mkdir_with_parents (directory, 0755), g_mkdir_with_parents (directory, 0775) or even g_mkdir_with_parents (directory, 0777) would respect the umask, at the cost that if the user's umask is more permissive than they intended, then the directory will be created with wider permissions than it should.
General-purpose file I/O tends to use 0755 or 0775, security-sensitive software where accidentally sharing secrets with other users would be a much more serious problem than not sharing files that should have been shared tends to use 0700.
praiskup
commented
3 years ago I think g_mkdir_with_parents (directory, 0755), g_mkdir_with_parents (directory, 0775) or even g_mkdir_with_parents (directory, 0777) would respect the umask
If umask is respected, +1 to any of those :-)
hughsie
commented
3 years ago @praiskup could you do a PR that changes it to 0755 please -- I think that should help. Thanks @smcv !
Seems like appstream-builder intentionally creates files in those directories with
-rw-------permissions, even though umask=0022`. Same as e.g. createrepo_c or modifyrepo_c, appstream-builder should ditto.