[service] Ensure pemission for all directories

This commit is contained in:
Vladimir Stoilov 2025-01-15 11:43:14 +02:00
parent 9829136b8c
commit 49e1fc8c31
No known key found for this signature in database
GPG key ID: 2F190B67A43A81AF
3 changed files with 8 additions and 6 deletions

View file

@ -3,7 +3,6 @@ package service
import (
"context"
"fmt"
"os"
"sync/atomic"
"time"
@ -14,6 +13,7 @@ import (
"github.com/safing/portmaster/base/notifications"
"github.com/safing/portmaster/base/rng"
"github.com/safing/portmaster/base/runtime"
"github.com/safing/portmaster/base/utils"
"github.com/safing/portmaster/service/broadcasts"
"github.com/safing/portmaster/service/compat"
"github.com/safing/portmaster/service/core"
@ -123,7 +123,7 @@ func New(svcCfg *ServiceConfig) (*Instance, error) { //nolint:maintidx
}
// Make sure data dir exists, so that child directories don't dictate the permissions.
err = os.MkdirAll(svcCfg.DataDir, 0o0755)
err = utils.EnsureDirectory(svcCfg.DataDir, utils.PublicReadExecPermission)
if err != nil {
return nil, fmt.Errorf("data directory %s is not accessible: %w", svcCfg.DataDir, err)
}

View file

@ -38,7 +38,7 @@ func NewDownloader(u *Updater, indexURLs []string) *Downloader {
func (d *Downloader) updateIndex(ctx context.Context) error {
// Make sure dir exists.
err := os.MkdirAll(d.u.cfg.DownloadDirectory, utils.PublicReadExecPermission.AsUnixPermission())
err := utils.EnsureDirectory(d.u.cfg.DownloadDirectory, utils.PublicReadExecPermission)
if err != nil {
return fmt.Errorf("create download directory: %s", d.u.cfg.DownloadDirectory)
}
@ -131,7 +131,7 @@ func (d *Downloader) gatherExistingFiles(dir string) error {
func (d *Downloader) downloadArtifacts(ctx context.Context) error {
// Make sure dir exists.
err := os.MkdirAll(d.u.cfg.DownloadDirectory, utils.PublicReadExecPermission.AsUnixPermission())
err := utils.EnsureDirectory(d.u.cfg.DownloadDirectory, utils.PublicReadExecPermission)
if err != nil {
return fmt.Errorf("create download directory: %s", d.u.cfg.DownloadDirectory)
}
@ -182,6 +182,8 @@ artifacts:
return fmt.Errorf("write %s to temp file: %w", artifact.Filename, err)
}
_ = utils.SetFilePermission(tmpFilename, artifact.GetFileMode())
// Rename/Move to actual location.
err = os.Rename(tmpFilename, dstFilePath)
if err != nil {

View file

@ -3,7 +3,6 @@ package spn
import (
"context"
"fmt"
"os"
"sync/atomic"
"time"
@ -14,6 +13,7 @@ import (
"github.com/safing/portmaster/base/notifications"
"github.com/safing/portmaster/base/rng"
"github.com/safing/portmaster/base/runtime"
"github.com/safing/portmaster/base/utils"
"github.com/safing/portmaster/service"
"github.com/safing/portmaster/service/core"
"github.com/safing/portmaster/service/core/base"
@ -88,7 +88,7 @@ func New(svcCfg *service.ServiceConfig) (*Instance, error) {
}
// Make sure data dir exists, so that child directories don't dictate the permissions.
err = os.MkdirAll(svcCfg.DataDir, 0o0755)
err = utils.EnsureDirectory(svcCfg.DataDir, utils.PublicReadExecPermission)
if err != nil {
return nil, fmt.Errorf("data directory %s is not accessible: %w", svcCfg.DataDir, err)
}