vikarti.anatra/safing-portmaster
1
0
Fork 0
mirror of https://github.com/safing/portmaster synced 2025-09-01 01:59:11 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

[service] Ensure pemission for all directories

Browse source
This commit is contained in:
Vladimir Stoilov 2025-01-15 11:43:14 +02:00
parent 9829136b8c
commit 49e1fc8c31
No known key found for this signature in database
GPG key ID: 2F190B67A43A81AF
3 changed files with 8 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
service/instance.go
View file

@ -3,7 +3,6 @@ package service
import ( import (
"context" "context"
"fmt" "fmt"
"os"
"sync/atomic" "sync/atomic"
"time" "time"
@ -14,6 +13,7 @@ import (
"github.com/safing/portmaster/base/notifications" "github.com/safing/portmaster/base/notifications"
"github.com/safing/portmaster/base/rng" "github.com/safing/portmaster/base/rng"
"github.com/safing/portmaster/base/runtime" "github.com/safing/portmaster/base/runtime"
"github.com/safing/portmaster/base/utils"
"github.com/safing/portmaster/service/broadcasts" "github.com/safing/portmaster/service/broadcasts"
"github.com/safing/portmaster/service/compat" "github.com/safing/portmaster/service/compat"
"github.com/safing/portmaster/service/core" "github.com/safing/portmaster/service/core"
@ -123,7 +123,7 @@ func New(svcCfg *ServiceConfig) (*Instance, error) { //nolint:maintidx
} }
// Make sure data dir exists, so that child directories don't dictate the permissions. // Make sure data dir exists, so that child directories don't dictate the permissions.
err = os.MkdirAll(svcCfg.DataDir, 0o0755) err = utils.EnsureDirectory(svcCfg.DataDir, utils.PublicReadExecPermission)
if err != nil { if err != nil {
return nil, fmt.Errorf("data directory %s is not accessible: %w", svcCfg.DataDir, err) return nil, fmt.Errorf("data directory %s is not accessible: %w", svcCfg.DataDir, err)
} }

6
service/updates/downloader.go
View file

@ -38,7 +38,7 @@ func NewDownloader(u *Updater, indexURLs []string) *Downloader {
func (d *Downloader) updateIndex(ctx context.Context) error { func (d *Downloader) updateIndex(ctx context.Context) error {
// Make sure dir exists. // Make sure dir exists.
err := os.MkdirAll(d.u.cfg.DownloadDirectory, utils.PublicReadExecPermission.AsUnixPermission()) err := utils.EnsureDirectory(d.u.cfg.DownloadDirectory, utils.PublicReadExecPermission)
if err != nil { if err != nil {
return fmt.Errorf("create download directory: %s", d.u.cfg.DownloadDirectory) return fmt.Errorf("create download directory: %s", d.u.cfg.DownloadDirectory)
} }
@ -131,7 +131,7 @@ func (d *Downloader) gatherExistingFiles(dir string) error {
func (d *Downloader) downloadArtifacts(ctx context.Context) error { func (d *Downloader) downloadArtifacts(ctx context.Context) error {
// Make sure dir exists. // Make sure dir exists.
err := os.MkdirAll(d.u.cfg.DownloadDirectory, utils.PublicReadExecPermission.AsUnixPermission()) err := utils.EnsureDirectory(d.u.cfg.DownloadDirectory, utils.PublicReadExecPermission)
if err != nil { if err != nil {
return fmt.Errorf("create download directory: %s", d.u.cfg.DownloadDirectory) return fmt.Errorf("create download directory: %s", d.u.cfg.DownloadDirectory)
} }
@ -182,6 +182,8 @@ artifacts:
return fmt.Errorf("write %s to temp file: %w", artifact.Filename, err) return fmt.Errorf("write %s to temp file: %w", artifact.Filename, err)
} }
_ = utils.SetFilePermission(tmpFilename, artifact.GetFileMode())
// Rename/Move to actual location. // Rename/Move to actual location.
err = os.Rename(tmpFilename, dstFilePath) err = os.Rename(tmpFilename, dstFilePath)
if err != nil { if err != nil {

4
spn/instance.go
View file

@ -3,7 +3,6 @@ package spn
import ( import (
"context" "context"
"fmt" "fmt"
"os"
"sync/atomic" "sync/atomic"
"time" "time"
@ -14,6 +13,7 @@ import (
"github.com/safing/portmaster/base/notifications" "github.com/safing/portmaster/base/notifications"
"github.com/safing/portmaster/base/rng" "github.com/safing/portmaster/base/rng"
"github.com/safing/portmaster/base/runtime" "github.com/safing/portmaster/base/runtime"
"github.com/safing/portmaster/base/utils"
"github.com/safing/portmaster/service" "github.com/safing/portmaster/service"
"github.com/safing/portmaster/service/core" "github.com/safing/portmaster/service/core"
"github.com/safing/portmaster/service/core/base" "github.com/safing/portmaster/service/core/base"
@ -88,7 +88,7 @@ func New(svcCfg *service.ServiceConfig) (*Instance, error) {
} }
// Make sure data dir exists, so that child directories don't dictate the permissions. // Make sure data dir exists, so that child directories don't dictate the permissions.
err = os.MkdirAll(svcCfg.DataDir, 0o0755) err = utils.EnsureDirectory(svcCfg.DataDir, utils.PublicReadExecPermission)
if err != nil { if err != nil {
return nil, fmt.Errorf("data directory %s is not accessible: %w", svcCfg.DataDir, err) return nil, fmt.Errorf("data directory %s is not accessible: %w", svcCfg.DataDir, err)
} }