commit 851a5b487c47bf2fb5deec019a049ee0aa7389ca
from: Omar Polo <op@omarpolo.com>
via: Thomas Adam <thomas@xteddy.org>
date: Fri Feb 03 15:22:14 2023 UTC

gotd, gotadmin: install packfiles and index files as 0444

gotd used 0600 (due to mkstemps(3)), gotadmin 0644; change it to 0444
since packfiles shouldn't change once created.  Mirrors what git does.

ok stsp@

commit - c72de8ab0db408dd166f25caafca5c0fee237cf6
commit + 851a5b487c47bf2fb5deec019a049ee0aa7389ca
blob - bbe5f89f20242a5571907a6f813d02388bacddf4
blob + f5c8a7335929e0830dbfcf9ac56d33e3d8f13e84
--- gotd/session.c
+++ gotd/session.c
@@ -18,6 +18,7 @@
 #include <sys/queue.h>
 #include <sys/tree.h>
 #include <sys/socket.h>
+#include <sys/stat.h>
 #include <sys/uio.h>
 
 #include <errno.h>
@@ -883,6 +884,10 @@ recv_packfile(struct gotd_session_client *client)
 	err = got_opentemp_named_fd(&pack_path, &packfd, basepath, "");
 	if (err)
 		goto done;
+	if (fchmod(packfd, GOT_DEFAULT_PACK_MODE) == -1) {
+		err = got_error_from_errno2("fchmod", pack_path);
+		goto done;
+	}
 
 	free(basepath);
 	if (asprintf(&basepath, "%s/%s/receiving-from-uid-%d.idx",
@@ -895,6 +900,10 @@ recv_packfile(struct gotd_session_client *client)
 	err = got_opentemp_named_fd(&idx_path, &idxfd, basepath, "");
 	if (err)
 		goto done;
+	if (fchmod(idxfd, GOT_DEFAULT_PACK_MODE) == -1) {
+		err = got_error_from_errno2("fchmod", idx_path);
+		goto done;
+	}
 
 	memset(&ifile, 0, sizeof(ifile));
 	ifile.client_id = client->id;
blob - aa121bb3af4c0cba66fb0d062f2f6a8cc33fdd27
blob + b2bcaa2b7774cab98d41dad2df3c7777d72b0d4b
--- include/got_path.h
+++ include/got_path.h
@@ -16,6 +16,8 @@
 
 /* Utilities for dealing with filesystem paths. */
 
+#define GOT_DEFAULT_PACK_MODE	(S_IFREG | \
+	S_IRUSR | S_IRGRP | S_IROTH)
 #define GOT_DEFAULT_FILE_MODE	(S_IFREG | \
 	S_IRUSR|S_IWUSR | S_IRGRP | S_IROTH)
 #define GOT_DEFAULT_DIR_MODE	(S_IFDIR | \
blob - 1fd814ec776b8eef26d2461d00dce965bdbbcd96
blob + c88a7edc73004236669568bde01f6d0e178ab81d
--- lib/repository_admin.c
+++ lib/repository_admin.c
@@ -167,7 +167,7 @@ got_repo_pack_objects(FILE **packfile, struct got_obje
 	if (err)
 		goto done;
 
-	if (fchmod(packfd, GOT_DEFAULT_FILE_MODE) != 0) {
+	if (fchmod(packfd, GOT_DEFAULT_PACK_MODE) == -1) {
 		err = got_error_from_errno2("fchmod", tmpfile_path);
 		goto done;
 	}
@@ -297,7 +297,7 @@ got_repo_index_pack(FILE *packfile, struct got_object_
 	free(path);
 	if (err)
 		goto done;
-	if (fchmod(idxfd, GOT_DEFAULT_FILE_MODE) != 0) {
+	if (fchmod(idxfd, GOT_DEFAULT_PACK_MODE) == -1) {
 		err = got_error_from_errno2("fchmod", tmpidxpath);
 		goto done;
 	}