summary refs log tree commit diff
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2020-11-08 23:35:45 +0100
committerLudovic Courtès <ludo@gnu.org>2020-11-09 23:27:09 +0100
commitd75475762824a4fa7e743138da6a9d59d8690a33 (patch)
treecd2b3add7627c77e84d499b383925eb726552500
parent86e9e5cb230c3c10272a223ea04e7564f3c1463b (diff)
downloadguix-d75475762824a4fa7e743138da6a9d59d8690a33.tar.gz
publish: Create files in the cache as #o644.
Reported by Ricardo Wurmus <rekado@elephly.net>.

* guix/scripts/publish.scm (compress-nar): Add 'chmod' call to ensure
PORT is #o644, in the uncompressed case.
(bake-narinfo+nar): Likewise for the narinfo file.
* tests/publish.scm ("with cache"): Check permissions on CACHED and NAR.
-rw-r--r--guix/scripts/publish.scm12
-rw-r--r--tests/publish.scm5
2 files changed, 15 insertions, 2 deletions
diff --git a/guix/scripts/publish.scm b/guix/scripts/publish.scm
index e8faf379e2..e3c8711f5b 100644
--- a/guix/scripts/publish.scm
+++ b/guix/scripts/publish.scm
@@ -583,7 +583,10 @@ requested using POOL."
      ;; guarantee the TTL (see <https://bugs.gnu.org/28664>.)
      (with-atomic-file-output nar
        (lambda (port)
-         (write-file item port))))))
+         (write-file item port)
+         ;; Make the file world-readable, contrary to what
+         ;; 'with-atomic-file-output' does.
+         (chmod port (logand #o644 (lognot (umask)))))))))
 
 (define* (bake-narinfo+nar cache item
                            #:key ttl (compressions (list %no-compression))
@@ -615,7 +618,12 @@ requested using POOL."
                                           #:nar-path nar-path
                                           #:compressions compressions
                                           #:file-sizes sizes)
-                          port)))))
+                          port)))
+
+             ;; Make the cached narinfo world-readable, contrary to what
+             ;; 'with-atomic-file-output' does, so that other users can rsync
+             ;; the whole cache.
+             (chmod port (logand #o644 (lognot (umask))))))
 
          ;; Make narinfo files for OTHERS hard links to NARINFO such that the
          ;; atime-based cache eviction considers either all the nars or none
diff --git a/tests/publish.scm b/tests/publish.scm
index e46e6256b7..cafd0f13a2 100644
--- a/tests/publish.scm
+++ b/tests/publish.scm
@@ -434,6 +434,11 @@ References: ~%"
                  (< ttl 3600)))
 
               (wait-for-file cached)
+
+              ;; Both the narinfo and nar should be world-readable.
+              (= #o644 (stat:perms (lstat cached)))
+              (= #o644 (stat:perms (lstat nar)))
+
               (let* ((body         (http-get-port url))
                      (compressed   (http-get nar-url))
                      (uncompressed (http-get (string-append base "nar/"