From 1e965b47c38cac4886742ee36fb6f239fda175cd Mon Sep 17 00:00:00 2001 From: Charlie Marsh Date: Thu, 25 Jul 2024 16:50:30 -0400 Subject: [PATCH] Set standard permissions for temporary files (#5457) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ## Summary Closes https://github.com/astral-sh/uv/issues/5435. ## Test Plan Before: ``` ❯ ls -l .venv/lib/python3.12/site-packages/httpx-0.27.0.dist-info total 48 -rw------- 1 crmarsh staff 2 Jul 25 14:21 INSTALLER -rw-r--r-- 1 crmarsh staff 7184 Jul 23 23:20 METADATA -rw-r--r-- 1 crmarsh staff 2541 Jul 25 14:21 RECORD -rw------- 1 crmarsh staff 0 Jul 25 14:21 REQUESTED -rw-r--r-- 1 crmarsh staff 87 Jul 23 23:20 WHEEL -rw-r--r-- 1 crmarsh staff 37 Jul 23 23:20 entry_points.txt drwxr-xr-x 3 crmarsh staff 96 Jul 25 14:21 licenses ``` After: ``` ❯ ls -l .venv/lib/python3.12/site-packages/flask-3.0.3.dist-info/ total 48 -rw-r--r-- 1 crmarsh staff 2 Jul 25 14:21 INSTALLER -rw-r--r-- 1 crmarsh staff 1475 Jul 25 14:21 LICENSE.txt -rw-r--r-- 1 crmarsh staff 3177 Jul 25 14:21 METADATA -rw-r--r-- 1 crmarsh staff 2565 Jul 25 14:21 RECORD -rw-r--r-- 1 crmarsh staff 0 Jul 25 14:21 REQUESTED -rw-r--r-- 1 crmarsh staff 81 Jul 25 14:21 WHEEL -rw-r--r-- 1 crmarsh staff 40 Jul 25 14:21 entry_points.txt ``` --- crates/install-wheel-rs/src/wheel.rs | 2 +- crates/uv-fs/src/lib.rs | 22 ++++++++++++++++++++-- 2 files changed, 21 insertions(+), 3 deletions(-) diff --git a/crates/install-wheel-rs/src/wheel.rs b/crates/install-wheel-rs/src/wheel.rs index 73151e6a59bb..f53bf8f6ec3f 100644 --- a/crates/install-wheel-rs/src/wheel.rs +++ b/crates/install-wheel-rs/src/wheel.rs @@ -498,7 +498,7 @@ fn install_script( .as_bytes() .to_vec(); - let mut target = tempfile::NamedTempFile::new_in(&layout.scheme.scripts)?; + let mut target = uv_fs::tempfile_in(&layout.scheme.scripts)?; let size_and_encoded_hash = copy_and_hash(&mut start.chain(script), &mut target)?; target.persist(&script_absolute).map_err(|err| { io::Error::new( diff --git a/crates/uv-fs/src/lib.rs b/crates/uv-fs/src/lib.rs index 57866ee50572..5f360fd6640f 100644 --- a/crates/uv-fs/src/lib.rs +++ b/crates/uv-fs/src/lib.rs @@ -101,10 +101,28 @@ pub fn replace_symlink(src: impl AsRef, dst: impl AsRef) -> std::io: } } +/// Return a [`NamedTempFile`] in the specified directory. +/// +/// Sets the permissions of the temporary file to `0o644`, to match the non-temporary file default. +/// ([`NamedTempfile`] defaults to `0o600`.) +#[cfg(unix)] +pub fn tempfile_in(path: &Path) -> std::io::Result { + use std::os::unix::fs::PermissionsExt; + tempfile::Builder::new() + .permissions(std::fs::Permissions::from_mode(0o644)) + .tempfile_in(path) +} + +/// Return a [`NamedTempFile`] in the specified directory. +#[cfg(not(unix))] +pub fn tempfile_in(path: &Path) -> std::io::Result { + tempfile::Builder::new().tempfile_in(path) +} + /// Write `data` to `path` atomically using a temporary file and atomic rename. #[cfg(feature = "tokio")] pub async fn write_atomic(path: impl AsRef, data: impl AsRef<[u8]>) -> std::io::Result<()> { - let temp_file = NamedTempFile::new_in( + let temp_file = tempfile_in( path.as_ref() .parent() .expect("Write path must have a parent"), @@ -125,7 +143,7 @@ pub async fn write_atomic(path: impl AsRef, data: impl AsRef<[u8]>) -> std /// Write `data` to `path` atomically using a temporary file and atomic rename. pub fn write_atomic_sync(path: impl AsRef, data: impl AsRef<[u8]>) -> std::io::Result<()> { - let temp_file = NamedTempFile::new_in( + let temp_file = tempfile_in( path.as_ref() .parent() .expect("Write path must have a parent"),