Make output file permissions respect umask

We have to emulate this with fchmod because Python's NamedTemporaryFile always opens the file descriptor with 600 permissions. Signed-off-by: Andrew Gunnerson <accounts+github@chiller3.com>
chenxiaolong · Aug 7, 2023 · 55d64cb · 55d64cb
1 parent 3e9fad0
commit 55d64cb
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 0 deletions.
diff --git a/avbroot/main.py b/avbroot/main.py
@@ -719,6 +719,8 @@ def parse_args(argv=None):
 def main(argv=None):
     args = parse_args(argv=argv)
 
+    util.load_umask_unsafe()
+
     if args.subcommand == 'patch':
         patch_subcommand(args)
     elif args.subcommand == 'extract':

diff --git a/avbroot/util.py b/avbroot/util.py
@@ -7,6 +7,21 @@
 
 _ZERO_BLOCK = memoryview(b'\0' * 16384)
 
+umask = None
+
+
+def load_umask_unsafe():
+    # POSIX provides no way to query the umask without changing it. Parsing
+    # /proc/self/status can work, but it's Linux only. Instead, we'll just do it
+    # once when the program is initially started.
+    global umask
+
+    if os.name != 'nt' and umask is None:
+        current_umask = os.umask(0o777)
+        os.umask(current_umask)
+
+        umask = current_umask
+
 
 @dataclasses.dataclass
 @functools.total_ordering
@@ -68,6 +83,10 @@ def open_output_file(path):
                     os.unlink(path)
                 except FileNotFoundError:
                     pass
+            else:
+                # NamedTemporaryFile always uses 600 permissions with no way to
+                # override it. We'll do our own umask-respecting chmod.
+                os.fchmod(f.fileno(), 0o666 & ~umask)
 
             os.rename(f.name, path)
         except BaseException: