Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

install: create destination file with safer modes before copy #6972

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

nerdroychan
Copy link
Contributor

This is a followup PR to #6595.

Regarding the unconditional removal of the destination file problem, before this patch, the destination file is removed unconditionally when copy_file is called. Now a healthy check is added, which only removes the destination file if the source file exists and can be opened to read.

Furthermore, this patch uses std::io::copy with file descriptors to avoid the chmod 644 problem in the original patch. This is verified using strace.

A new test case is added as well.

Ping @mjguzik.

@nerdroychan nerdroychan force-pushed the install_copy_permission branch from 9d0a3cd to c93c644 Compare December 18, 2024 20:01
Copy link

GNU testsuite comparison:

Skip an intermittent issue tests/tail/inotify-dir-recreate (fails in this run but passes in the 'main' branch)

Copy link

@mjguzik mjguzik left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I confirm the originally reported problem of bad mode is now fixed.

There are minor changes to make to the submission imo.

return Err(InstallError::InstallFailed(from.to_path_buf(), to.to_path_buf(), e).into());
}
let mut src = src.unwrap();

// fs::copy fails if destination is a invalid symlink.
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is outdated as fs::copy itself is no longer used.

however, straced install from GNU coreutils and confirmed it also unlinks -- kind of surprised, i would expect creation of a temporary file and rename (space permitting). that is to say the comment can be removed altogether or replaced with a statement this lines up with gnu

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated the comments in the latest push.

}
};
remove_destination();
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

gnu install errors out on this. this code continues trying to create the file.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This will raise an error in the latest commit.

// use `std::io::copy` to avoid unsafe file modes
if let Err(err) = std::io::copy(&mut src, &mut dst) {
drop(src);
drop(dst);
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

are these drops necessary? unlink should proceed just fine at least on unix systems, no idea about windows

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These two early drops are for closing two file descriptors before unlink. Technically the unlink will succeed even when there are opened fds... WDYT?

@nerdroychan nerdroychan force-pushed the install_copy_permission branch from c93c644 to b3cc502 Compare December 20, 2024 17:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants