commit 839bbaae43d84a7eb75ef0b327239fd36c360ada
from: Omar Polo <op@omarpolo.com>
date: Wed Feb 01 13:46:07 2023 UTC

gotd, gotadmin: install packfiles and index files as 0444

gotd used 0600 (due to mkstemps(3)), gotadmin 0644; change it to 0444
since packfiles shouldn't change once created.  Mirrors what git does.

ok stsp@

commit - d627976f5ceada12169aa74630bbc0fd9ce071b7
commit + 839bbaae43d84a7eb75ef0b327239fd36c360ada
blob - bbe5f89f20242a5571907a6f813d02388bacddf4
blob + f5c8a7335929e0830dbfcf9ac56d33e3d8f13e84
--- gotd/session.c
+++ gotd/session.c
@@ -18,6 +18,7 @@
 #include <sys/queue.h>
 #include <sys/tree.h>
 #include <sys/socket.h>
+#include <sys/stat.h>
 #include <sys/uio.h>
 
 #include <errno.h>
@@ -883,6 +884,10 @@ recv_packfile(struct gotd_session_client *client)
 	err = got_opentemp_named_fd(&pack_path, &packfd, basepath, "");
 	if (err)
 		goto done;
+	if (fchmod(packfd, GOT_DEFAULT_PACK_MODE) == -1) {
+		err = got_error_from_errno2("fchmod", pack_path);
+		goto done;
+	}
 
 	free(basepath);
 	if (asprintf(&basepath, "%s/%s/receiving-from-uid-%d.idx",
@@ -895,6 +900,10 @@ recv_packfile(struct gotd_session_client *client)
 	err = got_opentemp_named_fd(&idx_path, &idxfd, basepath, "");
 	if (err)
 		goto done;
+	if (fchmod(idxfd, GOT_DEFAULT_PACK_MODE) == -1) {
+		err = got_error_from_errno2("fchmod", idx_path);
+		goto done;
+	}
 
 	memset(&ifile, 0, sizeof(ifile));
 	ifile.client_id = client->id;
blob - aa121bb3af4c0cba66fb0d062f2f6a8cc33fdd27
blob + b2bcaa2b7774cab98d41dad2df3c7777d72b0d4b
--- include/got_path.h
+++ include/got_path.h
@@ -16,6 +16,8 @@
 
 /* Utilities for dealing with filesystem paths. */
 
+#define GOT_DEFAULT_PACK_MODE	(S_IFREG | \
+	S_IRUSR | S_IRGRP | S_IROTH)
 #define GOT_DEFAULT_FILE_MODE	(S_IFREG | \
 	S_IRUSR|S_IWUSR | S_IRGRP | S_IROTH)
 #define GOT_DEFAULT_DIR_MODE	(S_IFDIR | \
blob - fd1fae8ec1b8171b5cb576110a381201f1cb4ad9
blob + 0be05225c5acde90af06fcbe60d29ec6a8044bbe
--- lib/repository_admin.c
+++ lib/repository_admin.c
@@ -171,7 +171,7 @@ got_repo_pack_objects(FILE **packfile, struct got_obje
 	if (err)
 		goto done;
 
-	if (fchmod(packfd, GOT_DEFAULT_FILE_MODE) != 0) {
+	if (fchmod(packfd, GOT_DEFAULT_PACK_MODE) == -1) {
 		err = got_error_from_errno2("fchmod", tmpfile_path);
 		goto done;
 	}
@@ -301,7 +301,7 @@ got_repo_index_pack(FILE *packfile, struct got_object_
 	free(path);
 	if (err)
 		goto done;
-	if (fchmod(idxfd, GOT_DEFAULT_FILE_MODE) != 0) {
+	if (fchmod(idxfd, GOT_DEFAULT_PACK_MODE) == -1) {
 		err = got_error_from_errno2("fchmod", tmpidxpath);
 		goto done;
 	}