TT#71952 tt2-process: Set the output file permissions when creating the file

This avoids lots of chmod calls. We do not need the symlink handling, as we will generate now the files with the correct permissions, and will respect the symlinks on mv, as before, and are not doing the explicit chmod anymore. Change-Id: I9ab75dda79e8b346eb1f41c36b450d6fabb10f11
6 years ago · f6e622ea27
parent ec70d8e387
commit f6e622ea27
1 changed files with 21 additions and 13 deletions
--- a/helper/tt2-process
+++ b/helper/tt2-process
@ -6,11 +6,13 @@ use warnings;
 use List::Util qw(any uniq pairmap);
 use Getopt::Long qw(:config posix_default bundling_values no_ignorecase);
 use Cwd qw(realpath);
+use Errno qw(EEXIST);
 use File::Basename;
 use File::Path qw(make_path);
 use File::Copy qw(mv);
 use File::Find;
 use Time::Piece;
+use Fcntl;
 use POSIX qw(:sys_wait_h);
 use Hash::Merge qw(merge);
 use YAML::XS qw(LoadFile);
@ -102,10 +104,24 @@ sub setup {
 sub process_template {
    my ($tt, $config, $input, $output) = @_;

+    # Set permissions for generated config based on the ones of the
+    # template, plus dropping all write permissions.
+    my $old_umask = umask 0222;
+    my $mode = (stat $input)[2];
+
    my $newfile = "$output.ngcpcfg-new";

-    open my $outfh, '>', $newfile
-        or error("Cannot open template new file $newfile: $!");
+    my $outfh;
+    if (!sysopen $outfh, $newfile, O_CREAT | O_EXCL | O_WRONLY, $mode) {
+        if ($! != EEXIST) {
+            error("Cannot open template new file $newfile: $!");
+        }
+        unlink $newfile
+            or error("Cannot remove template new file $newfile: $!");
+
+        sysopen $outfh, $newfile, O_CREAT | O_EXCL | O_WRONLY, $mode
+            or error("Cannot open template new file $newfile: $!");
+    }
    open my $infh, '<', $input
        or error("Cannot open file '$input' for reading: $!");
    $tt->process($infh, $config, $outfh)
@ -113,6 +129,9 @@ sub process_template {
    close $infh;
    close $outfh;

+    # Restore previous umask.
+    umask $old_umask;
+
    # XXX: Docker breaks sane Unix expectations when moving a file into
    # /etc/hosts, as it creates a bind mount on that pathname. We need to
    # use an implementation that will fallback to use copy semantics in
@ -179,17 +198,6 @@ sub process_input {
        info("Generating $output: OK");
    }

-    if (-l $output) {
-        warning("File $output is a symlink - NOT adjusting permissions");
-    } else {
-        # Set permissions for generated config based on the ones of the
-        # template, plus dropping all write permissions.
-        ## no critic (ValuesAndExpressions::ProhibitLeadingZeros)
-        my $mode = (stat $input)[2] & ~0222;
-
-        chmod $mode, $output;
-    }
-
    # Execute postbuild script.
    for my $postbuild ((
        "$input_dirname/$output_basename.postbuild",