From 67f1aefdb50dc7d994a470a98c1bc56c8f550f60 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Iv=C3=A1n=20SZKIBA?= Date: Fri, 30 Aug 2024 16:44:10 +0200 Subject: [PATCH] fix: file/directory permissions --- cmd/api.go | 32 ++++++++++++++++---------------- cmd/cmd.go | 8 +++++++- cmd/context.go | 5 ++--- cmd/lint.go | 4 ++-- releases/v0.1.15.md | 9 +++++++++ 5 files changed, 36 insertions(+), 22 deletions(-) create mode 100644 releases/v0.1.15.md diff --git a/cmd/api.go b/cmd/api.go index 69a1e7f..fa35a08 100644 --- a/cmd/api.go +++ b/cmd/api.go @@ -29,7 +29,7 @@ func writeAPI(registry k6registry.Registry, target string) error { func writeAPIGroupGlobal(registry k6registry.Registry, target string) error { filename := filepath.Join(target, "registry.schema.json") - if err := os.WriteFile(filename, k6registry.Schema, 0o600); err != nil { + if err := os.WriteFile(filename, k6registry.Schema, permFile); err != nil { return err } @@ -40,21 +40,21 @@ func writeAPIGroupGlobal(registry k6registry.Registry, target string) error { return err } - return os.WriteFile(filename, data, 0o600) + return os.WriteFile(filename, data, permFile) } //nolint:forbidigo func writeAPIGroupModule(registry k6registry.Registry, target string) error { base := filepath.Join(target, "module") - if err := os.MkdirAll(base, 0o750); err != nil { + if err := os.MkdirAll(base, permDir); err != nil { return err } for _, ext := range registry { dir := filepath.Join(base, ext.Module) - if err := os.MkdirAll(dir, 0o750); err != nil { + if err := os.MkdirAll(dir, permDir); err != nil { return err } @@ -66,7 +66,7 @@ func writeAPIGroupModule(registry k6registry.Registry, target string) error { return err } - err = os.WriteFile(filename, b, 0o600) + err = os.WriteFile(filename, b, permFile) if err != nil { return err } @@ -79,7 +79,7 @@ func writeAPIGroupModule(registry k6registry.Registry, target string) error { return err } - if err = os.WriteFile(filename, data, 0o600); err != nil { + if err = os.WriteFile(filename, data, permFile); err != nil { return err } } @@ -107,7 +107,7 @@ func writeAPIGroupSubset(registry k6registry.Registry, target string) error { func writeAPISubsetProduct(registry k6registry.Registry, target string) error { base := filepath.Join(target, "product") - if err := os.MkdirAll(base, 0o750); err != nil { + if err := os.MkdirAll(base, permDir); err != nil { return err } @@ -131,7 +131,7 @@ func writeAPISubsetProduct(registry k6registry.Registry, target string) error { return err } - err = os.WriteFile(filepath.Join(base, string(prod)+".json"), data, 0o600) + err = os.WriteFile(filepath.Join(base, string(prod)+".json"), data, permFile) if err != nil { return err } @@ -144,7 +144,7 @@ func writeAPISubsetProduct(registry k6registry.Registry, target string) error { func writeAPISubsetTier(registry k6registry.Registry, target string) error { base := filepath.Join(target, "tier") - if err := os.MkdirAll(base, 0o750); err != nil { + if err := os.MkdirAll(base, permDir); err != nil { return err } @@ -170,7 +170,7 @@ func writeAPISubsetTier(registry k6registry.Registry, target string) error { return err } - err = os.WriteFile(filepath.Join(base, string(tier)+".json"), data, 0o600) + err = os.WriteFile(filepath.Join(base, string(tier)+".json"), data, permFile) if err != nil { return err } @@ -183,7 +183,7 @@ func writeAPISubsetTier(registry k6registry.Registry, target string) error { func writeAPISubsetGrade(registry k6registry.Registry, target string) error { base := filepath.Join(target, "grade") - if err := os.MkdirAll(base, 0o750); err != nil { + if err := os.MkdirAll(base, permDir); err != nil { return err } @@ -213,7 +213,7 @@ func writeAPISubsetGrade(registry k6registry.Registry, target string) error { return err } - err = os.WriteFile(filepath.Join(base, string(grade)+".json"), data, 0o600) + err = os.WriteFile(filepath.Join(base, string(grade)+".json"), data, permFile) if err != nil { return err } @@ -226,7 +226,7 @@ func writeAPISubsetGrade(registry k6registry.Registry, target string) error { func writeAPISubsetGradePassing(registry k6registry.Registry, target string) error { base := filepath.Join(target, "grade", "passing") - if err := os.MkdirAll(base, 0o750); err != nil { + if err := os.MkdirAll(base, permDir); err != nil { return err } @@ -262,7 +262,7 @@ func writeAPISubsetGradePassing(registry k6registry.Registry, target string) err return err } - err = os.WriteFile(filepath.Join(base, string(grade)+".json"), data, 0o600) + err = os.WriteFile(filepath.Join(base, string(grade)+".json"), data, permFile) if err != nil { return err } @@ -275,7 +275,7 @@ func writeAPISubsetGradePassing(registry k6registry.Registry, target string) err func writeAPISubsetCategory(registry k6registry.Registry, target string) error { base := filepath.Join(target, "category") - if err := os.MkdirAll(base, 0o750); err != nil { + if err := os.MkdirAll(base, permDir); err != nil { return err } @@ -303,7 +303,7 @@ func writeAPISubsetCategory(registry k6registry.Registry, target string) error { return err } - err = os.WriteFile(filepath.Join(base, string(cat)+".json"), data, 0o600) + err = os.WriteFile(filepath.Join(base, string(cat)+".json"), data, permFile) if err != nil { return err } diff --git a/cmd/cmd.go b/cmd/cmd.go index 883f489..0c65ad6 100644 --- a/cmd/cmd.go +++ b/cmd/cmd.go @@ -5,6 +5,7 @@ import ( "context" _ "embed" "encoding/json" + "io/fs" "os" "github.com/spf13/cobra" @@ -77,7 +78,7 @@ func New() (*cobra.Command, error) { //nolint:forbidigo func run(ctx context.Context, args []string, opts *options) (result error) { if len(opts.api) != 0 { - if err := os.MkdirAll(opts.api, 0o750); err != nil { + if err := os.MkdirAll(opts.api, permDir); err != nil { return err } @@ -148,3 +149,8 @@ func run(ctx context.Context, args []string, opts *options) (result error) { return nil } + +const ( + permFile fs.FileMode = 0o644 + permDir fs.FileMode = 0o755 +) diff --git a/cmd/context.go b/cmd/context.go index d706c97..b5a2263 100644 --- a/cmd/context.go +++ b/cmd/context.go @@ -7,7 +7,6 @@ import ( "net/http" "os" "path/filepath" - "syscall" "time" "github.com/adrg/xdg" @@ -46,7 +45,7 @@ func newContext(ctx context.Context, appname string) (context.Context, error) { return nil, err } - err = os.MkdirAll(cacheDir, syscall.S_IWUSR|syscall.S_IRUSR|syscall.S_IXUSR) //nolint:forbidigo + err = os.MkdirAll(cacheDir, permDir) //nolint:forbidigo if err != nil { return nil, err } @@ -97,7 +96,7 @@ func cacheSubDir(ctx context.Context, subdir string) (string, error) { } dir := filepath.Join(base, subdir) - if err := os.MkdirAll(dir, syscall.S_IWUSR|syscall.S_IRUSR|syscall.S_IXUSR); err != nil { + if err := os.MkdirAll(dir, permDir); err != nil { return "", err } diff --git a/cmd/lint.go b/cmd/lint.go index dae51d7..fb8607f 100644 --- a/cmd/lint.go +++ b/cmd/lint.go @@ -51,7 +51,7 @@ func saveCompliance(ctx context.Context, module string, comp *k6lint.Compliance) filename := filepath.Join(base, module) + ".json" - if err := os.MkdirAll(filepath.Dir(filename), 0o750); err != nil { + if err := os.MkdirAll(filepath.Dir(filename), permDir); err != nil { return err } @@ -60,7 +60,7 @@ func saveCompliance(ctx context.Context, module string, comp *k6lint.Compliance) return err } - return os.WriteFile(filename, data, 0o600) + return os.WriteFile(filename, data, permFile) } //nolint:forbidigo diff --git a/releases/v0.1.15.md b/releases/v0.1.15.md new file mode 100644 index 0000000..77aad5d --- /dev/null +++ b/releases/v0.1.15.md @@ -0,0 +1,9 @@ +k6registry `v0.1.15` is here 🎉! + +This is an internal maintenance release. + +**Fix file/directory permissions** + +`golangci-lint` forces the file permission to be `0o600` and the directory permission to be `0o750`. When k6registry runs as a GitHub action, it runs as the root user, so accessing the generated files from the rest of the workflow is problematic. + +In the case of generated files, now the permission set to `0o644`, in the case of a direcotry to `0o755`.