From f1e8bfb8a766035d2556066b5522c6a51a3df9d1 Mon Sep 17 00:00:00 2001 From: Evax Software Date: Tue, 15 May 2012 09:58:45 +0200 Subject: [PATCH 1/6] improve version printing when run from a checkout --- lib/cdist/__init__.py | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/lib/cdist/__init__.py b/lib/cdist/__init__.py index bd8e6483..3bde31ad 100644 --- a/lib/cdist/__init__.py +++ b/lib/cdist/__init__.py @@ -19,7 +19,17 @@ # # -VERSION = "2.0.9" +import os +import subprocess + +try: + with open(os.devnull, 'w') as devnull: + here = os.path.dirname(os.path.realpath(__file__)) + VERSION = subprocess.check_output( + 'cd "%s" && git describe' % here, + stderr=devnull, shell=True).decode('utf-8') +except: + VERSION = "2.0.9" BANNER = """ .. . .x+=:. s @@ -38,8 +48,6 @@ BANNER = """ DOT_CDIST = ".cdist" -import os - class Error(Exception): """Base exception class for this project""" pass From 67a95b50aae82d818b32fef3f1ca022158f12345 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Tue, 22 May 2012 16:01:03 +0200 Subject: [PATCH 2/6] cool solution for variable sending Signed-off-by: Nico Schottelius --- doc/dev/todo/TAKEME | 2 ++ 1 file changed, 2 insertions(+) diff --git a/doc/dev/todo/TAKEME b/doc/dev/todo/TAKEME index 11235f8a..87fc91c5 100644 --- a/doc/dev/todo/TAKEME +++ b/doc/dev/todo/TAKEME @@ -9,6 +9,8 @@ CORE - document and add paremeters for remote-copy and remote-exec! - remove hack, make a feature of it +- remove var=foo calls on remote side. Use -o SendEnv (yeah, see ssh_config(5)) + TESTS ----- - multiple defines of object: From 1b8b54f84fe6a23e531eb7a55528677b1fb18054 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Tue, 22 May 2012 17:21:58 +0200 Subject: [PATCH 3/6] use os.umask locally Signed-off-by: Nico Schottelius --- lib/cdist/exec/local.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/lib/cdist/exec/local.py b/lib/cdist/exec/local.py index d3c6a0ce..8c9ef209 100644 --- a/lib/cdist/exec/local.py +++ b/lib/cdist/exec/local.py @@ -60,6 +60,9 @@ class Local(object): self.log = logging.getLogger(self.target_host) + # Setup file permissions using umask + os.umask(0o700) + def create_directories(self): self.mkdir(self.out_path) self.mkdir(self.global_explorer_out_path) @@ -73,8 +76,7 @@ class Local(object): def mkdir(self, path): """Create directory on the local side.""" self.log.debug("Local mkdir: %s", path) - # FIXME: dont set mode here, fix unittest mkdtemp instead - os.makedirs(path, mode=0o700, exist_ok=True) + os.makedirs(path, exist_ok=True) def run(self, command, env=None, return_output=False): """Run the given command with the given environment. From e05c5e699c4b36ec7db99a7322f357a984c6bfaa Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Tue, 22 May 2012 17:24:58 +0200 Subject: [PATCH 4/6] always call umask 077 before doing stuff on the remote side Signed-off-by: Nico Schottelius --- lib/cdist/exec/remote.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lib/cdist/exec/remote.py b/lib/cdist/exec/remote.py index 11b8c78e..173d1984 100644 --- a/lib/cdist/exec/remote.py +++ b/lib/cdist/exec/remote.py @@ -105,6 +105,9 @@ class Remote(object): cmd = self._exec.split() cmd.append(self.target_host) + # Always call umask before actual call to ensure proper file permissions + cmd.append("umask 077;") + # can't pass environment to remote side, so prepend command with # variable declarations if env: From 612fb4cb7b070f0a4d988db08751c1db0a7b285b Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Tue, 22 May 2012 17:27:38 +0200 Subject: [PATCH 5/6] fix type and add fixme Signed-off-by: Nico Schottelius --- lib/cdist/exec/local.py | 2 +- lib/cdist/exec/remote.py | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/cdist/exec/local.py b/lib/cdist/exec/local.py index 8c9ef209..e510a8fb 100644 --- a/lib/cdist/exec/local.py +++ b/lib/cdist/exec/local.py @@ -61,7 +61,7 @@ class Local(object): self.log = logging.getLogger(self.target_host) # Setup file permissions using umask - os.umask(0o700) + os.umask(0o077) def create_directories(self): self.mkdir(self.out_path) diff --git a/lib/cdist/exec/remote.py b/lib/cdist/exec/remote.py index 173d1984..fb90939d 100644 --- a/lib/cdist/exec/remote.py +++ b/lib/cdist/exec/remote.py @@ -108,6 +108,7 @@ class Remote(object): # Always call umask before actual call to ensure proper file permissions cmd.append("umask 077;") + # FIXME: replace this by -o SendEnv name -o SendEnv name ... to ssh? # can't pass environment to remote side, so prepend command with # variable declarations if env: From 4017667952ad663b5c63a900f2ad93acd95ca7c5 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Tue, 22 May 2012 17:28:38 +0200 Subject: [PATCH 6/6] ++changes(2.0.11) Signed-off-by: Nico Schottelius --- doc/changelog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/doc/changelog b/doc/changelog index 63fcb6b0..d3202c70 100644 --- a/doc/changelog +++ b/doc/changelog @@ -4,6 +4,9 @@ Changelog * Changes are always commented with their author in (braces) * Exception: No braces means author == Nico Schottelius +2.0.11: + * Fix insecure file/directory creation: Use umask 077 + 2.0.10: 2012-05-18 * Cleanup __group: No getent gshadow in old Redhat, use groupmod -g (Matt Coddington)