From 30193bdae098fb51cdbe0b3d771363b4cb01fdd7 Mon Sep 17 00:00:00 2001
From: Mark Verboom <mark@verboom.net>
Date: Thu, 7 Apr 2022 09:23:09 +0200
Subject: [PATCH] gencode-local now only uploads to remote and does no longer
 move to file to its final destination. This is now done from gencode-remote.
 This prevents issue's were a file used in a ssh configuration was uploaded
 and moved into place without final attributes. The second ssh session
 (setting the attributes) would then fail. Credits to Steven Armstrong for the
 final implementation.

---
 cdist/conf/type/__file/gencode-local  | 20 +++++++++++++-------
 cdist/conf/type/__file/gencode-remote |  5 +++++
 2 files changed, 18 insertions(+), 7 deletions(-)

diff --git a/cdist/conf/type/__file/gencode-local b/cdist/conf/type/__file/gencode-local
index 231b6927..2de20f49 100755
--- a/cdist/conf/type/__file/gencode-local
+++ b/cdist/conf/type/__file/gencode-local
@@ -89,10 +89,20 @@ if [ "$state_should" = "present" ] || [ "$state_should" = "exists" ]; then
       touch "$__object/files/set-attributes"
 
       # upload file to temp location
-      tempfile_template="${destination}.cdist.XXXXXXXXXX"
+      destination_upload="${destination}${__cdist_object_marker}"
       cat << DONE
-destination_upload="\$($__remote_exec $__target_host "mktemp $tempfile_template")"
+$__remote_exec $__target_host test -e "$destination_upload" && {
+   echo "Refusing to upload file to existing destination: $destination_upload" >&2
+   exit 1
+} || {
+   # Put a towel in place.
+   $__remote_exec $__target_host "umask 077; touch \"$destination_upload\""
+}
 DONE
+      # Tell gencode-remote that it has to move our file to its
+      # final destination.
+      touch "$__object/files/file-uploaded"
+
       if [ "$upload_file" ]; then
          echo upload >> "$__messages_out"
          # IPv6 fix
@@ -103,12 +113,8 @@ DONE
              my_target_host="${__target_host}"
          fi
          cat << DONE
-$__remote_copy "$source" "${my_target_host}:\$destination_upload"
+$__remote_copy "$source" "${my_target_host}:${destination_upload}"
 DONE
       fi
-# move uploaded file into place
-cat << DONE
-$__remote_exec $__target_host "rm -rf \"$destination\"; mv \"\$destination_upload\" \"$destination\""
-DONE
    fi
 fi
diff --git a/cdist/conf/type/__file/gencode-remote b/cdist/conf/type/__file/gencode-remote
index f7a528fd..f256b66e 100755
--- a/cdist/conf/type/__file/gencode-remote
+++ b/cdist/conf/type/__file/gencode-remote
@@ -62,6 +62,11 @@ set_mode() {
 
 case "$state_should" in
     present|exists)
+        if [ -f "$__object/files/file-uploaded" ]; then
+            # move uploaded file into place
+            printf 'rm -rf "%s"\n' "$destination"
+            printf 'mv "%s" "%s"\n' "${destination}${__cdist_object_marker}" "$destination"
+        fi
         # Note: Mode - needs to happen last as a chown/chgrp can alter mode by
         #  clearing S_ISUID and S_ISGID bits (see chown(2))
         for attribute in group owner mode; do