From a74173f9dd914ada84bd29fb627f0f2a212d87e8 Mon Sep 17 00:00:00 2001 From: Dmytro Shteflyuk Date: Tue, 2 Apr 2019 14:19:47 -0400 Subject: [PATCH 1/4] Fixing file permissions for bootsnap cache --- ext/bootsnap/bootsnap.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ext/bootsnap/bootsnap.c b/ext/bootsnap/bootsnap.c index 65d5a9d3..ed8ae52a 100644 --- a/ext/bootsnap/bootsnap.c +++ b/ext/bootsnap/bootsnap.c @@ -518,6 +518,10 @@ atomic_write_cache_file(char * path, struct bs_cache_key * key, VALUE data, char if (ret < 0) { *errno_provenance = (char *)"bs_fetch:atomic_write_cache_file:rename"; } + ret = chmod(path, 0664); + if (ret < 0) { + *errno_provenance = (char *)"bs_fetch:atomic_write_cache_file:chmod"; + } return ret; } From 88ceb7234040ab3bb521d1112c835ff339e67eee Mon Sep 17 00:00:00 2001 From: Dmytro Shteflyuk Date: Tue, 2 Apr 2019 14:34:47 -0400 Subject: [PATCH 2/4] Apply umask to cache files --- ext/bootsnap/bootsnap.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/ext/bootsnap/bootsnap.c b/ext/bootsnap/bootsnap.c index ed8ae52a..481ca107 100644 --- a/ext/bootsnap/bootsnap.c +++ b/ext/bootsnap/bootsnap.c @@ -74,6 +74,8 @@ static uint32_t current_ruby_platform; static uint32_t current_ruby_revision; /* Invalidates cache when RubyVM::InstructionSequence.compile_option changes */ static uint32_t current_compile_option_crc32 = 0; +/* Current umask */ +static mode_t current_umask; /* Bootsnap::CompileCache::{Native, Uncompilable} */ static VALUE rb_mBootsnap; @@ -142,6 +144,9 @@ Init_bootsnap(void) rb_define_module_function(rb_mBootsnap_CompileCache_Native, "coverage_running?", bs_rb_coverage_running, 0); rb_define_module_function(rb_mBootsnap_CompileCache_Native, "fetch", bs_rb_fetch, 3); rb_define_module_function(rb_mBootsnap_CompileCache_Native, "compile_option_crc32=", bs_compile_option_crc32_set, 1); + + current_umask = umask(0777); + umask(current_umask); } /* @@ -518,7 +523,7 @@ atomic_write_cache_file(char * path, struct bs_cache_key * key, VALUE data, char if (ret < 0) { *errno_provenance = (char *)"bs_fetch:atomic_write_cache_file:rename"; } - ret = chmod(path, 0664); + ret = chmod(path, 0664 & ~current_umask); if (ret < 0) { *errno_provenance = (char *)"bs_fetch:atomic_write_cache_file:chmod"; } From a40a1a192529e33a62a3816e8bf2dd844705229b Mon Sep 17 00:00:00 2001 From: Dmytro Shteflyuk Date: Tue, 2 Apr 2019 15:10:17 -0400 Subject: [PATCH 3/4] No need to close the file, since fd is -1 --- ext/bootsnap/bootsnap.c | 1 - 1 file changed, 1 deletion(-) diff --git a/ext/bootsnap/bootsnap.c b/ext/bootsnap/bootsnap.c index 481ca107..f605baf3 100644 --- a/ext/bootsnap/bootsnap.c +++ b/ext/bootsnap/bootsnap.c @@ -487,7 +487,6 @@ atomic_write_cache_file(char * path, struct bs_cache_key * key, VALUE data, char *errno_provenance = (char *)"bs_fetch:atomic_write_cache_file:mkpath"; return -1; } - close(fd); fd = open(tmp_path, O_WRONLY | O_CREAT, 0664); if (fd < 0) { *errno_provenance = (char *)"bs_fetch:atomic_write_cache_file:open"; From a66138b39ca49059c62019af6735cd55a675dc09 Mon Sep 17 00:00:00 2001 From: Dmytro Shteflyuk Date: Tue, 2 Apr 2019 15:10:50 -0400 Subject: [PATCH 4/4] When rename fails - do not try to chmod --- ext/bootsnap/bootsnap.c | 1 + 1 file changed, 1 insertion(+) diff --git a/ext/bootsnap/bootsnap.c b/ext/bootsnap/bootsnap.c index f605baf3..8475c456 100644 --- a/ext/bootsnap/bootsnap.c +++ b/ext/bootsnap/bootsnap.c @@ -521,6 +521,7 @@ atomic_write_cache_file(char * path, struct bs_cache_key * key, VALUE data, char ret = rename(tmp_path, path); if (ret < 0) { *errno_provenance = (char *)"bs_fetch:atomic_write_cache_file:rename"; + return -1; } ret = chmod(path, 0664 & ~current_umask); if (ret < 0) {