From 1fb192e65708cc84b77acf703b7017e1f5b470da Mon Sep 17 00:00:00 2001 From: Flavio Poletti Date: Wed, 3 Dec 2014 13:29:01 +0100 Subject: [PATCH] changed default working directory and set permissions for temp dir --- deployable | 31 ++++++++++++++++++------------- remote | 16 +++++++++++++--- 2 files changed, 31 insertions(+), 16 deletions(-) diff --git a/deployable b/deployable index b24d5d5..0090395 100755 --- a/deployable +++ b/deployable @@ -45,6 +45,8 @@ GetOptions( root|r=s@ rootdir|R=s@ tar|t=s + tarfile|F=s@ + tempdir-mode|m=s workdir|work-directory|deploy-directory|w=s ), ); @@ -85,17 +87,6 @@ binmode $out_fh; # with __END__, so that all what comes next is data print {$out_fh} get_remote_script(); -# If a tarfile was given, simply put it and exit -if (@{$config{tarfile}}) { - croak "UNSUPPORTED"; - open my $fh, '<', $config{tarfile} - or croak "open('$config{tarfile}'): $OS_ERROR"; - print {$out_fh} <$fh>; - close $fh; - close $out_fh; - exit 0; -} ## end if (@{$config{tarfile}... - # Where all the data will be kept print_configuration($out_fh, \%config); @@ -141,7 +132,7 @@ sub print_here_stuff { '.' => \@ARGV, map { $_ => [ '.' ] } @{$config->{heredir}} ); - + print {$fh} header(name => 'here', size => $ai->size()), "\n"; $ai->copy_to($fh); print {$fh} "\n\n"; @@ -611,6 +602,10 @@ you want to deploy directly under the root. Set the system C program to use. +=item B<< --tempdir-mode | -m >> + +set default permissions for temporary directory of deployable script + =item B<< --workdir | --deploy-directory | -w >> Set the working directory for the deploy. @@ -632,7 +627,7 @@ configurations themselves. The I has options itself, even if they are quite minimal. In particular, it supports the same options C<--workdir|-w> and C<--cleanup> described above, allowing the final user to override the -configured values. By default, the I is set to C +configured values. By default, the I is set to C and the script will clean up after itself. The following options are supported in the I: @@ -706,6 +701,16 @@ by default a temporary directory is created (same as specifying C<--tempdir>), but you can execute directly in the workdir (see below) without creating it. +=item B<< --tempdir-mode | -m >> + +temporary directories (see C<--tempdir>) created by File::Temp have +permission 600 that prevents group/others from even looking at the +contents. You might want to invoke some of the internal scripts +from another user (e.g. via C), so you can pass a mode to be +set on the temporary directory. + +Works only if C<--tempdir> is active. + =item B<--workdir | --work-directory | --deploy-directory | -w> working base directory (a temporary subdirectory will be created diff --git a/remote b/remote index 9ca6183..4bef8a6 100755 --- a/remote +++ b/remote @@ -17,7 +17,7 @@ use Fcntl qw( :seek ); # *** NOTE *** LEAVE EMPTY LINE ABOVE my %default_config = ( # default values - workdir => '/tmp/our-deploy', + workdir => '/tmp', cleanup => 1, 'no-exec' => 0, tempdir => 1, @@ -49,6 +49,7 @@ if ($ENV{DEPLOYABLE_DISABLE_PASSTHROUGH} || (! $config{passthrough})) { show|show-options|s! tar|t=s tempdir! + tempdir-mode|m=s verbose! workdir|work-directory|deploy-directory|w=s ), @@ -110,9 +111,15 @@ print {*STDERR} "### Got into working directory '$config{workdir}'\n\n" my $tempdir; if ($config{'tempdir'}) { # Only if allowed + my $me = basename(__FILE__) || 'deploy'; my $now = strftime('%Y-%m-%d_%H-%M-%S', localtime); - $tempdir = - tempdir($now . 'X' x 10, DIR => '.', CLEANUP => $config{cleanup}); + $tempdir = tempdir(join('-', $me, $now, ('X' x 10)), + DIR => '.', CLEANUP => $config{cleanup}); + + if ($config{'tempdir-mode'}) { + chmod oct($config{'tempdir-mode'}), $tempdir + or die "chmod('$tempdir'): $OS_ERROR\n"; + } chdir $tempdir or die "chdir('$tempdir'): $OS_ERROR\n"; @@ -316,6 +323,9 @@ present configuration (except in "--show-options"): '--tempdir'), but you can execute directly in the workdir (see below) without creating it. +* --tempdir-mode | -m + set permissions of temporary directory (octal string) + * --workdir | --work-directory | --deploy-directory | -w working base directory (a temporary subdirectory will be created there anyway) -- 2.11.4.GIT