[checks] Add a check for too restrictive umask

If umask is set to something too high (>0022), a warning will be printed. It does not abort the compose though. Signed-off-by: Lubomír Sedlář <lsedlar@redhat.com>
2016-03-31 09:45:50 +02:00 · 2016-03-31 09:45:50 +02:00 · 490514e263
parent 69316d827a
commit 490514e263
3 changed files with 42 additions and 0 deletions
--- a/bin/pungi-koji
+++ b/bin/pungi-koji
@ -172,6 +172,7 @@ def main():
    import pungi.checks
    if not pungi.checks.check(conf):
        sys.exit(1)
+    pungi.checks.check_umask(logger)

    if opts.target_dir:
        compose_dir = Compose.get_compose_dir(opts.target_dir, conf, compose_type=compose_type, compose_label=opts.label)
--- a/pungi/checks.py
+++ b/pungi/checks.py
@ -102,6 +102,16 @@ def check(conf):
    return not fail


+def check_umask(logger):
+    """Make sure umask is set to something reasonable. If not, log a warning."""
+    mask = os.umask(0)
+    os.umask(mask)
+
+    if mask > 0o022:
+        logger.warning('Unusually strict umask detected (0%03o), '
+                       'expect files with broken permissions.', mask)
+
+
 def validate_options(conf, valid_options):
    errors = []
    for i in valid_options:
--- a/tests/test_checks.py
+++ b/tests/test_checks.py
@ -143,5 +143,36 @@ class CheckDependenciesTestCase(unittest.TestCase):
        self.assertFalse(result)


+class TestUmask(unittest.TestCase):
+    def setUp(self):
+        self.orig_umask = os.umask(0)
+        os.umask(self.orig_umask)
+
+    def tearDown(self):
+        os.umask(self.orig_umask)
+
+    def test_no_warning_with_0022(self):
+        os.umask(0o022)
+        logger = mock.Mock()
+        checks.check_umask(logger)
+        self.assertItemsEqual(logger.mock_calls, [])
+
+    def test_no_warning_with_0000(self):
+        os.umask(0o000)
+        logger = mock.Mock()
+        checks.check_umask(logger)
+        self.assertItemsEqual(logger.mock_calls, [])
+
+    def test_warning_with_0044(self):
+        os.umask(0o044)
+        logger = mock.Mock()
+        checks.check_umask(logger)
+        self.assertItemsEqual(
+            logger.mock_calls,
+            [mock.call.warning('Unusually strict umask detected (0%03o), '
+                               'expect files with broken permissions.', 0o044)]
+        )
+
+
 if __name__ == "__main__":
    unittest.main()