diff --git a/bin/pungi-koji b/bin/pungi-koji index 1044ec1a..a0eba0e1 100755 --- a/bin/pungi-koji +++ b/bin/pungi-koji @@ -172,6 +172,7 @@ def main(): import pungi.checks if not pungi.checks.check(conf): sys.exit(1) + pungi.checks.check_umask(logger) if opts.target_dir: compose_dir = Compose.get_compose_dir(opts.target_dir, conf, compose_type=compose_type, compose_label=opts.label) diff --git a/pungi/checks.py b/pungi/checks.py index 6895b2ab..f0d8b5bc 100644 --- a/pungi/checks.py +++ b/pungi/checks.py @@ -102,6 +102,16 @@ def check(conf): return not fail +def check_umask(logger): + """Make sure umask is set to something reasonable. If not, log a warning.""" + mask = os.umask(0) + os.umask(mask) + + if mask > 0o022: + logger.warning('Unusually strict umask detected (0%03o), ' + 'expect files with broken permissions.', mask) + + def validate_options(conf, valid_options): errors = [] for i in valid_options: diff --git a/tests/test_checks.py b/tests/test_checks.py index a0a49e00..0e2a9e2b 100755 --- a/tests/test_checks.py +++ b/tests/test_checks.py @@ -143,5 +143,36 @@ class CheckDependenciesTestCase(unittest.TestCase): self.assertFalse(result) +class TestUmask(unittest.TestCase): + def setUp(self): + self.orig_umask = os.umask(0) + os.umask(self.orig_umask) + + def tearDown(self): + os.umask(self.orig_umask) + + def test_no_warning_with_0022(self): + os.umask(0o022) + logger = mock.Mock() + checks.check_umask(logger) + self.assertItemsEqual(logger.mock_calls, []) + + def test_no_warning_with_0000(self): + os.umask(0o000) + logger = mock.Mock() + checks.check_umask(logger) + self.assertItemsEqual(logger.mock_calls, []) + + def test_warning_with_0044(self): + os.umask(0o044) + logger = mock.Mock() + checks.check_umask(logger) + self.assertItemsEqual( + logger.mock_calls, + [mock.call.warning('Unusually strict umask detected (0%03o), ' + 'expect files with broken permissions.', 0o044)] + ) + + if __name__ == "__main__": unittest.main()