Comments (8)
Original comment by @hpk42
I think i agree. Note quite sure at the moment, why 0600 is used, btw.
from devpi.
Original comment by @AvdN
My first guess would be that this is the default for starting a service (probably along with double forking and chdir("/"). If you want I can investigate where that comes from.
from devpi.
Original comment by @hpk42
Ah ok, that devpi-server creating 0600 files is running under supervisor control? That might explain it. Haven't looked into according defaults.
from devpi.
Original comment by @AvdN
The automatic server has the same behaviour, so it is not supervisor specific, but probably the way the server starts and spawns itself.
from devpi.
Original comment by @hpk42
be more careful about os.umask
call, addresses issue6
→ <<cset 4e1d6efcb893>>
from devpi.
Original comment by @AvdN
This is probably caused by the use of tempfile.NamedTemporaryFile ( it calls tempfile._mkstemp_inner() which hardcodes the file permission to 0600 ).
In keyfs.py TypedKey.move() just os.renames that file, without looking at the file permissions.
I still think all keyfs generated data should be 644 except for the toplevel directory.
from devpi.
Original comment by @hpk42
Thanks for finding this out. I think we should use the current umask of the process instead of 0600. Could you provide a PR for that?
The default of NamedTemporaryFile of 0600 is probably because usually such files are created in global temp directories and thus the mask prohibits other users from messing around. We are using our own controled subdir so that logic doesn't apply.
from devpi.
Original comment by @AvdN
Fixed in https://bitbucket.org/hpk42/devpi/commits/4ac05c2f2c1023b89a1eabe8c602117d4c52a344
from devpi.
Related Issues (20)
- I found that using devpi cannot upgrade the pip version to 23.1.2 HOT 7
- Warn about changing mirror_url
- How do I know which packages I have already downloaded? HOT 1
- [devpi-server] Is there a way to fallback to a secondary mirror-url? HOT 3
- Failed to establish a new connection: [Errno -3] Temporary failure in name resolution'))"))): using stale projects list HOT 12
- bad use of css in documentation inframe when used behind nginx HOT 5
- devpi test not working on Python 3.11.4 HOT 14
- Total open connections reached the connection limit HOT 1
- Pluggy's update broke devpi HOT 7
- devpi can install package that is not in mirror_whitelist HOT 15
- Give obvious warning if version file is included in uploaded package HOT 2
- Support basic auth for mirrors via a plugin HOT 1
- upload large WHL files HOT 7
- Support PEP-691: JSON response to the `/simple` API endpoint HOT 4
- devpi web; feature: reference older version's docs? HOT 2
- forgot the root password,how to reset the root password HOT 2
- pytest-flake8 is abandoned
- Support for newer packaging HOT 2
- AttributeError: type object 'PersistentCurrent' has no attribute 'auth' HOT 3
- Mirroring fails for packages with hashes other than sha256 HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from devpi.