[pve-devel] [PATCH] fix #1427: Set file mode on uploaded templates/ISOs

Thomas Lamprecht t.lamprecht at proxmox.com
Wed Jun 12 17:24:21 CEST 2019


first, thanks for the patch, comments inline.

On 6/12/19 4:52 PM, Stefan Reiter wrote:
> Signed-off-by: Stefan Reiter <s.reiter at proxmox.com>
> ---
>  PVE/API2/Storage/Status.pm | 25 +++++++++++++++++++++----
>  1 file changed, 21 insertions(+), 4 deletions(-)
> 
> diff --git a/PVE/API2/Storage/Status.pm b/PVE/API2/Storage/Status.pm
> index 9a5a952..8649a7d 100644
> --- a/PVE/API2/Storage/Status.pm
> +++ b/PVE/API2/Storage/Status.pm
> @@ -369,7 +369,7 @@ __PACKAGE__->register_method ({
>  		type => 'string',
>  	    },
>  	    tmpfilename => { 
> -		description => "The source file name. This parameter is usually set by the REST handler. You can only overwrite it when connecting to the trustet port on localhost.",
> +		description => "The source file name. This parameter is usually set by the REST handler. You can only overwrite it when connecting to the trusted port on localhost.",
>  		type => 'string',
>  		optional => 1,
>  	    },
> @@ -427,10 +427,15 @@ __PACKAGE__->register_method ({
>  	my $dest = "$path/$filename";
>  	my $dirname = dirname($dest);
>  
> -	# we simply overwrite when destination when file already exists
> +	# we simply overwrite when destination file already exists
> +
> +	# default mode for $dest is 600, templates have default 644
> +	# let's keep them in sync
> +	my $mode_cmd = ['chmod', 'a+r', '--', PVE::Tools::shell_quote($dest)];
>  
>  	my $cmd;
>  	if ($node ne 'localhost' && $node ne PVE::INotify::nodename()) {
> +	    # remote node, execute commands over ssh

nit-pick: comment is not really necessary, i.e., what vs. why comment
and has not much to do with the patch here.

>  	    my $remip = PVE::Cluster::remote_node_ip($node);
>  
>  	    my @ssh_options = ('-o', 'BatchMode=yes');
> @@ -446,8 +451,9 @@ __PACKAGE__->register_method ({
>  
>  	    PVE::Tools::run_command([@remcmd, '/bin/mkdir', '-p', '--', PVE::Tools::shell_quote($dirname)],
>  				    errmsg => "mkdir failed");
> - 
> +
>  	    $cmd = ['/usr/bin/scp', @ssh_options, '--', $tmpfilename, "[$remip]:" . PVE::Tools::shell_quote($dest)];
> +	    $mode_cmd = [@remcmd, @$mode_cmd];

why not just pass "-p" to scp (maybe we want to use rsync anyway, but if,
that's best left for another patch to do), then it tries to preserve some
metadata like mtime/atime and modes, so we probably just would need to ensure
that $tmpfile is readable and we'd be good to go.. For this, one could use
perl's builtin "chmod"[0], so we save a additional SSH connection (always good,
their not really cheap) and a run_command in the non-proxied part..

[0]: https://perldoc.perl.org/functions/chmod.html


also, the 'apl_download' call in pve-manager Nodes API perl module
does no special chmod or the like, AFAIS, could you take a look what
happens there, i.e., why's the permission already OK there? Does
wget downloads it to a world-readable file already? (this is more
out of interests sake)

>  	} else {
>  	    PVE::Storage::activate_storage($cfg, $param->{storage});
>  	    File::Path::make_path($dirname);
> @@ -456,7 +462,7 @@ __PACKAGE__->register_method ({
>  
>  	my $worker = sub  {
>  	    my $upid = shift;
> -	    
> +
>  	    print "starting file import from: $tmpfilename\n";
>  	    print "target node: $node\n";
>  	    print "target file: $dest\n";
> @@ -468,6 +474,17 @@ __PACKAGE__->register_method ({
>  		unlink $dest;
>  		die $err;
>  	    }
> +
> +	    print "set file mode: " . join(' ', @$mode_cmd) . "\n";
> +
> +	    # set file mode
> +	    eval { PVE::Tools::run_command($mode_cmd, errmsg => 'chmod error'); };
> +	    if (my $err = $@) {
> +		# pve works with the default mode too, so this error has
> +		# "cosmetic" consequences only - hence we warn, not die

my motto: conciser comments are better comments, they tend to less clutter
the code and be read more often :-)

maybe something like:
# best effort, to match apl_download call from manager, only

(just as idea)

> +		warn $err;
> +	    }
> +
>  	    print "finished file import successfully\n";
>  	};
>  
> 





More information about the pve-devel mailing list