From nobody Sat Jul 05 14:55:26 2025 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4bZD7y6j7hz610cZ; Sat, 05 Jul 2025 14:55:26 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4bZD7y50Gkz3xBT; Sat, 05 Jul 2025 14:55:26 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1751727326; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=FdVU6VkGkKPVtp4XNt7f+aWzSa+GfMjxmxecU8thRj0=; b=CYI4AnWCrgXSAgxHbvpV0tGKuCaclJVr+l1NyAr8L+oV5FPTY3vL9dzNez3tqzhBQTf+QP qVVAXr4re5bdIJk6crrYwdhdw/v7ffpBZ7zYMb3A8G1eeJBrTRx4MLeI9Z7BAReyABLzJZ oepEnJZHAslIqsUTlMfHvuuRdrH7VoWQ42SCHO6PhRPL6pkis/CL/2JRSoYaRuPaYaEnrJ /h0FbvcqnyhsPIxrJz0jN14e68SobR1SeiZfFgdPEM5MNPyA35D8BhUucv93A7kIqKsTJ1 PnPaWBtqDDnsy8z9WI5FOXROUeg7725mFX+bXh4GJgZIxN2G7pYMBntYKOw1NQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1751727326; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=FdVU6VkGkKPVtp4XNt7f+aWzSa+GfMjxmxecU8thRj0=; b=LhwHwYbPctYaPJVzjI3cKqZ1Wqx8021/nMGdfL+wWVvl3d56auhWaCwr1PCQos4GTTpf4g Ca0/6QgBJZ6bOJdtBzNkdk2Jem3Ejjl/5d2+IKvPFED5T8I3yWnf/L7d/jv1yBW4v8zGEs 17NeEPblbExwt34VZ8wQUrygLu+OKpirLXFeJiPycEBrIMWM4fXffNzuukWdtdFW6fLYFt vX+Bx5F0rNgm//jxZAOl/nqLGxzrhZKwdZCVydtEElkj39pMSbEWZTqy0v46+NQrWeersJ EGnouBMxqTf6gRmuBIEB7ctO1b0COENKLlWFUp53aYVcGenTdEIBBKMqtfkTVw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1751727326; a=rsa-sha256; cv=none; b=pZM3HGtRWdC7fM6r/q3WBZiyY2VN/sJmL62fwMYqxTfe2tvTQCIcu6DIwy/g7dMZitMq7L YgkVyoWBPYPZZ+aCGcznadDrH8gbang90NqEAYxWwUbDBHEwZ3ZCQg384lWU3zAdngdYML x4HLcH+dGIuNYNBXeR2bo7239tMaRTxh+Vx1wEilO4e29t5aI+1IS9GOmcvq/ZABM4I8S2 tyIcme4CNFVCHRcYDfnTCpnypKSo9PttTYWiG71AxAVZUjEGtUmVJ1kAocRMcrmkfSVE1m ZmcRorjCETTThxVoygf/WbdiIGG2mpMtwkZln5R5y9VB5zFmS3meYk7OjfHs8w== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4bZD7y3WGSzgtP; Sat, 05 Jul 2025 14:55:26 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 565EtQ9H083030; Sat, 5 Jul 2025 14:55:26 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 565EtQf9083027; Sat, 5 Jul 2025 14:55:26 GMT (envelope-from git) Date: Sat, 5 Jul 2025 14:55:26 GMT Message-Id: <202507051455.565EtQf9083027@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Mark Johnston Subject: git: 667ef8875bad - main - nuageinit: Add wrappers for chmod and chown List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 667ef8875bad115d334a85c1023db0cf4d8379ba Auto-Submitted: auto-generated The branch main has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=667ef8875bad115d334a85c1023db0cf4d8379ba commit 667ef8875bad115d334a85c1023db0cf4d8379ba Author: Mark Johnston AuthorDate: 2025-07-05 14:54:07 +0000 Commit: Mark Johnston CommitDate: 2025-07-05 14:54:07 +0000 nuageinit: Add wrappers for chmod and chown In the wrappers, check for errors and abort if one is raised. At some point it may be useful to have a mechanism to ignore errors, but I'm not sure yet how that should look. For chmod, let the mode be specified as an octal number, otherwise it's hard to understand what's happening. Note that this must be specified as a string, otherwise tonumber() will raise an error. Reviewed by: bapt MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D51159 --- libexec/nuageinit/nuage.lua | 35 +++++++++++++++++++++++++---------- libexec/nuageinit/nuageinit | 7 +++---- 2 files changed, 28 insertions(+), 14 deletions(-) diff --git a/libexec/nuageinit/nuage.lua b/libexec/nuageinit/nuage.lua index 11958e8b5cc2..493ae11d6ca7 100644 --- a/libexec/nuageinit/nuage.lua +++ b/libexec/nuageinit/nuage.lua @@ -56,6 +56,21 @@ local function errmsg(str, prepend) os.exit(1) end +local function chmod(path, mode) + local mode = tonumber(mode, 8) + local _, err, msg = sys_stat.chmod(path, mode) + if err then + errmsg("chmod(" .. path .. ", " .. mode .. ") failed: " .. msg) + end +end + +local function chown(path, owner, group) + local _, err, msg = unistd.chown(path, owner, group) + if err then + errmsg("chown(" .. path .. ", " .. owner .. ", " .. group .. ") failed: " .. msg) + end +end + local function dirname(oldpath) if not oldpath then return nil @@ -252,12 +267,12 @@ local function addsshkey(homedir, key) f:write(key .. "\n") f:close() if chownak then - sys_stat.chmod(ak_path, 384) - unistd.chown(ak_path, dirattrs.uid, dirattrs.gid) + chmod(ak_path, "0600") + chown(ak_path, dirattrs.uid, dirattrs.gid) end if chowndotssh then - sys_stat.chmod(dotssh_path, 448) - unistd.chown(dotssh_path, dirattrs.uid, dirattrs.gid) + chmod(dotssh_path, "0700") + chown(dotssh_path, dirattrs.uid, dirattrs.gid) end end @@ -296,10 +311,10 @@ local function addsudo(pwd) end f:close() if chmodsudoers then - sys_stat.chmod(sudoers, 416) + chmod(sudoers, "0640") end if chmodsudoersd then - sys_stat.chmod(sudoers, 480) + chmod(sudoers, "0740") end end @@ -521,16 +536,14 @@ local function addfile(file, defer) end f:close() if file.permissions then - -- convert from octal to decimal - local perm = tonumber(file.permissions, 8) - sys_stat.chmod(filepath, perm) + chmod(filepath, file.permissions) end if file.owner then local owner, group = string.match(file.owner, "([^:]+):([^:]+)") if not owner then owner = file.owner end - unistd.chown(filepath, owner, group) + chown(filepath, owner, group) end return true end @@ -538,6 +551,8 @@ end local n = { warn = warnmsg, err = errmsg, + chmod = chmod, + chown = chown, dirname = dirname, mkdir_p = mkdir_p, sethostname = sethostname, diff --git a/libexec/nuageinit/nuageinit b/libexec/nuageinit/nuageinit index 84133d4373c5..0fcdc7274db3 100755 --- a/libexec/nuageinit/nuageinit +++ b/libexec/nuageinit/nuageinit @@ -7,7 +7,6 @@ local nuage = require("nuage") local ucl = require("ucl") local yaml = require("lyaml") -local sys_stat = require("posix.sys.stat") if #arg ~= 2 then nuage.err("Usage: " .. arg[0] .. " ( | )", false) @@ -157,7 +156,7 @@ local function ssh_keys(obj) sshkey:close() end if keytype == "private" then - sys_stat.chmod(path, 384) + nuage.chmod(path, "0600") end end end @@ -281,7 +280,7 @@ local function runcmd(obj) end if f ~= nil then f:close() - sys_stat.chmod(root .. "/var/cache/nuageinit/runcmds", 493) + nuage.chmod(root .. "/var/cache/nuageinit/runcmds", "0755") end end @@ -503,5 +502,5 @@ if line == "#cloud-config" then end elseif line:sub(1, 2) == "#!" then -- delay for execution at rc.local time -- - sys_stat.chmod(root .. "/var/cache/nuageinit/user_data", 493) + nuage.chmod(root .. "/var/cache/nuageinit/user_data", "0755") end