From nobody Tue Jul 29 12:49:12 2025 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4brwCF2df9z62xWD; Tue, 29 Jul 2025 12:49:13 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4brwCF09rhz3lWL; Tue, 29 Jul 2025 12:49:13 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1753793353; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=cVkCl1EriEukKfarAnqPub1Ck4nk+bj9zZ3FQOwbREE=; b=mo5demti8MJlyU6renm7s9NO82RWuqDFbhCG5QVeMkKsN0CwlSHjb/NrBpofmy2mISXlxk 5lj784d6fmNEtX1YWANq8g9Vg+UZqH9h/g8jKl9qzdnx/peIfBr7eF2ibj8aswW/R/MySQ /Uowr7EENwbpzLsbKtm/3hwVR668i8BGH+Nnw5wFnpcch8U6XMDs132gmK3f1qftJHUw62 mYK9+nmhjrpt5MbHTNgHjScNOlRMHhPv75VqOGuvQupI9aySeMpgoG3/sT3UR/WRHbh8mX +PYSA2RFGW7MF8yDrccVPZi7jKNwlRMo09OA01k/Kh3Nnt4xG20E/0uSglQC4g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1753793353; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=cVkCl1EriEukKfarAnqPub1Ck4nk+bj9zZ3FQOwbREE=; b=rKBRG7uTh3pLV5thVP8qlIhPJxNr8zlQ2d/TcwFM80YaPMnpozoXghjEGaXCHWfU5fGx0P lnuJw/OY9yQ8B+iUcTdPQOXEeUErL72vnKYbp5AME/yxrhMBKXNMooBL1HmmvaoquBtpP6 vXpDa3enuM7TX+7HyOYnxUWrc7k1WoboCqRwQCD6fYZrOxda1/2sBFEBgJRrMDoqm1FHa9 b5Setc7WZ6xVQl2XpK7Az7229MgEsinBnGJGo/U4ZxF1M8N4W5SOtNTKLJWZ0r2ytNICQt ALIuYEYRsPfTNzpRiB6BGnPlZc2LWnmsuAp2zXXJ9TVin7s7fVjiIhhG9/J+Dg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1753793353; a=rsa-sha256; cv=none; b=Rd+kbiLy4YwTk/Wc/pcuTvjN1vCsd6LAPo9B2f+i0GwAqifg84/NSN2Ll2EmAyqVXV9xP+ 1vtqALpD4oj72aEFEtzp1pW4mxrS0wSnHofCmlKUuRuakPVlihMQ5/08mk1/QE0KS5pTIo IDVKCWLpRuMICrtooRJN09erLPBauDgiyzVnn28LckHr4zlAGqexLTD9vn4O3MOFLjwrTZ vq+98db1yo2GUqA85N9vcVn0t9b8gsrbmzuH6NcuavVrq1inAAfmu/5+BBrl3b1vPFBgsg xL3KoEeAAJrP8iVBLIoWxOTed/jokEWdkF/mt9FzYpXHntz0uNMjRS6W0rHfxQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4brwCD6trjzXZf; Tue, 29 Jul 2025 12:49:12 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 56TCnCen033633; Tue, 29 Jul 2025 12:49:12 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 56TCnCTH033630; Tue, 29 Jul 2025 12:49:12 GMT (envelope-from git) Date: Tue, 29 Jul 2025 12:49:12 GMT Message-Id: <202507291249.56TCnCTH033630@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: bb4a12ff9ac0 - stable/14 - nuageinit: Add wrappers for chmod and chown List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: bb4a12ff9ac0feb05af7232c1ffc8e7cdd00f2dd Auto-Submitted: auto-generated The branch stable/14 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=bb4a12ff9ac0feb05af7232c1ffc8e7cdd00f2dd commit bb4a12ff9ac0feb05af7232c1ffc8e7cdd00f2dd Author: Mark Johnston AuthorDate: 2025-07-05 14:54:07 +0000 Commit: Mark Johnston CommitDate: 2025-07-29 12:08:32 +0000 nuageinit: Add wrappers for chmod and chown In the wrappers, check for errors and abort if one is raised. At some point it may be useful to have a mechanism to ignore errors, but I'm not sure yet how that should look. For chmod, let the mode be specified as an octal number, otherwise it's hard to understand what's happening. Note that this must be specified as a string, otherwise tonumber() will raise an error. Reviewed by: bapt MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D51159 (cherry picked from commit 667ef8875bad115d334a85c1023db0cf4d8379ba) --- libexec/nuageinit/nuage.lua | 35 +++++++++++++++++++++++++---------- libexec/nuageinit/nuageinit | 7 +++---- 2 files changed, 28 insertions(+), 14 deletions(-) diff --git a/libexec/nuageinit/nuage.lua b/libexec/nuageinit/nuage.lua index 11958e8b5cc2..493ae11d6ca7 100644 --- a/libexec/nuageinit/nuage.lua +++ b/libexec/nuageinit/nuage.lua @@ -56,6 +56,21 @@ local function errmsg(str, prepend) os.exit(1) end +local function chmod(path, mode) + local mode = tonumber(mode, 8) + local _, err, msg = sys_stat.chmod(path, mode) + if err then + errmsg("chmod(" .. path .. ", " .. mode .. ") failed: " .. msg) + end +end + +local function chown(path, owner, group) + local _, err, msg = unistd.chown(path, owner, group) + if err then + errmsg("chown(" .. path .. ", " .. owner .. ", " .. group .. ") failed: " .. msg) + end +end + local function dirname(oldpath) if not oldpath then return nil @@ -252,12 +267,12 @@ local function addsshkey(homedir, key) f:write(key .. "\n") f:close() if chownak then - sys_stat.chmod(ak_path, 384) - unistd.chown(ak_path, dirattrs.uid, dirattrs.gid) + chmod(ak_path, "0600") + chown(ak_path, dirattrs.uid, dirattrs.gid) end if chowndotssh then - sys_stat.chmod(dotssh_path, 448) - unistd.chown(dotssh_path, dirattrs.uid, dirattrs.gid) + chmod(dotssh_path, "0700") + chown(dotssh_path, dirattrs.uid, dirattrs.gid) end end @@ -296,10 +311,10 @@ local function addsudo(pwd) end f:close() if chmodsudoers then - sys_stat.chmod(sudoers, 416) + chmod(sudoers, "0640") end if chmodsudoersd then - sys_stat.chmod(sudoers, 480) + chmod(sudoers, "0740") end end @@ -521,16 +536,14 @@ local function addfile(file, defer) end f:close() if file.permissions then - -- convert from octal to decimal - local perm = tonumber(file.permissions, 8) - sys_stat.chmod(filepath, perm) + chmod(filepath, file.permissions) end if file.owner then local owner, group = string.match(file.owner, "([^:]+):([^:]+)") if not owner then owner = file.owner end - unistd.chown(filepath, owner, group) + chown(filepath, owner, group) end return true end @@ -538,6 +551,8 @@ end local n = { warn = warnmsg, err = errmsg, + chmod = chmod, + chown = chown, dirname = dirname, mkdir_p = mkdir_p, sethostname = sethostname, diff --git a/libexec/nuageinit/nuageinit b/libexec/nuageinit/nuageinit index 84133d4373c5..0fcdc7274db3 100755 --- a/libexec/nuageinit/nuageinit +++ b/libexec/nuageinit/nuageinit @@ -7,7 +7,6 @@ local nuage = require("nuage") local ucl = require("ucl") local yaml = require("lyaml") -local sys_stat = require("posix.sys.stat") if #arg ~= 2 then nuage.err("Usage: " .. arg[0] .. " ( | )", false) @@ -157,7 +156,7 @@ local function ssh_keys(obj) sshkey:close() end if keytype == "private" then - sys_stat.chmod(path, 384) + nuage.chmod(path, "0600") end end end @@ -281,7 +280,7 @@ local function runcmd(obj) end if f ~= nil then f:close() - sys_stat.chmod(root .. "/var/cache/nuageinit/runcmds", 493) + nuage.chmod(root .. "/var/cache/nuageinit/runcmds", "0755") end end @@ -503,5 +502,5 @@ if line == "#cloud-config" then end elseif line:sub(1, 2) == "#!" then -- delay for execution at rc.local time -- - sys_stat.chmod(root .. "/var/cache/nuageinit/user_data", 493) + nuage.chmod(root .. "/var/cache/nuageinit/user_data", "0755") end