You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@maven.apache.org by cs...@apache.org on 2023/01/11 06:57:48 UTC

[maven-resolver] branch master updated: [MRESOLVER-313] Wrong FS permissions on cached artifacts. (#234)

This is an automated email from the ASF dual-hosted git repository.

cstamas pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/maven-resolver.git


The following commit(s) were added to refs/heads/master by this push:
     new e6652134 [MRESOLVER-313] Wrong FS permissions on cached artifacts. (#234)
e6652134 is described below

commit e66521348e8544243f1e4d021486623724d8d38f
Author: Tamas Cservenak <ta...@cservenak.net>
AuthorDate: Wed Jan 11 07:57:43 2023 +0100

    [MRESOLVER-313] Wrong FS permissions on cached artifacts. (#234)
    
    Collocated temp file should NOT use Files.createTempFile as it uses 0600 perms and not relies implicitly on umask. For "randomized" name using very same technique as Files.createTempFile does under the hood.
    
    Remove one unjustified use of collocated temp file.
    
    ---
    
    https://issues.apache.org/jira/browse/MRESOLVER-313
---
 .../aether/connector/basic/ChecksumValidator.java  |  2 +-
 .../java/org/eclipse/aether/util/FileUtils.java    | 23 ++++++++++++++++------
 2 files changed, 18 insertions(+), 7 deletions(-)

diff --git a/maven-resolver-connector-basic/src/main/java/org/eclipse/aether/connector/basic/ChecksumValidator.java b/maven-resolver-connector-basic/src/main/java/org/eclipse/aether/connector/basic/ChecksumValidator.java
index 4835e986..92233622 100644
--- a/maven-resolver-connector-basic/src/main/java/org/eclipse/aether/connector/basic/ChecksumValidator.java
+++ b/maven-resolver-connector-basic/src/main/java/org/eclipse/aether/connector/basic/ChecksumValidator.java
@@ -181,7 +181,7 @@ final class ChecksumValidator
                 continue;
             }
             File checksumFile = getChecksumFile( checksumLocation.getChecksumAlgorithmFactory() );
-            try ( FileUtils.TempFile tempFile = FileUtils.newTempFile( checksumFile.toPath() ) )
+            try ( FileUtils.TempFile tempFile = FileUtils.newTempFile() )
             {
                 File tmp = tempFile.getPath().toFile();
                 try
diff --git a/maven-resolver-util/src/main/java/org/eclipse/aether/util/FileUtils.java b/maven-resolver-util/src/main/java/org/eclipse/aether/util/FileUtils.java
index 18cb2ab9..f12d5b82 100644
--- a/maven-resolver-util/src/main/java/org/eclipse/aether/util/FileUtils.java
+++ b/maven-resolver-util/src/main/java/org/eclipse/aether/util/FileUtils.java
@@ -24,6 +24,7 @@ import java.io.IOException;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.StandardCopyOption;
+import java.util.concurrent.ThreadLocalRandom;
 
 import static java.util.Objects.requireNonNull;
 
@@ -62,8 +63,12 @@ public final class FileUtils
     }
 
     /**
-     * Creates a {@link TempFile}. It will be in the default temporary-file directory. Returned instance should be
-     * handled in try-with-resource construct and created temp file is removed on close, if exists.
+     * Creates a {@link TempFile} instance and backing temporary file on file system. It will be located in the default
+     * temporary-file directory. Returned instance should be handled in try-with-resource construct and created
+     * temp file is removed (if exists) when returned instance is closed.
+     * <p>
+     * This method uses {@link Files#createTempFile(String, String, java.nio.file.attribute.FileAttribute[])} to create
+     * the temporary file on file system.
      */
     public static TempFile newTempFile() throws IOException
     {
@@ -85,17 +90,23 @@ public final class FileUtils
     }
 
     /**
-     * Creates a {@link TempFile} for given file. It will be in same directory where given file is, and will reuse its
-     * name for generated name. Returned instance should be handled in try-with-resource construct and created temp
-     * file once ready can be moved to passed in {@code file} parameter place.
+     * Creates a {@link CollocatedTempFile} instance for given file without backing file. The path will be located in
+     * same directory where given file is, and will reuse its name for generated (randomized) name. Returned instance
+     * should be handled in try-with-resource and created temp path is removed (if exists) when returned instance is
+     * closed. The {@link CollocatedTempFile#move()} makes possible to atomically replace passed in file with the
+     * processed content written into a file backing the {@link CollocatedTempFile} instance.
      * <p>
      * The {@code file} nor it's parent directories have to exist. The parent directories are created if needed.
+     * <p>
+     * This method uses {@link Path#resolve(String)} to create the temporary file path in passed in file parent
+     * directory, but it does NOT create backing file on file system.
      */
     public static CollocatedTempFile newTempFile( Path file ) throws IOException
     {
         Path parent = requireNonNull( file.getParent(), "file must have parent" );
         Files.createDirectories( parent );
-        Path tempFile = Files.createTempFile( parent, file.getFileName().toString(), "tmp" );
+        Path tempFile = parent.resolve( file.getFileName() + "."
+                + Long.toUnsignedString( ThreadLocalRandom.current().nextLong() ) + ".tmp" );
         return new CollocatedTempFile()
         {
             @Override