fix(content): make verified content completely read-only (#96)

The only non-corrupting modification to content stored in cacache is to delete it, and that requires write permission on the containing directory rather than on the file itself. Since no valid operations require write permissions on the content files, mark them as read-only so that the rest of the OS knows these files aren't meant to be written to. Fixes: #95 Signed-off-by: Ryan Graham <r.m.graham@gmail.com>
npm · Jun 1, 2017 · 4131196 · 4131196
1 parent 5e04eb7
commit 4131196
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/lib/util/move-file.js b/lib/util/move-file.js
@@ -2,6 +2,8 @@
 
 const fs = require('graceful-fs')
 const BB = require('bluebird')
+const chmod = BB.promisify(fs.chmod)
+const unlink = BB.promisify(fs.unlink)
 let move
 let pinflight
 
@@ -27,8 +29,11 @@ function moveFile (src, dest) {
           return cb(err)
         }
       }
-      return fs.unlink(src, cb)
+      return cb()
     })
+  }).then(() => {
+    // content should never change for any reason, so make it read-only
+    return BB.join(unlink(src), process.platform !== 'win32' && chmod(dest, '0444'))
   }).catch(err => {
     if (process.platform !== 'win32') {
       throw err