Set permissions 0600 to generated profile when cloning

yast · Sep 24, 2020 · cf7a5c1 · cf7a5c1
1 parent ac10460
commit cf7a5c1
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 7 deletions.
diff --git a/src/lib/autoinstall/clients/clone_system.rb b/src/lib/autoinstall/clients/clone_system.rb
@@ -18,6 +18,7 @@
 # find current contact information at www.suse.com.
 
 require "yast"
+require "fileutils"
 
 require "autoinstall/entries/registry"
 
@@ -151,9 +152,11 @@ def clone_system(options)
             # always clone general
             Yast::ProductControl.clone_modules + ["general"]
           end
+
         Yast::AutoinstClone.Process(target: target)
         begin
           Yast::XML.YCPToXMLFile(:profile, Yast::Profile.current, filename)
+          ::FileUtils.chmod(0o600, filename)
         rescue Yast::XMLSerializationError => e
           log.error "Creation of XML failed with #{e.inspect}"
           Yast::Popup.Error(

diff --git a/test/lib/clients/clone_system_test.rb b/test/lib/clients/clone_system_test.rb
@@ -35,6 +35,7 @@
     let(:normal?) { true }
     let(:package_installed?) { true }
     let(:tmp_dir) { Dir.mktmpdir("YaST-") }
+    let(:profile_path) { File.join(tmp_dir, "autoinst.xml") }
     let(:profile_exists?) { false }
 
     before do
@@ -45,9 +46,12 @@
       allow(Yast::Installation).to receive(:restart_file)
         .and_return(File.join(tmp_dir, "restart_yast"))
       allow(Yast::AutoinstClone).to receive(:Process)
-      allow(Yast::XML).to receive(:YCPToXMLFile)
       allow(Yast::FileUtils).to receive(:Exists).and_call_original
       allow(Yast::FileUtils).to receive(:Exists).with(/autoinst.xml/).and_return(profile_exists?)
+      stub_const(
+        "Y2Autoinstallation::Clients::CloneSystem::DEFAULT_FILENAME",
+        File.join(tmp_dir, "autoinst.xml")
+      )
     end
 
     around(:each) do |example|
@@ -81,7 +85,7 @@
 
     describe "'modules' command" do
       let(:args) { ["modules"] }
-      let(:profile) { instance_double(Hash) }
+      let(:profile) { { "general" => { "mode" => { "confirm" => true } } } }
 
       before do
         allow(Yast::Profile).to receive(:current).and_return(profile)
@@ -98,9 +102,9 @@
           let(:continue?) { true }
 
           it "saves the profile to the given file" do
-            expect(Yast::XML).to receive(:YCPToXMLFile)
-              .with(:profile, profile, "/root/autoinst.xml")
             client.main
+            expect(File).to exist(profile_path)
+            expect(File.stat(profile_path).mode.to_s(8)).to eq("100600")
           end
         end
 
@@ -117,8 +121,9 @@
 
       it "clones and writes the profile to '/root/autoinst.xml'" do
         expect(Yast::AutoinstClone).to receive(:Process)
-        expect(Yast::XML).to receive(:YCPToXMLFile).with(:profile, profile, "/root/autoinst.xml")
         client.main
+        expect(File).to exist(profile_path)
+        expect(File.stat(profile_path).mode.to_s(8)).to eq("100600")
       end
 
       it "shows error popup if invalid object is found during serialization" do
@@ -130,12 +135,14 @@
       end
 
       context "when a filename is given" do
-        let(:args) { ["modules", "filename=/tmp/autoinst.xml"] }
+        let(:profile_path) { File.join(tmp_dir, "alternative.xml") }
+        let(:args) { ["modules", "filename=#{profile_path}"] }
 
         it "clones and writes the profile to the given file" do
           expect(Yast::AutoinstClone).to receive(:Process)
-          expect(Yast::XML).to receive(:YCPToXMLFile).with(:profile, profile, "/tmp/autoinst.xml")
           client.main
+          expect(File).to exist(profile_path)
+          expect(File.stat(profile_path).mode.to_s(8)).to eq("100600")
         end
       end