Elgato_dark/podman-desktop
1
0
Fork 0
mirror of https://github.com/podman-desktop/podman-desktop synced 2026-04-21 17:47:22 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

chore(registry-setup): writing auth.json should have proper permissions (#17103)

Browse source 
refactor(registry-setup): specify file mode

Signed-off-by: axel7083 <42176370+axel7083@users.noreply.github.com>
This commit is contained in:
axel7083 2026-04-20 19:33:05 +02:00 committed by GitHub
parent 57c18d1cfd
commit 67d62bcc36
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 29 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
extensions/podman/packages/extension/src/utils/registry-setup.spec.ts
View file

@ -17,7 +17,7 @@
***********************************************************************/ ***********************************************************************/
import * as fs from 'node:fs'; import * as fs from 'node:fs';
import { readFile, writeFile } from 'node:fs/promises'; import { chmod, readFile, writeFile } from 'node:fs/promises';
import * as extensionApi from '@podman-desktop/api'; import * as extensionApi from '@podman-desktop/api';
import { afterEach, beforeAll, beforeEach, expect, test, vi } from 'vitest'; import { afterEach, beforeAll, beforeEach, expect, test, vi } from 'vitest';
@ -38,6 +38,10 @@ export class TestRegistrySetup extends RegistrySetup {
updateRegistries(): Promise<void> { updateRegistries(): Promise<void> {
return super.updateRegistries(); return super.updateRegistries();
} }
publicWriteAuthFile(data: string): Promise<void> {
return super.writeAuthFile(data);
}
} }
let registrySetup: TestRegistrySetup; let registrySetup: TestRegistrySetup;
@ -239,3 +243,18 @@ test.each([
await vi.waitFor(() => expect(writeFile).toHaveBeenCalledTimes(timesCalled)); await vi.waitFor(() => expect(writeFile).toHaveBeenCalledTimes(timesCalled));
}); });
test('writeAuthFile should call writeFile and chmod with 0o600', async () => {
const data = JSON.stringify({ auth: {} });
const authJsonLocation = '/tmp/containers/auth.json';
const mockGetAuthFileLocation = vi.spyOn(registrySetup, 'getAuthFileLocation');
mockGetAuthFileLocation.mockReturnValue(authJsonLocation);
await registrySetup.publicWriteAuthFile(data);
expect(writeFile).toHaveBeenCalledWith(authJsonLocation, data, {
encoding: 'utf8',
mode: 0o600,
});
expect(chmod).toHaveBeenCalledWith(authJsonLocation, 0o600);
});

12
extensions/podman/packages/extension/src/utils/registry-setup.ts
View file

@ -17,7 +17,7 @@
***********************************************************************/ ***********************************************************************/
import * as fs from 'node:fs'; import * as fs from 'node:fs';
import { readFile, writeFile } from 'node:fs/promises'; import { chmod, readFile, writeFile } from 'node:fs/promises';
import * as os from 'node:os'; import * as os from 'node:os';
import * as path from 'node:path'; import * as path from 'node:path';
@ -205,7 +205,13 @@ export class RegistrySetup {
} }
} }
protected writeAuthFile(data: string): Promise<void> { protected async writeAuthFile(data: string): Promise<void> {
return writeFile(this.getAuthFileLocation(), data, 'utf8'); const path = this.getAuthFileLocation();
await writeFile(path, data, {
encoding: 'utf8',
mode: 0o600,
});
// writeFile is not updating the mode if the file already exist
await chmod(path, 0o600);
} }
} }