Check module_path permissions when creating ssh_wrapper for git
If the module directory is not writable/executable to the current user (most likely because of a sudo to a non-root user), the ssh_wrapper will be created in the default location for mkstemp() calls. To facilitate the deletion of these new files, a new mechanism for cleaning up files created by the module was also added. Fixes #7375
This commit is contained in:
James Cammarata
parent
5ae08e1699
commit
31250905e9
1 changed files with 10 additions and 1 deletions
|
|
@ -181,7 +181,15 @@ def get_submodule_update_params(module, git_path, cwd):
|
||||||
|
|
||||||
def write_ssh_wrapper():
|
def write_ssh_wrapper():
|
||||||
module_dir = get_module_path()
|
module_dir = get_module_path()
|
||||||
fd, wrapper_path = tempfile.mkstemp(prefix=module_dir + '/')
|
try:
|
||||||
|
# make sure we have full permission to the module_dir, which
|
||||||
|
# may not be the case if we're sudo'ing to a non-root user
|
||||||
|
if os.access(module_dir, os.W_OK|os.R_OK|os.X_OK):
|
||||||
|
fd, wrapper_path = tempfile.mkstemp(prefix=module_dir + '/')
|
||||||
|
else:
|
||||||
|
raise OSError
|
||||||
|
except (IOError, OSError):
|
||||||
|
fd, wrapper_path = tempfile.mkstemp()
|
||||||
fh = os.fdopen(fd, 'w+b')
|
fh = os.fdopen(fd, 'w+b')
|
||||||
template = """#!/bin/sh
|
template = """#!/bin/sh
|
||||||
if [ -z "$GIT_SSH_OPTS" ]; then
|
if [ -z "$GIT_SSH_OPTS" ]; then
|
||||||
|
|
@ -505,6 +513,7 @@ def main():
|
||||||
if key_file or ssh_opts:
|
if key_file or ssh_opts:
|
||||||
ssh_wrapper = write_ssh_wrapper()
|
ssh_wrapper = write_ssh_wrapper()
|
||||||
set_git_ssh(ssh_wrapper, key_file, ssh_opts)
|
set_git_ssh(ssh_wrapper, key_file, ssh_opts)
|
||||||
|
module.add_cleanup_file(path=ssh_wrapper)
|
||||||
|
|
||||||
# add the git repo's hostkey
|
# add the git repo's hostkey
|
||||||
if module.params['ssh_opts'] is not None:
|
if module.params['ssh_opts'] is not None:
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue