5 changed files with 117 additions and 18 deletions
--- a/0001-saveconfig-copy-temp-configfile-with-permissions.patch
+++ b/0001-saveconfig-copy-temp-configfile-with-permissions.patch
@ -0,0 +1,53 @@
 From b23d061ee0fa7924d2cdce6194c313b9ee06c468 Mon Sep 17 00:00:00 2001
 From: Prasanna Kumar Kalever <prasanna.kalever@redhat.com>
 Date: Thu, 28 May 2020 20:42:16 +0530
 Subject: [PATCH] saveconfig: copy temp configfile with permissions
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
 shutil.copyfile() will not copy permissions, so all the perms that we
 set on tempfile will go for a toss, and will be reset to default
 ┌──────────────────┬────────┬───────────┬───────┬────────────────┐
 │     Function     │ Copies │   Copies  │Can use│   Destination  │
 │                  │metadata│permissions│buffer │may be directory│
 ├──────────────────┼────────┼───────────┼───────┼────────────────┤
 │shutil.copy       │   No   │    Yes    │   No  │      Yes       │
 │shutil.copyfile   │   No   │     No    │   No  │       No       │
 │shutil.copy2      │  Yes   │    Yes    │   No  │      Yes       │
 │shutil.copyfileobj│   No   │     No    │  Yes  │       No       │
 └──────────────────┴────────┴───────────┴───────┴────────────────┘
 Without this fix:
 ----------------
 $ ls /etc/target/saveconfig.json -l
 -rw-r--r-- 1 root root 5078 May 28 20:01 /etc/target/saveconfig.json
 With this fix:
 --------------
 $ ls /etc/target/saveconfig.json -l
 -rw------- 1 root root 5078 May 28 20:15 /etc/target/saveconfig.json
 Signed-off-by: Prasanna Kumar Kalever <prasanna.kalever@redhat.com>
 ---
 rtslib/root.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
 diff --git a/rtslib/root.py b/rtslib/root.py
 index a101edd..7364154 100644
 --- a/rtslib/root.py
 +++ b/rtslib/root.py
@@ -486,7 +486,8 @@ class RTSRoot(CFSNode):
             os.fsync(f.fileno())
             f.close()
 -        shutil.copyfile(tmp_file, save_file)
 +        # copy along with permissions
 +        shutil.copy(tmp_file, save_file)
         os.remove(tmp_file)
     def restore_from_file(self, restore_file=None, clear_existing=True,
 -- 
 1.8.3.1
--- a/0002-saveconfig-open-the-temp-configfile-with-modes-set.patch
+++ b/0002-saveconfig-open-the-temp-configfile-with-modes-set.patch
@ -0,0 +1,46 @@
 From dffcf83bead64e959505d64ad587768647caab3a Mon Sep 17 00:00:00 2001
 From: Prasanna Kumar Kalever <prasanna.kalever@redhat.com>
 Date: Thu, 28 May 2020 19:53:04 +0530
 Subject: [PATCH] saveconfig: open the temp configfile with modes set
 Fixes: #161
 Signed-off-by: Prasanna Kumar Kalever <prasanna.kalever@redhat.com>
 ---
 rtslib/root.py | 21 +++++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)
 diff --git a/rtslib/root.py b/rtslib/root.py
 index afe1a53..a101edd 100644
 --- a/rtslib/root.py
 +++ b/rtslib/root.py
@@ -461,8 +461,25 @@ class RTSRoot(CFSNode):
         tmp_file = save_file + ".temp"
 -        with open(tmp_file, "w+") as f:
 -            os.fchmod(f.fileno(), stat.S_IRUSR | stat.S_IWUSR)
 +        mode = stat.S_IRUSR | stat.S_IWUSR  # 0o600
 +        umask = 0o777 ^ mode  # Prevents always downgrading umask to 0
 +
 +        # For security, remove file with potentially elevated mode
 +        try:
 +            os.remove(tmp_file)
 +        except OSError:
 +            pass
 +
 +        umask_original = os.umask(umask)
 +        # Even though the old file is first deleted, a race condition is still
 +        # possible. Including os.O_EXCL with os.O_CREAT in the flags will
 +        # prevent the file from being created if it exists due to a race
 +        try:
 +            fdesc = os.open(tmp_file, os.O_WRONLY | os.O_CREAT | os.O_EXCL, mode)
 +        finally:
 +            os.umask(umask_original)
 +
 +        with os.fdopen(fdesc, 'w+') as f:
             f.write(json.dumps(saveconf, sort_keys=True, indent=2))
             f.write("\n")
             f.flush()
 -- 
 1.8.3.1
--- a/python-rtslib.spec
+++ b/python-rtslib.spec
@ -1,13 +1,17 @@
 %bcond_with python3
 %global oname rtslib-fb
 Name: python-rtslib
-Version: 2.1.75
+Version: 2.1.70
-Release: 1
+Release: 6
 Summary: Python object API for Linux kernel LIO SCSI target
 License: ASL 2.0
 URL: https://github.com/open-iscsi/%{oname}
 Source0: %{url}/archive/v%{version}/%{oname}-%{version}.tar.gz
 Patch1: 0001-saveconfig-copy-temp-configfile-with-permissions.patch
 Patch2: 0002-saveconfig-open-the-temp-configfile-with-modes-set.patch
 BuildArch: noarch
 BuildRequires: systemd-units
@ -23,21 +27,24 @@ Obsoletes: python-rtslib-doc
 which includes the 'target' service and targetctl tool for restoring
 configuration.
 %if %{with python3}
 %package -n python3-rtslib
 Summary: Python3 object API for Linux kernel LIO SCSI target
 BuildRequires: python3-devel, python3-setuptools
 Requires: python3-kmod, python3-six, python3-pyudev
 %{?python_provide:%python_provide python3-rtslib}
 provides: python3-%{oname}
 %description -n python3-rtslib
 python3-rtslib is a python object API for generic Linux SCSI kernel
 target which includes the 'target' service and targetctl tool for
 restoring configuration.
 %endif
 %package -n target-restore
 Summary: Systemd service for targetcli/rtslib
 %if %{with python3}
 Requires: python3-rtslib = %{version}-%{release}
 %endif
 %description -n target-restore
 Systemd service to restore the LIO kernel target settings on system
@ -48,21 +55,27 @@ restart.
 %prep
 %autosetup -n %{oname}-%{version} -p1
 %if %{with python3}
 rm -rf %{py3dir}
 cp -a . %{py3dir}
 %endif
 %build
 gzip --stdout doc/targetctl.8 > doc/targetctl.8.gz
 gzip --stdout doc/saveconfig.json.5 > doc/saveconfig.json.5.gz
 %if 0%{?with_python3}
 pushd %{py3dir}
 %py3_build
 popd
 %endif
 %install
 %if %{with python3}
 pushd %{py3dir}
 %py3_install
 popd
 %endif
 mkdir -p %{buildroot}%{_mandir}/man8/
 mkdir -p %{buildroot}%{_mandir}/man5/
@ -83,10 +96,12 @@ install -m 644 doc/saveconfig.json.5.gz %{buildroot}%{_mandir}/man5/
 %postun -n target-restore
 %systemd_postun_with_restart target.service
 %if %{with python3}
 %files -n python3-rtslib
 %defattr(-,root,root)
 %license COPYING
 %{python3_sitelib}/*
 %endif
 %files -n target-restore
 %defattr(-,root,root)
@ -105,21 +120,6 @@ install -m 644 doc/saveconfig.json.5.gz %{buildroot}%{_mandir}/man5/
 %{_mandir}/man5/saveconfig.json.5.gz
 %changelog
 * Fri Oct 28 2022 Wenchao Hao <haowenchao@huawei.com> - 2.1.75-1
 - update to rtslib-fb-2.1.75
 * Thu Aug 11 2022 huangtianhua <huangtianhua@huawei.com> - 2.1.74-2
 - Provides python3-rtslib-fb
 * Tue Nov 16 2021 Miaohe Lin <linmiaohe@huawei.com> - 2.1.74-1
 - update to rtslib-fb-2.1.74
 * Mon Sep 6 2021 zhanchengbin <zhanchengbin1@huawei.com> - 2.1.70-8
 - remove "%bcond_with python3" from spec file to resolve local rpmbuild failure issue
 * Mon Nov 2 2020 Zhiqiang Liu <lzhq28@mail.ustc.edu.cn> - 2.1.70-7
 - backport upstream patch to solve one problem
 * Fri Oct 30 2020 tianwei <tianwei12@huawei.com> - 2.1.70-6
 - remove python2
--- a/rtslib-fb-2.1.70.tar.gz
+++ b/rtslib-fb-2.1.70.tar.gz
--- a/rtslib-fb-2.1.75.tar.gz
+++ b/rtslib-fb-2.1.75.tar.gz