From e0a19d33139786335ff06bf2eaadf0ea3976d438 Mon Sep 17 00:00:00 2001 From: Dietmar Maurer Date: Wed, 20 Oct 2021 14:56:15 +0200 Subject: [PATCH] use new fsync parameter to replace_file and atomic_open_or_create Depend on proxmox 0.15.0 and proxmox-openid 0.8.1 Signed-off-by: Dietmar Maurer --- Cargo.toml | 4 ++-- pbs-api-types/Cargo.toml | 2 +- pbs-client/Cargo.toml | 2 +- pbs-client/src/http_client.rs | 6 +++--- pbs-client/src/tools/key_source.rs | 4 ++-- pbs-config/Cargo.toml | 2 +- pbs-config/src/key_config.rs | 2 +- pbs-config/src/lib.rs | 4 ++-- pbs-config/src/memcom.rs | 5 ++++- pbs-config/src/network/mod.rs | 2 +- pbs-config/src/token_shadow.rs | 2 +- pbs-datastore/Cargo.toml | 2 +- pbs-datastore/src/chunk_store.rs | 2 +- pbs-datastore/src/datastore.rs | 4 ++-- pbs-tape/Cargo.toml | 2 +- pbs-tools/Cargo.toml | 2 +- proxmox-backup-client/Cargo.toml | 2 +- proxmox-backup-client/src/key.rs | 6 +++--- proxmox-backup-client/src/main.rs | 4 ++-- proxmox-file-restore/Cargo.toml | 2 +- proxmox-rest-server/Cargo.toml | 2 +- proxmox-rest-server/src/file_logger.rs | 2 +- proxmox-rest-server/src/lib.rs | 2 +- proxmox-rest-server/src/worker_task.rs | 2 ++ proxmox-restore-daemon/Cargo.toml | 2 +- proxmox-rrd/Cargo.toml | 2 +- proxmox-rrd/src/cache/journal.rs | 2 ++ proxmox-systemd/Cargo.toml | 2 +- pxar-bin/Cargo.toml | 2 +- src/acme/client.rs | 1 + src/api2/admin/datastore.rs | 4 ++-- src/api2/backup/environment.rs | 2 +- src/api2/node/apt.rs | 2 +- src/api2/node/dns.rs | 2 +- src/api2/node/time.rs | 2 +- src/api2/tape/restore.rs | 2 +- src/auth.rs | 4 ++-- src/auth_helpers.rs | 8 +++++++- src/config/tfa.rs | 2 +- src/server/jobstate.rs | 2 +- src/tape/changer/mod.rs | 2 +- src/tape/drive/mod.rs | 3 ++- src/tape/drive/virtual_tape.rs | 4 ++-- src/tape/inventory.rs | 2 +- src/tape/media_catalog_cache.rs | 1 + src/tools/apt.rs | 2 +- src/tools/subscription.rs | 4 ++-- src/tools/systemd/config.rs | 2 +- 48 files changed, 73 insertions(+), 57 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index faeed5a3..6d6ebcb0 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -96,7 +96,7 @@ zstd = { version = "0.6", features = [ "bindgen" ] } pathpatterns = "0.1.2" pxar = { version = "0.10.1", features = [ "tokio-io" ] } -proxmox = { version = "0.14.0", features = [ "sortable-macro" ] } +proxmox = { version = "0.15.0", features = [ "sortable-macro" ] } proxmox-http = { version = "0.5.0", features = [ "client", "http-helpers", "websocket" ] } proxmox-io = "1" proxmox-lang = "1" @@ -109,7 +109,7 @@ proxmox-uuid = "1" proxmox-acme-rs = "0.2.1" proxmox-apt = "0.8.0" -proxmox-openid = "0.8.0" +proxmox-openid = "0.8.1" pbs-api-types = { path = "pbs-api-types" } pbs-buildcfg = { path = "pbs-buildcfg" } diff --git a/pbs-api-types/Cargo.toml b/pbs-api-types/Cargo.toml index 11644399..6a30735c 100644 --- a/pbs-api-types/Cargo.toml +++ b/pbs-api-types/Cargo.toml @@ -14,7 +14,7 @@ openssl = "0.10" regex = "1.2" serde = { version = "1.0", features = ["derive"] } -proxmox = "0.14.0" +proxmox = "0.15.0" proxmox-lang = "1.0.0" proxmox-schema = { version = "1.0.0", features = [ "api-macro" ] } proxmox-time = "1.0.0" diff --git a/pbs-client/Cargo.toml b/pbs-client/Cargo.toml index c8a93b30..b6782c4a 100644 --- a/pbs-client/Cargo.toml +++ b/pbs-client/Cargo.toml @@ -28,7 +28,7 @@ tower-service = "0.3.0" xdg = "2.2" pathpatterns = "0.1.2" -proxmox = "0.14.0" +proxmox = "0.15.0" proxmox-fuse = "0.1.1" proxmox-http = { version = "0.5.0", features = [ "client", "http-helpers", "websocket" ] } proxmox-io = { version = "1", features = [ "tokio" ] } diff --git a/pbs-client/src/http_client.rs b/pbs-client/src/http_client.rs index d135bc4f..73c83f7a 100644 --- a/pbs-client/src/http_client.rs +++ b/pbs-client/src/http_client.rs @@ -153,7 +153,7 @@ pub fn delete_ticket_info(prefix: &str, server: &str, username: &Userid) -> Resu map.remove(username.as_str()); } - replace_file(path, data.to_string().as_bytes(), CreateOptions::new().perm(mode))?; + replace_file(path, data.to_string().as_bytes(), CreateOptions::new().perm(mode), false)?; Ok(()) } @@ -195,7 +195,7 @@ fn store_fingerprint(prefix: &str, server: &str, fingerprint: &str) -> Result<() result.push_str(fingerprint); result.push('\n'); - replace_file(path, result.as_bytes(), CreateOptions::new())?; + replace_file(path, result.as_bytes(), CreateOptions::new(), false)?; Ok(()) } @@ -250,7 +250,7 @@ fn store_ticket_info(prefix: &str, server: &str, username: &str, ticket: &str, t } } - replace_file(path, new_data.to_string().as_bytes(), CreateOptions::new().perm(mode))?; + replace_file(path, new_data.to_string().as_bytes(), CreateOptions::new().perm(mode), false)?; Ok(()) } diff --git a/pbs-client/src/tools/key_source.rs b/pbs-client/src/tools/key_source.rs index 32e2b264..8fb24bd1 100644 --- a/pbs-client/src/tools/key_source.rs +++ b/pbs-client/src/tools/key_source.rs @@ -440,8 +440,8 @@ fn test_crypto_parameters_handling() -> Result<(), Error> { mode: CryptMode::SignOnly, }; - replace_file(&keypath, &some_key, CreateOptions::default())?; - replace_file(&master_keypath, &some_master_key, CreateOptions::default())?; + replace_file(&keypath, &some_key, CreateOptions::default(), false)?; + replace_file(&master_keypath, &some_master_key, CreateOptions::default(), false)?; // no params, no default key == no key let res = crypto_parameters(&json!({})); diff --git a/pbs-config/Cargo.toml b/pbs-config/Cargo.toml index e8caeb12..f98885a5 100644 --- a/pbs-config/Cargo.toml +++ b/pbs-config/Cargo.toml @@ -17,7 +17,7 @@ regex = "1.2" serde = { version = "1.0", features = ["derive"] } serde_json = "1.0" -proxmox = "0.14.0" +proxmox = "0.15.0" proxmox-lang = "1" proxmox-router = { version = "1.1", default-features = false } proxmox-schema = "1" diff --git a/pbs-config/src/key_config.rs b/pbs-config/src/key_config.rs index 9c4b3b57..178b3b52 100644 --- a/pbs-config/src/key_config.rs +++ b/pbs-config/src/key_config.rs @@ -281,7 +281,7 @@ impl KeyConfig { try_block!({ if replace { let mode = nix::sys::stat::Mode::S_IRUSR | nix::sys::stat::Mode::S_IWUSR; - replace_file(path, data.as_bytes(), CreateOptions::new().perm(mode))?; + replace_file(path, data.as_bytes(), CreateOptions::new().perm(mode), true)?; } else { use std::os::unix::fs::OpenOptionsExt; diff --git a/pbs-config/src/lib.rs b/pbs-config/src/lib.rs index 478e0961..8ce84fec 100644 --- a/pbs-config/src/lib.rs +++ b/pbs-config/src/lib.rs @@ -80,7 +80,7 @@ pub fn replace_backup_config>( .owner(nix::unistd::ROOT) .group(backup_user.gid); - proxmox::tools::fs::replace_file(path, data, options)?; + proxmox::tools::fs::replace_file(path, data, options, true)?; Ok(()) } @@ -100,7 +100,7 @@ pub fn replace_secret_config>( .owner(nix::unistd::ROOT) .group(nix::unistd::Gid::from_raw(0)); - proxmox::tools::fs::replace_file(path, data, options)?; + proxmox::tools::fs::replace_file(path, data, options, true)?; Ok(()) } diff --git a/pbs-config/src/memcom.rs b/pbs-config/src/memcom.rs index 96b577b5..4ab07ec9 100644 --- a/pbs-config/src/memcom.rs +++ b/pbs-config/src/memcom.rs @@ -47,7 +47,10 @@ impl Memcom { let file = proxmox::tools::fs::atomic_open_or_create_file( MEMCOM_FILE_PATH, OFlag::O_RDWR | OFlag::O_CLOEXEC, - &EMPTY_PAGE, options)?; + &EMPTY_PAGE, + options, + true, + )?; let mmap = unsafe { Mmap::::map_fd( diff --git a/pbs-config/src/network/mod.rs b/pbs-config/src/network/mod.rs index fe2f4700..1c10ab31 100644 --- a/pbs-config/src/network/mod.rs +++ b/pbs-config/src/network/mod.rs @@ -448,7 +448,7 @@ pub fn save_config(config: &NetworkConfig) -> Result<(), Error> { .owner(nix::unistd::ROOT) .group(nix::unistd::Gid::from_raw(0)); - replace_file(NETWORK_INTERFACES_NEW_FILENAME, &raw, options)?; + replace_file(NETWORK_INTERFACES_NEW_FILENAME, &raw, options, true)?; Ok(()) } diff --git a/pbs-config/src/token_shadow.rs b/pbs-config/src/token_shadow.rs index 6e466ce5..f813b430 100644 --- a/pbs-config/src/token_shadow.rs +++ b/pbs-config/src/token_shadow.rs @@ -45,7 +45,7 @@ fn write_file(data: HashMap) -> Result<(), Error> { .group(backup_user.gid); let json = serde_json::to_vec(&data)?; - proxmox::tools::fs::replace_file(CONF_FILE, &json, options) + proxmox::tools::fs::replace_file(CONF_FILE, &json, options, true) } diff --git a/pbs-datastore/Cargo.toml b/pbs-datastore/Cargo.toml index aae58260..01c5ee00 100644 --- a/pbs-datastore/Cargo.toml +++ b/pbs-datastore/Cargo.toml @@ -25,7 +25,7 @@ zstd = { version = "0.6", features = [ "bindgen" ] } pathpatterns = "0.1.2" pxar = "0.10.1" -proxmox = "0.14.0" +proxmox = "0.15.0" proxmox-borrow = "1" proxmox-io = "1" proxmox-lang = "1" diff --git a/pbs-datastore/src/chunk_store.rs b/pbs-datastore/src/chunk_store.rs index 963997f8..4c445019 100644 --- a/pbs-datastore/src/chunk_store.rs +++ b/pbs-datastore/src/chunk_store.rs @@ -95,7 +95,7 @@ impl ChunkStore { // create lock file with correct owner/group let lockfile_path = Self::lockfile_path(&base); - proxmox::tools::fs::replace_file(lockfile_path, b"", options.clone())?; + proxmox::tools::fs::replace_file(lockfile_path, b"", options.clone(), false)?; // create 64*1024 subdirs let mut last_percentage = 0; diff --git a/pbs-datastore/src/datastore.rs b/pbs-datastore/src/datastore.rs index 79a2d9e8..7159e578 100644 --- a/pbs-datastore/src/datastore.rs +++ b/pbs-datastore/src/datastore.rs @@ -705,7 +705,7 @@ impl DataStore { .group(backup_user.gid); // ignore errors - let _ = replace_file(path, serialized.as_bytes(), options); + let _ = replace_file(path, serialized.as_bytes(), options, false); } *self.last_gc_status.lock().unwrap() = gc_status; @@ -840,7 +840,7 @@ impl DataStore { path.push(MANIFEST_BLOB_NAME); // atomic replace invalidates flock - no other writes past this point! - replace_file(&path, raw_data, CreateOptions::new())?; + replace_file(&path, raw_data, CreateOptions::new(), false)?; Ok(()) } diff --git a/pbs-tape/Cargo.toml b/pbs-tape/Cargo.toml index f65bf852..66041455 100644 --- a/pbs-tape/Cargo.toml +++ b/pbs-tape/Cargo.toml @@ -18,7 +18,7 @@ bitflags = "1.2.1" regex = "1.2" udev = ">= 0.3, <0.5" -proxmox = "0.14.0" +proxmox = "0.15.0" proxmox-io = "1" proxmox-lang = "1" # api-macro is only used by the binaries, so maybe we should split them out diff --git a/pbs-tools/Cargo.toml b/pbs-tools/Cargo.toml index 439069ff..635933e1 100644 --- a/pbs-tools/Cargo.toml +++ b/pbs-tools/Cargo.toml @@ -32,7 +32,7 @@ url = "2.1" walkdir = "2" zstd = { version = "0.6", features = [ "bindgen" ] } -proxmox = { version = "0.14.0", default-features = false, features = [ "tokio" ] } +proxmox = { version = "0.15.0", default-features = false, features = [ "tokio" ] } proxmox-borrow = "1" proxmox-io = { version = "1", features = [ "tokio" ] } proxmox-lang = { version = "1" } diff --git a/proxmox-backup-client/Cargo.toml b/proxmox-backup-client/Cargo.toml index e4e135e8..235baca9 100644 --- a/proxmox-backup-client/Cargo.toml +++ b/proxmox-backup-client/Cargo.toml @@ -22,7 +22,7 @@ zstd = { version = "0.6", features = [ "bindgen" ] } pathpatterns = "0.1.2" pxar = { version = "0.10.1", features = [ "tokio-io" ] } -proxmox = { version = "0.14.0", features = [ "sortable-macro" ] } +proxmox = { version = "0.15.0", features = [ "sortable-macro" ] } proxmox-router = { version = "1.1", features = [ "cli" ] } proxmox-schema = { version = "1", features = [ "api-macro" ] } proxmox-time = "1" diff --git a/proxmox-backup-client/src/key.rs b/proxmox-backup-client/src/key.rs index 2984c581..0b99a888 100644 --- a/proxmox-backup-client/src/key.rs +++ b/proxmox-backup-client/src/key.rs @@ -315,7 +315,7 @@ fn import_master_pubkey(path: String) -> Result<(), Error> { let target_path = place_default_master_pubkey()?; - replace_file(&target_path, &pem_data, CreateOptions::new())?; + replace_file(&target_path, &pem_data, CreateOptions::new(), true)?; println!("Imported public master key to {:?}", target_path); @@ -348,7 +348,7 @@ fn create_master_key() -> Result<(), Error> { let pub_key: Vec = pkey.public_key_to_pem()?; let filename_pub = "master-public.pem"; println!("Writing public master key to {}", filename_pub); - replace_file(filename_pub, pub_key.as_slice(), CreateOptions::new())?; + replace_file(filename_pub, pub_key.as_slice(), CreateOptions::new(), true)?; let cipher = openssl::symm::Cipher::aes_256_cbc(); let priv_key: Vec = @@ -356,7 +356,7 @@ fn create_master_key() -> Result<(), Error> { let filename_priv = "master-private.pem"; println!("Writing private master key to {}", filename_priv); - replace_file(filename_priv, priv_key.as_slice(), CreateOptions::new())?; + replace_file(filename_priv, priv_key.as_slice(), CreateOptions::new(), true)?; Ok(()) } diff --git a/proxmox-backup-client/src/main.rs b/proxmox-backup-client/src/main.rs index 0ad16b42..cb083006 100644 --- a/proxmox-backup-client/src/main.rs +++ b/proxmox-backup-client/src/main.rs @@ -126,7 +126,7 @@ fn record_repository(repo: &BackupRepository) { let new_data = json!(map); - let _ = replace_file(path, new_data.to_string().as_bytes(), CreateOptions::new()); + let _ = replace_file(path, new_data.to_string().as_bytes(), CreateOptions::new(), false); } async fn api_datastore_list_snapshots( @@ -1132,7 +1132,7 @@ async fn restore(param: Value) -> Result { if archive_name == MANIFEST_BLOB_NAME { if let Some(target) = target { - replace_file(target, &backup_index_data, CreateOptions::new())?; + replace_file(target, &backup_index_data, CreateOptions::new(), false)?; } else { let stdout = std::io::stdout(); let mut writer = stdout.lock(); diff --git a/proxmox-file-restore/Cargo.toml b/proxmox-file-restore/Cargo.toml index 5c8da8f8..1ca91f9f 100644 --- a/proxmox-file-restore/Cargo.toml +++ b/proxmox-file-restore/Cargo.toml @@ -16,7 +16,7 @@ tokio = { version = "1.6", features = [ "io-std", "rt", "rt-multi-thread", "time pxar = { version = "0.10.1", features = [ "tokio-io" ] } -proxmox = { version = "0.14.0" } +proxmox = { version = "0.15.0" } proxmox-lang = "1" proxmox-router = { version = "1.1", features = [ "cli" ] } proxmox-schema = { version = "1", features = [ "api-macro" ] } diff --git a/proxmox-rest-server/Cargo.toml b/proxmox-rest-server/Cargo.toml index 9eb3860f..1fa76f21 100644 --- a/proxmox-rest-server/Cargo.toml +++ b/proxmox-rest-server/Cargo.toml @@ -30,7 +30,7 @@ tokio-openssl = "0.6.1" tower-service = "0.3.0" url = "2.1" -proxmox = "0.14.0" +proxmox = "0.15.0" proxmox-io = "1" proxmox-lang = "1" proxmox-router = "1.1" diff --git a/proxmox-rest-server/src/file_logger.rs b/proxmox-rest-server/src/file_logger.rs index 79972d32..c7496874 100644 --- a/proxmox-rest-server/src/file_logger.rs +++ b/proxmox-rest-server/src/file_logger.rs @@ -95,7 +95,7 @@ impl FileLogger { flags |= OFlag::O_EXCL; } - let file = atomic_open_or_create_file(&file_name, flags, &[], options.file_opts.clone())?; + let file = atomic_open_or_create_file(&file_name, flags, &[], options.file_opts.clone(), false)?; Ok(file) } diff --git a/proxmox-rest-server/src/lib.rs b/proxmox-rest-server/src/lib.rs index 6e7c94f2..1a6d827d 100644 --- a/proxmox-rest-server/src/lib.rs +++ b/proxmox-rest-server/src/lib.rs @@ -117,7 +117,7 @@ pub(crate) fn pstart() -> u64 { /// Helper to write the PID into a file pub fn write_pid(pid_fn: &str) -> Result<(), Error> { let pid_str = format!("{}\n", *PID); - proxmox::tools::fs::replace_file(pid_fn, pid_str.as_bytes(), CreateOptions::new()) + proxmox::tools::fs::replace_file(pid_fn, pid_str.as_bytes(), CreateOptions::new(), false) } /// Helper to read the PID from a file diff --git a/proxmox-rest-server/src/worker_task.rs b/proxmox-rest-server/src/worker_task.rs index fb0dea9b..242d2de2 100644 --- a/proxmox-rest-server/src/worker_task.rs +++ b/proxmox-rest-server/src/worker_task.rs @@ -146,6 +146,7 @@ impl WorkerTaskSetup { &self.active_tasks_fn, active_raw.as_bytes(), options, + false, )?; finish_list.sort_unstable_by(|a, b| { @@ -166,6 +167,7 @@ impl WorkerTaskSetup { OFlag::O_APPEND | OFlag::O_RDWR, &[], options, + false, )?; for info in &finish_list { writer.write_all(render_task_line(&info).as_bytes())?; diff --git a/proxmox-restore-daemon/Cargo.toml b/proxmox-restore-daemon/Cargo.toml index 99ce2cec..94e5fccd 100644 --- a/proxmox-restore-daemon/Cargo.toml +++ b/proxmox-restore-daemon/Cargo.toml @@ -26,7 +26,7 @@ tokio-util = { version = "0.6", features = [ "codec", "io" ] } pathpatterns = "0.1.2" pxar = { version = "0.10.1", features = [ "tokio-io" ] } -proxmox = { version = "0.14.0", features = [ "sortable-macro" ] } +proxmox = { version = "0.15.0", features = [ "sortable-macro" ] } proxmox-router = { version = "1.1", features = [ "cli" ] } proxmox-schema = { version = "1", features = [ "api-macro" ] } proxmox-time = "1" diff --git a/proxmox-rrd/Cargo.toml b/proxmox-rrd/Cargo.toml index 67095689..7e1b2cb6 100644 --- a/proxmox-rrd/Cargo.toml +++ b/proxmox-rrd/Cargo.toml @@ -19,6 +19,6 @@ serde = { version = "1.0", features = ["derive"] } serde_json = "1.0" serde_cbor = "0.11.1" -proxmox = { version = "0.14.0" } +proxmox = { version = "0.15.0" } proxmox-time = "1" proxmox-schema = { version = "1", features = [ "api-macro" ] } diff --git a/proxmox-rrd/src/cache/journal.rs b/proxmox-rrd/src/cache/journal.rs index 85e3906a..a85154a4 100644 --- a/proxmox-rrd/src/cache/journal.rs +++ b/proxmox-rrd/src/cache/journal.rs @@ -113,6 +113,7 @@ impl JournalState { flags, &[], self.config.file_options.clone(), + false, )?; Ok(BufReader::new(journal)) } @@ -127,6 +128,7 @@ impl JournalState { flags, &[], config.file_options.clone(), + false, )?; Ok(journal) } diff --git a/proxmox-systemd/Cargo.toml b/proxmox-systemd/Cargo.toml index 415305ad..a1e402f6 100644 --- a/proxmox-systemd/Cargo.toml +++ b/proxmox-systemd/Cargo.toml @@ -15,4 +15,4 @@ proxmox-time = "1" proxmox-lang = "1" [dev-dependencies] -proxmox = "0.14.0" +proxmox = "0.15.0" diff --git a/pxar-bin/Cargo.toml b/pxar-bin/Cargo.toml index 4b3724b3..195ef1a2 100644 --- a/pxar-bin/Cargo.toml +++ b/pxar-bin/Cargo.toml @@ -16,7 +16,7 @@ serde_json = "1.0" tokio = { version = "1.6", features = [ "rt", "rt-multi-thread" ] } pathpatterns = "0.1.2" -proxmox = "0.14.0" +proxmox = "0.15.0" proxmox-schema = { version = "1", features = [ "api-macro" ] } proxmox-router = "1.1" pxar = { version = "0.10.1", features = [ "tokio-io" ] } diff --git a/src/acme/client.rs b/src/acme/client.rs index 48ae6112..ee04edad 100644 --- a/src/acme/client.rs +++ b/src/acme/client.rs @@ -171,6 +171,7 @@ impl AcmeClient { .perm(Mode::from_bits_truncate(0o600)) .owner(nix::unistd::ROOT) .group(nix::unistd::Gid::from_raw(0)), + true, ) } diff --git a/src/api2/admin/datastore.rs b/src/api2/admin/datastore.rs index fb5647ce..3bf8e104 100644 --- a/src/api2/admin/datastore.rs +++ b/src/api2/admin/datastore.rs @@ -1328,7 +1328,7 @@ pub fn upload_backup_log( // always verify blob/CRC at server side let blob = DataBlob::load_from_reader(&mut &data[..])?; - replace_file(&path, blob.raw_data(), CreateOptions::new())?; + replace_file(&path, blob.raw_data(), CreateOptions::new(), false)?; // fixme: use correct formatter Ok(formatter::JSON_FORMATTER.format_data(Value::Null, &*rpcenv)) @@ -1644,7 +1644,7 @@ pub fn set_group_notes( check_priv_or_backup_owner(&datastore, &backup_group, &auth_id, PRIV_DATASTORE_MODIFY)?; let note_path = get_group_note_path(&datastore, &backup_group); - replace_file(note_path, notes.as_bytes(), CreateOptions::new())?; + replace_file(note_path, notes.as_bytes(), CreateOptions::new(), false)?; Ok(()) } diff --git a/src/api2/backup/environment.rs b/src/api2/backup/environment.rs index 5906cb57..9cfc5534 100644 --- a/src/api2/backup/environment.rs +++ b/src/api2/backup/environment.rs @@ -453,7 +453,7 @@ impl BackupEnvironment { let blob = DataBlob::load_from_reader(&mut &data[..])?; let raw_data = blob.raw_data(); - replace_file(&path, raw_data, CreateOptions::new())?; + replace_file(&path, raw_data, CreateOptions::new(), false)?; self.log(format!("add blob {:?} ({} bytes, comp: {})", path, orig_len, blob_len)); diff --git a/src/api2/node/apt.rs b/src/api2/node/apt.rs index 46d015b9..a31e73a1 100644 --- a/src/api2/node/apt.rs +++ b/src/api2/node/apt.rs @@ -68,7 +68,7 @@ pub fn update_apt_proxy_config(proxy_config: Option<&ProxyConfig>) -> Result<(), if let Some(proxy_config) = proxy_config { let proxy = proxy_config.to_proxy_string()?; let data = format!("Acquire::http::Proxy \"{}\";\n", proxy); - replace_file(PROXY_CFG_FN, data.as_bytes(), CreateOptions::new()) + replace_file(PROXY_CFG_FN, data.as_bytes(), CreateOptions::new(), false) } else { match std::fs::remove_file(PROXY_CFG_FN) { Ok(()) => Ok(()), diff --git a/src/api2/node/dns.rs b/src/api2/node/dns.rs index 34a42a65..ff04a5e3 100644 --- a/src/api2/node/dns.rs +++ b/src/api2/node/dns.rs @@ -171,7 +171,7 @@ pub fn update_dns( data.push_str(options); } - replace_file(RESOLV_CONF_FN, data.as_bytes(), CreateOptions::new())?; + replace_file(RESOLV_CONF_FN, data.as_bytes(), CreateOptions::new(), true)?; Ok(Value::Null) } diff --git a/src/api2/node/time.rs b/src/api2/node/time.rs index d17c7f72..b58f1dd2 100644 --- a/src/api2/node/time.rs +++ b/src/api2/node/time.rs @@ -97,7 +97,7 @@ fn set_timezone( bail!("No such timezone."); } - replace_file("/etc/timezone", timezone.as_bytes(), CreateOptions::new())?; + replace_file("/etc/timezone", timezone.as_bytes(), CreateOptions::new(), true)?; let _ = std::fs::remove_file("/etc/localtime"); diff --git a/src/api2/tape/restore.rs b/src/api2/tape/restore.rs index 30e99343..40a2414f 100644 --- a/src/api2/tape/restore.rs +++ b/src/api2/tape/restore.rs @@ -1362,7 +1362,7 @@ fn try_restore_snapshot_archive( let blob = DataBlob::encode(old_manifest.as_bytes(), None, true)?; let options = CreateOptions::new(); - replace_file(&tmp_path, blob.raw_data(), options)?; + replace_file(&tmp_path, blob.raw_data(), options, false)?; manifest = Some(BackupManifest::try_from(blob)?); } else { diff --git a/src/auth.rs b/src/auth.rs index 215cd9aa..1560d565 100644 --- a/src/auth.rs +++ b/src/auth.rs @@ -95,7 +95,7 @@ impl ProxmoxAuthenticator for PBS { .group(nix::unistd::Gid::from_raw(0)); let data = serde_json::to_vec_pretty(&data)?; - proxmox::tools::fs::replace_file(SHADOW_CONFIG_FILENAME, &data, options)?; + proxmox::tools::fs::replace_file(SHADOW_CONFIG_FILENAME, &data, options, true)?; Ok(()) } @@ -113,7 +113,7 @@ impl ProxmoxAuthenticator for PBS { .group(nix::unistd::Gid::from_raw(0)); let data = serde_json::to_vec_pretty(&data)?; - proxmox::tools::fs::replace_file(SHADOW_CONFIG_FILENAME, &data, options)?; + proxmox::tools::fs::replace_file(SHADOW_CONFIG_FILENAME, &data, options, true)?; Ok(()) } diff --git a/src/auth_helpers.rs b/src/auth_helpers.rs index a4ac956e..f15c0eab 100644 --- a/src/auth_helpers.rs +++ b/src/auth_helpers.rs @@ -104,6 +104,7 @@ pub fn generate_csrf_key() -> Result<(), Error> { .perm(Mode::from_bits_truncate(0o0640)) .owner(nix::unistd::ROOT) .group(backup_user.gid), + true, )?; Ok(()) @@ -125,7 +126,11 @@ pub fn generate_auth_key() -> Result<(), Error> { use nix::sys::stat::Mode; replace_file( - &priv_path, &priv_pem, CreateOptions::new().perm(Mode::from_bits_truncate(0o0600)))?; + &priv_path, + &priv_pem, + CreateOptions::new().perm(Mode::from_bits_truncate(0o0600)), + true, + )?; let public_pem = rsa.public_key_to_pem()?; @@ -138,6 +143,7 @@ pub fn generate_auth_key() -> Result<(), Error> { .perm(Mode::from_bits_truncate(0o0640)) .owner(nix::unistd::ROOT) .group(backup_user.gid), + true, )?; Ok(()) diff --git a/src/config/tfa.rs b/src/config/tfa.rs index 2a41cbdf..dae0f31c 100644 --- a/src/config/tfa.rs +++ b/src/config/tfa.rs @@ -76,7 +76,7 @@ pub fn write(data: &TfaConfig) -> Result<(), Error> { let options = CreateOptions::new().perm(Mode::from_bits_truncate(0o0600)); let json = serde_json::to_vec(data)?; - proxmox::tools::fs::replace_file(CONF_FILE, &json, options) + proxmox::tools::fs::replace_file(CONF_FILE, &json, options, true) } #[derive(Deserialize, Serialize)] diff --git a/src/server/jobstate.rs b/src/server/jobstate.rs index 1377470d..8df245d6 100644 --- a/src/server/jobstate.rs +++ b/src/server/jobstate.rs @@ -301,7 +301,7 @@ impl Job { .owner(backup_user.uid) .group(backup_user.gid); - replace_file(path, serialized.as_bytes(), options) + replace_file(path, serialized.as_bytes(), options, false) } } diff --git a/src/tape/changer/mod.rs b/src/tape/changer/mod.rs index cc9ee734..63c54b41 100644 --- a/src/tape/changer/mod.rs +++ b/src/tape/changer/mod.rs @@ -345,7 +345,7 @@ fn save_changer_state_cache( .owner(backup_user.uid) .group(backup_user.gid); - replace_file(path, state.as_bytes(), options) + replace_file(path, state.as_bytes(), options, false) } fn delete_changer_state_cache(changer: &str) { diff --git a/src/tape/drive/mod.rs b/src/tape/drive/mod.rs index 16845973..df990ccf 100644 --- a/src/tape/drive/mod.rs +++ b/src/tape/drive/mod.rs @@ -555,7 +555,7 @@ pub fn set_tape_device_state( .owner(backup_user.uid) .group(backup_user.gid); - replace_file(path, state.as_bytes(), options) + replace_file(path, state.as_bytes(), options, false) } /// Get the device state @@ -618,6 +618,7 @@ fn open_device_lock(device_path: &str) -> Result { OFlag::O_RDWR | OFlag::O_CLOEXEC | OFlag::O_APPEND, &[], options, + false, ) } diff --git a/src/tape/drive/virtual_tape.rs b/src/tape/drive/virtual_tape.rs index 0cc8ae70..4f1fe4d8 100644 --- a/src/tape/drive/virtual_tape.rs +++ b/src/tape/drive/virtual_tape.rs @@ -117,7 +117,7 @@ impl VirtualTapeHandle { let raw = serde_json::to_string_pretty(&serde_json::to_value(index)?)?; let options = CreateOptions::new(); - replace_file(&path, raw.as_bytes(), options)?; + replace_file(&path, raw.as_bytes(), options, false)?; Ok(()) } @@ -157,7 +157,7 @@ impl VirtualTapeHandle { let raw = serde_json::to_string_pretty(&serde_json::to_value(status)?)?; let options = CreateOptions::new(); - replace_file(&path, raw.as_bytes(), options)?; + replace_file(&path, raw.as_bytes(), options, false)?; Ok(()) } diff --git a/src/tape/inventory.rs b/src/tape/inventory.rs index 593985ed..86588617 100644 --- a/src/tape/inventory.rs +++ b/src/tape/inventory.rs @@ -183,7 +183,7 @@ impl Inventory { .group(backup_user.gid) }; - replace_file(&self.inventory_path, raw.as_bytes(), options)?; + replace_file(&self.inventory_path, raw.as_bytes(), options, true)?; Ok(()) } diff --git a/src/tape/media_catalog_cache.rs b/src/tape/media_catalog_cache.rs index 6593833d..bcfdd700 100644 --- a/src/tape/media_catalog_cache.rs +++ b/src/tape/media_catalog_cache.rs @@ -102,6 +102,7 @@ fn write_snapshot_cache( cache_path, data.as_bytes(), options, + false, )?; Ok(list) diff --git a/src/tools/apt.rs b/src/tools/apt.rs index 209274a8..1ffaaa6a 100644 --- a/src/tools/apt.rs +++ b/src/tools/apt.rs @@ -24,7 +24,7 @@ pub struct PkgState { pub fn write_pkg_cache(state: &PkgState) -> Result<(), Error> { let serialized_state = serde_json::to_string(state)?; - replace_file(APT_PKG_STATE_FN, &serialized_state.as_bytes(), CreateOptions::new()) + replace_file(APT_PKG_STATE_FN, &serialized_state.as_bytes(), CreateOptions::new(), false) .map_err(|err| format_err!("Error writing package cache - {}", err))?; Ok(()) } diff --git a/src/tools/subscription.rs b/src/tools/subscription.rs index 1a9ada66..5b1e6b63 100644 --- a/src/tools/subscription.rs +++ b/src/tools/subscription.rs @@ -312,7 +312,7 @@ pub fn write_subscription(info: SubscriptionInfo) -> Result<(), Error> { .group(backup_user.gid); let subscription_file = std::path::Path::new(SUBSCRIPTION_FN); - replace_file(subscription_file, raw.as_bytes(), file_opts)?; + replace_file(subscription_file, raw.as_bytes(), file_opts, true)?; update_apt_auth(key, server_id)?; @@ -343,7 +343,7 @@ pub fn update_apt_auth(key: Option, password: Option) -> Result< .owner(nix::unistd::ROOT); // we use a namespaced .conf file, so just overwrite.. - replace_file(auth_conf, conf.as_bytes(), file_opts) + replace_file(auth_conf, conf.as_bytes(), file_opts, true) .map_err(|e| format_err!("Error saving apt auth config - {}", e))?; } _ => match nix::unistd::unlink(auth_conf) { diff --git a/src/tools/systemd/config.rs b/src/tools/systemd/config.rs index ed95bcff..baf94e88 100644 --- a/src/tools/systemd/config.rs +++ b/src/tools/systemd/config.rs @@ -133,7 +133,7 @@ fn save_systemd_config(config: &SectionConfig, filename: &str, data: &SectionCon .perm(mode) .owner(nix::unistd::ROOT); - replace_file(filename, raw.as_bytes(), options)?; + replace_file(filename, raw.as_bytes(), options, true)?; Ok(()) } -- 2.39.2