mirrors/fdroidserver
1
0
Fork 0
mirror of https://github.com/f-droid/fdroidserver.git synced 2025-11-10 17:20:29 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

only show "unsafe perms on config.yml" when secrets are present

Browse source 
This should make for fewer false positives.
This commit is contained in:
Hans-Christoph Steiner 2025-03-05 12:22:22 +01:00
parent 36007d50e5
commit 858068c64b
2 changed files with 53 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

21
fdroidserver/common.py
View file

@ -598,15 +598,6 @@ def read_config():
'sun.security.pkcs11.SunPKCS11',
'-providerArg', 'opensc-fdroid.cfg']
if any(k in config for k in ["keystore", "keystorepass", "keypass"]):
st = os.stat(CONFIG_FILE)
if st.st_mode & stat.S_IRWXG or st.st_mode & stat.S_IRWXO:
logging.warning(
_("unsafe permissions on '{config_file}' (should be 0600)!").format(
config_file=CONFIG_FILE
)
)
fill_config_defaults(config)
if 'serverwebroot' in config:
@ -666,6 +657,18 @@ def read_config():
for configname in confignames_to_delete:
del config[configname]
if any(
k in config and config.get(k)
for k in ["awssecretkey", "keystorepass", "keypass"]
):
st = os.stat(CONFIG_FILE)
if st.st_mode & stat.S_IRWXG or st.st_mode & stat.S_IRWXO:
logging.warning(
_("unsafe permissions on '{config_file}' (should be 0600)!").format(
config_file=CONFIG_FILE
)
)
return config