mirrors/fdroidserver
1
0
Fork 0
mirror of https://github.com/f-droid/fdroidserver.git synced 2025-09-15 15:32:30 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

overwrite password files if they exist

Browse source 
The .fdroid.*.txt password files are only meant to be a conduit for the
passwords, so blow them away everytime.  The canonical password is stored
in config.py.

It might makes sense to replace these files with env vars using
-storepass:env and -keypass:env.  I figured that the passwords are already
in a file, config.py, so adding more files in the same location with the
same perms would not increase the risk at all.
This commit is contained in:
Hans-Christoph Steiner 2014-04-15 23:48:48 -04:00
parent 0cbe9690c9
commit a7d1d9a54d
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
fdroidserver/common.py
View file

@ -123,7 +123,7 @@ def write_password_file(pwtype, password=None):
command line argments command line argments
''' '''
filename = '.fdroid.' + pwtype + '.txt' filename = '.fdroid.' + pwtype + '.txt'
fd = os.open(filename, os.O_CREAT | os.O_WRONLY, 0600) fd = os.open(filename, os.O_CREAT | os.O_TRUNC | os.O_WRONLY, 0600)
if password == None: if password == None:
os.write(fd, config[pwtype]) os.write(fd, config[pwtype])
else: else: