From c2583a7aec5244bda51cdb6d4b033357cba42bee Mon Sep 17 00:00:00 2001
From: Sascha Silbe <sascha-pgp@silbe.org>
Date: Mon, 22 Mar 2010 12:35:40 +0000
Subject: fix rainbow support

---
diff --git a/src/carquinyol/filestore.py b/src/carquinyol/filestore.py
index 9724397..9d7c82a 100644
--- a/src/carquinyol/filestore.py
+++ b/src/carquinyol/filestore.py
@@ -14,6 +14,7 @@
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 
+import pwd
 import os
 import errno
 import logging
@@ -91,47 +92,46 @@ class FileStore(object):
             logging.debug('Entry %r doesnt have any file', uid)
             return ''
 
+        if extension is None:
+            extension = ''
+        elif extension:
+            extension = '.' + extension
+
         use_instance_dir = os.path.exists('/etc/olpc-security') and \
                            os.getuid() != user_id
         if use_instance_dir:
             if not user_id:
-                raise ValueError('Couldnt determine the current user uid.')
-            destination_dir = os.path.join(os.environ['HOME'], 'isolation',
-                '1', 'uid_to_instance_dir', str(user_id))
+                raise ValueError('Could not determine the uid of the caller.')
+            destination_dir = os.path.join(pwd.getpwuid(user_id).pw_dir,
+                'instance')
+            old_umask = os.umask(0007)
         else:
             profile = os.environ.get('SUGAR_PROFILE', 'default')
             destination_dir = os.path.join(os.path.expanduser('~'), '.sugar',
                     profile, 'data')
+
+        try:
             if not os.path.exists(destination_dir):
                 os.makedirs(destination_dir)
-
-        if extension is None:
-            extension = ''
-        elif extension:
-            extension = '.' + extension
+        finally:
+            if use_instance_dir:
+                os.umask(old_umask)
 
         fd, destination_path = tempfile.mkstemp(prefix=uid + '_',
                 suffix=extension, dir=destination_dir)
         os.close(fd)
         os.unlink(destination_path)
 
-        # Try to hard link from the original file to the targetpath. This can
-        # fail if the file is in a different filesystem. Do a symlink instead.
         try:
             os.link(file_path, destination_path)
         except OSError, e:
-            if e.errno == errno.EXDEV:
-                os.symlink(file_path, destination_path)
-            else:
+            if e.errno != errno.EXDEV:
                 raise
+            os.symlink(file_path, destination_path)
 
-        # Try to make the original file readable. This can fail if the file is
-        # in a FAT filesystem.
-        try:
-            os.chmod(file_path, 0604)
-        except OSError, e:
-            if e.errno != errno.EPERM:
-                raise
+        # Both symbolic and hard links "share" the permissions of the
+        # original file. Make sure it's (only) readable to the caller.
+        os.chmod(file_path, 0440)
 
         return destination_path
 
@@ -176,6 +176,7 @@ class AsyncCopy(object):
     def _cleanup(self):
         os.close(self.src_fp)
         os.close(self.dest_fp)
+        os.chmod(self.dest, 0400)
 
     def _copy_block(self, user_data=None):
         try:
@@ -213,8 +214,11 @@ class AsyncCopy(object):
 
     def start(self):
         self.src_fp = os.open(self.src, os.O_RDONLY)
+        if os.path.exists(self.dest) and not os.access(self.dest, os.W_OK):
+            os.chmod(self.dest, 0600)
+
         self.dest_fp = os.open(self.dest, os.O_RDWR | os.O_TRUNC | os.O_CREAT,
-                0644)
+                0600)
 
         stat = os.fstat(self.src_fp)
         self.size = stat[6]
--
cgit v0.9.1