From 01756dec44f2d97ac42634d604ecc3d249ec38d6 Mon Sep 17 00:00:00 2001 From: Benjamin Neff Date: Wed, 26 Jul 2023 20:46:24 +0200 Subject: [PATCH] Run hook scripts directly from cache directory Copying the hooks to temp is a problem if you run dotter with different users, as the file gets left behind and other users don't have permissions to overwrite it. It's also not really needed to copy the file to somewhere else, it can just be run to where it is anyway from the cache directory. It might be also a problem to create the hooks world readable at the temp-directory, where other users can read it, it might contain secrets that aren't expected to be written to outside of the home directory. --- src/actions.rs | 31 ++++++++++++++++++------------- src/hooks.rs | 15 +++++++++------ 2 files changed, 27 insertions(+), 19 deletions(-) diff --git a/src/actions.rs b/src/actions.rs index c8e7f6b..004eaba 100644 --- a/src/actions.rs +++ b/src/actions.rs @@ -333,7 +333,7 @@ pub fn create_template( &target.owner, ) .context("create parent for target file")?; - perform_template_deploy(source, cache, target, fs, handlebars, variables) + perform_template_deploy(source, cache, Some(target), fs, handlebars, variables) .context("perform template cache")?; Ok(true) } @@ -350,7 +350,7 @@ pub fn create_template( &target.owner, ) .context("create parent for target file")?; - perform_template_deploy(source, cache, target, fs, handlebars, variables) + perform_template_deploy(source, cache, Some(target), fs, handlebars, variables) .context("perform template cache")?; Ok(true) } @@ -373,7 +373,7 @@ pub fn create_template( &target.owner, ) .context("create parent for target file")?; - perform_template_deploy(source, cache, target, fs, handlebars, variables) + perform_template_deploy(source, cache, Some(target), fs, handlebars, variables) .context("perform template cache")?; Ok(true) } @@ -487,7 +487,7 @@ pub fn update_template( ); fs.set_owner(&target.target, &target.owner) .context("set target file owner")?; - perform_template_deploy(source, cache, target, fs, handlebars, variables) + perform_template_deploy(source, cache, Some(target), fs, handlebars, variables) .context("perform template cache")?; Ok(true) } @@ -504,7 +504,7 @@ pub fn update_template( &target.owner, ) .context("create parent for target file")?; - perform_template_deploy(source, cache, target, fs, handlebars, variables) + perform_template_deploy(source, cache, Some(target), fs, handlebars, variables) .context("perform template cache")?; Ok(true) } @@ -530,7 +530,7 @@ pub fn update_template( ); fs.remove_file(&target.target) .context("remove target while forcing")?; - perform_template_deploy(source, cache, target, fs, handlebars, variables) + perform_template_deploy(source, cache, Some(target), fs, handlebars, variables) .context("perform template cache")?; Ok(true) } @@ -550,7 +550,7 @@ pub fn update_template( } Ok(false) } else { - perform_template_deploy(source, cache, target, fs, handlebars, variables) + perform_template_deploy(source, cache, Some(target), fs, handlebars, variables) .context("perform template cache")?; Ok(true) } @@ -569,7 +569,7 @@ pub fn update_template( pub(crate) fn perform_template_deploy( source: &Path, cache: &Path, - target: &TemplateTarget, + target: Option<&TemplateTarget>, fs: &mut dyn Filesystem, handlebars: &Handlebars<'_>, variables: &Variables, @@ -577,7 +577,10 @@ pub(crate) fn perform_template_deploy( let file_contents = fs .read_to_string(source) .context("read template source file")?; - let file_contents = target.apply_actions(file_contents); + let file_contents = match target { + Some(t) => t.apply_actions(file_contents), + None => file_contents, + }; let rendered = handlebars .render_template(&file_contents, variables) .context("render template")?; @@ -589,10 +592,12 @@ pub(crate) fn perform_template_deploy( .context("write rendered template to cache")?; // Target - fs.copy_file(cache, &target.target, &target.owner) - .context("copy template from cache to target")?; - fs.copy_permissions(source, &target.target, &target.owner) - .context("copy permissions from source to target")?; + if let Some(target) = target { + fs.copy_file(cache, &target.target, &target.owner) + .context("copy template from cache to target")?; + fs.copy_permissions(source, &target.target, &target.owner) + .context("copy permissions from source to target")?; + } Ok(()) } diff --git a/src/hooks.rs b/src/hooks.rs index c659eff..6abd4e9 100644 --- a/src/hooks.rs +++ b/src/hooks.rs @@ -5,6 +5,8 @@ use std::path::Path; use std::process::Child; use std::process::Command; +use crate::filesystem::{Filesystem, RealFilesystem}; + pub(crate) fn run_hook( location: &Path, cache_dir: &Path, @@ -17,25 +19,26 @@ pub(crate) fn run_hook( } let mut script_file = cache_dir.join(location); - let mut target = std::env::temp_dir().join("dotter_temp"); if cfg!(windows) { script_file.set_extension("bat"); - target.set_extension("bat"); } - debug!("Rendering script {:?} -> {:?}", location, script_file); + debug!("Rendering script {:?} -> {:?}", location, script_file); + let mut fs = RealFilesystem::new(false); crate::actions::perform_template_deploy( location, &script_file, - &target.clone().into(), - &mut crate::filesystem::RealFilesystem::new(false), + None, + &mut fs, handlebars, variables, ) .context("deploy script")?; + fs.copy_permissions(location, &script_file, &None) + .context("copy permissions from source to cache")?; debug!("Running script file"); - let mut child = run_script_file(&target)?; + let mut child = run_script_file(&script_file)?; anyhow::ensure!( child.wait().context("wait for child shell")?.success(),