overwrite password files if they exist

The .fdroid.*.txt password files are only meant to be a conduit for the
passwords, so blow them away everytime.  The canonical password is stored
in config.py.

It might makes sense to replace these files with env vars using
-storepass:env and -keypass:env.  I figured that the passwords are already
in a file, config.py, so adding more files in the same location with the
same perms would not increase the risk at all.

diff --git a/fdroidserver/common.py b/fdroidserver/common.py
index ed567af8ee27921556ac6ca897c845f94f94ae31..df7c49056ff7548c5370d146c3b47cd4f325a91b 100644 (file)
--- a/fdroidserver/common.py
+++ b/fdroidserver/common.py
@@ -123,7 +123,7 @@ def write_password_file(pwtype, password=None):
     command line argments
     '''
     filename = '.fdroid.' + pwtype + '.txt'
-    fd = os.open(filename, os.O_CREAT | os.O_WRONLY, 0600)
+    fd = os.open(filename, os.O_CREAT | os.O_TRUNC | os.O_WRONLY, 0600)
     if password == None:
         os.write(fd, config[pwtype])
     else: