From: Hans-Christoph Steiner <hans@eds.org>
Date: Wed, 16 Apr 2014 03:48:48 +0000 (-0400)
Subject: overwrite password files if they exist
X-Git-Tag: 0.2~112^2~8
X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=commitdiff_plain;h=a7d1d9a54d53a66a16a2724569126a1c91a2375d;p=fdroidserver.git

overwrite password files if they exist

The .fdroid.*.txt password files are only meant to be a conduit for the
passwords, so blow them away everytime.  The canonical password is stored
in config.py.

It might makes sense to replace these files with env vars using
-storepass:env and -keypass:env.  I figured that the passwords are already
in a file, config.py, so adding more files in the same location with the
same perms would not increase the risk at all.
---

diff --git a/fdroidserver/common.py b/fdroidserver/common.py
index ed567af8..df7c4905 100644
--- a/fdroidserver/common.py
+++ b/fdroidserver/common.py
@@ -123,7 +123,7 @@ def write_password_file(pwtype, password=None):
     command line argments
     '''
     filename = '.fdroid.' + pwtype + '.txt'
-    fd = os.open(filename, os.O_CREAT | os.O_WRONLY, 0600)
+    fd = os.open(filename, os.O_CREAT | os.O_TRUNC | os.O_WRONLY, 0600)
     if password == None:
         os.write(fd, config[pwtype])
     else: