From a7d1d9a54d53a66a16a2724569126a1c91a2375d Mon Sep 17 00:00:00 2001
From: Hans-Christoph Steiner <hans@eds.org>
Date: Tue, 15 Apr 2014 23:48:48 -0400
Subject: [PATCH] overwrite password files if they exist

The .fdroid.*.txt password files are only meant to be a conduit for the
passwords, so blow them away everytime.  The canonical password is stored
in config.py.

It might makes sense to replace these files with env vars using
-storepass:env and -keypass:env.  I figured that the passwords are already
in a file, config.py, so adding more files in the same location with the
same perms would not increase the risk at all.
---
 fdroidserver/common.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fdroidserver/common.py b/fdroidserver/common.py
index ed567af8..df7c4905 100644
--- a/fdroidserver/common.py
+++ b/fdroidserver/common.py
@@ -123,7 +123,7 @@ def write_password_file(pwtype, password=None):
     command line argments
     '''
     filename = '.fdroid.' + pwtype + '.txt'
-    fd = os.open(filename, os.O_CREAT | os.O_WRONLY, 0600)
+    fd = os.open(filename, os.O_CREAT | os.O_TRUNC | os.O_WRONLY, 0600)
     if password == None:
         os.write(fd, config[pwtype])
     else:
-- 
2.30.2