From: Daniel Martí <mvdan@mvdan.cc>
Date: Sun, 22 Jun 2014 19:24:05 +0000 (+0200)
Subject: Warn about config permissions before loading the defaults
X-Git-Tag: 0.2~16
X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=commitdiff_plain;h=0bce8405716612a3aeb36b74bbee7714987d7f74;p=fdroidserver.git

Warn about config permissions before loading the defaults

Now, configs that don't contain passwords don't trigger the warning.
---

diff --git a/fdroidserver/common.py b/fdroidserver/common.py
index 75968635..bf89b1d5 100644
--- a/fdroidserver/common.py
+++ b/fdroidserver/common.py
@@ -92,6 +92,11 @@ def read_config(opts, config_file='config.py'):
                                       'sun.security.pkcs11.SunPKCS11',
                                       '-providerArg', 'opensc-fdroid.cfg']
 
+    if any(k in config for k in ["keystore", "keystorepass", "keypass"]):
+        st = os.stat(config_file)
+        if st.st_mode & stat.S_IRWXG or st.st_mode & stat.S_IRWXO:
+            logging.warn("unsafe permissions on {0} (should be 0600)!".format(config_file))
+
     defconfig = get_default_config()
     for k, v in defconfig.items():
         if k not in config:
@@ -107,11 +112,6 @@ def read_config(opts, config_file='config.py'):
     if not test_sdk_exists(config):
         sys.exit(3)
 
-    if any(k in config for k in ["keystore", "keystorepass", "keypass"]):
-        st = os.stat(config_file)
-        if st.st_mode & stat.S_IRWXG or st.st_mode & stat.S_IRWXO:
-            logging.warn("unsafe permissions on {0} (should be 0600)!".format(config_file))
-
     for k in ["keystorepass", "keypass"]:
         if k in config:
             write_password_file(k)