From b5438172b2bd6b7f0207822f43c99577dfefd1de Mon Sep 17 00:00:00 2001
From: Dusty Mabe <dusty@dustymabe.com>
Date: Apr 24 2020 19:34:28 +0000
Subject: new-updates-sync: set umask to be more permissive for ostree operations


See https://github.com/ostreedev/ostree/pull/1984 where OSTree was
changed to try to set group write on directories. We need to set a more
permissive umask to take advantage of it.

This is all done to support writing to the OSTree repo from OpenShift
projects that run as a random UID, but have ftpsync (gid:263) in their
supplemental groups. For more context see: https://pagure.io/releng/issue/8811#comment-629051

---

diff --git a/roles/bodhi2/backend/files/new-updates-sync b/roles/bodhi2/backend/files/new-updates-sync
index 3baa775..8aae50b 100755
--- a/roles/bodhi2/backend/files/new-updates-sync
+++ b/roles/bodhi2/backend/files/new-updates-sync
@@ -234,16 +234,22 @@ def sync_ostree(dst, ref):
     if src_commit == dst_commit:
         logger.info('OSTree at %s, ref %s in sync', dst, ref)
     else:
-        print('Syncing ostree ref %s: %s -> %s'
-              % (ref, src_commit, dst_commit))
-        logger.info('Syncing OSTree to %s, ref %s: %s -> %s',
-                    dst, ref, src_commit, dst_commit)
-        cmd = ['ostree', 'pull-local', '--verbose', '--repo',
-               dst, OSTREESOURCE, ref]
-        out = run_command(cmd)
-        cmd = ['ostree', 'summary', '--verbose', '--repo', dst, '--update']
-        run_command(cmd)
-        print('Ostree ref %s now at %s' % (ref, src_commit))
+        # Set the umask to be more permissive so directories get group write
+        # https://github.com/ostreedev/ostree/pull/1984
+        oldumask = os.umask(0o0002)
+        try:
+            print('Syncing ostree ref %s: %s -> %s'
+                  % (ref, src_commit, dst_commit))
+            logger.info('Syncing OSTree to %s, ref %s: %s -> %s',
+                        dst, ref, src_commit, dst_commit)
+            cmd = ['ostree', 'pull-local', '--verbose', '--repo',
+                   dst, OSTREESOURCE, ref]
+            out = run_command(cmd)
+            cmd = ['ostree', 'summary', '--verbose', '--repo', dst, '--update']
+            run_command(cmd)
+            print('Ostree ref %s now at %s' % (ref, src_commit))
+        finally:
+            os.umask(oldumask)
 
 
 def update_fullfilelist(modules):