From 8d3d4b82801cb51acb46f5c5e9033d7438da37da Mon Sep 17 00:00:00 2001
From: Lubomír Sedlář <lsedlar@redhat.com>
Date: Apr 01 2016 13:42:34 +0000
Subject: [checks] Add a check for too restrictive umask


If umask is set to something too high (>0022), a warning will be
printed. It does not abort the compose though.

Signed-off-by: Lubomír Sedlář <lsedlar@redhat.com>

---

diff --git a/bin/pungi-koji b/bin/pungi-koji
index 1044ec1..a0eba0e 100755
--- a/bin/pungi-koji
+++ b/bin/pungi-koji
@@ -172,6 +172,7 @@ def main():
     import pungi.checks
     if not pungi.checks.check(conf):
         sys.exit(1)
+    pungi.checks.check_umask(logger)
 
     if opts.target_dir:
         compose_dir = Compose.get_compose_dir(opts.target_dir, conf, compose_type=compose_type, compose_label=opts.label)
diff --git a/pungi/checks.py b/pungi/checks.py
index 6895b2a..f0d8b5b 100644
--- a/pungi/checks.py
+++ b/pungi/checks.py
@@ -102,6 +102,16 @@ def check(conf):
     return not fail
 
 
+def check_umask(logger):
+    """Make sure umask is set to something reasonable. If not, log a warning."""
+    mask = os.umask(0)
+    os.umask(mask)
+
+    if mask > 0o022:
+        logger.warning('Unusually strict umask detected (0%03o), '
+                       'expect files with broken permissions.', mask)
+
+
 def validate_options(conf, valid_options):
     errors = []
     for i in valid_options:
diff --git a/tests/test_checks.py b/tests/test_checks.py
index a0a49e0..0e2a9e2 100755
--- a/tests/test_checks.py
+++ b/tests/test_checks.py
@@ -143,5 +143,36 @@ class CheckDependenciesTestCase(unittest.TestCase):
         self.assertFalse(result)
 
 
+class TestUmask(unittest.TestCase):
+    def setUp(self):
+        self.orig_umask = os.umask(0)
+        os.umask(self.orig_umask)
+
+    def tearDown(self):
+        os.umask(self.orig_umask)
+
+    def test_no_warning_with_0022(self):
+        os.umask(0o022)
+        logger = mock.Mock()
+        checks.check_umask(logger)
+        self.assertItemsEqual(logger.mock_calls, [])
+
+    def test_no_warning_with_0000(self):
+        os.umask(0o000)
+        logger = mock.Mock()
+        checks.check_umask(logger)
+        self.assertItemsEqual(logger.mock_calls, [])
+
+    def test_warning_with_0044(self):
+        os.umask(0o044)
+        logger = mock.Mock()
+        checks.check_umask(logger)
+        self.assertItemsEqual(
+            logger.mock_calls,
+            [mock.call.warning('Unusually strict umask detected (0%03o), '
+                               'expect files with broken permissions.', 0o044)]
+        )
+
+
 if __name__ == "__main__":
     unittest.main()