rsync-ssh-wrap: force the permissions of uploaded files

dupload calls rsync with -p, causing the uploaded files to be world
readable, despite the ACL of the upload directory (see bug#876900).
This is an issue for security uploads.

This has been fixed in sid, but not yet in stretch. In the meantime
force the permissions to 0640 at the wrapper level.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

diff --git a/modules/roles/files/ssh_upload/rsync-ssh-wrap b/modules/roles/files/ssh_upload/rsync-ssh-wrap
index bdfc6f1..f2a8917 100755 (executable)
--- a/modules/roles/files/ssh_upload/rsync-ssh-wrap
+++ b/modules/roles/files/ssh_upload/rsync-ssh-wrap
@@ -68,7 +68,7 @@ do_rsync() {
                allowed="${allowed_rsyncs[$cmd_idx]}"
                if [ "$*" = "$allowed" ]; then
                        info "Running for host $remote_host: rsync $*"
-                       exec rsync "$@"
+                       exec rsync --chmod=F640 "$@"
                        croak "Exec failed"
                fi
        done