use new fsync parameter to replace_file and atomic_open_or_create

Depend on proxmox 0.15.0 and proxmox-openid 0.8.1 Signed-off-by: Dietmar Maurer <dietmar@proxmox.com>
2021-10-20 14:56:15 +02:00
parent 6b8329ee34
commit e0a19d3313
48 changed files with 73 additions and 57 deletions
--- a/src/acme/client.rs
+++ b/src/acme/client.rs
@ -171,6 +171,7 @@ impl AcmeClient {
                .perm(Mode::from_bits_truncate(0o600))
                .owner(nix::unistd::ROOT)
                .group(nix::unistd::Gid::from_raw(0)),
+            true,
        )
    }

--- a/src/api2/admin/datastore.rs
+++ b/src/api2/admin/datastore.rs
@ -1328,7 +1328,7 @@ pub fn upload_backup_log(
        // always verify blob/CRC at server side
        let blob = DataBlob::load_from_reader(&mut &data[..])?;

-        replace_file(&path, blob.raw_data(), CreateOptions::new())?;
+        replace_file(&path, blob.raw_data(), CreateOptions::new(), false)?;

        // fixme: use correct formatter
        Ok(formatter::JSON_FORMATTER.format_data(Value::Null, &*rpcenv))
@ -1644,7 +1644,7 @@ pub fn set_group_notes(
    check_priv_or_backup_owner(&datastore, &backup_group, &auth_id, PRIV_DATASTORE_MODIFY)?;

    let note_path = get_group_note_path(&datastore, &backup_group);
-    replace_file(note_path, notes.as_bytes(), CreateOptions::new())?;
+    replace_file(note_path, notes.as_bytes(), CreateOptions::new(), false)?;

    Ok(())
 }
--- a/src/api2/backup/environment.rs
+++ b/src/api2/backup/environment.rs
@ -453,7 +453,7 @@ impl BackupEnvironment {
        let blob = DataBlob::load_from_reader(&mut &data[..])?;

        let raw_data = blob.raw_data();
-        replace_file(&path, raw_data, CreateOptions::new())?;
+        replace_file(&path, raw_data, CreateOptions::new(), false)?;

        self.log(format!("add blob {:?} ({} bytes, comp: {})", path, orig_len, blob_len));

--- a/src/api2/node/apt.rs
+++ b/src/api2/node/apt.rs
@ -68,7 +68,7 @@ pub fn update_apt_proxy_config(proxy_config: Option<&ProxyConfig>) -> Result<(),
    if let Some(proxy_config) = proxy_config {
        let proxy = proxy_config.to_proxy_string()?;
        let data = format!("Acquire::http::Proxy \"{}\";\n", proxy);
-        replace_file(PROXY_CFG_FN, data.as_bytes(), CreateOptions::new())
+        replace_file(PROXY_CFG_FN, data.as_bytes(), CreateOptions::new(), false)
    } else {
        match std::fs::remove_file(PROXY_CFG_FN) {
            Ok(()) => Ok(()),
--- a/src/api2/node/dns.rs
+++ b/src/api2/node/dns.rs
@ -171,7 +171,7 @@ pub fn update_dns(
        data.push_str(options);
    }

-    replace_file(RESOLV_CONF_FN, data.as_bytes(), CreateOptions::new())?;
+    replace_file(RESOLV_CONF_FN, data.as_bytes(), CreateOptions::new(), true)?;

    Ok(Value::Null)
 }
--- a/src/api2/node/time.rs
+++ b/src/api2/node/time.rs
@ -97,7 +97,7 @@ fn set_timezone(
        bail!("No such timezone.");
    }

-    replace_file("/etc/timezone", timezone.as_bytes(), CreateOptions::new())?;
+    replace_file("/etc/timezone", timezone.as_bytes(), CreateOptions::new(), true)?;

    let _ = std::fs::remove_file("/etc/localtime");

--- a/src/api2/tape/restore.rs
+++ b/src/api2/tape/restore.rs
@ -1362,7 +1362,7 @@ fn try_restore_snapshot_archive<R: pxar::decoder::SeqRead>(
            let blob = DataBlob::encode(old_manifest.as_bytes(), None, true)?;

            let options = CreateOptions::new();
-            replace_file(&tmp_path, blob.raw_data(), options)?;
+            replace_file(&tmp_path, blob.raw_data(), options, false)?;

            manifest = Some(BackupManifest::try_from(blob)?);
        } else {
--- a/src/auth.rs
+++ b/src/auth.rs
@ -95,7 +95,7 @@ impl ProxmoxAuthenticator for PBS {
            .group(nix::unistd::Gid::from_raw(0));

        let data = serde_json::to_vec_pretty(&data)?;
-        proxmox::tools::fs::replace_file(SHADOW_CONFIG_FILENAME, &data, options)?;
+        proxmox::tools::fs::replace_file(SHADOW_CONFIG_FILENAME, &data, options, true)?;

        Ok(())
    }
@ -113,7 +113,7 @@ impl ProxmoxAuthenticator for PBS {
            .group(nix::unistd::Gid::from_raw(0));

        let data = serde_json::to_vec_pretty(&data)?;
-        proxmox::tools::fs::replace_file(SHADOW_CONFIG_FILENAME, &data, options)?;
+        proxmox::tools::fs::replace_file(SHADOW_CONFIG_FILENAME, &data, options, true)?;

        Ok(())
    }
--- a/src/auth_helpers.rs
+++ b/src/auth_helpers.rs
@ -104,6 +104,7 @@ pub fn generate_csrf_key() -> Result<(), Error> {
            .perm(Mode::from_bits_truncate(0o0640))
            .owner(nix::unistd::ROOT)
            .group(backup_user.gid),
+        true,
    )?;

    Ok(())
@ -125,7 +126,11 @@ pub fn generate_auth_key() -> Result<(), Error> {
    use nix::sys::stat::Mode;

    replace_file(
-        &priv_path, &priv_pem, CreateOptions::new().perm(Mode::from_bits_truncate(0o0600)))?;
+        &priv_path,
+        &priv_pem,
+        CreateOptions::new().perm(Mode::from_bits_truncate(0o0600)),
+        true,
+    )?;

    let public_pem = rsa.public_key_to_pem()?;

@ -138,6 +143,7 @@ pub fn generate_auth_key() -> Result<(), Error> {
            .perm(Mode::from_bits_truncate(0o0640))
            .owner(nix::unistd::ROOT)
            .group(backup_user.gid),
+        true,
    )?;

    Ok(())
--- a/src/config/tfa.rs
+++ b/src/config/tfa.rs
@ -76,7 +76,7 @@ pub fn write(data: &TfaConfig) -> Result<(), Error> {
    let options = CreateOptions::new().perm(Mode::from_bits_truncate(0o0600));

    let json = serde_json::to_vec(data)?;
-    proxmox::tools::fs::replace_file(CONF_FILE, &json, options)
+    proxmox::tools::fs::replace_file(CONF_FILE, &json, options, true)
 }

 #[derive(Deserialize, Serialize)]
--- a/src/server/jobstate.rs
+++ b/src/server/jobstate.rs
@ -301,7 +301,7 @@ impl Job {
            .owner(backup_user.uid)
            .group(backup_user.gid);

-        replace_file(path, serialized.as_bytes(), options)
+        replace_file(path, serialized.as_bytes(), options, false)
    }
 }

--- a/src/tape/changer/mod.rs
+++ b/src/tape/changer/mod.rs
@ -345,7 +345,7 @@ fn save_changer_state_cache(
        .owner(backup_user.uid)
        .group(backup_user.gid);

-    replace_file(path, state.as_bytes(), options)
+    replace_file(path, state.as_bytes(), options, false)
 }

 fn delete_changer_state_cache(changer: &str) {
--- a/src/tape/drive/mod.rs
+++ b/src/tape/drive/mod.rs
@ -555,7 +555,7 @@ pub fn set_tape_device_state(
        .owner(backup_user.uid)
        .group(backup_user.gid);

-    replace_file(path, state.as_bytes(), options)
+    replace_file(path, state.as_bytes(), options, false)
 }

 /// Get the device state
@ -618,6 +618,7 @@ fn open_device_lock(device_path: &str) -> Result<std::fs::File, Error> {
        OFlag::O_RDWR | OFlag::O_CLOEXEC | OFlag::O_APPEND,
        &[],
        options,
+        false,
    )
 }

--- a/src/tape/drive/virtual_tape.rs
+++ b/src/tape/drive/virtual_tape.rs
@ -117,7 +117,7 @@ impl VirtualTapeHandle {
        let raw = serde_json::to_string_pretty(&serde_json::to_value(index)?)?;

        let options = CreateOptions::new();
-        replace_file(&path, raw.as_bytes(), options)?;
+        replace_file(&path, raw.as_bytes(), options, false)?;
        Ok(())
    }

@ -157,7 +157,7 @@ impl VirtualTapeHandle {
        let raw = serde_json::to_string_pretty(&serde_json::to_value(status)?)?;

        let options = CreateOptions::new();
-        replace_file(&path, raw.as_bytes(), options)?;
+        replace_file(&path, raw.as_bytes(), options, false)?;
        Ok(())
    }

--- a/src/tape/inventory.rs
+++ b/src/tape/inventory.rs
@ -183,7 +183,7 @@ impl Inventory {
                .group(backup_user.gid)
        };

-        replace_file(&self.inventory_path, raw.as_bytes(), options)?;
+        replace_file(&self.inventory_path, raw.as_bytes(), options, true)?;

        Ok(())
    }
--- a/src/tape/media_catalog_cache.rs
+++ b/src/tape/media_catalog_cache.rs
@ -102,6 +102,7 @@ fn write_snapshot_cache(
        cache_path,
        data.as_bytes(),
        options,
+        false,
    )?;

    Ok(list)
--- a/src/tools/apt.rs
+++ b/src/tools/apt.rs
@ -24,7 +24,7 @@ pub struct PkgState {
 pub fn write_pkg_cache(state: &PkgState) -> Result<(), Error> {
    let serialized_state = serde_json::to_string(state)?;

-    replace_file(APT_PKG_STATE_FN, &serialized_state.as_bytes(), CreateOptions::new())
+    replace_file(APT_PKG_STATE_FN, &serialized_state.as_bytes(), CreateOptions::new(), false)
        .map_err(|err| format_err!("Error writing package cache - {}", err))?;
    Ok(())
 }
--- a/src/tools/subscription.rs
+++ b/src/tools/subscription.rs
@ -312,7 +312,7 @@ pub fn write_subscription(info: SubscriptionInfo) -> Result<(), Error> {
        .group(backup_user.gid);

    let subscription_file = std::path::Path::new(SUBSCRIPTION_FN);
-    replace_file(subscription_file, raw.as_bytes(), file_opts)?;
+    replace_file(subscription_file, raw.as_bytes(), file_opts, true)?;

    update_apt_auth(key, server_id)?;

@ -343,7 +343,7 @@ pub fn update_apt_auth(key: Option<String>, password: Option<String>) -> Result<
                .owner(nix::unistd::ROOT);

            // we use a namespaced .conf file, so just overwrite..
-            replace_file(auth_conf, conf.as_bytes(), file_opts)
+            replace_file(auth_conf, conf.as_bytes(), file_opts, true)
                .map_err(|e| format_err!("Error saving apt auth config - {}", e))?;
        }
        _ => match nix::unistd::unlink(auth_conf) {
--- a/src/tools/systemd/config.rs
+++ b/src/tools/systemd/config.rs
@ -133,7 +133,7 @@ fn save_systemd_config(config: &SectionConfig, filename: &str, data: &SectionCon
        .perm(mode)
        .owner(nix::unistd::ROOT);

-    replace_file(filename, raw.as_bytes(), options)?;
+    replace_file(filename, raw.as_bytes(), options, true)?;

    Ok(())
 }