From abea3d755210546014d303625f1cc44caa957e31 Mon Sep 17 00:00:00 2001 From: Jakob Borg Date: Mon, 4 Jul 2022 10:57:45 +0200 Subject: [PATCH] cmd/syncthing: Apply file permissions and modtimes when decrypting (#8412) Directories are not represented in the encrypted storagage so they get to keep default permissions... --- cmd/syncthing/decrypt/decrypt.go | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/cmd/syncthing/decrypt/decrypt.go b/cmd/syncthing/decrypt/decrypt.go index 1bb56c683..5d4746ed9 100644 --- a/cmd/syncthing/decrypt/decrypt.go +++ b/cmd/syncthing/decrypt/decrypt.go @@ -129,6 +129,9 @@ func (c *CLI) getFolderID() (string, error) { // process handles the file named path in srcFs, decrypting it into dstFs // unless dstFs is nil. func (c *CLI) process(srcFs fs.Filesystem, dstFs fs.Filesystem, path string) error { + // Which filemode bits to preserve + const retainBits = fs.ModePerm | fs.ModeSetgid | fs.ModeSetuid | fs.ModeSticky + if c.Verbose { log.Printf("Processing %q", path) } @@ -168,6 +171,9 @@ func (c *CLI) process(srcFs fs.Filesystem, dstFs fs.Filesystem, path string) err return fmt.Errorf("%s: %w", plainFi.Name, err) } defer plainFd.Close() // also closed explicitly in the return + if err := dstFs.Chmod(plainFi.Name, fs.FileMode(plainFi.Permissions&uint32(retainBits))); err != nil { + return fmt.Errorf("%s: %w", plainFi.Name, err) + } } if err := c.decryptFile(encFi, &plainFi, encFd, plainFd); err != nil { @@ -184,7 +190,12 @@ func (c *CLI) process(srcFs fs.Filesystem, dstFs fs.Filesystem, path string) err } if plainFd != nil { - return plainFd.Close() + if err := plainFd.Close(); err != nil { + return fmt.Errorf("%s: %w", plainFi.Name, err) + } + if err := dstFs.Chtimes(plainFi.Name, plainFi.ModTime(), plainFi.ModTime()); err != nil { + return fmt.Errorf("%s: %w", plainFi.Name, err) + } } return nil }