Download packages into more secure place than /tmp
This commit is contained in:
parent
d5cec3491b
commit
8889900650
@ -9,7 +9,10 @@ ACME_CRON = '/etc/periodic/daily/acme-sh'
|
||||
ACME_DIR = '/etc/acme.sh.d'
|
||||
CERT_KEY_FILE = '/etc/ssl/services.key'
|
||||
CERT_PUB_FILE = '/etc/ssl/services.pem'
|
||||
|
||||
# Package manager
|
||||
PKG_SIG_FILE = '/etc/vmmgr/packages.pub'
|
||||
PKG_TEMP_DIR = '/var/cache/vmmgr'
|
||||
|
||||
# LXC
|
||||
HOSTS_FILE = '/etc/hosts'
|
||||
@ -19,7 +22,6 @@ LXC_ROOT = '/var/lib/lxc'
|
||||
# OS
|
||||
ISSUE_FILE = '/etc/issue'
|
||||
NGINX_DIR = '/etc/nginx/conf.d'
|
||||
REPO_FILE = '/etc/apk/repositories'
|
||||
|
||||
# URLs
|
||||
MYIP_URL = 'https://tools.dasm.cz/myip.php'
|
||||
|
@ -10,7 +10,7 @@ from enum import Enum
|
||||
from werkzeug.exceptions import BadRequest, NotFound, Unauthorized
|
||||
|
||||
from . import crypto
|
||||
from .paths import LXC_ROOT
|
||||
from .paths import LXC_ROOT, PKG_TEMP_DIR
|
||||
|
||||
class Stage(Enum):
|
||||
DOWNLOAD = 1
|
||||
@ -85,7 +85,8 @@ class PkgMgr:
|
||||
def download_package(self, name, item):
|
||||
# Download tar.xz package and verify its hash. Can raise InvalidSignature
|
||||
pkg_archive = '{}_{}-{}.tar.xz'.format(name, self.online_packages[name]['version'], self.online_packages[name]['release'])
|
||||
tmp_archive = os.path.join('/tmp', pkg_archive)
|
||||
tmp_archive = os.path.join(PKG_TEMP_DIR, pkg_archive)
|
||||
os.makedirs(PKG_TEMP_DIR, 0o700, True)
|
||||
# If the archive already exists in temp (presumably because the previous installation was interrupted), it was already verified and can be reused
|
||||
if os.path.exists(tmp_archive):
|
||||
item.bytes_downloaded += os.path.getsize(tmp_archive)
|
||||
@ -105,7 +106,7 @@ class PkgMgr:
|
||||
def unpack_package(self, name):
|
||||
# Unpack archive
|
||||
pkg_archive = '{}_{}-{}.tar.xz'.format(name, self.online_packages[name]['version'], self.online_packages[name]['release'])
|
||||
tmp_archive = os.path.join('/tmp', pkg_archive)
|
||||
tmp_archive = os.path.join(PKG_TEMP_DIR, pkg_archive)
|
||||
subprocess.run(['tar', 'xJf', tmp_archive], cwd='/', check=True)
|
||||
os.unlink(tmp_archive)
|
||||
|
||||
|
@ -10,7 +10,7 @@ import urllib
|
||||
from . import crypto
|
||||
from . import templates
|
||||
from . import net
|
||||
from .paths import ACME_CRON, ACME_DIR, ISSUE_FILE, NGINX_DIR, RELOAD_URL, REPO_FILE
|
||||
from .paths import ACME_CRON, ACME_DIR, ISSUE_FILE, NGINX_DIR, RELOAD_URL
|
||||
|
||||
class VMMgr:
|
||||
def __init__(self, conf):
|
||||
|
Loading…
Reference in New Issue
Block a user