]> git.decadent.org.uk Git - dak.git/blobdiff - daklib/archive.py
projects / dak.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge branch 'dak-unpriv' into merge
[dak.git] / daklib / archive.py
diff --git a/daklib/archive.py b/daklib/archive.py
index 5c98eeca826cfec49355fc7a43e5fdf40454c94b..dcdcc8e121ec46b8f50b599d89c7472b14a6d216 100644 (file)
--- a/daklib/archive.py
+++ b/daklib/archive.py
@@ -623,11 +623,12 @@ class ArchiveUpload(object):
         cnf = Config()
         session = self.transaction.session
 
-        self.directory = tempfile.mkdtemp(dir=cnf.get('Dir::TempPath'))
+        (None, self.directory) = utils.temp_dirname(parent=cnf.get('Dir::TempPath'),
+                                                    mode=0o2750, cnf.unprivgroup)
         with FilesystemTransaction() as fs:
             src = os.path.join(self.original_directory, self.original_changes.filename)
             dst = os.path.join(self.directory, self.original_changes.filename)
-            fs.copy(src, dst)
+            fs.copy(src, dst, mode=0o640)
 
             self.changes = upload.Changes(self.directory, self.original_changes.filename, self.keyrings)
 
@@ -636,7 +637,7 @@ class ArchiveUpload(object):
                 dst = os.path.join(self.directory, f.filename)
                 if not os.path.exists(src):
                     continue
-                fs.copy(src, dst)
+                fs.copy(src, dst, mode=0o640)
 
             source = self.changes.source
             if source is not None:
dak changes to support and test code signing