From 13703fbb04d7bc7975368b035342e104c26e3f35 Mon Sep 17 00:00:00 2001
From: Anton Hvornum <anton@hvornum.se>
Date: Sun, 28 Aug 2022 22:04:25 +0200
Subject: Fix permission flags on all the log files created (#1440)

* Changed permissions on the logs stored in /var/log/archinstall. Also cleaned up one of the saves to have the same syntax as the others

* Tweaked secondary encryption password detection logic, as it wouldn't take it from the main arguments[] otherwise.

* Changed permission on cmd_output.txt

* Changed permission on cmd_history.txt
---
 archinstall/lib/configuration.py | 14 +++++++++++++-
 archinstall/lib/general.py       | 22 ++++++++++++++++++++--
 archinstall/lib/installer.py     | 11 ++++++-----
 3 files changed, 39 insertions(+), 8 deletions(-)

(limited to 'archinstall/lib')

diff --git a/archinstall/lib/configuration.py b/archinstall/lib/configuration.py
index 510f7103..2a43174d 100644
--- a/archinstall/lib/configuration.py
+++ b/archinstall/lib/configuration.py
@@ -1,4 +1,6 @@
+import os
 import json
+import stat
 import logging
 import pathlib
 from typing import Optional, Dict
@@ -106,23 +108,33 @@ class ConfigurationOutput:
 
 	def save_user_config(self, dest_path :pathlib.Path = None):
 		if self._is_valid_path(dest_path):
-			with open(dest_path / self._user_config_file, 'w') as config_file:
+			target = dest_path / self._user_config_file
+
+			with open(target, 'w') as config_file:
 				config_file.write(self.user_config_to_json())
 
+			os.chmod(str(dest_path / self._user_config_file), stat.S_IRUSR | stat.S_IWUSR | stat.S_IRGRP)
+
 	def save_user_creds(self, dest_path :pathlib.Path = None):
 		if self._is_valid_path(dest_path):
 			if user_creds := self.user_credentials_to_json():
 				target = dest_path / self._user_creds_file
+
 				with open(target, 'w') as config_file:
 					config_file.write(user_creds)
 
+				os.chmod(str(target), stat.S_IRUSR | stat.S_IWUSR | stat.S_IRGRP)
+
 	def save_disk_layout(self, dest_path :pathlib.Path = None):
 		if self._is_valid_path(dest_path):
 			if disk_layout := self.disk_layout_to_json():
 				target = dest_path / self._disk_layout_file
+
 				with target.open('w') as config_file:
 					config_file.write(disk_layout)
 
+				os.chmod(str(target), stat.S_IRUSR | stat.S_IWUSR | stat.S_IRGRP)
+
 	def save(self, dest_path :pathlib.Path = None):
 		if not dest_path:
 			dest_path = self._default_save_path
diff --git a/archinstall/lib/general.py b/archinstall/lib/general.py
index 1dc37994..61c4358e 100644
--- a/archinstall/lib/general.py
+++ b/archinstall/lib/general.py
@@ -6,6 +6,7 @@ import os
 import secrets
 import shlex
 import subprocess
+import stat
 import string
 import sys
 import time
@@ -313,9 +314,18 @@ class SysCommandWorker:
 				except UnicodeDecodeError:
 					return False
 
-			with open(f"{storage['LOG_PATH']}/cmd_output.txt", "a") as peak_output_log:
+			peak_logfile = pathlib.Path(f"{storage['LOG_PATH']}/cmd_output.txt")
+
+			change_perm = False
+			if peak_logfile.exists() is False:
+				change_perm = True
+
+			with peak_logfile.open("a") as peak_output_log:
 				peak_output_log.write(output)
 
+			if change_perm:
+				os.chmod(str(peak_logfile), stat.S_IRUSR | stat.S_IWUSR | stat.S_IRGRP)
+
 			sys.stdout.write(str(output))
 			sys.stdout.flush()
 
@@ -361,10 +371,18 @@ class SysCommandWorker:
 
 		# https://stackoverflow.com/questions/4022600/python-pty-fork-how-does-it-work
 		if not self.pid:
+			history_logfile = pathlib.Path(f"{storage['LOG_PATH']}/cmd_history.txt")
 			try:
+				change_perm = False
+				if history_logfile.exists() is False:
+					change_perm = True
+
 				try:
-					with open(f"{storage['LOG_PATH']}/cmd_history.txt", "a") as cmd_log:
+					with history_logfile.open("a") as cmd_log:
 						cmd_log.write(f"{self.cmd}\n")
+
+					if change_perm:
+						os.chmod(str(history_logfile), stat.S_IRUSR | stat.S_IWUSR | stat.S_IRGRP)
 				except PermissionError:
 					pass
 
diff --git a/archinstall/lib/installer.py b/archinstall/lib/installer.py
index 0f298eba..a8346cb6 100644
--- a/archinstall/lib/installer.py
+++ b/archinstall/lib/installer.py
@@ -246,11 +246,12 @@ class Installer:
 		# we manage the encrypted partititons
 		for partition in [entry for entry in list_part if entry.get('encrypted', False)]:
 			# open the luks device and all associate stuff
-			if not (password := partition.get('!password', None)):
-				raise RequirementError(f"Missing partition {partition['device_instance'].path} encryption password in layout: {partition}")
-				loopdev = f"{storage.get('ENC_IDENTIFIER', 'ai')}{pathlib.Path(partition['mountpoint']).name}loop"
-			else:
-				loopdev = f"{storage.get('ENC_IDENTIFIER', 'ai')}{pathlib.Path(partition['device_instance'].path).name}"
+			if not (password := partition.get('!password', None)) and storage['arguments'].get('!encryption-password'):
+				password = storage['arguments'].get('!encryption-password')
+			elif not password:
+				raise RequirementError(f"Missing partition encryption password in layout: {partition}")
+			
+			loopdev = f"{storage.get('ENC_IDENTIFIER', 'ai')}{pathlib.Path(partition['device_instance'].path).name}"
 
 			# note that we DON'T auto_unmount (i.e. close the encrypted device so it can be used
 			with (luks_handle := luks2(partition['device_instance'], loopdev, password, auto_unmount=False)) as unlocked_device:
-- 
cgit v1.2.3-70-g09d2