X-Git-Url: https://ruderich.org/simon/gitweb/?a=blobdiff_plain;f=file.go;h=5b8fffef41b466d0c32182fb6f71fd7c77a64978;hb=833348f2a29247f955e53302e0c1c323190893a7;hp=0857dd50f14dde2fa1d0a7507fbe9e3ac17ad499;hpb=6383e468f1d5b281159cd46d800204a1aa718cd2;p=nsscash%2Fnsscash.git

diff --git a/file.go b/file.go
index 0857dd5..5b8fffe 100644
--- a/file.go
+++ b/file.go
@@ -89,11 +89,17 @@ func fetchFile(file *File, state *State) error {
 		t = zero // force download
 	}
 
-	status, body, err := fetchIfModified(file.Url, &t)
+	oldT := t
+	status, body, err := fetchIfModified(file.Url,
+		file.Username, file.Password, file.CA, &t)
 	if err != nil {
 		return err
 	}
 	if status == http.StatusNotModified {
+		if oldT.IsZero() {
+			return fmt.Errorf("status code 304 " +
+				"but did not send If-Modified-Since")
+		}
 		log.Printf("%q -> %q: not modified", file.Url, file.Path)
 		return nil
 	}
@@ -171,15 +177,16 @@ func deployFile(file *File) error {
 	defer os.Remove(f.Name())
 	defer f.Close()
 
-	// Apply permissions/user/group from the target file, use Stat instead
-	// of Lstat as only the target's permissions are relevant
+	// Apply permissions/user/group from the target file but remove the
+	// write permissions to discourage manual modifications, use Stat
+	// instead of Lstat as only the target's permissions are relevant
 	stat, err := os.Stat(file.Path)
 	if err != nil {
 		// We do not create the path if it doesn't exist, because we
 		// do not know the proper permissions
 		return errors.Wrapf(err, "file.path %q must exist", file.Path)
 	}
-	err = f.Chmod(stat.Mode())
+	err = f.Chmod(stat.Mode() & ^os.FileMode(0222)) // remove write perms
 	if err != nil {
 		return err
 	}