nss: Makefile: don't link against asan

[nsscash/nsscash.git] / file.go

diff --git a/file.go b/file.go
index b48d0751ae3bad521ea36dd39ec2327a6ec5168c..02bc76715868967ed68596f8aebc5af1ccdee3bf 100644 (file)
--- a/file.go
+++ b/file.go
@@ -31,6 +31,11 @@ import (
 )
 
 func handleFiles(cfg *Config, state *State) error {
+       // Split into fetch and deploy phase to prevent updates of only some
+       // files which might lead to inconsistent state; obviously this won't
+       // work during the deploy phase, but it helps if the web server fails
+       // to deliver some files
+
        for i, f := range cfg.Files {
                err := fetchFile(&cfg.Files[i], state)
                if err != nil {
@@ -92,6 +97,22 @@ func fetchFile(file *File, state *State) error {
                }
                file.body = x.Bytes()
 
+       } else if file.Type == FileTypeGroup {
+               grs, err := ParseGroups(bytes.NewReader(body))
+               if err != nil {
+                       return err
+               }
+               if len(grs) == 0 {
+                       return fmt.Errorf("refusing to use empty group file")
+               }
+
+               var x bytes.Buffer
+               err = SerializeGroups(&x, grs)
+               if err != nil {
+                       return err
+               }
+               file.body = x.Bytes()
+
        } else {
                return fmt.Errorf("unsupported file type %v", file.Type)
        }
@@ -119,7 +140,8 @@ func deployFile(file *File) error {
        defer os.Remove(f.Name())
        defer f.Close()
 
-       // Apply permissions/user/group from the target file
+       // Apply permissions/user/group from the target file, use Stat instead
+       // of Lstat as only the target's permissions are relevant
        stat, err := os.Stat(file.Path)
        if err != nil {
                // We do not create the path if it doesn't exist, because we