[
https://issues.apache.org/jira/browse/MRESOLVER-313?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17655988#comment-17655988
]
ASF GitHub Bot commented on MRESOLVER-313:
------------------------------------------
cstamas commented on code in PR #234:
URL: https://github.com/apache/maven-resolver/pull/234#discussion_r1064409456
##########
maven-resolver-util/src/main/java/org/eclipse/aether/util/FileUtils.java:
##########
@@ -85,17 +92,23 @@ public void close() throws IOException
}
/**
- * Creates a {@link TempFile} for given file. It will be in same directory
where given file is, and will reuse its
- * name for generated name. Returned instance should be handled in
try-with-resource construct and created temp
- * file once ready can be moved to passed in {@code file} parameter place.
+ * Creates a {@link CollocatedTempFile} instance for given file without
backing file. The path will be located in
+ * same directory where given file is, and will reuse its name for
generated (randomized) name. Returned instance
+ * should be handled in try-with-resource and created temp path is removed
(if exists) when returned instance is
+ * closed. The {@link CollocatedTempFile#move()} makes possible to
atomically replace passed in file with the
+ * processed content written into a file backing the {@link
CollocatedTempFile} instance.
* <p>
* The {@code file} nor it's parent directories have to exist. The parent
directories are created if needed.
+ * <p>
+ * This method uses {@link Path#resolve(String)} to create the temporary
file path in passed in file parent
+ * directory, but it does NOT create backing file on file system.
*/
public static CollocatedTempFile newTempFile( Path file ) throws
IOException
{
Path parent = requireNonNull( file.getParent(), "file must have
parent" );
Files.createDirectories( parent );
- Path tempFile = Files.createTempFile( parent,
file.getFileName().toString(), "tmp" );
+ Path tempFile = parent.resolve(
+ file.getFileName().toString() + Long.toUnsignedString(
RANDOM.nextLong() ) + ".tmp" );
Review Comment:
done
> Artifact file permissions are 0600 and not implicitly set by umask
> ------------------------------------------------------------------
>
> Key: MRESOLVER-313
> URL: https://issues.apache.org/jira/browse/MRESOLVER-313
> Project: Maven Resolver
> Issue Type: Bug
> Components: Resolver
> Reporter: Tamas Cservenak
> Assignee: Tamas Cservenak
> Priority: Major
> Fix For: 1.9.4
>
>
> With introduction of FileUtils, and widespread use of CollocatedTempFile, one
> problem occurs: in both "temp file" cases Files.createTempFile is being used,
> that uses 0600 permissions instead to rely on umask.
> In case of TempFile this is OK, but in case of CollocatedTempFile this is NOT
> OK, as these files are usually moved to their "final" place (like artifact in
> local repo once downloaded and verified).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
