On Wed, Oct 28, 2020 at 08:48:59AM +0000, Alisdair MacLeod wrote:
> I've just been trying out gotweb and noticed that after a `got fetch` the
> repository is no longer accessible, with the message:
> 
> Error: open: /got/public/repo/objects/pack/pack-<snip>.idx: Permission
> denied
> 
> Diving in it looks like the packfiles are created with mktemp so have the
> mode 0600 set rather than GOT_DEFAULT_FILE_MODE and so are not readable by
> the httpd server user.
> 
> Is this on purpose? If not I would be happy to put together a patch to apply
> GOT_DEFAULT_FILE_MODE, probably just after the rename from
> tmppackpath/tmpidxpath to packpath/idxpath in lib/fetch.c?

Yes, I agree this change is needed.

Thanks for spotting the problem. I can confirm that pack files in my
own repositories have mode 600. I never noticed this problem because
I only access those repositories with the owner's UID.