NanoYagi/web-deploy-plugin
5
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

properly apply key permissions on windows
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details

Browse Source
This commit is contained in:
Captain Beyond
2024-11-16 05:45:17 -06:00
parent 215360e29b
commit b2d53123a6
1 changed files with 16 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
run
View File

@@ -8,6 +8,21 @@ from subprocess import run
SOURCE = os.environ.get("PLUGIN_SOURCE", ".") SOURCE = os.environ.get("PLUGIN_SOURCE", ".")
TARGET = os.environ['PLUGIN_TARGET'] TARGET = os.environ['PLUGIN_TARGET']
def apply_key_permissions(keyfile):
os.chmod(keyfile, 0o600)
if not os.name == "nt":
return
username = os.environ['USERNAME']
users_directory = "C:\\Users"
run(["Icacls", keyfile, "/c", "/t", "/Inheritance:d"])
run(["TakeOwn", "/F", keyfile])
run(["Icacls", keyfile, "/c", "/t", "/Grant:r", f"{username}:F"])
run(["Icacls", keyfile, "/c", "/t", "/Remove:g", "Administrator", "Authenticated Users", "BUILTIN\\Administrators", "BUILTIN", "Everyone", "System", "Users"])
for other_user in [user for user in os.listdir(users_directory) if not user == username]:
run(["Icacls", keyfile, "/c", "/t", "/Remove:g", other_user])
run(["Icacls", keyfile])
def deploy(source, target, keyfile): def deploy(source, target, keyfile):
for source_file in glob.glob(source): for source_file in glob.glob(source):
print(f">> {source_file} -> {target}") print(f">> {source_file} -> {target}")
@@ -21,7 +36,7 @@ try:
deploy_key.write(b"\n") deploy_key.write(b"\n")
deploy_key.close() deploy_key.close()
os.chmod(deploy_key.name, 0o600) apply_key_permissions(deploy_key.name)
deploy(SOURCE, TARGET, deploy_key.name) deploy(SOURCE, TARGET, deploy_key.name)
finally: finally:
if temp_file_name is not None: if temp_file_name is not None: