dannysauer/perms.py

## perms.py
#!/usr/bin/env python
#
# Reset perms on a file after installing an RPM
#
import os
import json
import logging
from pwd import getpwnam
from grp import getgrnam
# from stat import *
from zypp_plugin import Plugin


class MyPlugin(Plugin):

  def PLUGINBEGIN(self, headers, body):
    self.ack()

  def PLUGINEND(self, headers, body):
    self.ack()

  def COMMITEND(self, headers, body):
    try:
      parsed_body = json.loads(body)
    except (ValueError, TypeError) as e:
      logging.error("failed to parse body: '{}'".format(e))
      self.error()
      return

    for transaction_step in parsed_body['TransactionStepList']:
      # skip if error / pending
      if transaction_step['stage'] != 'ok':
        next
      # only worry if one of our packages was installed
      #  (+ is install/update, M is multiple versions)
      if (
        transaction_step['type'] in ('+', 'M')
        and transaction_step['solvable']['n'] in
        (
          'nfs-doc',
          # 'some_other_package', # can be a list of package names
        )
      ):
         somefile = '/tmp/somefile'

         # set user/group on file
         user = 'root'
         group = 'root'
         # set uid or gid to -1 to leave unchanged
         try:
           uid = getpwnam(user)[2]
           gid = getgrnam(group)[2]
         except KeyError as e:
           logging.error(e)
           self.error()
           return
         os.chown(somefile, uid, gid)

         # set perms on file
         os.chmod(somefile, 0o0640)  # use 00640 on python < 2.6
         # or uncomment `from stat import *` above and use symbolic modes:
         # os.chmod(somefile, S_IRUSR | S_IWUSR | S_IRGRP)

    self.ack()


plugin = MyPlugin()
plugin.main()

## shell transcript
sauer@lightning:~$ sudo zypper install -y zypp-plugin-python
sauer@lightning:~$ sudoedit /usr/lib/zypp/plugins/commit/perms.py
sauer@lightning:~$ sudo chown root:root /usr/lib/zypp/plugins/commit/perms.py
sauer@lightning:~$ sudo chmod 0755 /usr/lib/zypp/plugins/commit/perms.py

sauer@lightning:~$ touch /tmp/somefile
sauer@lightning:~$ ls -l /tmp/somefile
-rw-r--r-- 1 sauer users 0 Feb  4 16:54 /tmp/somefile
sauer@lightning:~$ sudo zypper remove -y nfs-doc; sudo zypper install -y nfs-doc
sauer@lightning:~$ ls -l /tmp/somefile
-rw-r----- 1 root root 0 Feb  4 16:54 /tmp/somefile

sauer@lightning:~$ sudo chmod 0755 /tmp/somefile
sauer@lightning:~$ ls -l /tmp/somefile
-rwxr-xr-x 1 root root 0 Feb  4 16:54 /tmp/somefile
sauer@lightning:~$ sudo zypper remove -y nfs-doc; sudo zypper install -y nfs-doc
sauer@lightning:~$ ls -l /tmp/somefile
-rw-r----- 1 root root 0 Feb  4 16:54 /tmp/somefile
	#!/usr/bin/env python
	#
	# Reset perms on a file after installing an RPM
	#
	import os
	import json
	import logging
	from pwd import getpwnam
	from grp import getgrnam
	# from stat import *
	from zypp_plugin import Plugin


	class MyPlugin(Plugin):

	def PLUGINBEGIN(self, headers, body):
	self.ack()

	def PLUGINEND(self, headers, body):
	self.ack()

	def COMMITEND(self, headers, body):
	try:
	parsed_body = json.loads(body)
	except (ValueError, TypeError) as e:
	logging.error("failed to parse body: '{}'".format(e))
	self.error()
	return

	for transaction_step in parsed_body['TransactionStepList']:
	# skip if error / pending
	if transaction_step['stage'] != 'ok':
	next
	# only worry if one of our packages was installed
	# (+ is install/update, M is multiple versions)
	if (
	transaction_step['type'] in ('+', 'M')
	and transaction_step['solvable']['n'] in
	(
	'nfs-doc',
	# 'some_other_package', # can be a list of package names
	)
	):
	somefile = '/tmp/somefile'

	# set user/group on file
	user = 'root'
	group = 'root'
	# set uid or gid to -1 to leave unchanged
	try:
	uid = getpwnam(user)[2]
	gid = getgrnam(group)[2]
	except KeyError as e:
	logging.error(e)
	self.error()
	return
	os.chown(somefile, uid, gid)

	# set perms on file
	os.chmod(somefile, 0o0640) # use 00640 on python < 2.6
	# or uncomment `from stat import *` above and use symbolic modes:
	# os.chmod(somefile, S_IRUSR \| S_IWUSR \| S_IRGRP)

	self.ack()


	plugin = MyPlugin()
	plugin.main()
	sauer@lightning:~$ sudo zypper install -y zypp-plugin-python
	sauer@lightning:~$ sudoedit /usr/lib/zypp/plugins/commit/perms.py
	sauer@lightning:~$ sudo chown root:root /usr/lib/zypp/plugins/commit/perms.py
	sauer@lightning:~$ sudo chmod 0755 /usr/lib/zypp/plugins/commit/perms.py

	sauer@lightning:~$ touch /tmp/somefile
	sauer@lightning:~$ ls -l /tmp/somefile
	-rw-r--r-- 1 sauer users 0 Feb 4 16:54 /tmp/somefile
	sauer@lightning:~$ sudo zypper remove -y nfs-doc; sudo zypper install -y nfs-doc
	sauer@lightning:~$ ls -l /tmp/somefile
	-rw-r----- 1 root root 0 Feb 4 16:54 /tmp/somefile

	sauer@lightning:~$ sudo chmod 0755 /tmp/somefile
	sauer@lightning:~$ ls -l /tmp/somefile
	-rwxr-xr-x 1 root root 0 Feb 4 16:54 /tmp/somefile
	sauer@lightning:~$ sudo zypper remove -y nfs-doc; sudo zypper install -y nfs-doc
	sauer@lightning:~$ ls -l /tmp/somefile
	-rw-r----- 1 root root 0 Feb 4 16:54 /tmp/somefile