Add writeFileTextEnvelopeWithOwnerPermissions#1248
Conversation
There was a problem hiding this comment.
Pull request overview
Adds a safer file-writing API for TextEnvelope outputs by introducing a new writeFileTextEnvelopeWithOwnerPermissions helper and re-exporting it so downstream users can opt into more restrictive permissions when persisting sensitive material (e.g., signing keys).
Changes:
- Added
writeFileTextEnvelopeWithOwnerPermissions(wrapper aroundwriteLazyByteStringFileWithOwnerPermissions). - Added a Haddock note on
writeFileTextEnvelopepointing users to the new owner-permissions variant for sensitive data. - Added a Herald changelog fragment describing the new API.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| cardano-api/src/Cardano/Api/Serialise/TextEnvelope/Internal.hs | Adds the new write function and updates Haddocks to recommend it for sensitive data. |
| cardano-api/src/Cardano/Api/Serialise/TextEnvelope.hs | Re-exports the new function in the public Cardano.Api.Serialise.TextEnvelope module. |
| .changes/20260708_140000_cardano-api_pablo.lamela_write_text_envelope_owner_permissions.yml | Adds a changelog fragment documenting the new API addition as a feature. |
Add a variant of writeFileTextEnvelope that creates the output file with owner-only permissions, for writing sensitive data such as signing keys. Cross-link the haddocks of both functions and note that writeFileTextEnvelope does not set conservative file permissions.
511a8f0 to
9a5ac9f
Compare
carbolymer
left a comment
There was a problem hiding this comment.
LGTM. I feel that this issue is mostly user error. The users should use umask 077 instead of some OS default one. I'm not sure about windows.
Yes, I agree, this is just making it more obvious for them |
The owner-execute bit served no purpose for data files such as signing keys. Files created by handleFileForWritingWithOwnerPermission now get owner read/write permissions only.
Context
writeFileTextEnvelopecreates files with the default permissions, which is not appropriate for sensitive data such as signing keys.This PR adds
writeFileTextEnvelopeWithOwnerPermissions, a variant that creates the file with owner-only permissions. It also adds a haddock note towriteFileTextEnvelopepointing users to the new function for sensitive data.How to trust this PR
writeLazyByteStringFileWithOwnerPermissions, which is already used elsewhere for this exact purpose.Checklist
.changes/