Skip to content

Add writeFileTextEnvelopeWithOwnerPermissions#1248

Open
palas wants to merge 3 commits into
masterfrom
writeFileTextEnvelopeWithOwnerPermissions
Open

Add writeFileTextEnvelopeWithOwnerPermissions#1248
palas wants to merge 3 commits into
masterfrom
writeFileTextEnvelopeWithOwnerPermissions

Conversation

@palas

@palas palas commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

Context

writeFileTextEnvelope creates files with the default permissions, which is not appropriate for sensitive data such as signing keys.

This PR adds writeFileTextEnvelopeWithOwnerPermissions, a variant that creates the file with owner-only permissions. It also adds a haddock note to writeFileTextEnvelope pointing users to the new function for sensitive data.

How to trust this PR

  • The new function is a one-line wrapper around the existing writeLazyByteStringFileWithOwnerPermissions, which is already used elsewhere for this exact purpose.
  • The rest of the diff is re-exports and haddocks.

Checklist

  • Commit sequence broadly makes sense and commits have useful messages
  • New tests are added if needed and existing tests are updated. See Running tests for more details
  • Self-reviewed the diff
  • Changelog fragment added in .changes/

Copilot AI review requested due to automatic review settings July 8, 2026 23:09
@palas palas requested review from Jimbo4350 and erikd as code owners July 8, 2026 23:09
@palas palas self-assigned this Jul 8, 2026

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a safer file-writing API for TextEnvelope outputs by introducing a new writeFileTextEnvelopeWithOwnerPermissions helper and re-exporting it so downstream users can opt into more restrictive permissions when persisting sensitive material (e.g., signing keys).

Changes:

  • Added writeFileTextEnvelopeWithOwnerPermissions (wrapper around writeLazyByteStringFileWithOwnerPermissions).
  • Added a Haddock note on writeFileTextEnvelope pointing users to the new owner-permissions variant for sensitive data.
  • Added a Herald changelog fragment describing the new API.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

File Description
cardano-api/src/Cardano/Api/Serialise/TextEnvelope/Internal.hs Adds the new write function and updates Haddocks to recommend it for sensitive data.
cardano-api/src/Cardano/Api/Serialise/TextEnvelope.hs Re-exports the new function in the public Cardano.Api.Serialise.TextEnvelope module.
.changes/20260708_140000_cardano-api_pablo.lamela_write_text_envelope_owner_permissions.yml Adds a changelog fragment documenting the new API addition as a feature.

Comment thread cardano-api/src/Cardano/Api/Serialise/TextEnvelope/Internal.hs Outdated
Comment thread cardano-api/src/Cardano/Api/Serialise/TextEnvelope/Internal.hs Outdated
Add a variant of writeFileTextEnvelope that creates the output file
with owner-only permissions, for writing sensitive data such as
signing keys. Cross-link the haddocks of both functions and note that
writeFileTextEnvelope does not set conservative file permissions.
@palas palas force-pushed the writeFileTextEnvelopeWithOwnerPermissions branch from 511a8f0 to 9a5ac9f Compare July 8, 2026 23:27
Comment thread cardano-api/src/Cardano/Api/Serialise/TextEnvelope/Internal.hs Outdated

@carbolymer carbolymer left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. I feel that this issue is mostly user error. The users should use umask 077 instead of some OS default one. I'm not sure about windows.

@palas

palas commented Jul 9, 2026

Copy link
Copy Markdown
Contributor Author

LGTM. I feel that this issue is mostly user error. The users should use umask 077 instead of some OS default one. I'm not sure about windows.

Yes, I agree, this is just making it more obvious for them

palas added 2 commits July 10, 2026 00:07
The owner-execute bit served no purpose for data files such as signing
keys. Files created by handleFileForWritingWithOwnerPermission now get
owner read/write permissions only.
@palas palas requested a review from carbolymer July 9, 2026 22:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants