From 743cefd864314cc0be260b5faa03a146579b312c Mon Sep 17 00:00:00 2001
From: tzssangglass <tzssangglass@gmail.com>
Date: Thu, 29 Feb 2024 17:48:59 +0800
Subject: [PATCH] chore(cd): update file permission of kong.logrotate (#12629)

origin file permission of kong.logrotate is 664, but the correct file permission is 644

Fix: https://konghq.atlassian.net/browse/FTI-5756

---------

Signed-off-by: tzssangglass <tzssangglass@gmail.com>
---
 build/package/nfpm.yaml                                   | 3 +++
 .../unreleased/kong/fix-file-permission-of-logrotate.yml  | 3 +++
 scripts/explain_manifest/explain.py                       | 8 +++++---
 scripts/explain_manifest/suites.py                        | 2 ++
 4 files changed, 13 insertions(+), 3 deletions(-)
 create mode 100644 changelog/unreleased/kong/fix-file-permission-of-logrotate.yml

diff --git a/build/package/nfpm.yaml b/build/package/nfpm.yaml
index 2650569fc6d..2f9bff5f10e 100644
--- a/build/package/nfpm.yaml
+++ b/build/package/nfpm.yaml
@@ -38,6 +38,9 @@ contents:
   dst: /lib/systemd/system/kong.service
 - src: build/package/kong.logrotate
   dst: /etc/kong/kong.logrotate
+  file_info:
+    mode: 0644
+
 scripts:
   postinstall: ./build/package/postinstall.sh
 replaces:
diff --git a/changelog/unreleased/kong/fix-file-permission-of-logrotate.yml b/changelog/unreleased/kong/fix-file-permission-of-logrotate.yml
new file mode 100644
index 00000000000..2fb24c9e2f5
--- /dev/null
+++ b/changelog/unreleased/kong/fix-file-permission-of-logrotate.yml
@@ -0,0 +1,3 @@
+message: update file permission of kong.logrotate to 644
+type: bugfix
+scope: Core
diff --git a/scripts/explain_manifest/explain.py b/scripts/explain_manifest/explain.py
index d9f807b2dc2..1916401024e 100644
--- a/scripts/explain_manifest/explain.py
+++ b/scripts/explain_manifest/explain.py
@@ -64,12 +64,14 @@ def __init__(self, path, relpath):
 
         # use lstat to get the mode, uid, gid of the symlink itself
         self.mode = os.lstat(path).st_mode
+        # unix style mode
+        self.file_mode = '0' + oct(self.mode & 0o777)[2:]
         self.uid = os.lstat(path).st_uid
         self.gid = os.lstat(path).st_gid
 
         if not Path(path).is_symlink():
             self.size = os.stat(path).st_size
-        
+
         self._lazy_evaluate_attrs.update({
             "binary_content": lambda: open(path, "rb").read(),
             "text_content": lambda: open(path, "rb").read().decode('utf-8'),
@@ -129,7 +131,7 @@ def __init__(self, path, relpath):
         binary = lief.parse(path)
         if not binary:  # not an ELF file, malformed, etc
             return
-    
+
         self.arch = binary.header.machine_type.name
 
         for d in binary.dynamic_entries:
@@ -152,7 +154,7 @@ def __init__(self, path, relpath):
             self.version_requirement[f.name] = [LooseVersion(
                 a.name) for a in f.get_auxiliary_symbols()]
             self.version_requirement[f.name].sort()
-        
+
         self._lazy_evaluate_attrs.update({
             "exported_symbols": self.get_exported_symbols,
             "imported_symbols": self.get_imported_symbols,
diff --git a/scripts/explain_manifest/suites.py b/scripts/explain_manifest/suites.py
index 4c50828ba07..94e5b47b738 100644
--- a/scripts/explain_manifest/suites.py
+++ b/scripts/explain_manifest/suites.py
@@ -19,6 +19,8 @@ def common_suites(expect, libxcrypt_no_obsolete_api: bool = False):
 
     expect("/etc/kong/kong.logrotate", "includes logrotate config").exists()
 
+    expect("/etc/kong/kong.logrotate", "logrotate config should have 0644 permissions").file_mode.equals("0644")
+
     expect("/usr/local/kong/include/openssl/**.h", "includes OpenSSL headers").exists()
 
     # binary correctness