From 0c1008defab76db7f7d8a138ccbdad8790fe6d9f Mon Sep 17 00:00:00 2001
From: Peter Johnson <johnson.peter@gmail.com>
Date: Sun, 30 Dec 2018 00:13:52 -0800
Subject: [PATCH] Set UID, GID, and executable bits on uploaded application
 (#12)

Also remove old application rather than replacing directly, so it can be replaced while running.
---
 deps/tools/Makefile                           |  4 +++
 .../tools/rpiConfigServer_src/Application.cpp | 31 ++++++++++++++++---
 2 files changed, 31 insertions(+), 4 deletions(-)

diff --git a/deps/tools/Makefile b/deps/tools/Makefile
index 9be0b4c..81b9a1c 100644
--- a/deps/tools/Makefile
+++ b/deps/tools/Makefile
@@ -6,6 +6,8 @@ OPENCV_INSTALL?=../03-build/opencv-build/install
 EXEC_HOME?=/home/pi
 FRC_JSON?=/boot/frc.json
 DHCPCD_CONF?=/boot/dhcpcd.conf
+APP_UID?=1000
+APP_GID?=1000
 
 .PHONY: all
 .SUFFIXES:
@@ -65,6 +67,8 @@ rpiConfigServer: ${RPICONFIGSERVER_OBJS}
 	    '-DEXEC_HOME="${EXEC_HOME}"' \
 	    '-DFRC_JSON="${FRC_JSON}"' \
 	    '-DDHCPCD_CONF="${DHCPCD_CONF}"' \
+	    '-DAPP_UID=${APP_UID}' \
+	    '-DAPP_GID=${APP_GID}' \
 	    $<
 
 %.html.cpp: %.html
diff --git a/deps/tools/rpiConfigServer_src/Application.cpp b/deps/tools/rpiConfigServer_src/Application.cpp
index 681f48a..e252fec 100644
--- a/deps/tools/rpiConfigServer_src/Application.cpp
+++ b/deps/tools/rpiConfigServer_src/Application.cpp
@@ -7,6 +7,9 @@
 
 #include "Application.h"
 
+#include <sys/stat.h>
+#include <unistd.h>
+
 #include <wpi/FileSystem.h>
 #include <wpi/json.h>
 #include <wpi/raw_istream.h>
@@ -103,18 +106,38 @@ void Application::Upload(wpi::ArrayRef<uint8_t> contents,
   pathname = EXEC_HOME;
   pathname += filename;
 
+  // remove old file (need to do this as we can't overwrite a running exe)
+  if (unlink(pathname.c_str()) == -1) {
+    wpi::errs() << "could not remove app executable: " << std::strerror(errno)
+                << '\n';
+  }
+
   {
-    // write file
+    // open file for writing
     std::error_code ec;
-    wpi::raw_fd_ostream os(pathname, ec, wpi::sys::fs::F_None);
-    if (ec) {
+    int fd;
+    if (wpi::sys::fs::openFileForWrite(pathname, fd, wpi::sys::fs::F_None)) {
       wpi::SmallString<64> msg;
       msg = "could not write ";
       msg += pathname;
       onFail(msg);
       return;
     }
-    os << contents;
+
+    // change ownership
+    if (fchown(fd, APP_UID, APP_GID) == -1) {
+      wpi::errs() << "could not change app ownership: " << std::strerror(errno)
+                  << '\n';
+    }
+
+    // set file to be executable
+    if (fchmod(fd, 0775) == -1) {
+      wpi::errs() << "could not change app permissions: "
+                  << std::strerror(errno) << '\n';
+    }
+
+    // write contents and close file
+    wpi::raw_fd_ostream(fd, true) << contents;
   }
 
   // terminate vision process so it reloads