From e73d1acb209d1408cbc77c5fb8bd52bc7fbb8b2d Mon Sep 17 00:00:00 2001
From: Hidde Beydals <hidde@hhh.computer>
Date: Fri, 3 Nov 2023 11:15:00 +0100
Subject: [PATCH 1/2] Tweak permissions on created files

Signed-off-by: Hidde Beydals <hidde@hhh.computer>
---
 cmd/flux/main_test.go          | 4 ++--
 internal/build/diff.go         | 4 ++--
 tests/integration/util_test.go | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/cmd/flux/main_test.go b/cmd/flux/main_test.go
index b97397ff1e..2859d963b0 100644
--- a/cmd/flux/main_test.go
+++ b/cmd/flux/main_test.go
@@ -182,7 +182,7 @@ func NewTestEnvKubeManager(testClusterMode TestClusterMode) (*testEnvKubeManager
 		}
 
 		tmpFilename := filepath.Join("/tmp", "kubeconfig-"+time.Nanosecond.String())
-		os.WriteFile(tmpFilename, kubeConfig, 0644)
+		os.WriteFile(tmpFilename, kubeConfig, 0o600)
 		k8sClient, err := client.NewWithWatch(cfg, client.Options{
 			Scheme: utils.NewScheme(),
 		})
@@ -313,7 +313,7 @@ func assertGoldenTemplateFile(goldenFile string, templateValues map[string]strin
 					if len(templateValues) > 0 {
 						fmt.Println("NOTE: -update flag passed but golden template files can't be updated, please update it manually")
 					} else {
-						if err := os.WriteFile(goldenFile, []byte(output), 0644); err != nil {
+						if err := os.WriteFile(goldenFile, []byte(output), 0o600); err != nil {
 							return fmt.Errorf("failed to update golden file '%s': %v", goldenFile, err)
 						}
 						return nil
diff --git a/internal/build/diff.go b/internal/build/diff.go
index 0dd0d9a442..7714c6bb69 100644
--- a/internal/build/diff.go
+++ b/internal/build/diff.go
@@ -168,13 +168,13 @@ func writeYamls(liveObject, mergedObject *unstructured.Unstructured) (string, st
 
 	liveYAML, _ := yaml.Marshal(liveObject)
 	liveFile := filepath.Join(tmpDir, "live.yaml")
-	if err := os.WriteFile(liveFile, liveYAML, 0644); err != nil {
+	if err := os.WriteFile(liveFile, liveYAML, 0o600); err != nil {
 		return "", "", "", err
 	}
 
 	mergedYAML, _ := yaml.Marshal(mergedObject)
 	mergedFile := filepath.Join(tmpDir, "merged.yaml")
-	if err := os.WriteFile(mergedFile, mergedYAML, 0644); err != nil {
+	if err := os.WriteFile(mergedFile, mergedYAML, 0o600); err != nil {
 		return "", "", "", err
 	}
 
diff --git a/tests/integration/util_test.go b/tests/integration/util_test.go
index 674c3b6895..2f6b6a6603 100644
--- a/tests/integration/util_test.go
+++ b/tests/integration/util_test.go
@@ -83,7 +83,7 @@ func installFlux(ctx context.Context, tmpDir string, kubeconfigPath string) erro
 		if err != nil {
 			return err
 		}
-		err = os.WriteFile(f.Name(), []byte(cfg.gitPrivateKey), 0o644)
+		err = os.WriteFile(f.Name(), []byte(cfg.gitPrivateKey), 0o600)
 		if err != nil {
 			return err
 		}

From cbccb8c46a42edbd771f34ca6ccfe7d5a8348d9a Mon Sep 17 00:00:00 2001
From: Hidde Beydals <hidde@hhh.computer>
Date: Fri, 3 Nov 2023 11:27:53 +0100
Subject: [PATCH 2/2] Update `fluxcd/pkg` dependencies

Signed-off-by: Hidde Beydals <hidde@hhh.computer>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 9f6434b1c5..54d3305b9c 100644
--- a/go.mod
+++ b/go.mod
@@ -26,7 +26,7 @@ require (
 	github.com/fluxcd/pkg/sourceignore v0.3.5
 	github.com/fluxcd/pkg/ssa v0.32.0
 	github.com/fluxcd/pkg/ssh v0.8.2
-	github.com/fluxcd/pkg/tar v0.3.0
+	github.com/fluxcd/pkg/tar v0.4.0
 	github.com/fluxcd/pkg/version v0.2.2
 	github.com/fluxcd/source-controller/api v1.1.2
 	github.com/go-git/go-git/v5 v5.9.0
diff --git a/go.sum b/go.sum
index 58202d13d6..44fca985c5 100644
--- a/go.sum
+++ b/go.sum
@@ -182,8 +182,8 @@ github.com/fluxcd/pkg/ssa v0.32.0 h1:RBqs9DNrbJkFHjpfsiKilyean7gwqWFspSBTLOaBIHs
 github.com/fluxcd/pkg/ssa v0.32.0/go.mod h1:+Kf5euYAbvgJX645bo+IL7V/NlH0X7kGgFTr1W++I3c=
 github.com/fluxcd/pkg/ssh v0.8.2 h1:WNfvTmnLnOUyXQDb8luSfmn1X0RIuhJBcKMFtKm6YsQ=
 github.com/fluxcd/pkg/ssh v0.8.2/go.mod h1:ewbU9vakYYdGSX92qXhx6Kqi5tVQ3ppmGQakCX1R6Gw=
-github.com/fluxcd/pkg/tar v0.3.0 h1:gIdCIIuvV5aH193c1qYZeC6gpJOmw1p2OzhAvaUHNFI=
-github.com/fluxcd/pkg/tar v0.3.0/go.mod h1:SyJBaQvuv2VA/rv4d1OHhCV6R8+9QKc9np193EzNHBc=
+github.com/fluxcd/pkg/tar v0.4.0 h1:SuXpfXBIcSJ5R/yqQi2CBxBmV/i/LH0agqNAh2PWBZg=
+github.com/fluxcd/pkg/tar v0.4.0/go.mod h1:SyJBaQvuv2VA/rv4d1OHhCV6R8+9QKc9np193EzNHBc=
 github.com/fluxcd/pkg/version v0.2.2 h1:ZpVXECeLA5hIQMft11iLp6gN3cKcz6UNuVTQPw/bRdI=
 github.com/fluxcd/pkg/version v0.2.2/go.mod h1:NGnh/no8S6PyfCDxRFrPY3T5BUnqP48MxfxNRU0z8C0=
 github.com/fluxcd/source-controller/api v1.1.2 h1:FfKDKVWnopo+Q2pOAxgHEjrtr4MP41L8aapR4mqBhBk=