From a1e673800fb163451693d3ba9274fdd22faa7034 Mon Sep 17 00:00:00 2001
From: Evan Lezar <elezar@nvidia.com>
Date: Wed, 5 Jun 2024 11:27:01 +0200
Subject: [PATCH] Set default CDI spec permissions to 644

Although the nvidia-ctk cdi generate command generates
specs with 644 permissions, the nvidia-ctk cdi transform
commands do not. This change sets the default permissions
to 600 instead of 644.

Signed-off-by: Evan Lezar <elezar@nvidia.com>
---
 CHANGELOG.md              | 1 +
 pkg/nvcdi/spec/builder.go | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 79555126..66ab1550 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,7 @@
 * Use : as a config --set list separator. This fixes a bug in modifying lists in the config file with the `nvidia-ctk config` command.
 * Add `RUNTIME_CONFIG_OVERRIDE` (`--runtime-config-override`) to the `nvidia-ctk runtime configure` command and the toolkit container to allow for containerd runtime options to be set directly. This can be used to override the `SystemdCroup` option explicitly, for example.
 * Ensure consistent construction of libraries for CDI spec generation.
+* Ensure that `nvidia-ctk cdi transform` creates specs with world-readable permissions.
 
 ## v1.15.0
 
diff --git a/pkg/nvcdi/spec/builder.go b/pkg/nvcdi/spec/builder.go
index 8fb80a68..b4e4b768 100644
--- a/pkg/nvcdi/spec/builder.go
+++ b/pkg/nvcdi/spec/builder.go
@@ -67,7 +67,7 @@ func newBuilder(opts ...Option) *builder {
 		s.format = FormatYAML
 	}
 	if s.permissions == 0 {
-		s.permissions = 0600
+		s.permissions = 0644
 	}
 	return s
 }