fix(content): make verified content completely read-only (#96)

The only non-corrupting modification to content stored in cacache is to
delete it, and that requires write permission on the containing
directory rather than on the file itself. Since no valid operations
require write permissions on the content files, mark them as read-only
so that the rest of the OS knows these files aren't meant to be written
to.

Fixes: #95

Signed-off-by: Ryan Graham <[email protected]>

Author: rmg

Diff for: lib/util/move-file.js

@@ -2,6 +2,8 @@
 
 const fs = require('graceful-fs')
 const BB = require('bluebird')
+const chmod = BB.promisify(fs.chmod)
+const unlink = BB.promisify(fs.unlink)
 let move
 let pinflight
 
@@ -27,8 +29,11 @@ function moveFile (src, dest) {
           return cb(err)
         }
       }
-      return fs.unlink(src, cb)
+      return cb()
     })
+  }).then(() => {
+    // content should never change for any reason, so make it read-only
+    return BB.join(unlink(src), process.platform !== 'win32' && chmod(dest, '0444'))
   }).catch(err => {
     if (process.platform !== 'win32') {
       throw err