Make cache files readonly

- After moving new cache files to their final destination, set their
  permissions to have `readonly` set `true`.
- This uses `fs::set_permissions` rather than the suggested
  ``fs::File::set_permissions`, because the latter would require the final
  file to be open. We cannot change the permissions on the tempfile in
  this way, because `mkstemp::TempFile` doesn't have the same
  `set_permissions` method.

Close #14

Author: alexander-bauer

src/io/local_cache.rs

@@ -290,8 +290,6 @@ impl<B: IoProvider> LocalCache<B> {
                 }
             }
 
-            // XXX MAKE READONLY -- the ideal approach depends on unstable APIs
-
             temp_dest.path().to_owned()
         };
 
@@ -308,6 +306,16 @@ impl<B: IoProvider> LocalCache<B> {
             return OpenResult::Err(e.into());
         }
 
+        // Make the file readonly once it's at its final path.
+        let mut perms = match fs::metadata(&final_path) {
+            Ok(p) => p,
+            Err(e) => return OpenResult::Err(e.into()),
+        }.permissions();
+        perms.set_readonly(true);
+        if let Err(e) = fs::set_permissions(&final_path, perms) {
+            return OpenResult::Err(e.into());
+        }
+
         // And finally add a record of this file to our manifest. Note that
         // we're opening and closing this file every time we load a new file;
         // not so efficient, but whatever.