ensure that sane umask is used where needed

If a user umask is restrictive, a chroot may be created as root without the ability for the user to read it, which then causes makepkg --verifysource to fail. Do not set this in lib/common.sh, where it would apply to all scripts, as we do not want to override the user's policy for things like $SRCDEST files, svn checkouts, etc. Fixes FS#47625 Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-03-28 17:40:47 -04:00 · 2019-03-28 17:40:47 -04:00 · 40a90e2cab
parent 74a6641946
commit 40a90e2cab
3 changed files with 9 additions and 1 deletions
--- a/arch-nspawn.in
+++ b/arch-nspawn.in
@ -13,6 +13,10 @@
 m4_include(lib/common.sh)
 m4_include(lib/archroot.sh)

+# umask might have been changed in /etc/profile
+# ensure that sane default is set again
+umask 0022
+
 working_dir=''

 files=()
--- a/archbuild.in
+++ b/archbuild.in
@ -59,7 +59,7 @@ if ${clean_first} || [[ ! -d "${chroots}/${repo}-${arch}" ]]; then
 	lock_close 9

 	rm -rf --one-file-system "${chroots}/${repo}-${arch}"
-	mkdir -p "${chroots}/${repo}-${arch}"
+	mkdir -m755 -p "${chroots}/${repo}-${arch}"
 	setarch "${arch}" mkarchroot \
 		-C "@pkgdatadir@/pacman-${repo}.conf" \
 		-M "@pkgdatadir@/makepkg-${arch}.conf" \
--- a/mkarchroot.in
+++ b/mkarchroot.in
@ -13,6 +13,10 @@
 m4_include(lib/common.sh)
 m4_include(lib/archroot.sh)

+# umask might have been changed in /etc/profile
+# ensure that sane default is set again
+umask 0022
+
 working_dir=''

 files=()