archbuild: use better umask
In commit 40a90e2cab
we tried to protect
against system umasks resulting in unreadable chroots. However, we tried
to do this in a targeted manner due to not wanting to fiddle with
permissions for user-owned files. Unfortuantely, mkdir -p -m755 does not
actually work that way -- the parent directory is created with broken
permissions. We need umask.
Run umask and mkdir in a subshell to prevent leakage.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
This commit is contained in:
parent
68f0bff172
commit
f8f2f02028
|
@ -68,7 +68,7 @@ if ${clean_first} || [[ ! -d "${chroots}/${repo}-${arch}" ]]; then
|
||||||
lock_close 9
|
lock_close 9
|
||||||
|
|
||||||
rm -rf --one-file-system "${chroots}/${repo}-${arch}"
|
rm -rf --one-file-system "${chroots}/${repo}-${arch}"
|
||||||
mkdir -m755 -p "${chroots}/${repo}-${arch}"
|
(umask 0022; mkdir -p "${chroots}/${repo}-${arch}")
|
||||||
setarch "${arch}" mkarchroot \
|
setarch "${arch}" mkarchroot \
|
||||||
-C "${pacman_config}" \
|
-C "${pacman_config}" \
|
||||||
-M "${makepkg_config}" \
|
-M "${makepkg_config}" \
|
||||||
|
|
Loading…
Reference in New Issue