From 40a90e2cab479cc64903a62b42eb617a8a7e5842 Mon Sep 17 00:00:00 2001 From: Eli Schwartz Date: Thu, 28 Mar 2019 17:40:47 -0400 Subject: [PATCH] ensure that sane umask is used where needed If a user umask is restrictive, a chroot may be created as root without the ability for the user to read it, which then causes makepkg --verifysource to fail. Do not set this in lib/common.sh, where it would apply to all scripts, as we do not want to override the user's policy for things like $SRCDEST files, svn checkouts, etc. Fixes FS#47625 Signed-off-by: Eli Schwartz Signed-off-by: Levente Polyak --- arch-nspawn.in | 4 ++++ archbuild.in | 2 +- mkarchroot.in | 4 ++++ 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/arch-nspawn.in b/arch-nspawn.in index fb2b53e..8a87b96 100644 --- a/arch-nspawn.in +++ b/arch-nspawn.in @@ -13,6 +13,10 @@ m4_include(lib/common.sh) m4_include(lib/archroot.sh) +# umask might have been changed in /etc/profile +# ensure that sane default is set again +umask 0022 + working_dir='' files=() diff --git a/archbuild.in b/archbuild.in index 163a108..709d70d 100644 --- a/archbuild.in +++ b/archbuild.in @@ -59,7 +59,7 @@ if ${clean_first} || [[ ! -d "${chroots}/${repo}-${arch}" ]]; then lock_close 9 rm -rf --one-file-system "${chroots}/${repo}-${arch}" - mkdir -p "${chroots}/${repo}-${arch}" + mkdir -m755 -p "${chroots}/${repo}-${arch}" setarch "${arch}" mkarchroot \ -C "@pkgdatadir@/pacman-${repo}.conf" \ -M "@pkgdatadir@/makepkg-${arch}.conf" \ diff --git a/mkarchroot.in b/mkarchroot.in index 7da19dc..6c42d3b 100644 --- a/mkarchroot.in +++ b/mkarchroot.in @@ -13,6 +13,10 @@ m4_include(lib/common.sh) m4_include(lib/archroot.sh) +# umask might have been changed in /etc/profile +# ensure that sane default is set again +umask 0022 + working_dir='' files=()