archbuild: use better umask

In commit 40a90e2cab we tried to protect against system umasks resulting in unreadable chroots. However, we tried to do this in a targeted manner due to not wanting to fiddle with permissions for user-owned files. Unfortuantely, mkdir -p -m755 does not actually work that way -- the parent directory is created with broken permissions. We need umask. Run umask and mkdir in a subshell to prevent leakage. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
2019-11-09 22:13:00 -05:00 · 2019-11-09 22:13:00 -05:00 · f8f2f02028
parent 68f0bff172
commit f8f2f02028
1 changed files with 1 additions and 1 deletions
--- a/archbuild.in
+++ b/archbuild.in
@ -68,7 +68,7 @@ if ${clean_first} || [[ ! -d "${chroots}/${repo}-${arch}" ]]; then
 	lock_close 9

 	rm -rf --one-file-system "${chroots}/${repo}-${arch}"
-	mkdir -m755 -p "${chroots}/${repo}-${arch}"
+	(umask 0022; mkdir -p "${chroots}/${repo}-${arch}")
 	setarch "${arch}" mkarchroot \
 		-C "${pacman_config}" \
 		-M "${makepkg_config}" \