diff options
author | Eli Schwartz <eschwartz@archlinux.org> | 2019-11-09 22:13:00 -0500 |
---|---|---|
committer | Levente Polyak <anthraxx@archlinux.org> | 2019-11-30 13:21:23 +0100 |
commit | f8f2f0202804a7c6001a98295ec35d43ec5f809c (patch) | |
tree | a4972bad05fb2de1fd6f84aec85a647a174085ee | |
parent | 68f0bff172f77390dfad798f12e4a56e0c1f35d4 (diff) | |
download | devtools-f8f2f0202804a7c6001a98295ec35d43ec5f809c.tar.xz |
archbuild: use better umask
In commit 40a90e2cab479cc64903a62b42eb617a8a7e5842 we tried to protect
against system umasks resulting in unreadable chroots. However, we tried
to do this in a targeted manner due to not wanting to fiddle with
permissions for user-owned files. Unfortuantely, mkdir -p -m755 does not
actually work that way -- the parent directory is created with broken
permissions. We need umask.
Run umask and mkdir in a subshell to prevent leakage.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
-rw-r--r-- | archbuild.in | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/archbuild.in b/archbuild.in index 9e32292..5b98976 100644 --- a/archbuild.in +++ b/archbuild.in @@ -68,7 +68,7 @@ if ${clean_first} || [[ ! -d "${chroots}/${repo}-${arch}" ]]; then lock_close 9 rm -rf --one-file-system "${chroots}/${repo}-${arch}" - mkdir -m755 -p "${chroots}/${repo}-${arch}" + (umask 0022; mkdir -p "${chroots}/${repo}-${arch}") setarch "${arch}" mkarchroot \ -C "${pacman_config}" \ -M "${makepkg_config}" \ |