summaryrefslogtreecommitdiff
path: root/archbuild.in
diff options
context:
space:
mode:
authorEli Schwartz <eschwartz@archlinux.org>2019-11-09 22:13:00 -0500
committerLevente Polyak <anthraxx@archlinux.org>2019-11-30 13:21:23 +0100
commitf8f2f0202804a7c6001a98295ec35d43ec5f809c (patch)
treea4972bad05fb2de1fd6f84aec85a647a174085ee /archbuild.in
parent68f0bff172f77390dfad798f12e4a56e0c1f35d4 (diff)
downloaddevtools-f8f2f0202804a7c6001a98295ec35d43ec5f809c.tar.xz
archbuild: use better umask
In commit 40a90e2cab479cc64903a62b42eb617a8a7e5842 we tried to protect against system umasks resulting in unreadable chroots. However, we tried to do this in a targeted manner due to not wanting to fiddle with permissions for user-owned files. Unfortuantely, mkdir -p -m755 does not actually work that way -- the parent directory is created with broken permissions. We need umask. Run umask and mkdir in a subshell to prevent leakage. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Diffstat (limited to 'archbuild.in')
-rw-r--r--archbuild.in2
1 files changed, 1 insertions, 1 deletions
diff --git a/archbuild.in b/archbuild.in
index 9e32292..5b98976 100644
--- a/archbuild.in
+++ b/archbuild.in
@@ -68,7 +68,7 @@ if ${clean_first} || [[ ! -d "${chroots}/${repo}-${arch}" ]]; then
lock_close 9
rm -rf --one-file-system "${chroots}/${repo}-${arch}"
- mkdir -m755 -p "${chroots}/${repo}-${arch}"
+ (umask 0022; mkdir -p "${chroots}/${repo}-${arch}")
setarch "${arch}" mkarchroot \
-C "${pacman_config}" \
-M "${makepkg_config}" \