On Sun, 18 Mar 2018 01:46:44 -0400, Eli Schwartz via arch-projects wrote:
In pacman-git commit d8717a6a9666ec80c8645d190d6f9c7ab73084ac makepkg started checking that the setuid/setgid bit could be removed on the $BUILDDIR in order to prevent this propagating to the packages themselves. Unfortunately, this requires the temporary builddir used during the --verifysource stage of makepkg, to be owned by $makepkg_user which was not the case as it is created as root using mktemp (and given world rwx in addition to the restricted deletion bit.)
...
diff --git a/makechrootpkg.in b/makechrootpkg.in index afcd121..6bc82a4 100644 --- a/makechrootpkg.in +++ b/makechrootpkg.in @@ -249,7 +249,7 @@ download_sources() {
local builddir builddir="$(mktemp -d)" - chmod 1777 "$builddir" + chown "$makepkg_user:$makepkg_user" "$builddir"
$makepkg_user isn't nescessarily a valid group name. Not all users have an identically named group, some people like to use 'users' as their primary group. Looking at makepkg d8717a6a9666ec80c8645d190d6f9c7ab73084ac, I don't think the group of the directory has to match; just the user. However, if I'm mistaken and it it truly is nescessary to set the group, how about: chown "$makepkg_user:$(id -gn "$makepkg_user")" "$builddir" -- Happy hacking, ~ Luke Shumaker