It was noted in FS#17533 that setgid bits are carried down into any created subdirectories, and thus could end up being in a built package if the original package directory was marked g+s. When we create src/ and pkg/, explicitly chmod them to remove any sticky bits. Signed-off-by: Dan McGee <dan@archlinux.org> --- scripts/makepkg.sh.in | 6 ++++++ 1 files changed, 6 insertions(+), 0 deletions(-) diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in index 5bd294c..c2045e5 100644 --- a/scripts/makepkg.sh.in +++ b/scripts/makepkg.sh.in @@ -1056,6 +1056,7 @@ create_srcpackage() { # Get back to our src directory so we can begin with sources. mkdir -p "$srcdir" + chmod a-s "$srcdir" cd "$srcdir" download_sources # We can only check checksums if we have all files. @@ -1725,6 +1726,7 @@ fi if (( GENINTEG )); then mkdir -p "$srcdir" + chmod a-s "$srcdir" cd "$srcdir" download_sources generate_checksums @@ -1824,6 +1826,7 @@ if (( INFAKEROOT )); then for pkg in ${pkgname[@]}; do pkgdir="$pkgdir/$pkg" mkdir -p "$pkgdir" + chmod a-s "$pkgdir" backup_package_variables run_package $pkg tidy_install @@ -1880,6 +1883,7 @@ umask 0022 # get back to our src directory so we can begin with sources mkdir -p "$srcdir" +chmod a-s "$srcdir" cd "$srcdir" if (( NOEXTRACT )); then @@ -1915,6 +1919,7 @@ else rm -rf "$pkgdir" fi mkdir -p "$pkgdir" + chmod a-s "$pkgdir" cd "$startdir" # if we are root or if fakeroot is not enabled, then we don't use it @@ -1935,6 +1940,7 @@ else for pkg in ${pkgname[@]}; do pkgdir="$pkgdir/$pkg" mkdir -p "$pkgdir" + chmod a-s "$pkgdir" backup_package_variables run_package $pkg tidy_install -- 1.6.6