On 10/12/13 10:59, Sébastien Luttringer wrote:
Calls to makepg -g and makepkg to download a source files, result in different permissions on the file if user umask != 0022.
Run makepkg with -g option, will download source files before makepkg set umask to 0022. Downloaded files permissions will depend on user umask. Run bare makepkg, will call download source routines after umask was set to 0022. Downloaded files permissions will be group and world readable.
A collateral damage: When a user who has a restricted umask (like 077), update a PKGBUKLD with updpkgsums (which call makepkg -g), and call a devtools scripts (extra-i686-build) to build the package, he will get a 'Permission denied', because the builder (another makepkg call) will be run as nobody user.
Another side effect, when several users share a SRCDEST directory, they cannot access to files generated by another user with restricted umask. Altough, this can be workarounded by default ACL in the SRCDEST directory.
The oldest commit with this umask is the first git commit (d04baab) with no revelent informations provided about the purpose of using an umask. The last commit moving the umask was 171808. The precious commit message refered to bug FS#9242 and FS#9362 which recommend to put umask at the top in makepkg.
This patch put the umask definition at the "beginning" of the makepkg script. This let us rely that all files generated by makepkg will be with 0022 umask.
Signed-off-by: Sébastien Luttringer <seblu@seblu.net>
I'll ack this, but rather than fixing all the typos in the long commit message, I'll reduce it to: Calls to 'makepkg -g' and 'makepkg' to download a source files result in different permissions on the file if user has a non-default umask. Put the umask definition at the "beginning" of the makepkg script to ensure all files generated by makepkg have a 0022 umask. A