It was noted in FS#17533 that setgid bits are carried down into any created subdirectories, and thus could end up being in a built package if the original package directory was marked g+s. When we create src/ and pkg/, explicitly chmod them to remove any sticky bits.
Signed-off-by: Dan McGee <dan@archlinux.org> --- I forgot to add here that I wasn't particularly happy I had to add an additional command in 6 places. Do we know why we create these
On Tue, Jan 19, 2010 at 11:25 PM, Dan McGee <dan@archlinux.org> wrote: directories so much? Some of them are probably unnecessary... -Dan
scripts/makepkg.sh.in | 6 ++++++ 1 files changed, 6 insertions(+), 0 deletions(-)
diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in index 5bd294c..c2045e5 100644 --- a/scripts/makepkg.sh.in +++ b/scripts/makepkg.sh.in @@ -1056,6 +1056,7 @@ create_srcpackage() {
# Get back to our src directory so we can begin with sources. mkdir -p "$srcdir" + chmod a-s "$srcdir" cd "$srcdir" download_sources # We can only check checksums if we have all files. @@ -1725,6 +1726,7 @@ fi
if (( GENINTEG )); then mkdir -p "$srcdir" + chmod a-s "$srcdir" cd "$srcdir" download_sources generate_checksums @@ -1824,6 +1826,7 @@ if (( INFAKEROOT )); then for pkg in ${pkgname[@]}; do pkgdir="$pkgdir/$pkg" mkdir -p "$pkgdir" + chmod a-s "$pkgdir" backup_package_variables run_package $pkg tidy_install @@ -1880,6 +1883,7 @@ umask 0022
# get back to our src directory so we can begin with sources mkdir -p "$srcdir" +chmod a-s "$srcdir" cd "$srcdir"
if (( NOEXTRACT )); then @@ -1915,6 +1919,7 @@ else rm -rf "$pkgdir" fi mkdir -p "$pkgdir" + chmod a-s "$pkgdir" cd "$startdir"
# if we are root or if fakeroot is not enabled, then we don't use it @@ -1935,6 +1940,7 @@ else for pkg in ${pkgname[@]}; do pkgdir="$pkgdir/$pkg" mkdir -p "$pkgdir" + chmod a-s "$pkgdir" backup_package_variables run_package $pkg tidy_install -- 1.6.6