[arch-projects] [devtools] [PATCH] makechrootpkg: fix verifysource with pacman-git

Eli Schwartz eschwartz at archlinux.org
Sun Mar 18 05:46:44 UTC 2018

In pacman-git commit d8717a6a9666ec80c8645d190d6f9c7ab73084ac makepkg
started checking that the setuid/setgid bit could be removed on the
$BUILDDIR in order to prevent this propagating to the packages
themselves.  Unfortunately, this requires the temporary builddir used
during the --verifysource stage of makepkg, to be owned by $makepkg_user
which was not the case as it is created as root using mktemp (and given
world rwx in addition to the restricted deletion bit.)

Obviously makepkg cannot chmod a directory that it does not own. Fix
this by making $makepkg_user the owner of that directory, as should have
been the case all along.

(Giving world rwx is illogical on general principle. The fact that this
is a workaround for makepkg demanding these directories be writable even
when they are not going to be used for the makepkg options in question,
is not justification for being careless.)

Signed-off-by: Eli Schwartz <eschwartz at archlinux.org>

Yay, I "broke" something. :D

 makechrootpkg.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/makechrootpkg.in b/makechrootpkg.in
index afcd121..6bc82a4 100644
--- a/makechrootpkg.in
+++ b/makechrootpkg.in
@@ -249,7 +249,7 @@ download_sources() {
 	local builddir
 	builddir="$(mktemp -d)"
-	chmod 1777 "$builddir"
+	chown "$makepkg_user:$makepkg_user" "$builddir"
 	# Ensure sources are downloaded
 	sudo -u "$makepkg_user" env SRCDEST="$SRCDEST" BUILDDIR="$builddir" \

More information about the arch-projects mailing list