[arch-projects] [devtools] [PATCH] makechrootpkg: fix verifysource with pacman-git

Luke Shumaker lukeshu at lukeshu.com
Mon Mar 26 22:19:50 UTC 2018

On Sun, 18 Mar 2018 01:46:44 -0400,
Eli Schwartz via arch-projects wrote:
> In pacman-git commit d8717a6a9666ec80c8645d190d6f9c7ab73084ac makepkg
> started checking that the setuid/setgid bit could be removed on the
> $BUILDDIR in order to prevent this propagating to the packages
> themselves.  Unfortunately, this requires the temporary builddir used
> during the --verifysource stage of makepkg, to be owned by $makepkg_user
> which was not the case as it is created as root using mktemp (and given
> world rwx in addition to the restricted deletion bit.)
> diff --git a/makechrootpkg.in b/makechrootpkg.in
> index afcd121..6bc82a4 100644
> --- a/makechrootpkg.in
> +++ b/makechrootpkg.in
> @@ -249,7 +249,7 @@ download_sources() {
>  	local builddir
>  	builddir="$(mktemp -d)"
> -	chmod 1777 "$builddir"
> +	chown "$makepkg_user:$makepkg_user" "$builddir"

$makepkg_user isn't nescessarily a valid group name.  Not all users
have an identically named group, some people like to use 'users' as
their primary group.

Looking at makepkg d8717a6a9666ec80c8645d190d6f9c7ab73084ac, I don't
think the group of the directory has to match; just the user.
However, if I'm mistaken and it it truly is nescessary to set the
group, how about:

	chown "$makepkg_user:$(id -gn "$makepkg_user")" "$builddir"

Happy hacking,
~ Luke Shumaker

More information about the arch-projects mailing list