[pacman-dev] [PATCH] Fix consistency of downloaded sources permissions
Jason St. John
jstjohn at purdue.edu
Wed Dec 11 00:20:58 EST 2013
On Tue, Dec 10, 2013 at 11:45 PM, Allan McRae <allan at archlinux.org> wrote:
> On 10/12/13 10:59, Sébastien Luttringer wrote:
>> Calls to makepg -g and makepkg to download a source files, result in different
>> permissions on the file if user umask != 0022.
>> Run makepkg with -g option, will download source files before makepkg set umask
>> to 0022. Downloaded files permissions will depend on user umask.
>> Run bare makepkg, will call download source routines after umask was set
>> to 0022. Downloaded files permissions will be group and world readable.
>> A collateral damage:
>> When a user who has a restricted umask (like 077),
>> update a PKGBUKLD with updpkgsums (which call makepkg -g),
>> and call a devtools scripts (extra-i686-build) to build the package,
>> he will get a 'Permission denied',
>> because the builder (another makepkg call) will be run as nobody user.
>> Another side effect, when several users share a SRCDEST directory, they cannot
>> access to files generated by another user with restricted umask.
>> Altough, this can be workarounded by default ACL in the SRCDEST directory.
>> The oldest commit with this umask is the first git commit (d04baab) with no
>> revelent informations provided about the purpose of using an umask.
>> The last commit moving the umask was 171808. The precious commit message
>> refered to bug FS#9242 and FS#9362 which recommend to put umask at the top
>> in makepkg.
>> This patch put the umask definition at the "beginning" of the makepkg script.
>> This let us rely that all files generated by makepkg will be with 0022 umask.
>> Signed-off-by: Sébastien Luttringer <seblu at seblu.net>
> I'll ack this, but rather than fixing all the typos in the long commit
> message, I'll reduce it to:
> Calls to 'makepkg -g' and 'makepkg' to download a source files result in
> different permissions on the file if user has a non-default umask.
> Put the umask definition at the "beginning" of the makepkg script to
> ensure all files generated by makepkg have a 0022 umask.
This commit message has some grammar problems in it too. :P
This is better:
Calls to 'makepkg -g' and 'makepkg' to download source files result in
different permissions on the file if the user has a non-default umask.
Put the umask definition at the "beginning" of the makepkg script to
ensure all files generated by makepkg have a 0022 umask.
More information about the pacman-dev