[pacman-dev] [PATCH] Fix consistency of downloaded sources permissions

Sébastien Luttringer seblu at seblu.net
Wed Dec 11 15:39:22 EST 2013


On 11/12/2013 05:45, Allan McRae wrote:
> On 10/12/13 10:59, Sébastien Luttringer wrote:
>> Calls to makepg -g and makepkg to download a source files, result in different
>> permissions on the file if user umask != 0022.
>>
>> Run makepkg with -g option, will download source files before makepkg set umask
>> to 0022. Downloaded files permissions will depend on user umask.
>> Run bare makepkg, will call download source routines after umask was set
>> to 0022. Downloaded files permissions will be group and world readable.
>>
>> A collateral damage:
>> When a user who has a restricted umask (like 077),
>> update a PKGBUKLD with updpkgsums (which call makepkg -g),
>> and call a devtools scripts (extra-i686-build) to build the package,
>> he will get a 'Permission denied',
>> because the builder (another makepkg call) will be run as nobody user.
>>
>> Another side effect, when several users share a SRCDEST directory, they cannot
>> access to files generated by another user with restricted umask.
>> Altough, this can be workarounded by default ACL in the SRCDEST directory.
>>
>> The oldest commit with this umask is the first git commit (d04baab) with no
>> revelent informations provided about the purpose of using an umask.
>> The last commit moving the umask was 171808. The precious commit message
>> refered to bug FS#9242 and FS#9362 which recommend to put umask at the top
>> in makepkg.
>>
>> This patch put the umask definition at the "beginning" of the makepkg script.
>> This let us rely that all files generated by makepkg will be with 0022 umask.
>>
>> Signed-off-by: Sébastien Luttringer <seblu at seblu.net>
> 
> I'll ack this, but rather than fixing all the typos in the long commit
> message, I'll reduce it to:

I will have my weekly English training tomorrow. I will look at the
typos/grammar with my teacher and send you a better long version. :)

Cheers,

-- 
Sébastien "Seblu" Luttringer
https://www.seblu.net
GPG: 0x2072D77A

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.archlinux.org/pipermail/pacman-dev/attachments/20131211/ff821789/attachment.asc>


More information about the pacman-dev mailing list