[pacman-dev] [PATCH] Fix consistency of downloaded sources permissions
Sébastien Luttringer
seblu at seblu.net
Fri Dec 13 06:21:15 EST 2013
On 11/12/2013 21:39, Sébastien Luttringer wrote:
> On 11/12/2013 05:45, Allan McRae wrote:
>> On 10/12/13 10:59, Sébastien Luttringer wrote:
>>> Calls to makepg -g and makepkg to download a source files, result in different
>>> permissions on the file if user umask != 0022.
>>>
>>> Run makepkg with -g option, will download source files before makepkg set umask
>>> to 0022. Downloaded files permissions will depend on user umask.
>>> Run bare makepkg, will call download source routines after umask was set
>>> to 0022. Downloaded files permissions will be group and world readable.
>>>
>>> A collateral damage:
>>> When a user who has a restricted umask (like 077),
>>> update a PKGBUKLD with updpkgsums (which call makepkg -g),
>>> and call a devtools scripts (extra-i686-build) to build the package,
>>> he will get a 'Permission denied',
>>> because the builder (another makepkg call) will be run as nobody user.
>>>
>>> Another side effect, when several users share a SRCDEST directory, they cannot
>>> access to files generated by another user with restricted umask.
>>> Altough, this can be workarounded by default ACL in the SRCDEST directory.
>>>
>>> The oldest commit with this umask is the first git commit (d04baab) with no
>>> revelent informations provided about the purpose of using an umask.
>>> The last commit moving the umask was 171808. The precious commit message
>>> refered to bug FS#9242 and FS#9362 which recommend to put umask at the top
>>> in makepkg.
>>>
>>> This patch put the umask definition at the "beginning" of the makepkg script.
>>> This let us rely that all files generated by makepkg will be with 0022 umask.
>>>
>>> Signed-off-by: Sébastien Luttringer <seblu at seblu.net>
>>
>> I'll ack this, but rather than fixing all the typos in the long commit
>> message, I'll reduce it to:
>
> I will have my weekly English training tomorrow. I will look at the
> typos/grammar with my teacher and send you a better long version. :)
Training canceled for sickness. Please take the version you prefer.
--
Sébastien "Seblu" Luttringer
https://www.seblu.net
GPG: 0x2072D77A
More information about the pacman-dev
mailing list