https://sourceware.org/bugzilla/show_bug.cgi?id=31800
Nick Clifton <nickc at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |nickc at redhat dot com
Ever confirmed|0 |1
Status|UNCONFIRMED |WAITING
Last reconfirmed| |2024-05-28
Assignee|unassigned at sourceware dot org |nickc at redhat dot com
--- Comment #1 from Nick Clifton <nickc at redhat dot com> ---
Hi Rostislav,
> After running this script permissions of all files and directories
> (including files of Git repo and the root directory of the project) are
> changed to 0777,
Well that does depend upon the user's umask setting.
> i.e. everything is open for everybody for any read-write
> operation. This is not good, not secure and must never be done.
Agreed.
> The src-release.sh script does it by the following line:
>
> chmod -R og=u . || chmod og=u `find . -print`
>
> Please remove this line. The src-release.sh works properly without that line
> and doesn't change permissions of files or directories.
Except that the permissions stored in the tarball will now be dependent upon
the environment in which the tarball was created. Which could be a problem
when creating reproducible tarballs.
How about rather than deleting the line we change it to:
find . -path "*/.git" -prune -o -exec chmod u=rwX,go=rX {} \;
This should ensure that none of the repo files are changed and that all other
files and directories are given explicit, reproducible permissions. Plus it
avoids the potential issue of a chmod command line that is far too long...
Cheers
Nick
--
You are receiving this mail because:
You are on the CC list for the bug.
