On 10/12/13 10:59, Sébastien Luttringer wrote: > Calls to makepg -g and makepkg to download a source files, result in different > permissions on the file if user umask != 0022. > > Run makepkg with -g option, will download source files before makepkg set > umask > to 0022. Downloaded files permissions will depend on user umask. > Run bare makepkg, will call download source routines after umask was set > to 0022. Downloaded files permissions will be group and world readable. > > A collateral damage: > When a user who has a restricted umask (like 077), > update a PKGBUKLD with updpkgsums (which call makepkg -g), > and call a devtools scripts (extra-i686-build) to build the package, > he will get a 'Permission denied', > because the builder (another makepkg call) will be run as nobody user. > > Another side effect, when several users share a SRCDEST directory, they cannot > access to files generated by another user with restricted umask. > Altough, this can be workarounded by default ACL in the SRCDEST directory. > > The oldest commit with this umask is the first git commit (d04baab) with no > revelent informations provided about the purpose of using an umask. > The last commit moving the umask was 171808. The precious commit message > refered to bug FS#9242 and FS#9362 which recommend to put umask at the top > in makepkg. > > This patch put the umask definition at the "beginning" of the makepkg script. > This let us rely that all files generated by makepkg will be with 0022 umask. > > Signed-off-by: Sébastien Luttringer <[email protected]>
I'll ack this, but rather than fixing all the typos in the long commit message, I'll reduce it to: Calls to 'makepkg -g' and 'makepkg' to download a source files result in different permissions on the file if user has a non-default umask. Put the umask definition at the "beginning" of the makepkg script to ensure all files generated by makepkg have a 0022 umask. A
