diff options
| author | Filipe Brandenburger <filbranden@google.com> | 2018-03-20 17:21:36 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2018-03-20 17:21:36 +0100 |
| commit | b454cfb05c46312054ad736a841e70211905016b (patch) | |
| tree | 2f513ee7d7faf94e48d259a0360e5350b37fa38a | |
| parent | seccomp: enable RestrictAddressFamilies on ppc (#8505) (diff) | |
| download | systemd-b454cfb05c46312054ad736a841e70211905016b.tar.xz systemd-b454cfb05c46312054ad736a841e70211905016b.zip | |
mkosi: set file permissions in copy of source tree (#8370)
Meson keeps permissions around during the build, so details of how umask
was set when cloning the original git tree will leak all the way to the
installed files in the mkosi image.
So reset the permissions of the files in the copy of the tree before
starting the build.
Also set the umask explicitly.
Tested by creating a mkosi image and booting it on a tree that was
cloned with a umask of 027, confirmed that the *.target files were not
created as world-unreadable anymore.
| -rwxr-xr-x | mkosi.build | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/mkosi.build b/mkosi.build index 7cdcd6c741..131eb9fd90 100755 --- a/mkosi.build +++ b/mkosi.build @@ -21,6 +21,14 @@ set -ex # This is a build script for OS image generation using mkosi (https://github.com/systemd/mkosi). # Simply invoke "mkosi" in the project directory to build an OS image. +# Reset the permissions of the tree. Since Meson keeps the permissions +# all the way to the installed files, reset them to one of 0644 or 0755 +# so the files keep those permissions, otherwise details of what umask +# was set at the time the git tree was cloned will leak all the way +# through. Also set umask explicitly during the build. +chmod -R u+w,go-w,a+rX . +umask 022 + # If mkosi.builddir/ exists mkosi will set $BUILDDIR to it, let's then use it # as out-of-tree build dir. Otherwise, let's make up our own builddir. [ -z "$BUILDDIR" ] && BUILDDIR=build |