From patchwork Sun Mar 18 05:46:44 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Emil Velikov via arch-projects X-Patchwork-Id: 477 Return-Path: Delivered-To: patchwork@archlinux.org Received: from apollo.archlinux.org (localhost [127.0.0.1]) by apollo.archlinux.org (Postfix) with ESMTP id F1C11285F82D for ; Sun, 18 Mar 2018 05:46:15 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on apollo.archlinux.org X-Spam-Level: X-Spam-Status: No, score=-2.4 required=5.0 tests=DKIM_SIGNED=0.1, DKIM_VALID=-0.1,DKIM_VALID_AU=-0.1,RCVD_IN_DNSWL_MED=-2.3 autolearn=ham autolearn_force=no version=3.4.1 X-Spam-BL-Results: [127.0.0.10] [127.0.9.2] Received: from orion.archlinux.org (orion.archlinux.org [88.198.91.70]) by apollo.archlinux.org (Postfix) with ESMTPS for ; Sun, 18 Mar 2018 05:46:15 +0000 (UTC) Received: from orion.archlinux.org (localhost [127.0.0.1]) by orion.archlinux.org (Postfix) with ESMTP id 68CBA97DD333B; Sun, 18 Mar 2018 05:46:06 +0000 (UTC) Received: from luna.archlinux.org (luna.archlinux.org [5.9.250.164]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by orion.archlinux.org (Postfix) with ESMTPS; Sun, 18 Mar 2018 05:46:06 +0000 (UTC) Received: from luna.archlinux.org (luna.archlinux.org [127.0.0.1]) by luna.archlinux.org (Postfix) with ESMTP id 3D8F42C7C6; Sun, 18 Mar 2018 05:46:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=archlinux.org; s=luna2; t=1521351966; bh=JSk++lavDyEYSTWIlSHZApGv0QlsUgK4a2eWWABWHk8=; h=To:Date:Subject:List-Id:List-Unsubscribe:List-Archive:List-Post: List-Help:List-Subscribe:From:Reply-To:Cc; b=vFN2veFwb+o84lZ7Nf0Bhd55Qa6a+oh/qTCQ0liLfaSfQ3DF3wQjZNkI8rn+sFcPH F/0JYpHExAu+rFOOZ9ywxUZNqEp/7lzCZAZ/ha7W8JhmNknX4jSGha8n9kyaYAjxFS KB7rnCHBN4IDPXRc3G9y5QZMbP1Tr+t7yLUGu6vt5OX/GwaqIml3ST9NFwA/6+agcV H6MUP5bqYhyPMuDbrJDHd4cY7Bk4K0G+2NSMF/RiufMGv6ZUTq8nqzHOHB/xMbBkbo cYcPOIbDOZu8kdD6Pqneb2ayvJs2uxt+3ww8wLjhCl7r3c5k6RnA/Fz0NFUVJ+WKv3 bTqWjdYX7J9Q5X07Gdz9SfLttkJIBhkbd65uuQMJFDh9qDz6QV6hHMaCxJiCYekcn5 w1l5ojdgKHdx/Kt0+jq5RzzZVlE9TfWqJSQeD1er1o4IeTmc0XMytI7ZIguaAytzOB fBjFTJBTYW4T1ZxtA0dAWAHF9xz4zgd9Gp4eMXMSWBAMwGt7ytbWaaG0tDEQ/zPsDv /DYYrv/QDsgA3Gd+6sCX7ZBt/uwyf0OeABhUJ3lPMJSgd4xwLB+J/fYo4zI24Gx7wn 1ssrflpE5kM2Pla7iKB1aRKss6QtMEluHYy+yplOPYHf5sx+sL9IBwmi/CfW6/gXMQ XNYr9w9dlxzhjSO28ymTLHwY= Received: from luna.archlinux.org (luna.archlinux.org [127.0.0.1]) by luna.archlinux.org (Postfix) with ESMTP id 68BB92C074 for ; Sun, 18 Mar 2018 05:46:03 +0000 (UTC) Received: from orion.archlinux.org (orion.archlinux.org [IPv6:2a01:4f8:160:6087::1]) by luna.archlinux.org (Postfix) with ESMTPS for ; Sun, 18 Mar 2018 05:46:03 +0000 (UTC) Received: from orion.archlinux.org (localhost [127.0.0.1]) by orion.archlinux.org (Postfix) with ESMTP id BBDAE97DD3336; Sun, 18 Mar 2018 05:45:51 +0000 (UTC) Received: from didactylos.localdomain (ool-3f8fc1dc.dyn.optonline.net [63.143.193.220]) (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)) (No client certificate requested) (Authenticated sender: eschwartz) by orion.archlinux.org (Postfix) with ESMTPSA id 39A2597DD3335; Sun, 18 Mar 2018 05:45:51 +0000 (UTC) To: arch-projects@archlinux.org Date: Sun, 18 Mar 2018 01:46:44 -0400 Message-Id: <20180318054644.3754-1-eschwartz@archlinux.org> X-Mailer: git-send-email 2.16.2 Subject: [arch-projects] [devtools] [PATCH] makechrootpkg: fix verifysource with pacman-git X-BeenThere: arch-projects@archlinux.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: Arch Linux projects development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Eli Schwartz via arch-projects Reply-To: Arch Linux projects development discussion Cc: Eli Schwartz Errors-To: arch-projects-bounces@archlinux.org Sender: "arch-projects" In pacman-git commit d8717a6a9666ec80c8645d190d6f9c7ab73084ac makepkg started checking that the setuid/setgid bit could be removed on the $BUILDDIR in order to prevent this propagating to the packages themselves. Unfortunately, this requires the temporary builddir used during the --verifysource stage of makepkg, to be owned by $makepkg_user which was not the case as it is created as root using mktemp (and given world rwx in addition to the restricted deletion bit.) Obviously makepkg cannot chmod a directory that it does not own. Fix this by making $makepkg_user the owner of that directory, as should have been the case all along. (Giving world rwx is illogical on general principle. The fact that this is a workaround for makepkg demanding these directories be writable even when they are not going to be used for the makepkg options in question, is not justification for being careless.) Signed-off-by: Eli Schwartz --- Yay, I "broke" something. :D makechrootpkg.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makechrootpkg.in b/makechrootpkg.in index afcd121..6bc82a4 100644 --- a/makechrootpkg.in +++ b/makechrootpkg.in @@ -249,7 +249,7 @@ download_sources() { local builddir builddir="$(mktemp -d)" - chmod 1777 "$builddir" + chown "$makepkg_user:$makepkg_user" "$builddir" # Ensure sources are downloaded sudo -u "$makepkg_user" env SRCDEST="$SRCDEST" BUILDDIR="$builddir" \