[buildbot] phase1: enforce proper umask during signing
LEDE Commits
lede-commits at lists.infradead.org
Tue Jul 26 11:09:47 PDT 2016
jow pushed a commit to buildbot.git, branch master:
https://git.lede-project.org/?p=buildbot.git;a=commitdiff;h=d600bc21757ee918a5468910b5e98a9ce1562255
commit d600bc21757ee918a5468910b5e98a9ce1562255
Author: Jo-Philipp Wich <jo at mein.io>
AuthorDate: Tue Jul 26 20:09:27 2016 +0200
phase1: enforce proper umask during signing
Ensure that the umask is set to 022 when signing tarballs since twistd invokes
the helper script with an umask of 077, preventing world access on the
resulting files.
Signed-off-by: Jo-Philipp Wich <jo at mein.io>
---
phase1/signall.sh | 2 ++
1 file changed, 2 insertions(+)
diff --git a/phase1/signall.sh b/phase1/signall.sh
index f0d80fe..015470d 100755
--- a/phase1/signall.sh
+++ b/phase1/signall.sh
@@ -17,6 +17,8 @@ if [ ! -f "$tarball" ]; then
finish 1
fi
+umask 022
+
mkdir "$tmpdir" || finish 2
tar -C "$tmpdir/" -xzf "$tarball" || finish 3
find "$tmpdir/" -type f -not -name "*.gpg" -exec gpg --no-version --batch --yes -a -b ${keyid:+-u "$keyid"} ${comment:+--comment="$comment"} ${passfile:+--passphrase-file "$passfile"} -o "{}.gpg" "{}" \; || finish 4
More information about the lede-commits
mailing list