grafts: Make sure files are not created world-writable.

* guix/build/graft.scm (rewrite-directory): Add 'umask' call.
2025-01-12 14:16:55 -05:00 · 2016-02-27 23:00:22 +01:00 · 2016-02-27 23:00:22 +01:00 · 82f5186650
commit 82f5186650
parent 9c7f7e2da9
1 changed files with 6 additions and 1 deletions
--- a/guix/build/graft.scm
+++ b/guix/build/graft.scm
@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2014, 2015 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@ -118,6 +118,11 @@ (define (rewrite-leaf file)
        (else
         (error "unsupported file type" stat)))))

+  ;; XXX: Work around occasional "suspicious ownership or permission" daemon
+  ;; errors that arise when we create the top-level /gnu/store/… directory as
+  ;; #o777.
+  (umask #o022)
+
  (n-par-for-each (parallel-job-count)
                  rewrite-leaf (find-files directory)))