diff options
author | Ludovic Courtès <ludo@gnu.org> | 2016-02-27 23:00:22 +0100 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2016-02-27 23:31:52 +0100 |
commit | 82f5186650dc5546eaa4cdc918c444632fa8086f (patch) | |
tree | 9177cea9e2a236c67996ac0e3a766e795f8ac1d7 | |
parent | 9c7f7e2da9d4d471ae20fc19c5dab504a276d3e8 (diff) | |
download | guix-82f5186650dc5546eaa4cdc918c444632fa8086f.tar.gz guix-82f5186650dc5546eaa4cdc918c444632fa8086f.zip |
grafts: Make sure files are not created world-writable.
* guix/build/graft.scm (rewrite-directory): Add 'umask' call.
-rw-r--r-- | guix/build/graft.scm | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/guix/build/graft.scm b/guix/build/graft.scm index 0a9cd3260c..b216e6c0d7 100644 --- a/guix/build/graft.scm +++ b/guix/build/graft.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2014, 2015 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org> ;;; ;;; This file is part of GNU Guix. ;;; @@ -118,6 +118,11 @@ file name pairs." (else (error "unsupported file type" stat))))) + ;; XXX: Work around occasional "suspicious ownership or permission" daemon + ;; errors that arise when we create the top-level /gnu/store/… directory as + ;; #o777. + (umask #o022) + (n-par-for-each (parallel-job-count) rewrite-leaf (find-files directory))) |