aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2016-02-27 23:00:22 +0100
committerLudovic Courtès <ludo@gnu.org>2016-02-27 23:31:52 +0100
commit82f5186650dc5546eaa4cdc918c444632fa8086f (patch)
tree9177cea9e2a236c67996ac0e3a766e795f8ac1d7
parent9c7f7e2da9d4d471ae20fc19c5dab504a276d3e8 (diff)
downloadguix-82f5186650dc5546eaa4cdc918c444632fa8086f.tar.gz
guix-82f5186650dc5546eaa4cdc918c444632fa8086f.zip
grafts: Make sure files are not created world-writable.
* guix/build/graft.scm (rewrite-directory): Add 'umask' call.
-rw-r--r--guix/build/graft.scm7
1 files changed, 6 insertions, 1 deletions
diff --git a/guix/build/graft.scm b/guix/build/graft.scm
index 0a9cd3260c..b216e6c0d7 100644
--- a/guix/build/graft.scm
+++ b/guix/build/graft.scm
@@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2014, 2015 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -118,6 +118,11 @@ file name pairs."
(else
(error "unsupported file type" stat)))))
+ ;; XXX: Work around occasional "suspicious ownership or permission" daemon
+ ;; errors that arise when we create the top-level /gnu/store/… directory as
+ ;; #o777.
+ (umask #o022)
+
(n-par-for-each (parallel-job-count)
rewrite-leaf (find-files directory)))