diff mbox series

[1/1] package/pkg-download: restore user's original umask for the whole download process

Message ID 1670323283-5697-2-git-send-email-luca.pesce@vimar.com
State New
Headers show
Series package/pkg-download: restore user's original umask for the whole download process | expand

Commit Message

Luca Pesce Dec. 6, 2022, 10:41 a.m. UTC 
Root makefile imposes 'umask 0022', and this may be more restrictive than the
user's original umask - which could have provisions set to share files/dirs
with other users.
As an example, the imposed value makes the per-package download directories not
writeable for the group, but just for the owner - the user that issued the first
build that populated the per-package dl dir for the first time (say user A).
Thus, if a BR package changes its version (e.g. for buildroot update), and
another user (say user B, in the same group of A) starts a build, BR fails the
creation of package-xxx.tar.gz inside the dl dir, because user B has no write
permissions on that path. Furthermore, in the case of the git backend, this
makes the git cache not updatable by a different user. This is disruptive for a
host used by many users, all belonging to a certain group.

So, to allow sharing of a rw BR2_DL_DIR location among users, we save the
original umask value (but only if it is more permissive than our REQ_UMASK,
which is our minimum working requirement) and restore it during the download
process.

Signed-off-by: Luca Pesce <luca.pesce@vimar.com>
---
 Makefile                | 17 ++++++++++++++++-
 package/pkg-download.mk |  6 ++++--
 2 files changed, 20 insertions(+), 3 deletions(-)
diff mbox series

Patch

diff --git a/Makefile b/Makefile
index 88f90cd..ec45589 100644
--- a/Makefile
+++ b/Makefile
@@ -68,21 +68,31 @@  endif
 CANONICAL_CURDIR = $(realpath $(CURDIR))
 
 REQ_UMASK = 0022
+CURR_UMASK = $(shell umask)
 
 # Make sure O= is passed (with its absolute canonical path) everywhere the
 # toplevel makefile is called back.
 EXTRAMAKEARGS := O=$(CANONICAL_O)
 
 # Check Buildroot execution pre-requisites here.
-ifneq ($(shell umask):$(CURDIR):$(O),$(REQ_UMASK):$(CANONICAL_CURDIR):$(CANONICAL_O))
+ifneq ($(CURR_UMASK):$(CURDIR):$(O),$(REQ_UMASK):$(CANONICAL_CURDIR):$(CANONICAL_O))
 .PHONY: _all $(MAKECMDGOALS)
 
+# Save the user's original umask (but only if it is more permissive than or
+# equal to REQ_UMASK, which is our minimum working requirement)
+ifeq ($(shell printf "%04o" "$$(( $(CURR_UMASK) | $(REQ_UMASK) ))"),$(REQ_UMASK))
+BR2_ORIG_UMASK := $(CURR_UMASK)
+else
+BR2_ORIG_UMASK := $(REQ_UMASK)
+endif
+
 $(MAKECMDGOALS): _all
 	@:
 
 _all:
 	@umask $(REQ_UMASK) && \
 		$(MAKE) -C $(CANONICAL_CURDIR) --no-print-directory \
+			BR2_ORIG_UMASK=$(BR2_ORIG_UMASK) \
 			$(MAKECMDGOALS) $(EXTRAMAKEARGS)
 
 else # umask / $(CURDIR) / $(O)
@@ -91,6 +101,11 @@  else # umask / $(CURDIR) / $(O)
 all:
 .PHONY: all
 
+# Export the user's original umask: we may need it later to honour user's file
+# creation permissions when creating non-target files/dirs (e.g. during the
+# execution of dl-wrapper script)
+export BR2_ORIG_UMASK := $(or $(BR2_ORIG_UMASK),$(CURR_UMASK))
+
 # Set and export the version string
 export BR2_VERSION := 2023.02-git
 # Actual time the release is cut (for reproducible builds)
diff --git a/package/pkg-download.mk b/package/pkg-download.mk
index 0718f21..eb2a242 100644
--- a/package/pkg-download.mk
+++ b/package/pkg-download.mk
@@ -107,9 +107,11 @@  endif
 #
 ################################################################################
 
+# Restore the user's original umask during the whole download, in case he has
+# provisions set to share the download directory with his group (or others).
 define DOWNLOAD
-	$(Q)mkdir -p $($(2)_DL_DIR)
-	$(Q)$(EXTRA_ENV) $($(2)_DL_ENV) \
+	$(Q)umask $(BR2_ORIG_UMASK); mkdir -p $($(2)_DL_DIR)
+	$(Q)umask $(BR2_ORIG_UMASK); $(EXTRA_ENV) $($(2)_DL_ENV) \
 		flock $($(2)_DL_DIR)/.lock $(DL_WRAPPER) \
 		-c '$($(2)_DL_VERSION)' \
 		-d '$($(2)_DL_DIR)' \