From: Jo-Philipp Wich <jo@mein.io>
Date: Tue, 26 Jul 2016 18:09:27 +0000 (+0200)
Subject: phase1: enforce proper umask during signing
X-Git-Tag: v1~250
X-Git-Url: http://git.cdn.openwrt.org/?a=commitdiff_plain;h=d600bc21757ee918a5468910b5e98a9ce1562255;p=buildbot.git

phase1: enforce proper umask during signing

Ensure that the umask is set to 022 when signing tarballs since twistd invokes
the helper script with an umask of 077, preventing world access on the
resulting files.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
---

diff --git a/phase1/signall.sh b/phase1/signall.sh
index f0d80fe..015470d 100755
--- a/phase1/signall.sh
+++ b/phase1/signall.sh
@@ -17,6 +17,8 @@ if [ ! -f "$tarball" ]; then
 	finish 1
 fi
 
+umask 022
+
 mkdir "$tmpdir" || finish 2
 tar -C "$tmpdir/" -xzf "$tarball" || finish 3
 find "$tmpdir/" -type f -not -name "*.gpg" -exec gpg --no-version --batch --yes -a -b ${keyid:+-u "$keyid"} ${comment:+--comment="$comment"} ${passfile:+--passphrase-file "$passfile"} -o "{}.gpg" "{}" \; || finish 4