In pacman-git commit d8717a6a9666ec80c8645d190d6f9c7ab73084ac makepkg
started checking that the setuid/setgid bit could be removed on the
$BUILDDIR in order to prevent this propagating to the packages
themselves. Unfortunately, this requires the temporary builddir used
during the --verifysource stage of makepkg, to be owned by $makepkg_user
which was not the case as it is created as root using mktemp (and given
world rwx in addition to the restricted deletion bit.)
Obviously makepkg cannot chmod a directory that it does not own. Fix
this by making $makepkg_user the owner of that directory, as should have
been the case all along.
(Giving world rwx is illogical on general principle. The fact that this
is a workaround for makepkg demanding these directories be writable even
when they are not going to be used for the makepkg options in question,
is not justification for being careless.)
Signed-off-by: Eli Schwartz <eschwa...@archlinux.org>
---
Yay, I "broke" something. :D
makechrootpkg.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/makechrootpkg.in b/makechrootpkg.in
index afcd121..6bc82a4 100644
--- a/makechrootpkg.in
+++ b/makechrootpkg.in
@@ -249,7 +249,7 @@ download_sources() {
local builddir
builddir="$(mktemp -d)"
- chmod 1777 "$builddir"
+ chown "$makepkg_user:$makepkg_user" "$builddir"
# Ensure sources are downloaded
sudo -u "$makepkg_user" env SRCDEST="$SRCDEST" BUILDDIR="$builddir" \
--
2.16.2
