On Sun, 18 Mar 2018 01:46:44 -0400,
Eli Schwartz via arch-projects wrote:
>
> In pacman-git commit d8717a6a9666ec80c8645d190d6f9c7ab73084ac makepkg
> started checking that the setuid/setgid bit could be removed on the
> $BUILDDIR in order to prevent this propagating to the packages
> themselves. Unfortunately, this requires the temporary builddir used
> during the --verifysource stage of makepkg, to be owned by $makepkg_user
> which was not the case as it is created as root using mktemp (and given
> world rwx in addition to the restricted deletion bit.)
...
> diff --git a/makechrootpkg.in b/makechrootpkg.in
> index afcd121..6bc82a4 100644
> --- a/makechrootpkg.in
> +++ b/makechrootpkg.in
> @@ -249,7 +249,7 @@ download_sources() {
>
> local builddir
> builddir="$(mktemp -d)"
> - chmod 1777 "$builddir"
> + chown "$makepkg_user:$makepkg_user" "$builddir"
$makepkg_user isn't nescessarily a valid group name. Not all users
have an identically named group, some people like to use 'users' as
their primary group.
Looking at makepkg d8717a6a9666ec80c8645d190d6f9c7ab73084ac, I don't
think the group of the directory has to match; just the user.
However, if I'm mistaken and it it truly is nescessary to set the
group, how about:
chown "$makepkg_user:$(id -gn "$makepkg_user")" "$builddir"
--
Happy hacking,
~ Luke Shumaker
