Re: [OE-core] [PATCH 7/7] sstate: set mode explicitly when creating directories in sstate-cache
On Mon, 28 Sep 2020 at 17:40, Mark Hatle wrote: > I worry that this could be problematic for other ways. Security requirements > for an org or even users who want to share the sstate case 0777 etc. > > Wouldn't it be better to warn the user that their umask won't allow them to > share this with others, and give them instructions and opening the umask? FWIW, ten lines lower we chmod 664 the actual data, so this is just in keeping with existing behaviour. Ross -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#142870): https://lists.openembedded.org/g/openembedded-core/message/142870 Mute This Topic: https://lists.openembedded.org/mt/77177692/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH 7/7] sstate: set mode explicitly when creating directories in sstate-cache
I worry that this could be problematic for other ways. Security requirements
for an org or even users who want to share the sstate case 0777 etc.
Wouldn't it be better to warn the user that their umask won't allow them to
share this with others, and give them instructions and opening the umask?
--Mark
On 9/28/20 11:19 AM, Ross Burton wrote:
> When creating directories in the sstate-cache, explicitly set the mode
> passed to mkdir to 0775 so that the directories are group writable, as
> otherwise they cannot be shared with other users.
>
> Signed-off-by: Ross Burton
> ---
> meta/classes/sstate.bbclass | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/meta/classes/sstate.bbclass b/meta/classes/sstate.bbclass
> index 66a96a7603..a8ae75101d 100644
> --- a/meta/classes/sstate.bbclass
> +++ b/meta/classes/sstate.bbclass
> @@ -787,7 +787,7 @@ sstate_create_package () {
> return
> fi
>
> - mkdir -p `dirname ${SSTATE_PKG}`
> + mkdir --mode=0775 -p `dirname ${SSTATE_PKG}`
> TFILE=`mktemp ${SSTATE_PKG}.`
>
> # Use pigz if available
>
>
>
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#142868):
https://lists.openembedded.org/g/openembedded-core/message/142868
Mute This Topic: https://lists.openembedded.org/mt/77177692/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 7/7] sstate: set mode explicitly when creating directories in sstate-cache
When creating directories in the sstate-cache, explicitly set the mode
passed to mkdir to 0775 so that the directories are group writable, as
otherwise they cannot be shared with other users.
Signed-off-by: Ross Burton
---
meta/classes/sstate.bbclass | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/classes/sstate.bbclass b/meta/classes/sstate.bbclass
index 66a96a7603..a8ae75101d 100644
--- a/meta/classes/sstate.bbclass
+++ b/meta/classes/sstate.bbclass
@@ -787,7 +787,7 @@ sstate_create_package () {
return
fi
- mkdir -p `dirname ${SSTATE_PKG}`
+ mkdir --mode=0775 -p `dirname ${SSTATE_PKG}`
TFILE=`mktemp ${SSTATE_PKG}.`
# Use pigz if available
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#142865):
https://lists.openembedded.org/g/openembedded-core/message/142865
Mute This Topic: https://lists.openembedded.org/mt/77177692/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
