Previously it had 0700 permissions, which was hidden because everything ran as root anyway. However, dbus-broker fails to start in this case because it always drops privileges. Also set umask to 0022 to ensure that the permissions of other directories are correct. Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com> --- scripts/make-erofs.sh | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/scripts/make-erofs.sh b/scripts/make-erofs.sh index b47048ad747bd7dfcc28e0f1dfd75ec090fa7e09..5b620be77f2967e45fa1c2b06c6acfc3329e46c0 100755 --- a/scripts/make-erofs.sh +++ b/scripts/make-erofs.sh @@ -1,6 +1,7 @@ #!/bin/sh -eu # # SPDX-FileCopyrightText: 2023-2024 Alyssa Ross <hi@alyssa.is> +# SPDX-FileCopyrightText: 2025 Demi Marie Obenour <demiobenour@gmail.com> # SPDX-License-Identifier: EUPL-1.2+ # # FIXME: It would be nice to replace this script with a program that @@ -8,6 +9,7 @@ # single directory structure, and could generate an EROFS image # based on source:dest mappings directly. +umask 0022 # for permissions ex_usage() { echo "Usage: make-erofs.sh [options]... img < srcdest.txt" >&2 exit 1 @@ -18,8 +20,12 @@ if [ -z "${img-}" ]; then ex_usage fi -root="$(mktemp -d -- "$img.tmp.XXXXXXXXXX")" -trap 'chmod -R +w -- "$root" && rm -rf -- "$root"' EXIT +superroot="$(mktemp -d -- "$img.tmp.XXXXXXXXXX")" +trap 'chmod -R +w -- "$root" && rm -rf -- "$superroot"' EXIT +# $superroot has 0700 permissions, so create a subdirectory +# with correct (0755) permissions and do all work there. +root=$superroot/real_root +mkdir -- "$root" while read -r arg1; do read -r arg2 || ex_usage --- base-commit: 8ce6039b6dde7fda98ceea018addecb8bee0e7b3 change-id: 20250908-world-readable-root-87176a94d3cc -- Sincerely, Demi Marie Obenour (she/her/hers)