From b454cfb05c46312054ad736a841e70211905016b Mon Sep 17 00:00:00 2001
From: Filipe Brandenburger <filbranden@google.com>
Date: Tue, 20 Mar 2018 09:21:36 -0700
Subject: [PATCH] mkosi: set file permissions in copy of source tree (#8370)

Meson keeps permissions around during the build, so details of how umask
was set when cloning the original git tree will leak all the way to the
installed files in the mkosi image.

So reset the permissions of the files in the copy of the tree before
starting the build.

Also set the umask explicitly.

Tested by creating a mkosi image and booting it on a tree that was
cloned with a umask of 027, confirmed that the *.target files were not
created as world-unreadable anymore.
---
 mkosi.build | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/mkosi.build b/mkosi.build
index 7cdcd6c741..131eb9fd90 100755
--- a/mkosi.build
+++ b/mkosi.build
@@ -21,6 +21,14 @@ set -ex
 # This is a build script for OS image generation using mkosi (https://github.com/systemd/mkosi).
 # Simply invoke "mkosi" in the project directory to build an OS image.
 
+# Reset the permissions of the tree. Since Meson keeps the permissions
+# all the way to the installed files, reset them to one of 0644 or 0755
+# so the files keep those permissions, otherwise details of what umask
+# was set at the time the git tree was cloned will leak all the way
+# through. Also set umask explicitly during the build.
+chmod -R u+w,go-w,a+rX .
+umask 022
+
 # If mkosi.builddir/ exists mkosi will set $BUILDDIR to it, let's then use it
 # as out-of-tree build dir. Otherwise, let's make up our own builddir.
 [ -z "$BUILDDIR" ] && BUILDDIR=build