From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from atuin.qyliss.net (localhost [IPv6:::1])
	by atuin.qyliss.net (Postfix) with ESMTP id 468181957F;
	Mon, 08 Sep 2025 08:21:31 +0000 (UTC)
Received: by atuin.qyliss.net (Postfix, from userid 993)
	id 12AE7195DE; Mon, 08 Sep 2025 08:21:29 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on atuin.qyliss.net
X-Spam-Level: 
X-Spam-Status: No, score=-0.8 required=3.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,DMARC_MISSING,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS
	autolearn=unavailable autolearn_force=no version=4.0.1
Received: from fhigh-b7-smtp.messagingengine.com
 (fhigh-b7-smtp.messagingengine.com [202.12.124.158])
	by atuin.qyliss.net (Postfix) with ESMTPS id 3D3F7195DC
	for <devel@spectrum-os.org>; Mon, 08 Sep 2025 08:21:28 +0000 (UTC)
Received: from phl-compute-02.internal (phl-compute-02.internal [10.202.2.42])
	by mailfhigh.stl.internal (Postfix) with ESMTP id 017A27A0065;
	Mon,  8 Sep 2025 04:21:26 -0400 (EDT)
Received: from phl-mailfrontend-02 ([10.202.2.163])
  by phl-compute-02.internal (MEProxy); Mon, 08 Sep 2025 04:21:27 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alyssa.is; h=cc
	:cc:content-type:content-type:date:date:from:from:in-reply-to
	:in-reply-to:message-id:mime-version:references:reply-to:subject
	:subject:to:to; s=fm3; t=1757319686; x=1757406086; bh=fmFJS42SxE
	v62+IMZ+jSdOAIBllqpXoP979btoeGoZU=; b=X4mVYM4g43JPDPPJBtan4WdHag
	PA3dGUBsVG9W5Gq1dQIuKCiw0iPbKaNQIQ5oImNx0N6V8SXZrPvVm6wuKQ8xb+Yy
	Z/oM+oZba+nYeXHX1NQgV4wtf+KdU0Zj0NIolrEOtQ2cZa0SOxhiBH3zNk0K3Kdl
	TQ8IJeF8FQIBjAXbyHPXfRXW7Ky4VI4tP/T3rnfhG0DCcS4E8R6Scu7bnhaVfkUs
	0sM16lAtEoAijRrEw4QpSmjUEW3p7Y2aF9gXMm4j1hnNLblOld5wmeR0fzhaO1Xn
	NG/mYHxTkICdHfP5vi4jSqZUhc4s3t7shdAl8g3/dnEevw3qegIRQ0qHecmg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:cc:content-type:content-type:date:date
	:feedback-id:feedback-id:from:from:in-reply-to:in-reply-to
	:message-id:mime-version:references:reply-to:subject:subject:to
	:to:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=
	1757319686; x=1757406086; bh=fmFJS42SxEv62+IMZ+jSdOAIBllqpXoP979
	btoeGoZU=; b=mCrFxgLyzRBFAPcVEo4tJlsZfdwz6ZvUr9OBizSoAxt0LsuqPui
	nHh6RYeW8ERTOEu6pS2yTRRz7wZDkL6FA0BkN2+cW3ROCgLibF+NfnqW3QPUehHN
	nnv4T82LfPs3RZahLHnuQTxsILmaY1IWoKAtsXDSymhuOS2ac9zBQ6xLK1miJ8+G
	wUVh6reozRbJrElFSfD9M2162SvExvbmlp7/0MfmFmPj19uHBGocUcOh73uLtWCv
	GBM4m6Cc72lMPROQVHD5s72/tMuSe6SwQrazZfdIeRpeTaKt17k1Y/Q+Vb++LVKT
	6NBQiOYC5OBChCudqchngxEfNQGNrm8FuXA==
X-ME-Sender: <xms:BpK-aI4RKm4VTIY0eyehPGS8j6jCmRbxaOi4AKyJwa80a9Ik1AJdeA>
    <xme:BpK-aPIWlhXLJvxqZG4T65aMJtaIrHT5FLcYQ9WWXNDk-cbKPEPE5h__wIxPWbtjg
    0Bm97Ud3-K-jNTc5A>
X-ME-Received: 
 <xmr:BpK-aJLQMOVFBm-R2CNZKoM0zgH91WjgbYtNPFYyq9VAOAvSNT7tFLgb04KRL2Zcrk4kMvrXbTJ2obtNk72-MNsP2EQnu0-0HYOK6mdi>
X-ME-Proxy-Cause: 
 gggruggvucftvghtrhhoucdtuddrgeeffedrtdeggddujedtgecutefuodetggdotefrod
    ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpuffrtefokffrpgfnqfghnecuuegr
    ihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenucfjug
    hrpefhvfevufgjfhffkfggtgesghdtreertddttdenucfhrhhomheptehlhihsshgrucft
    ohhsshcuoehhihesrghlhihsshgrrdhisheqnecuggftrfgrthhtvghrnhepieduffeuie
    elgfetgfdttddtkeekheekgfehkedufeevteegfeeiffetvdetueevnecuvehluhhsthgv
    rhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhephhhisegrlhihshhsrgdrih
    hspdhnsggprhgtphhtthhopedvpdhmohguvgepshhmthhpohhuthdprhgtphhtthhopegu
    vghmihhosggvnhhouhhrsehgmhgrihhlrdgtohhmpdhrtghpthhtohepuggvvhgvlhessh
    hpvggtthhruhhmqdhoshdrohhrgh
X-ME-Proxy: <xmx:BpK-aFXwDIhy_Yry6C7v6djUl2khiGjCkVw126ESVpb3eFfUwYpixA>
    <xmx:BpK-aDj7pPm20rQCv7ZTU8U6UNifHMRaJLG8h-C4xbWbQWrty3Gl4Q>
    <xmx:BpK-aI_EWZY50k45KvtU3RBclV9-pHfymK8wpZuWN8xnGlZZjlgkyQ>
    <xmx:BpK-aFAWPX4IPM-1ez9VofEwlQE3KNZZx5uTOuSJEk44rgwUaT39sw>
    <xmx:BpK-aMIoqO6M2VtdWyTDHdnszgKr1sQIaC4-qCEpkWyhP9xLwuu1mJO1>
Feedback-ID: i12284293:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon,
 8 Sep 2025 04:21:26 -0400 (EDT)
Received: by mbp.qyliss.net (Postfix, from userid 1000)
	id 8443C16744CC; Mon, 08 Sep 2025 10:21:24 +0200 (CEST)
From: Alyssa Ross <hi@alyssa.is>
To: Demi Marie Obenour <demiobenour@gmail.com>
Subject: Re: [PATCH 01/20] scripts/make-erofs.sh: Ensure that / is
 world-readable
In-Reply-To: <20250904-systemd-v1-1-2a63b790a913@gmail.com>
References: <20250904-systemd-v1-0-2a63b790a913@gmail.com>
 <20250904-systemd-v1-1-2a63b790a913@gmail.com>
Date: Mon, 08 Sep 2025 10:21:23 +0200
Message-ID: <87a535l5h8.fsf@alyssa.is>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
	micalg=pgp-sha512; protocol="application/pgp-signature"
Message-ID-Hash: L5HHAJBMJWNH5EML2SEEB4KCA3RHEA4D
X-Message-ID-Hash: L5HHAJBMJWNH5EML2SEEB4KCA3RHEA4D
X-MailFrom: hi@alyssa.is
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation;
 header-match-devel.spectrum-os.org-0; header-match-devel.spectrum-os.org-1;
 header-match-devel.spectrum-os.org-2; header-match-devel.spectrum-os.org-3;
 header-match-devel.spectrum-os.org-4; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 digests; suspicious-header
CC: Spectrum OS Development <devel@spectrum-os.org>
X-Mailman-Version: 3.3.9
Precedence: list
List-Id: Patches and low-level development discussion <devel.spectrum-os.org>
Archived-At: 
 <https://spectrum-os.org/lists/hyperkitty/list/devel@spectrum-os.org/message/L5HHAJBMJWNH5EML2SEEB4KCA3RHEA4D/>
List-Archive: 
 <https://spectrum-os.org/lists/hyperkitty/list/devel@spectrum-os.org/>
List-Help: <mailto:devel-request@spectrum-os.org?subject=help>
List-Owner: <mailto:devel-owner@spectrum-os.org>
List-Post: <mailto:devel@spectrum-os.org>
List-Subscribe: <mailto:devel-join@spectrum-os.org>
List-Unsubscribe: <mailto:devel-leave@spectrum-os.org>

--=-=-=
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Demi Marie Obenour <demiobenour@gmail.com> writes:

> Previously it had 0700 permissions, which was hidden because everything
> ran as root anyway.  However, dbus-broker fails to start in this case
> because it always drops privileges.  Also set umask to 0022 to ensure
> that the permissions of other directories are correct.
>
> Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
> ---
>  scripts/make-erofs.sh | 9 +++++++--
>  1 file changed, 7 insertions(+), 2 deletions(-)
>
> diff --git a/scripts/make-erofs.sh b/scripts/make-erofs.sh
> index b47048ad747bd7dfcc28e0f1dfd75ec090fa7e09..88e3885e578a6fd85a61c6f29=
93a9addb7f44c37 100755
> --- a/scripts/make-erofs.sh
> +++ b/scripts/make-erofs.sh
> @@ -8,6 +8,7 @@
>  #        single directory structure, and could generate an EROFS image
>  #        based on source:dest mappings directly.
>=20=20
> +umask 0022 # for permissions

The idea being that it might be overly tight otherwise?  Could it be a
separate patch with its own commit message?

>  ex_usage() {
>  	echo "Usage: make-erofs.sh [options]... img < srcdest.txt" >&2
>  	exit 1
> @@ -18,8 +19,12 @@ if [ -z "${img-}" ]; then
>  	ex_usage
>  fi
>=20=20
> -root=3D"$(mktemp -d -- "$img.tmp.XXXXXXXXXX")"
> -trap 'chmod -R +w -- "$root" && rm -rf -- "$root"' EXIT
> +superroot=3D"$(mktemp -d -- "$img.tmp.XXXXXXXXXX")"
> +trap 'chmod -R +w -- "$root" && rm -rf -- "$superroot"' EXIT
> +# $superroot has 0700 permissions, so create a subdirectory
> +# with correct (0755) permissions and do all work there.
> +root=3D$superroot/real_root
> +mkdir -- "$root"
>=20=20
>  while read -r arg1; do
>  	read -r arg2 || ex_usage
>

I think this change is big enough to justify a copyright header. :)

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQRV/neXydHjZma5XLJbRZGEIw/wogUCaL6SAwAKCRBbRZGEIw/w
olkhAQCZyKRIiYUWhrpM597gBlFRF7CIpZ0Gfd70cSUaB/IfvwEA0ew3ZIBj+vHZ
3KvH5YU3oYuTBVCSpjLVSH7yvQO12wU=
=mUp/
-----END PGP SIGNATURE-----
--=-=-=--