From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from atuin.qyliss.net (localhost [IPv6:::1])
	by atuin.qyliss.net (Postfix) with ESMTP id 0DB232426;
	Tue, 09 Sep 2025 14:47:36 +0000 (UTC)
Received: by atuin.qyliss.net (Postfix, from userid 993)
	id 467EF23B5; Tue, 09 Sep 2025 14:47:33 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on atuin.qyliss.net
X-Spam-Level: 
X-Spam-Status: No, score=-0.8 required=3.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,DMARC_MISSING,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS
	autolearn=unavailable autolearn_force=no version=4.0.1
Received: from fhigh-b1-smtp.messagingengine.com
 (fhigh-b1-smtp.messagingengine.com [202.12.124.152])
	by atuin.qyliss.net (Postfix) with ESMTPS id 7269823B2
	for <devel@spectrum-os.org>; Tue, 09 Sep 2025 14:47:30 +0000 (UTC)
Received: from phl-compute-06.internal (phl-compute-06.internal [10.202.2.46])
	by mailfhigh.stl.internal (Postfix) with ESMTP id B80AA7A0060;
	Tue,  9 Sep 2025 10:47:27 -0400 (EDT)
Received: from phl-mailfrontend-01 ([10.202.2.162])
  by phl-compute-06.internal (MEProxy); Tue, 09 Sep 2025 10:47:27 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alyssa.is; h=cc
	:cc:content-type:content-type:date:date:from:from:in-reply-to
	:in-reply-to:message-id:mime-version:references:reply-to:subject
	:subject:to:to; s=fm3; t=1757429247; x=1757515647; bh=SX9k8v+iyi
	zMcVIBUkmVCS/++61DC7z6RxQel7JnlEo=; b=VVZKiMs3Gp1zEUGxX60HvHxgbm
	3YEjwh9CGe0/wWDNWbwYPYHcCAmSL3gYlQJP3mGgZ//ntRWPn4tVQzANIX9+l1OP
	4P7FyeK7xkXHHSUZ1rUCMOanMUxpKhTjpN/yvpidrDflbW75w1CjUGHkaHfu2asQ
	bsoa96UkyYYyQbhiNnfe8d18aGWXPq1RcedCPNNBOZoga9FFUjwV3YfAM+vd+1GO
	/t8TDC0YCX4VSSmASGD3TlMdTzOiz5Z62VQmUF28crNx6TeCkMkWUZQdXf4Ef70J
	ES4eEkFgVUX7HzfyA+gU9JrlpfYiz4rglweyW7yuoE0VuQcS4TqMe4YQrMEw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:cc:content-type:content-type:date:date
	:feedback-id:feedback-id:from:from:in-reply-to:in-reply-to
	:message-id:mime-version:references:reply-to:subject:subject:to
	:to:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=
	1757429247; x=1757515647; bh=SX9k8v+iyizMcVIBUkmVCS/++61DC7z6RxQ
	el7JnlEo=; b=RECbmQTFuMNi/cbjXR5CmoNfnQohpogcMnp4r4Ttpj5ofxz6ObN
	J5H+meCvydUMJIQALPX6OEqbMPa6/LF8WkZkku1X8b5EZv2qZG0/A4W/6AkXgVXj
	VQd89SvHZxeyoOyUEQ3JsZ+rdf6/fiFQxSWcWfzrskU+fzMqnRbxW+Cjttty0llH
	DU39drNVk2/UJ6Syrl4mu8mEb06YyVPyaU7LCDrACTeRfibqzzzhCAWHcZN+NkMK
	Yn3+KM1QZNxehy5jxsRUs4TpU2GczBBoZt0KTGrYfFTwXwrMLQYyDUjeEoTmv1c6
	9b66vZrjfjOmNItbPu9TPD7+COezUtVzGkw==
X-ME-Sender: <xms:_z3AaLD0UJcKPmb8arlhEodSicpPw14xeV-4tOLbjYv58yXUiwNdQQ>
    <xme:_z3AaGxYjWppJ-FPiqCoaH5q2KzJIvxgq_ktO6AEuX4PJtRDhJrLsjU_GWa98rFpB
    Uoqnqwtzsan87SF9Q>
X-ME-Received: 
 <xmr:_z3AaIRNw19IuYqvKq9Ht-dpwdIA9Aj69uz5h5R4wgNq2qVIFidmaNBOe8wFDjaf>
X-ME-Proxy-Cause: 
 gggruggvucftvghtrhhoucdtuddrgeeffedrtdeggddvtdeilecutefuodetggdotefrod
    ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpuffrtefokffrpgfnqfghnecuuegr
    ihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenucfjug
    hrpefhvfevufgjfhffkfggtgesghdtreertddtjeenucfhrhhomheptehlhihsshgrucft
    ohhsshcuoehhihesrghlhihsshgrrdhisheqnecuggftrfgrthhtvghrnhephfetiefggf
    ekhfetjeekffdvgedvgefhiedtieelgfdujeeftdetveffvdelfeeunecuffhomhgrihhn
    pehsphgvtghtrhhumhdqohhsrdhorhhgnecuvehluhhsthgvrhfuihiivgeptdenucfrrg
    hrrghmpehmrghilhhfrhhomhephhhisegrlhihshhsrgdrihhspdhnsggprhgtphhtthho
    pedvpdhmohguvgepshhmthhpohhuthdprhgtphhtthhopeguvghmihhosggvnhhouhhrse
    hgmhgrihhlrdgtohhmpdhrtghpthhtohepuggvvhgvlhesshhpvggtthhruhhmqdhoshdr
    ohhrgh
X-ME-Proxy: <xmx:_z3AaF-PxV95rKWxr5Yl_ACgq5Lu5qAbtpJZp2HKteSrpU_ksN5zfw>
    <xmx:_z3AaHquW_vm7D32qHZoJgJMSPRw-XwG-MCjmC_Db9OsAkv63T9jig>
    <xmx:_z3AaKljCfPNLGa8Pzv3fIkM2QWdod1JAryuWWojG-fK6-zQDAf_kA>
    <xmx:_z3AaGIw7fWsHjYWDSahQavRzy7xxZi1cjM4V9XtDFl7TX6RubZj_A>
    <xmx:_z3AaLTnlVVs18J_MowjG42skaGBVWng7y3glYmChz_QwkETjiJxPY6J>
Feedback-ID: i12284293:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue,
 9 Sep 2025 10:47:26 -0400 (EDT)
Received: by mbp.qyliss.net (Postfix, from userid 1000)
	id C6E6116C4563; Tue, 09 Sep 2025 16:47:15 +0200 (CEST)
From: Alyssa Ross <hi@alyssa.is>
To: Demi Marie Obenour <demiobenour@gmail.com>
Subject: Re: [PATCH] scripts/make-erofs.sh: Ensure that / is world-readable
In-Reply-To: <20250908-world-readable-root-v1-1-597c761ba2a0@gmail.com>
References: <20250908-world-readable-root-v1-1-597c761ba2a0@gmail.com>
Date: Tue, 09 Sep 2025 16:47:14 +0200
Message-ID: <87segv8yz1.fsf@alyssa.is>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
	micalg=pgp-sha512; protocol="application/pgp-signature"
Message-ID-Hash: 6SWHB7637MCXEHLEHHL5IUP45644ZPW5
X-Message-ID-Hash: 6SWHB7637MCXEHLEHHL5IUP45644ZPW5
X-MailFrom: hi@alyssa.is
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation;
 header-match-devel.spectrum-os.org-0; header-match-devel.spectrum-os.org-1;
 header-match-devel.spectrum-os.org-2; header-match-devel.spectrum-os.org-3;
 header-match-devel.spectrum-os.org-4; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 digests; suspicious-header
CC: Spectrum OS Development <devel@spectrum-os.org>
X-Mailman-Version: 3.3.9
Precedence: list
List-Id: Patches and low-level development discussion <devel.spectrum-os.org>
Archived-At: 
 <https://spectrum-os.org/lists/hyperkitty/list/devel@spectrum-os.org/message/6SWHB7637MCXEHLEHHL5IUP45644ZPW5/>
List-Archive: 
 <https://spectrum-os.org/lists/hyperkitty/list/devel@spectrum-os.org/>
List-Help: <mailto:devel-request@spectrum-os.org?subject=help>
List-Owner: <mailto:devel-owner@spectrum-os.org>
List-Post: <mailto:devel@spectrum-os.org>
List-Subscribe: <mailto:devel-join@spectrum-os.org>
List-Unsubscribe: <mailto:devel-leave@spectrum-os.org>

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Demi Marie Obenour <demiobenour@gmail.com> writes:

> Previously it had 0700 permissions, which was hidden because everything
> ran as root anyway.  However, dbus-broker fails to start in this case
> because it always drops privileges.  Also set umask to 0022 to ensure
> that the permissions of other directories are correct.
>
> Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
> ---
>  scripts/make-erofs.sh | 10 ++++++++--
>  1 file changed, 8 insertions(+), 2 deletions(-)
>
> diff --git a/scripts/make-erofs.sh b/scripts/make-erofs.sh
> index b47048ad747bd7dfcc28e0f1dfd75ec090fa7e09..5b620be77f2967e45fa1c2b06=
c6acfc3329e46c0 100755
> --- a/scripts/make-erofs.sh
> +++ b/scripts/make-erofs.sh
> @@ -1,6 +1,7 @@
>  #!/bin/sh -eu
>  #
>  # SPDX-FileCopyrightText: 2023-2024 Alyssa Ross <hi@alyssa.is>
> +# SPDX-FileCopyrightText: 2025 Demi Marie Obenour <demiobenour@gmail.com>
>  # SPDX-License-Identifier: EUPL-1.2+
>  #
>  # FIXME: It would be nice to replace this script with a program that
> @@ -8,6 +9,7 @@
>  #        single directory structure, and could generate an EROFS image
>  #        based on source:dest mappings directly.
>=20=20
> +umask 0022 # for permissions

Comment from
https://spectrum-os.org/lists/archives/spectrum-devel/87a535l5h8.fsf@alyssa=
.is/
still applies =E2=80=94 would be nice to have a bit more explanation for th=
is.

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQRV/neXydHjZma5XLJbRZGEIw/wogUCaMA98gAKCRBbRZGEIw/w
ovvjAP9BoVQIxOXtC8/Ta5B6KVmw/4cWXRugx0VV0BhXLsmA5gEAgdsXFhR5W6qQ
h5EHAaxUnuNLQoT2evObQocqrIonUQI=
=z7Yl
-----END PGP SIGNATURE-----
--=-=-=--