Arch Linux

snprintf(path, PATH_MAX, "%s/%s-%s", db->path, info->name, info->version);
oldmask = umask(0000);
mkdir(path, 0755);
/* make sure we have a sane umask */
umask(0022);

As far as I can tell from the code snippet above, the umask is correctly set before we write back files to the local DB (alpm_db_write). Any other ideas?

There, my other new laptop that I just installed two days ago has the same problem...
So now I could NREPoduce it twice in 1 week (approx.) :-)

The only pattern I see in the course of some years now is the following:
I use zsh with a config that sets umask to 022 for root, but the bash config
that I use on a fresh install has an umask of 077.

It has to have to do with that.
Other than that I can't see a pattern in the log file that corresponds to the database.

P.S. Granted, after I switch root to zsh and thus umask 022, the problem never arose again.
(I would have noticed, because I build quite a bit of packages and makepkg chokes when some dirs in local/ are 700)

Does this possibly have to do with http://bugs.archlinux.org/task/7461 ?

Has anyone noticed this behavior in a while? We especially need to test with pacman GIT as the install code has changed a good amount with regard to overwriting and permissions checking.

The issue is even worse with pacman-git. And I'd consider it more of a makepkg bug.

I got reminded about this when I was building some font packages today. I've been using umask 077 for a while in .bashrc and had namcap complain several times before about non-world-readable stuff. Oh, and namcap doesn't work with 3.1 packages, probably because .FILELIST is missing? :(

I used http://aur.archlinux.org/packages.php?do_Details=1&ID=8262 (ttf-funfonts) as an example, but I guess any other PKGBUILD using simple cp instead of install should give similar results.

3.0.6:
LICENSE and .INSTALL have 600 permissions

3.1 (20080102):
All files (dirs are ok) are not world-readable.

Are we talking the umask on the DB files here, or the package itself?

If we are talking the package, is it possibly related to  FS#8214 ? Can you insert some debug lines in makepkg to print out your umask inside and out of the fakeroot? I have no way to debug this because I've never experienced this bug.

If PKGBUILDs are using cp instead of install, then this is hard to deal with.

this bug is talking about the DB files... see "metainfo in /var/lib/pacman/local" in original report.

I'm talking about both.

Please separate the issues. The original bug deals with pacman, and what you seemed to describe above is a makepkg issue. Can you open a new bug and copy/paste your comments and description of the bug there? Thanks.

(Err? Ignore that one.)

It's not a separate issue. It's affecting all files in the pkg.tar.gz, no matter whether they end up somewhere in /usr or in /var/lib/pacman/local.

Ok so wait. Here's the pertinent question: what do you want us to do?

If your PKGBUILD is creating files with 600 permissions, how are we to know if they are really supposed to be 644 or if you meant 600?

I would actually go so far as to blame this on the PKGBUILD for not using 'install'

No, it is a completely separate issue.

Packages NEVER touch /var/lib/pacman/local. Never ever. That is pacman's job.

This bug deals ONLY with files in /var/lib/pacman/local/. Your issue deals with files installed everywhere else, where pacman uses the permissions straight from the package and does no umasking of its own. This is _completely different_. I don't care whether you are talking about both- if you see a umask issue with the _packages_, file another bug. If you have issues with _db entries_, then please explain them here. That is all.

I believe the actual issue reported in the bug is fixed here:
http://projects.archlinux.org/git/?p=pacman.git;a=commitdiff;h=5f811dc0207ead061b89d3acc6466bb390fd242e

Yep, it is.

I got the bacula.tar.gz from AUR, unpacked it in an empty dir, which lead to all those build files being chmodded 600.
makepkg went ok, the .INSTALL in the package being still 600, but upon actual installation with pacman all files in the local db got 644 permissions.