commit: e9d9a46d5115e5c75085f335bded4badbce05673 Author: Francisco Blas (klondike) Izquierdo Riera <klondike <AT> gentoo <DOT> org> AuthorDate: Mon Dec 2 18:27:29 2019 +0000 Commit: Matthew Thode <prometheanfire <AT> gentoo <DOT> org> CommitDate: Mon Dec 2 18:51:45 2019 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e9d9a46d
net-firewall/nftables: Touch rules-save with right umask The nftables ebuild contains code to ensure the rules-save file is created so the service will start on systemd based systems. The current code creates the file with default permissions 644 which triggers the code for detecting misconfigured system added to address bug #691326 Instead of just using touch, start a subshell so we can call umask beforehand and address the issue. Bug: https://bugs.gentoo.org/691326 Signed-off-by: Francisco Blas Izquierdo Riera (klondike) <klondike <AT> gentoo.org> Package-Manager: Portage-2.3.76, Repoman-2.3.11 Signed-off-by: Matthew Thode <prometheanfire <AT> gentoo.org> net-firewall/nftables/nftables-0.9.0-r5.ebuild | 2 +- net-firewall/nftables/nftables-0.9.1-r1.ebuild | 2 +- net-firewall/nftables/nftables-0.9.2-r1.ebuild | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/net-firewall/nftables/nftables-0.9.0-r5.ebuild b/net-firewall/nftables/nftables-0.9.0-r5.ebuild index 24530d29291..2ad8c89d4c7 100644 --- a/net-firewall/nftables/nftables-0.9.0-r5.ebuild +++ b/net-firewall/nftables/nftables-0.9.0-r5.ebuild @@ -84,7 +84,7 @@ pkg_postinst() { # In order for the nftables-restore systemd service to start # the save_file must exist. if [[ ! -f "${save_file}" ]]; then - touch "${save_file}" + ( umask 177; touch "${save_file}" ) elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then ewarn "Your system has dangerous permissions for ${save_file}" ewarn "It is probably affected by bug #691326." diff --git a/net-firewall/nftables/nftables-0.9.1-r1.ebuild b/net-firewall/nftables/nftables-0.9.1-r1.ebuild index 5752d73a1b9..ef662d78f71 100644 --- a/net-firewall/nftables/nftables-0.9.1-r1.ebuild +++ b/net-firewall/nftables/nftables-0.9.1-r1.ebuild @@ -130,7 +130,7 @@ pkg_postinst() { # In order for the nftables-restore systemd service to start # the save_file must exist. if [[ ! -f "${save_file}" ]]; then - touch "${save_file}" + ( umask 177; touch "${save_file}" ) elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then ewarn "Your system has dangerous permissions for ${save_file}" ewarn "It is probably affected by bug #691326." diff --git a/net-firewall/nftables/nftables-0.9.2-r1.ebuild b/net-firewall/nftables/nftables-0.9.2-r1.ebuild index d3579794781..f8649c46afa 100644 --- a/net-firewall/nftables/nftables-0.9.2-r1.ebuild +++ b/net-firewall/nftables/nftables-0.9.2-r1.ebuild @@ -125,7 +125,7 @@ pkg_postinst() { # In order for the nftables-restore systemd service to start # the save_file must exist. if [[ ! -f "${save_file}" ]]; then - touch "${save_file}" + ( umask 177; touch "${save_file}" ) elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then ewarn "Your system has dangerous permissions for ${save_file}" ewarn "It is probably affected by bug #691326."
