From 22331fdadb1b055030a6f68e2bb9eed589187a10 Mon Sep 17 00:00:00 2001
From: Dan McGee <dan@archlinux.org>
Date: Sat, 6 Mar 2010 22:02:36 +1000
Subject: [PATCH] makepkg: Remove setgid bit on srcdir/pkgdir creation

It was noted in FS#17533 that setgid bits are carried down into any created
subdirectories, and thus could end up being in a built package if the
original package directory was marked g+s. When we create src/ and pkg/,
explicitly chmod them to remove any sticky bits.

Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
---
 scripts/makepkg.sh.in | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in
index 8f3e354b..84509f8b 100644
--- a/scripts/makepkg.sh.in
+++ b/scripts/makepkg.sh.in
@@ -1050,6 +1050,7 @@ create_srcpackage() {
 
 	# Get back to our src directory so we can begin with sources.
 	mkdir -p "$srcdir"
+	chmod a-s "$srcdir"
 	cd "$srcdir"
 	download_sources
 	# We can only check checksums if we have all files.
@@ -1731,6 +1732,7 @@ fi
 
 if (( GENINTEG )); then
 	mkdir -p "$srcdir"
+	chmod a-s "$srcdir"
 	cd "$srcdir"
 	download_sources
 	generate_checksums
@@ -1830,6 +1832,7 @@ if (( INFAKEROOT )); then
 		for pkg in ${pkgname[@]}; do
 			pkgdir="$pkgdir/$pkg"
 			mkdir -p "$pkgdir"
+			chmod a-s "$pkgdir"
 			backup_package_variables
 			run_package $pkg
 			tidy_install
@@ -1886,6 +1889,7 @@ umask 0022
 
 # get back to our src directory so we can begin with sources
 mkdir -p "$srcdir"
+chmod a-s "$srcdir"
 cd "$srcdir"
 
 if (( NOEXTRACT )); then
@@ -1921,6 +1925,7 @@ else
 		rm -rf "$pkgdir"
 	fi
 	mkdir -p "$pkgdir"
+	chmod a-s "$pkgdir"
 	cd "$startdir"
 
 	# if we are root or if fakeroot is not enabled, then we don't use it
@@ -1941,6 +1946,7 @@ else
 			for pkg in ${pkgname[@]}; do
 				pkgdir="$pkgdir/$pkg"
 				mkdir -p "$pkgdir"
+				chmod a-s "$pkgdir"
 				backup_package_variables
 				run_package $pkg
 				tidy_install