From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 538CA138334 for ; Mon, 2 Dec 2019 18:52:18 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 23E45E0877; Mon, 2 Dec 2019 18:52:15 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id D9C20E0877 for ; Mon, 2 Dec 2019 18:52:13 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id B189234D6D8 for ; Mon, 2 Dec 2019 18:52:12 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 83E1D8B9 for ; Mon, 2 Dec 2019 18:52:10 +0000 (UTC) From: "Matthew Thode" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Matthew Thode" Message-ID: <1575312705.e9d9a46d5115e5c75085f335bded4badbce05673.prometheanfire@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: net-firewall/nftables/ X-VCS-Repository: repo/gentoo X-VCS-Files: net-firewall/nftables/nftables-0.9.0-r5.ebuild net-firewall/nftables/nftables-0.9.1-r1.ebuild net-firewall/nftables/nftables-0.9.2-r1.ebuild X-VCS-Directories: net-firewall/nftables/ X-VCS-Committer: prometheanfire X-VCS-Committer-Name: Matthew Thode X-VCS-Revision: e9d9a46d5115e5c75085f335bded4badbce05673 X-VCS-Branch: master Date: Mon, 2 Dec 2019 18:52:10 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: ab181b65-b48a-4525-ac7a-9f1a7ce31991 X-Archives-Hash: 8b8cf93668eec1a4e691db4a833e8071 commit: e9d9a46d5115e5c75085f335bded4badbce05673 Author: Francisco Blas (klondike) Izquierdo Riera gentoo org> AuthorDate: Mon Dec 2 18:27:29 2019 +0000 Commit: Matthew Thode gentoo org> CommitDate: Mon Dec 2 18:51:45 2019 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e9d9a46d net-firewall/nftables: Touch rules-save with right umask The nftables ebuild contains code to ensure the rules-save file is created so the service will start on systemd based systems. The current code creates the file with default permissions 644 which triggers the code for detecting misconfigured system added to address bug #691326 Instead of just using touch, start a subshell so we can call umask beforehand and address the issue. Bug: https://bugs.gentoo.org/691326 Signed-off-by: Francisco Blas Izquierdo Riera (klondike) gentoo.org> Package-Manager: Portage-2.3.76, Repoman-2.3.11 Signed-off-by: Matthew Thode gentoo.org> net-firewall/nftables/nftables-0.9.0-r5.ebuild | 2 +- net-firewall/nftables/nftables-0.9.1-r1.ebuild | 2 +- net-firewall/nftables/nftables-0.9.2-r1.ebuild | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/net-firewall/nftables/nftables-0.9.0-r5.ebuild b/net-firewall/nftables/nftables-0.9.0-r5.ebuild index 24530d29291..2ad8c89d4c7 100644 --- a/net-firewall/nftables/nftables-0.9.0-r5.ebuild +++ b/net-firewall/nftables/nftables-0.9.0-r5.ebuild @@ -84,7 +84,7 @@ pkg_postinst() { # In order for the nftables-restore systemd service to start # the save_file must exist. if [[ ! -f "${save_file}" ]]; then - touch "${save_file}" + ( umask 177; touch "${save_file}" ) elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then ewarn "Your system has dangerous permissions for ${save_file}" ewarn "It is probably affected by bug #691326." diff --git a/net-firewall/nftables/nftables-0.9.1-r1.ebuild b/net-firewall/nftables/nftables-0.9.1-r1.ebuild index 5752d73a1b9..ef662d78f71 100644 --- a/net-firewall/nftables/nftables-0.9.1-r1.ebuild +++ b/net-firewall/nftables/nftables-0.9.1-r1.ebuild @@ -130,7 +130,7 @@ pkg_postinst() { # In order for the nftables-restore systemd service to start # the save_file must exist. if [[ ! -f "${save_file}" ]]; then - touch "${save_file}" + ( umask 177; touch "${save_file}" ) elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then ewarn "Your system has dangerous permissions for ${save_file}" ewarn "It is probably affected by bug #691326." diff --git a/net-firewall/nftables/nftables-0.9.2-r1.ebuild b/net-firewall/nftables/nftables-0.9.2-r1.ebuild index d3579794781..f8649c46afa 100644 --- a/net-firewall/nftables/nftables-0.9.2-r1.ebuild +++ b/net-firewall/nftables/nftables-0.9.2-r1.ebuild @@ -125,7 +125,7 @@ pkg_postinst() { # In order for the nftables-restore systemd service to start # the save_file must exist. if [[ ! -f "${save_file}" ]]; then - touch "${save_file}" + ( umask 177; touch "${save_file}" ) elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then ewarn "Your system has dangerous permissions for ${save_file}" ewarn "It is probably affected by bug #691326."