do not recursively chmod /etc/apt/keyrings
This step in the installation script was added to take non-standard umasks
into account (which is sometimes the case on some cloud providers).
The existing command was changing modes a bit too eagerly, as it recursively
set the "execute" bit, which would not only affect the /etc/apt/keyrings
directory, but also any file inside it (including files we don't own);
mkdir -m 0700 keyrings
touch keyrings/one.sh
touch keyrings/docker.gpg
ls -al keyrings/
total 8
drwx------ 4 root root 128 May 7 11:43 .
drwx------ 17 root root 544 May 7 11:43 ..
-rw-r--r-- 1 root root 0 May 7 11:43 docker.gpg
-rw-r--r-- 1 root root 0 May 7 11:43 one.sh
chmod -R a+rx keyrings
ls -al keyrings/
total 0
drwxr-xr-x 4 root root 128 May 7 11:43 .
drwx------ 17 root root 544 May 7 11:43 ..
-rwxr-xr-x 1 root root 0 May 7 11:43 docker.gpg
-rwxr-xr-x 1 root root 0 May 7 11:43 one.sh
This patch changes the script to use `install`, which creates the directory
if it doesn't exist, and sets the permissions on the directory itself, without
recursing to files inside it:
mkdir -m 0700 keyrings2
touch keyrings2/one.sh
touch keyrings2/docker.gpg
ls -al keyrings2/
total 8
drwx------ 2 root root 4096 May 7 11:44 .
drwxr-xr-x 1 root root 4096 May 7 11:44 ..
-rw-r--r-- 1 root root 0 May 7 11:44 docker.gpg
-rw-r--r-- 1 root root 0 May 7 11:44 one.sh
install -m 0755 -d keyrings2/
total 8
drwxr-xr-x 2 root root 4096 May 7 11:44 .
drwxr-xr-x 1 root root 4096 May 7 11:44 ..
-rw-r--r-- 1 root root 0 May 7 11:44 docker.gpg
-rw-r--r-- 1 root root 0 May 7 11:44 one.sh
Changing permissions of the `docker.gpg` file itself is already handled
separately through `chmod a+r /etc/apt/keyrings/docker.gpg`.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
Sebastiaan van Stijn
Родитель
092c8db70a
Коммит
24bb4ae8a0
|
|
@ -415,7 +415,7 @@ do_install() {
|
|||
fi
|
||||
$sh_c 'apt-get update -qq >/dev/null'
|
||||
$sh_c "DEBIAN_FRONTEND=noninteractive apt-get install -y -qq $pre_reqs >/dev/null"
|
||||
$sh_c 'mkdir -p /etc/apt/keyrings && chmod -R 0755 /etc/apt/keyrings'
|
||||
$sh_c 'install -m 0755 -d /etc/apt/keyrings'
|
||||
$sh_c "curl -fsSL \"$DOWNLOAD_URL/linux/$lsb_dist/gpg\" | gpg --dearmor --yes -o /etc/apt/keyrings/docker.gpg"
|
||||
$sh_c "chmod a+r /etc/apt/keyrings/docker.gpg"
|
||||
$sh_c "echo \"$apt_repo\" > /etc/apt/sources.list.d/docker.list"
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче