almet/dangerzone
1
0
Fork 0
mirror of https://github.com/freedomofpress/dangerzone.git synced 2025-04-28 18:02:38 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 11

install: Detect bad file permissions in RPMs

Browse source 
When building the Dangerzone RPM package, detect if the files bundled in
it have any incorrect permissions. We have seen in the past that
building RPMs from the Dangerzone source, mounted to a macOS Docker
container, can lead to files readable only by the root user (600 /
rw-------).

Refs #727
This commit is contained in:
Alex Pyrgiotis 2024-05-27 19:04:49 +03:00
parent d97d04b911
commit a22f12ab6a
No known key found for this signature in database
GPG key ID: B6C15EBA0357C9AA
1 changed files with 11 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
install/linux/dangerzone.spec
View file

@ -258,6 +258,17 @@ install -m 755 -d %{buildroot}/etc/qubes-rpc
install -m 755 qubes/* %{buildroot}/etc/qubes-rpc
%endif
%check
# Detect if the filesystem has been affecting our file permissions.
bad_files=$(find %{buildroot} -perm 0600)
if [ -n "${bad_files}" ]; then
echo "Error while building the Dangerzone RPM. Detected the following files with wrong permissions (600):"
echo ${bad_files}
echo ""
echo "For more info about this error, see https://github.com/freedomofpress/dangerzone/issues/727"
exit 1
fi
%files -f %{pyproject_files}
/usr/bin/dangerzone
/usr/bin/dangerzone-cli