sbsign: Make sure output file respects umask (#36083)

2025-03-22 06:50:18 +03:00 · 2025-01-20 14:02:29 +01:00 · 2025-01-20 14:02:29 +01:00 · 5e65856829
commit 5e65856829
parent 2cf9635511 6f594acd63
1 changed files with 6 additions and 2 deletions
--- a/src/sbsign/sbsign.c
+++ b/src/sbsign/sbsign.c
@ -243,17 +243,21 @@ static int verb_sign(int argc, char *argv[], void *userdata) {

        struct stat st;
        if (fstat(srcfd, &st) < 0)
-                return log_debug_errno(errno, "Failed to stat %s: %m", argv[1]);
+                return log_error_errno(errno, "Failed to stat %s: %m", argv[1]);

        r = stat_verify_regular(&st);
        if (r < 0)
-                return log_debug_errno(r, "%s is not a regular file: %m", argv[1]);
+                return log_error_errno(r, "%s is not a regular file: %m", argv[1]);

        _cleanup_(unlink_and_freep) char *tmp = NULL;
        _cleanup_close_ int dstfd = open_tmpfile_linkable(arg_output, O_RDWR|O_CLOEXEC, &tmp);
        if (dstfd < 0)
                return log_error_errno(r, "Failed to open temporary file: %m");

+        r = fchmod_umask(dstfd, 0666);
+        if (r < 0)
+                log_debug_errno(r, "Failed to change temporary file mode: %m");
+
        r = copy_bytes(srcfd, dstfd, UINT64_MAX, COPY_REFLINK);
        if (r < 0)
                return log_error_errno(r, "Failed to copy %s to %s: %m", argv[1], tmp);