Make sure unpacked resources can be accessed by the invoking user

Sometimes we run commands as the invoking user and these commands
should be able to access the resources. If the resources are unpacked
to a temporary directory, this directory will have mode 0700 so we
need to relax the permissions to make sure it can be accessed by the
invoking user.

diff --git a/mkosi/util.py b/mkosi/util.py
index a375dd8058379752ec9b412b2ad96d378171d09c..6b7a9f0f76a0d5b49559ef59ecbc7c6f26982510 100644 (file)
--- a/mkosi/util.py
+++ b/mkosi/util.py
@@ -267,6 +267,14 @@ def resource_path(mod: ModuleType) -> Iterator[Path]:
 
     t = importlib.resources.files(mod)
     with as_file(t) as p:
+        # Make sure any temporary directory that the resources are unpacked in is accessible to the invoking user so
+        # that any commands executed as the invoking user can access files within it.
+        if (
+            p.parent.parent == Path(os.getenv("TMPDIR", "/tmp")) and
+            stat.S_IMODE(p.parent.stat().st_mode) == 0o700
+        ):
+            p.parent.chmod(0o755)
+
         yield p