From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Tue, 5 Mar 2024 09:16:39 +0000 (+0100)
Subject: Make sure unpacked resources can be accessed by the invoking user
X-Git-Tag: v21~10^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F2444%2Fhead;p=thirdparty%2Fmkosi.git

Make sure unpacked resources can be accessed by the invoking user

Sometimes we run commands as the invoking user and these commands
should be able to access the resources. If the resources are unpacked
to a temporary directory, this directory will have mode 0700 so we
need to relax the permissions to make sure it can be accessed by the
invoking user.
---

diff --git a/mkosi/util.py b/mkosi/util.py
index a375dd805..6b7a9f0f7 100644
--- a/mkosi/util.py
+++ b/mkosi/util.py
@@ -267,6 +267,14 @@ def resource_path(mod: ModuleType) -> Iterator[Path]:
 
     t = importlib.resources.files(mod)
     with as_file(t) as p:
+        # Make sure any temporary directory that the resources are unpacked in is accessible to the invoking user so
+        # that any commands executed as the invoking user can access files within it.
+        if (
+            p.parent.parent == Path(os.getenv("TMPDIR", "/tmp")) and
+            stat.S_IMODE(p.parent.stat().st_mode) == 0o700
+        ):
+            p.parent.chmod(0o755)
+
         yield p