From 260b03cd4895d8b441a20cb8c4374056c4f9f0ca Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Tue, 5 Mar 2024 10:16:39 +0100
Subject: [PATCH] Make sure unpacked resources can be accessed by the invoking
 user

Sometimes we run commands as the invoking user and these commands
should be able to access the resources. If the resources are unpacked
to a temporary directory, this directory will have mode 0700 so we
need to relax the permissions to make sure it can be accessed by the
invoking user.
---
 mkosi/util.py | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/mkosi/util.py b/mkosi/util.py
index a375dd805..6b7a9f0f7 100644
--- a/mkosi/util.py
+++ b/mkosi/util.py
@@ -267,6 +267,14 @@ def resource_path(mod: ModuleType) -> Iterator[Path]:
 
     t = importlib.resources.files(mod)
     with as_file(t) as p:
+        # Make sure any temporary directory that the resources are unpacked in is accessible to the invoking user so
+        # that any commands executed as the invoking user can access files within it.
+        if (
+            p.parent.parent == Path(os.getenv("TMPDIR", "/tmp")) and
+            stat.S_IMODE(p.parent.stat().st_mode) == 0o700
+        ):
+            p.parent.chmod(0o755)
+
         yield p
 
 
-- 
2.47.2