Drop two unneeded calls to umask()

Both these commands write temporary files to the workspace which
are not written to the image, so no need to care about the umask.

diff --git a/mkosi/bootloader.py b/mkosi/bootloader.py
index b1b3d7949aabaf658d6b314d0e3141a4d0c690d7..bc09656723defa675ca159d8ef292049d98762cf 100644 (file)
--- a/mkosi/bootloader.py
+++ b/mkosi/bootloader.py
@@ -711,41 +711,39 @@ def install_systemd_boot(context: Context) -> None:
                 keys.mkdir(parents=True, exist_ok=True)
 
             # sbsiglist expects a DER certificate.
-            with umask(~0o600):
-                run(
-                    [
-                        "openssl",
-                        "x509",
-                        "-outform", "DER",
-                        "-in", workdir(context.config.secure_boot_certificate),
-                        "-out", workdir(context.workspace / "mkosi.der"),
-                    ],
-                    sandbox=context.sandbox(
-                        options=[
-                            "--ro-bind",
-                            context.config.secure_boot_certificate,
-                            workdir(context.config.secure_boot_certificate),
-                            "--bind", context.workspace, workdir(context.workspace),
-                        ],
-                    ),
-                )  # fmt: skip
-
-            with umask(~0o600):
-                run(
-                    [
-                        "sbsiglist",
-                        "--owner", "00000000-0000-0000-0000-000000000000",
-                        "--type", "x509",
-                        "--output", workdir(context.workspace / "mkosi.esl"),
-                        workdir(context.workspace / "mkosi.der"),
+            run(
+                [
+                    "openssl",
+                    "x509",
+                    "-outform", "DER",
+                    "-in", workdir(context.config.secure_boot_certificate),
+                    "-out", workdir(context.workspace / "mkosi.der"),
+                ],
+                sandbox=context.sandbox(
+                    options=[
+                        "--ro-bind",
+                        context.config.secure_boot_certificate,
+                        workdir(context.config.secure_boot_certificate),
+                        "--bind", context.workspace, workdir(context.workspace),
                     ],
-                    sandbox=context.sandbox(
-                        options=[
-                            "--bind", context.workspace, workdir(context.workspace),
-                            "--ro-bind", context.workspace / "mkosi.der", workdir(context.workspace / "mkosi.der"),  # noqa: E501
-                        ]
-                    ),
-                )  # fmt: skip
+                ),
+            )  # fmt: skip
+
+            run(
+                [
+                    "sbsiglist",
+                    "--owner", "00000000-0000-0000-0000-000000000000",
+                    "--type", "x509",
+                    "--output", workdir(context.workspace / "mkosi.esl"),
+                    workdir(context.workspace / "mkosi.der"),
+                ],
+                sandbox=context.sandbox(
+                    options=[
+                        "--bind", context.workspace, workdir(context.workspace),
+                        "--ro-bind", context.workspace / "mkosi.der", workdir(context.workspace / "mkosi.der"),  # noqa: E501
+                    ]
+                ),
+            )  # fmt: skip
 
             # We reuse the key for all secure boot databases to keep things simple.
             for db in ["PK", "KEK", "db"]: