From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Tue, 4 Feb 2025 09:57:04 +0000 (+0100)
Subject: Drop two unneeded calls to umask()
X-Git-Tag: v26~420
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d70b67a443462c0d5d1117c3b3f23e367f384e9c;p=thirdparty%2Fmkosi.git

Drop two unneeded calls to umask()

Both these commands write temporary files to the workspace which
are not written to the image, so no need to care about the umask.
---

diff --git a/mkosi/bootloader.py b/mkosi/bootloader.py
index b1b3d7949..bc0965672 100644
--- a/mkosi/bootloader.py
+++ b/mkosi/bootloader.py
@@ -711,41 +711,39 @@ def install_systemd_boot(context: Context) -> None:
                 keys.mkdir(parents=True, exist_ok=True)
 
             # sbsiglist expects a DER certificate.
-            with umask(~0o600):
-                run(
-                    [
-                        "openssl",
-                        "x509",
-                        "-outform", "DER",
-                        "-in", workdir(context.config.secure_boot_certificate),
-                        "-out", workdir(context.workspace / "mkosi.der"),
-                    ],
-                    sandbox=context.sandbox(
-                        options=[
-                            "--ro-bind",
-                            context.config.secure_boot_certificate,
-                            workdir(context.config.secure_boot_certificate),
-                            "--bind", context.workspace, workdir(context.workspace),
-                        ],
-                    ),
-                )  # fmt: skip
-
-            with umask(~0o600):
-                run(
-                    [
-                        "sbsiglist",
-                        "--owner", "00000000-0000-0000-0000-000000000000",
-                        "--type", "x509",
-                        "--output", workdir(context.workspace / "mkosi.esl"),
-                        workdir(context.workspace / "mkosi.der"),
+            run(
+                [
+                    "openssl",
+                    "x509",
+                    "-outform", "DER",
+                    "-in", workdir(context.config.secure_boot_certificate),
+                    "-out", workdir(context.workspace / "mkosi.der"),
+                ],
+                sandbox=context.sandbox(
+                    options=[
+                        "--ro-bind",
+                        context.config.secure_boot_certificate,
+                        workdir(context.config.secure_boot_certificate),
+                        "--bind", context.workspace, workdir(context.workspace),
                     ],
-                    sandbox=context.sandbox(
-                        options=[
-                            "--bind", context.workspace, workdir(context.workspace),
-                            "--ro-bind", context.workspace / "mkosi.der", workdir(context.workspace / "mkosi.der"),  # noqa: E501
-                        ]
-                    ),
-                )  # fmt: skip
+                ),
+            )  # fmt: skip
+
+            run(
+                [
+                    "sbsiglist",
+                    "--owner", "00000000-0000-0000-0000-000000000000",
+                    "--type", "x509",
+                    "--output", workdir(context.workspace / "mkosi.esl"),
+                    workdir(context.workspace / "mkosi.der"),
+                ],
+                sandbox=context.sandbox(
+                    options=[
+                        "--bind", context.workspace, workdir(context.workspace),
+                        "--ro-bind", context.workspace / "mkosi.der", workdir(context.workspace / "mkosi.der"),  # noqa: E501
+                    ]
+                ),
+            )  # fmt: skip
 
             # We reuse the key for all secure boot databases to keep things simple.
             for db in ["PK", "KEK", "db"]: