From: Owen Avery <powerboat9.gamer@gmail.com>
Date: Thu, 25 Apr 2024 17:08:14 +0000 (-0400)
Subject: Check for writes outside of the build directory
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=1a030d34cd79900be410de5fc95b18d3109a79cd;p=thirdparty%2Fgcc.git

Check for writes outside of the build directory

ChangeLog:

	* .github/workflows/ccpp.yml: Make files outside the build
	directory read-only.

Signed-off-by: Owen Avery <powerboat9.gamer@gmail.com>
---

diff --git a/.github/workflows/ccpp.yml b/.github/workflows/ccpp.yml
index 571d03183f4b..5485763c0560 100644
--- a/.github/workflows/ccpp.yml
+++ b/.github/workflows/ccpp.yml
@@ -44,6 +44,9 @@ jobs:
           # install Rust directly using rustup
           curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain=1.72.0;
 
+    - name: Make Source Read-Only
+      run: chmod -R a-w ./*
+
     - name: Configure
       run: |
            mkdir -p gccrs-build;
@@ -125,6 +128,9 @@ jobs:
           # install Rust directly using rustup
           curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain=1.72.0;
 
+    - name: Make Source Read-Only
+      run: chmod -R a-w ./*
+
     - name: Configure
       run: |
            mkdir -p gccrs-build;
@@ -207,6 +213,9 @@ jobs:
           # install Rust directly using rustup
           curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain=1.72.0;
 
+    - name: Make Source Read-Only
+      run: chmod -R a-w ./*
+
     - name: Configure
       run: |
            mkdir -p gccrs-build;
@@ -290,6 +299,9 @@ jobs:
           # install Rust directly using rustup
           curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain=1.72.0;
 
+    - name: Make Source Read-Only
+      run: chmod -R a-w ./*
+
     - name: Configure
       run: |
            mkdir -p gccrs-build;
@@ -349,6 +361,9 @@ jobs:
           # install Rust directly using rustup
           curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain=1.72.0;
 
+    - name: Make Source Read-Only
+      run: chmod -R a-w ./*
+
     - name: Configure
       run: |
            mkdir -p gccrs-build;
@@ -418,6 +433,9 @@ jobs:
           # install Rust directly using rustup
           curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain=1.72.0;
 
+    - name: Make Source Read-Only
+      run: chmod -R a-w ./*
+
     - name: Configure
       run: |
            mkdir -p gccrs-build;