Merge #21271: guix: Explicitly set umask in build container

d98f4593cf00ab2973f8113e30506861b24383bc guix: Explicitly set umask in build container (Carl Dong)

Pull request description:

  Opened as a separate PR to fix non-reproducibility found through testing here: https://github.com/bitcoin/bitcoin/pull/21089#issuecomment-783549633

  Many thanks to everyone who helped find this!

ACKs for top commit:
  laanwj:
    ACK d98f4593cf00ab2973f8113e30506861b24383bc
  fanquake:
    ACK d98f4593cf00ab2973f8113e30506861b24383bc - I'm seeing matching hashes.

Tree-SHA512: ea339c3902f2f4dea32e8ef5cc675a1df0679530881260ae999aaaf7339d5b12c46e01e58677cbb079f33e573ad105e2b443a835f3e944ef8e943a25f83027f1
This commit is contained in:
fanquake 2021-02-25 08:20:22 +08:00 committed by PastaPastaPasta
parent 12a586e35a
commit 0b78348aa1

View File

@ -3,6 +3,16 @@ export LC_ALL=C
set -e -o pipefail
export TZ=UTC
# Althought Guix _does_ set umask when building its own packages (in our case,
# this is all packages in manifest.scm), it does not set it for `guix
# environment`. It does make sense for at least `guix environment --container`
# to set umask, so if that change gets merged upstream and we bump the
# time-machine to a commit which includes the aforementioned change, we can
# remove this line.
#
# This line should be placed before any commands which creates files.
umask 0022
if [ -n "$V" ]; then
# Print both unexpanded (-v) and expanded (-x) forms of commands as they are
# read from this file.