buildextend-hashlist-experimental: make tmp checkout readable

We are changing the 'find' invocation permissions to access the /etc/credstore directory.'find' can't recurse into '/etc/credstore', we add 'x' so that it can recurse into it. With '+', 'find' accumulates paths and runs 'chmod' once (or batched by the arg limit). But for this, we need it to 'chmod' the dir before it tries to recurse into it, so we change to ';'. Fixes: coreos/fedora-coreos-tracker#1429
coreos · Mar 6, 2023 · 4893e0e · 4893e0e
1 parent e68fb2f
commit 4893e0e
Showing 1 changed file with 5 additions and 3 deletions.
diff --git a/src/cmd-buildextend-hashlist-experimental b/src/cmd-buildextend-hashlist-experimental
@@ -91,10 +91,12 @@ class HashListV1(dict):
             'ostree', 'checkout',
             '--repo=tmp/repo', '-U',
             self._metadata['ostree-commit'], checkout])
-        # Force all dirs to be owner writable so that we can delete the
-        # checkout at the end. XXX: Lower into a new `ostree checkout` flag.
+        #  Make all dirs in 'tmp' checkout readable.
+        #  'find' can't recurse into tmp dir files, we add 'x' so that it can recurse into it.
+        #  With '+', 'find' accumulates paths and runs 'chmod' once (or batched by the arg limit).
+        #  To 'chmod' the dir before it tries to recurse into it, we use ';'.
         subprocess.check_call(['find', checkout, '-type', 'd', '-exec',
-                               'chmod', 'u+w', '{}', '+'])
+                               'chmod', 'u+rwx', '{}', ';'])
         self.hash_from_path(checkout)
 
         # Extract initramfs contents