21317: tweak project spec Arvados-DCO-1.1-Signed-off-by: Lisa Knox <lisa.knox@curii...

[arvados.git] / build / run-build-packages-one-target.sh

diff --git a/build/run-build-packages-one-target.sh b/build/run-build-packages-one-target.sh
index 1ba06fd3688828897efee4d531eee5ea06f7f51e..be97ef0d130e1c197bfbdf6d9cc4a2b79002998e 100755 (executable)
--- a/build/run-build-packages-one-target.sh
+++ b/build/run-build-packages-one-target.sh
@@ -137,12 +137,19 @@ while [ $# -gt 0 ]; do
 done
 
 set -e
+orig_umask="$(umask)"
 
 if [[ -n "$ARVADOS_BUILDING_VERSION" ]]; then
     echo "build version='$ARVADOS_BUILDING_VERSION', package iteration='$ARVADOS_BUILDING_ITERATION'"
 fi
 
 if [[ -n "$test_packages" ]]; then
+  # Packages are built world-readable, so package indexes should be too,
+  # especially because since 2022 apt uses an unprivileged user `_apt` to
+  # retrieve everything.  Ensure it has permissions to read the packages
+  # when mounted as a volume inside the Docker container.
+  chmod a+rx "$WORKSPACE" "$WORKSPACE/packages" "$WORKSPACE/packages/$TARGET"
+  umask 022
   if [[ -n "$(find $WORKSPACE/packages/$TARGET -name '*.rpm')" ]] ; then
     CREATEREPO="$(command -v createrepo createrepo_c | tail -n1)"
     if [[ -z "$CREATEREPO" ]]; then
@@ -179,6 +186,7 @@ if [[ -n "$test_packages" ]]; then
 
   COMMAND="/jenkins/package-testing/test-packages-$TARGET.sh"
   IMAGE="arvados/package-test:$TARGET"
+  umask "$orig_umask"
 else
   IMAGE="arvados/build:$TARGET"
   if [[ "$COMMAND" != "" ]]; then
@@ -203,7 +211,7 @@ if [[ "$SKIP_DOCKER_BUILD" != 1 ]] ; then
     cd $TARGET
     time docker build --tag "$IMAGE" \
         --build-arg HOSTTYPE=$HOSTTYPE \
-        --build-arg BRANCH=$(git rev-parse --abbrev-ref HEAD) \
+        --build-arg BRANCH=$(git rev-parse HEAD) \
         --build-arg GOVERSION=$GOVERSION --no-cache .
     popd
 fi