X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/75aee7b3d5b6c8e84e25e71eefe88040d8a12022..f3f37dd8d68c386d94904f10befdeef21201921a:/build/run-build-packages-one-target.sh

diff --git a/build/run-build-packages-one-target.sh b/build/run-build-packages-one-target.sh
index 1ba06fd368..be97ef0d13 100755
--- a/build/run-build-packages-one-target.sh
+++ b/build/run-build-packages-one-target.sh
@@ -137,12 +137,19 @@ while [ $# -gt 0 ]; do
 done
 
 set -e
+orig_umask="$(umask)"
 
 if [[ -n "$ARVADOS_BUILDING_VERSION" ]]; then
     echo "build version='$ARVADOS_BUILDING_VERSION', package iteration='$ARVADOS_BUILDING_ITERATION'"
 fi
 
 if [[ -n "$test_packages" ]]; then
+  # Packages are built world-readable, so package indexes should be too,
+  # especially because since 2022 apt uses an unprivileged user `_apt` to
+  # retrieve everything.  Ensure it has permissions to read the packages
+  # when mounted as a volume inside the Docker container.
+  chmod a+rx "$WORKSPACE" "$WORKSPACE/packages" "$WORKSPACE/packages/$TARGET"
+  umask 022
   if [[ -n "$(find $WORKSPACE/packages/$TARGET -name '*.rpm')" ]] ; then
     CREATEREPO="$(command -v createrepo createrepo_c | tail -n1)"
     if [[ -z "$CREATEREPO" ]]; then
@@ -179,6 +186,7 @@ if [[ -n "$test_packages" ]]; then
 
   COMMAND="/jenkins/package-testing/test-packages-$TARGET.sh"
   IMAGE="arvados/package-test:$TARGET"
+  umask "$orig_umask"
 else
   IMAGE="arvados/build:$TARGET"
   if [[ "$COMMAND" != "" ]]; then
@@ -203,7 +211,7 @@ if [[ "$SKIP_DOCKER_BUILD" != 1 ]] ; then
     cd $TARGET
     time docker build --tag "$IMAGE" \
 	 --build-arg HOSTTYPE=$HOSTTYPE \
-	 --build-arg BRANCH=$(git rev-parse --abbrev-ref HEAD) \
+	 --build-arg BRANCH=$(git rev-parse HEAD) \
 	 --build-arg GOVERSION=$GOVERSION --no-cache .
     popd
 fi