phase1: enforce proper umask during signing

[buildbot.git] / phase1 / signall.sh

diff --git a/phase1/signall.sh b/phase1/signall.sh
index f0d80fec232a9cd6f7e9e2f5bd7d80a97d8a12bd..015470dd45ef59628228f64054c2617f954b0a9a 100755 (executable)
--- a/phase1/signall.sh
+++ b/phase1/signall.sh
@@ -17,6 +17,8 @@ if [ ! -f "$tarball" ]; then
        finish 1
 fi
 
+umask 022
+
 mkdir "$tmpdir" || finish 2
 tar -C "$tmpdir/" -xzf "$tarball" || finish 3
 find "$tmpdir/" -type f -not -name "*.gpg" -exec gpg --no-version --batch --yes -a -b ${keyid:+-u "$keyid"} ${comment:+--comment="$comment"} ${passfile:+--passphrase-file "$passfile"} -o "{}.gpg" "{}" \; || finish 4