asymmetric
commented
3 years ago umask supports symbolic arguments, which are IMO more intuitive: umask u=r would be equivalent to umask 0377, IIUC.
Closed ryantm closed 3 years ago
asymmetric
commented
3 years ago umask supports symbolic arguments, which are IMO more intuitive: umask u=r would be equivalent to umask 0377, IIUC.
pennae
commented
3 years ago that's not entirely portable across shells though, eg on bash umask u=r seems to completely recalculate the umask while busybox ash only modifies the current umask with the given modifiers. this could be a problem since the activation script starts out with umask 0022.
asymmetric
commented
3 years ago I’m fine with using numeric values, but we control the shell this script executes with (bash), so portability should not be an issue.
EDIT: or can system.activationScripts be executed with other shells?
pennae
commented
3 years ago activation scripts run under pkgs.runtimeShell, which can theoretically be overridden (and we think someone on irc said they do).
that said, umask u=r,g=,o= should be portable across them all
pennae ryantm: since we see you, i think you inverted the umask in agenix by accident ryantm pennae: Are you talking about https://github.com/ryantm/agenix/blob/8652eb6cf356a7fa1e976fb65972a2e482397187/modules/age.nix#L22 ? pennae yeah ryantm pennae: Could you be more specific what you mean about "inverted"? pennae as it stands it'll clear the owner-read bit and leave all others untouched either we can't brain right now or you probably meant 0177 ryantm pennae: I think you're right; thanks for letting me know. I'll look into fixing it. pennae also there might be a bug with a root secret "something.tmp" and a non-root secret "something" that'll delete the root secret? not sure about that tho