Ensure downloaded files are world-readable (mga#24636)

mgaapplet and urpm* commands run as a normal user need to be able
to read the downloaded synthesis and info files.

2 files changed, 9 insertions, 0 deletions

diff --git a/NEWS b/NEWS
index fb674969..9f0dbefb 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,5 @@
+- ensure downloaded files are world-readable (mga#24636)
+
 Version 8.117 - 21 June 2019
 
 - ensure urpmi config and cache files are world-readable (mga#24636)
diff --git a/urpm/download.pm b/urpm/download.pm
index 65fdbe3b..0f9eda85 100644
--- a/urpm/download.pm
+++ b/urpm/download.pm
@@ -943,10 +943,17 @@ sub sync_rel {
     my @result_files = map { $all_options->{dir} . '/' . basename($_) } @$rel_files;
     unlink @result_files if $all_options->{preclean};
 
+    #- The files must be world-readable, else mgaapplet and urpm* commands run as
+    #- a normal user won't be able to read them. We enforce umask here in the case
+    #- where the msec security level is set to 'secure' (which means umask 077)
+    #- or where we are run from a gdm-x-session (mga#24636)
+    my $old_umask = umask 0022;
+
     (my $cwd) = getcwd() =~ /(.*)/;
     eval { _sync_webfetch_raw($urpm, $medium, $rel_files, \@files, $all_options) };
     my $err = $@;
     chdir $cwd;
+    umask $old_umask;
     if (!$err) {
 	$urpm->{log}(N("retrieved %s", $files_text));
 	\@result_files;