From f27b8d7a11f261d0b15ca1a7871a497936bd1ee9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Buclin?= <LpSolit@netscape.net>
Date: Fri, 24 Mar 2017 20:06:01 +0100
Subject: Make sure that urpmi.cfg is world-readable so that mgaapplet can read
 it (mga#9386)

---
 NEWS          | 2 ++
 urpm/media.pm | 4 ++++
 2 files changed, 6 insertions(+)

diff --git a/NEWS b/NEWS
index d9772de3..9081ccf0 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,5 @@
+- Make sure that urpmi.cfg is world-readable (mga#9386)
+
 Version 8.106 - 6 December 2016
 
 - skip kernel-firmware-nonfree too when considering real kernels
diff --git a/urpm/media.pm b/urpm/media.pm
index 453e7ed8..9dac029f 100644
--- a/urpm/media.pm
+++ b/urpm/media.pm
@@ -551,6 +551,10 @@ sub write_urpmi_cfg {
     };
     remove_passwords_and_write_private_netrc($urpm, $config);
 
+    # urpmi.cfg must be world-readable, else mgaapplet won't be able to read it
+    # as it is executed from the user session. We enforce umask here in the case
+    # where the msec security level is set to 'secure' (which means umask 077).
+    umask 0022;
     urpm::cfg::dump_config($urpm->{config}, $config)
 	or $urpm->{fatal}(6, N("unable to write config file [%s]", $urpm->{config}));
 
-- 
cgit v1.2.1