From fae1978669fe12485edc13ed9a83ebb1479fa3e2 Mon Sep 17 00:00:00 2001
From: Eric Wong <normalperson@yhbt.net>
Date: Fri, 2 Oct 2009 18:17:26 -0700
Subject: verify liberal file permissions when packaging

Prevent non-umask 0022 shells from generating releases.
Thanks for Jay Reitz for spotting this and reporting
promptly to me; all of my Ruby and gem installations
are done as a regular user so I never would've noticed.
---
 GNUmakefile | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/GNUmakefile b/GNUmakefile
index 3ba3b5f..9fa75db 100644
--- a/GNUmakefile
+++ b/GNUmakefile
@@ -223,24 +223,29 @@ $(release_notes):
 
 # ensures we're actually on the tagged $(VERSION), only used for release
 verify:
+	test x"$(shell umask)" = x0022
 	git rev-parse --verify refs/tags/v$(VERSION)^{}
 	git diff-index --quiet HEAD^0
 	test `git rev-parse --verify HEAD^0` = \
 	     `git rev-parse --verify refs/tags/v$(VERSION)^{}`
 
+fix-perms:
+	git ls-tree -r HEAD | awk '/^100644 / {print $$NF}' | xargs chmod 644
+	git ls-tree -r HEAD | awk '/^100755 / {print $$NF}' | xargs chmod 755
+
 gem: $(pkggem)
 
 install-gem: $(pkggem)
 	gem install $(CURDIR)/$<
 
-$(pkggem): manifest
+$(pkggem): manifest fix-perms
 	gem build $(rfpackage).gemspec
 	mkdir -p pkg
 	mv $(@F) $@
 
 $(pkgtgz): distdir = $(basename $@)
 $(pkgtgz): HEAD = v$(VERSION)
-$(pkgtgz): manifest
+$(pkgtgz): manifest fix-perms
 	@test -n "$(distdir)"
 	$(RM) -r $(distdir)
 	mkdir -p $(distdir)
-- 
cgit v1.2.3-24-ge0c7