Set umask 0022 when building

thockin · thockin · commit dff449ee9e2c · 2020-05-05T16:28:43.000-07:00
Some binaries now run as non-root (kube-scheduler).  When umask is 0027,
for example, the container image we build has the binary 0750, which is
not executable by the non-root UID.
diff --git a/hack/lib/golang.sh b/hack/lib/golang.sh
@@ -523,6 +523,10 @@ kube::golang::setup_env() {
 
   # This seems to matter to some tools
   export GO15VENDOREXPERIMENT=1
+
+  # This is for sanity.  Without it, user umasks leak through into release
+  # artifacts.
+  umask 0022
 }
 
 # This will take binaries from $GOPATH/bin and copy them to the appropriate

Original file line number	Diff line number	Diff line change
`@@ -523,6 +523,10 @@ kube::golang::setup_env() {`
`523`	`523`
`524`	`524`	`# This seems to matter to some tools`
`525`	`525`	`export GO15VENDOREXPERIMENT=1`
	`526`	`+`
	`527`	`+ # This is for sanity. Without it, user umasks leak through into release`
	`528`	`+ # artifacts.`
	`529`	`+ umask 0022`
`526`	`530`	`}`
`527`	`531`
`528`	`532`	`# This will take binaries from $GOPATH/bin and copy them to the appropriate`