Yeah, setting it to `chmod 000` in just the symlink branch seems good to me too. Looking at the script more closely, `mode` is always set and so I'm unclear why there is also a `umask 077` at all. Whatever permissions we create the file with, we `chmod` it explicitly before doing anything else. Is that line just there to undo the potential change to `umask` in the mkdirp branch? If so, maybe that should be done explicitly by capturing the old umask? e.g: if test "$mkdirp" ; then umaskorig="$(umask)" umask 022 case "$2" in */*) mkdir -p "${dst%/*}" ;; esac umask "$umaskorig" fi On Thu, 1 Feb 2024 at 00:47, Rich Felker wrote: > On Wed, Jan 31, 2024 at 01:30:21PM +1100, Tim Cuthbertson wrote: > > I'm not subscribed to the mailing list, please CC me on replies. > > > > Installed symlinks (specifically ld-musl-x86_64.so.1 have permissions > 0700 > > on MacOS, which means only the owner (typically root) can read them. > > > > Symlink permissions can't be anything but 0777 on Linux, but on Mac they > > can be set, and in this case are being inherited from the 077 umask in > > install.sh: > > > > ``` > > $ ls -l > > > /nix/store/fgkznmnz1swzp8ck75fa2zvj62pkjgvq-musl-x86_64-unknown-linux-musl-1.2.3/lib/ld-musl-x86_64.so.1 > > ls: cannot read symbolic link > > > '/nix/store/fgkznmnz1swzp8ck75fa2zvj62pkjgvq-musl-x86_64-unknown-linux-musl-1.2.3/lib/ld-musl-x86_64.so.1': > > Permission denied > > lrwx------ 1 root wheel 7 Jan 1 1970 > > > /nix/store/fgkznmnz1swzp8ck75fa2zvj62pkjgvq-musl-x86_64-unknown-linux-musl-1.2.3/lib/ld-musl-x86_64.so.1 > > ``` > > > > My fix (attached) is to use `umask 022`, which was already being used to > > make directories. It's not practical to fix this by specifying the > intended > > permissions for this symlink, as setting link permissions requires the > > nonstandard `-h` chmod flag, which presumably fails on other platforms. > > > > First discovered when cross-building on MacOS for linux: > > https://github.com/NixOS/nixpkgs/issues/285141 > > > > I've tested the fix works in nix. I am fairly confident the same issue > > exists outside of Nix given the fix, but I haven't built musl before and > > ran into unrelated errors. > > > > Thanks, > > - Tim > > Thanks for catching this. Do you think it might be better to put umask > 000 inside the symlink case instead of just reusing the 022 from dir? > 000 seems like what you actually want to fix the symlink behavior. > > Alternatively maybe we should set umask to the complement of the > desired mode? > > Rich >