From f28c1c7abe4162a577cb40e505ec706e466a4b7a Mon Sep 17 00:00:00 2001
From: Paper <paper@tilde.institute>
Date: Tue, 9 Mar 2021 17:10:07 +0100
Subject: [PATCH] common/hooks/post-install: add fix permissions hook

---
 .../hooks/post-install/14-fix-permissions.sh  | 25 +++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 common/hooks/post-install/14-fix-permissions.sh

diff --git a/common/hooks/post-install/14-fix-permissions.sh b/common/hooks/post-install/14-fix-permissions.sh
new file mode 100644
index 000000000000..788833166439
--- /dev/null
+++ b/common/hooks/post-install/14-fix-permissions.sh
@@ -0,0 +1,25 @@
+# This hook fixes permissions in common places
+
+change_file_perms() {
+	dir="$PKGDESTDIR$1"
+	# permission mask for matching the files
+	permmask="$2"
+	# permissions which will be set on matched files
+	perms="$3"
+	if [ -d "$dir" ]; then
+        find "$dir" -type f -perm /"$permmask" -exec chmod -v "$perms" {} +
+    fi
+}
+
+hook() {
+	# check that no files have permission write for all users
+	find "$PKGDESTDIR" -type f -perm -0002 | while read -r file; do
+		msg_error "$pkgver: file ${file#$PKGDESTDIR} has a write permission for all users\n"
+	done
+
+	change_file_perms "/usr/share/man" 133 644
+	change_file_perms "/etc/apparmor.d" 111 644
+	change_file_perms "/usr/share/applications" 133 644
+	change_file_perms "/usr/include" 133 644
+	change_file_perms "/usr/icons" 133 644
+}