From dff449ee9e2c88fb362f2629d66df74c2f65264a Mon Sep 17 00:00:00 2001 From: Tim Hockin Date: Tue, 5 May 2020 16:28:43 -0700 Subject: [PATCH] Set umask 0022 when building Some binaries now run as non-root (kube-scheduler). When umask is 0027, for example, the container image we build has the binary 0750, which is not executable by the non-root UID. --- hack/lib/golang.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hack/lib/golang.sh b/hack/lib/golang.sh index f1c0a3e10ef..b1e42acee5a 100755 --- a/hack/lib/golang.sh +++ b/hack/lib/golang.sh @@ -523,6 +523,10 @@ kube::golang::setup_env() { # This seems to matter to some tools export GO15VENDOREXPERIMENT=1 + + # This is for sanity. Without it, user umasks leak through into release + # artifacts. + umask 0022 } # This will take binaries from $GOPATH/bin and copy them to the appropriate