[PATCH] mkimage: fit: don't create image with 0700 permissions
commit 7298e422504e ("mkimage: fit: add support to encrypt image with aes") added a new copyfile() function as part of the FIT image creation flow. This function as currently written creates the final image with a mode of 0700 (before umask), differing from the old behavior of 0666. Since there doesn't seem to be any reason to make the image executable or non-group, non-other readable, change the mask to 0666 to preserve the old behavior.
Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Thomas Hebb tommyhebb@gmail.com ---
tools/fit_image.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/fit_image.c b/tools/fit_image.c index dd61a816c9..4301b5decb 100644 --- a/tools/fit_image.c +++ b/tools/fit_image.c @@ -642,7 +642,7 @@ static int copyfile(const char *src, const char *dst) goto out; }
- fd_dst = open(dst, O_WRONLY | O_CREAT, 0700); + fd_dst = open(dst, O_WRONLY | O_CREAT, 0666); if (fd_dst < 0) { printf("Can't open file %s (%s)\n", dst, strerror(errno)); goto out;
On Sun, Mar 01, 2020 at 10:47:53AM -0800, Thomas Hebb wrote:
commit 7298e422504e ("mkimage: fit: add support to encrypt image with aes") added a new copyfile() function as part of the FIT image creation flow. This function as currently written creates the final image with a mode of 0700 (before umask), differing from the old behavior of 0666. Since there doesn't seem to be any reason to make the image executable or non-group, non-other readable, change the mask to 0666 to preserve the old behavior.
Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Thomas Hebb tommyhebb@gmail.com
Applied to u-boot/master, thanks!
participants (2)
-
Thomas Hebb -
Tom Rini