From d327b43a434e587dae4817af2bf0ec99d13f3106 Mon Sep 17 00:00:00 2001
From: Stephen Gaito <stephen@perceptisys.co.uk>
Date: Thu, 11 Jun 2020 06:37:23 +0100
Subject: [PATCH] ensure files copied into AppImage Debian archive and Docker
 image are readable added sudo as a build tool

---
 buildScripts/createAppImage      |  8 ++++++++
 buildScripts/createDebianPackage | 12 ++++++++++++
 buildScripts/createDockerImage   |  9 +++++++++
 buildScripts/getBuildTools       |  1 +
 4 files changed, 30 insertions(+)

diff --git a/buildScripts/createAppImage b/buildScripts/createAppImage
index 0526ab1..17c03cf 100755
--- a/buildScripts/createAppImage
+++ b/buildScripts/createAppImage
@@ -36,6 +36,14 @@ make install                                  \
 
 cd ../imageBuild
 
+# Make sure directories can be traversed by nobody
+#
+find appDir -type d -exec chmod 755 {} \;
+#
+# Make sure files can be read by nobody
+#
+find appDir -type f -exec chmod 644 {} \;
+
 # force libfontconfig into AppImage (linuxdeploy blacklists libfontconfig) 
 # (turned off since libfontconfig needs to be matched to the underlying 
 #  OS's collection of fonts and /etc/fonts configuration files) 
diff --git a/buildScripts/createDebianPackage b/buildScripts/createDebianPackage
index 9f600e5..4f7fd34 100755
--- a/buildScripts/createDebianPackage
+++ b/buildScripts/createDebianPackage
@@ -94,6 +94,18 @@ touch $conffilesFile
 #
 cd imageBuild
 #
+# Make sure directories can be traversed by nobody
+#
+find debianDir -type d -exec chmod 755 {} \;
+#
+# Make sure files can be read by nobody
+#
+find debianDir -type f -exec chmod 644 {} \;
+#
+# Make sure root:root owns all files
+#
 sudo chown -R root:root debianDir
 #
+# Build the package
+#
 dpkg --build debianDir $DPKG_NAME
diff --git a/buildScripts/createDockerImage b/buildScripts/createDockerImage
index 0b4fd76..b236682 100755
--- a/buildScripts/createDockerImage
+++ b/buildScripts/createDockerImage
@@ -35,6 +35,15 @@ cd ../imageBuild/dockerDir
 
 copy_deps
 
+# Make sure directories can be traversed by nobody
+#
+find . -type d -exec chmod 755 {} \;
+#
+# Make sure files can be read by nobody
+#
+find . -type f -exec chmod 644 {} \;
+
+
 # Now. IF we have docker, THEN build the docker image...
 
 if [ -x "$(which docker)" ]; then
diff --git a/buildScripts/getBuildTools b/buildScripts/getBuildTools
index 940a00e..a0e8e35 100755
--- a/buildScripts/getBuildTools
+++ b/buildScripts/getBuildTools
@@ -16,6 +16,7 @@ set -ev
 
 sudo apt-get update
 sudo apt-get $UNATTENDED install \
+  sudo                           \
   wget                           \
   git                            \
   pkg-config                     \