From c174d3c795a906214cf6bd63ffc3618555296db5 Mon Sep 17 00:00:00 2001
From: Irbe Krumina <irbe@tailscale.com>
Date: Wed, 26 Feb 2025 09:02:40 -0800
Subject: [PATCH] scripts/installer.sh: ensure default umask for the installer
 (#15139)

Ensures default Linux umask 022 for the installer script to
make sure that files created by the installer can be accessed
by other tools, such as apt.

Updates tailscale/tailscale#15133

Signed-off-by: Irbe Krumina <irbe@tailscale.com>
---
 scripts/installer.sh | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/scripts/installer.sh b/scripts/installer.sh
index 3bd392b93..388dd5a56 100755
--- a/scripts/installer.sh
+++ b/scripts/installer.sh
@@ -7,6 +7,14 @@
 
 set -eu
 
+# Ensure that this script runs with the default umask for Linux. In practice,
+# this means that files created by this script (such as keyring files) will be
+# created with 644 permissions. This ensures that keyrings and other files
+# created by this script are readable by installers on systems where the
+# umask is set to a more restrictive value.
+# See https://github.com/tailscale/tailscale/issues/15133
+umask 022
+
 # All the code is wrapped in a main function that gets called at the
 # bottom of the file, so that a truncated partial download doesn't end
 # up executing half a script.