From 62c0d3ad3ded4b0a0bd7aa70913d41e191b2eabd Mon Sep 17 00:00:00 2001
From: Alexander Larsson <alexl@redhat.com>
Date: Fri, 22 Jan 2016 12:21:49 +0100
Subject: [PATCH] build-export: Never export files you can't read

It makes no sense to have these in a runtime or an app, it just
causes issues.
---
 app/xdg-app-builtins-build-export.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/app/xdg-app-builtins-build-export.c b/app/xdg-app-builtins-build-export.c
index 83f9f282..d5e0f5cd 100644
--- a/app/xdg-app-builtins-build-export.c
+++ b/app/xdg-app-builtins-build-export.c
@@ -135,15 +135,18 @@ commit_filter (OstreeRepo *repo,
                GFileInfo *file_info,
                CommitData *commit_data)
 {
-  guint current_mode;
+  guint mode;
 
   /* No user info */
   g_file_info_set_attribute_uint32 (file_info, "unix::uid", 0);
   g_file_info_set_attribute_uint32 (file_info, "unix::gid", 0);
 
+  mode = g_file_info_get_attribute_uint32 (file_info, "unix::mode");
   /* No setuid */
-  current_mode = g_file_info_get_attribute_uint32 (file_info, "unix::mode");
-  g_file_info_set_attribute_uint32 (file_info, "unix::mode", current_mode & ~07000);
+  mode = mode & ~07000;
+  /* All files readable */
+  mode = mode | 0444;
+  g_file_info_set_attribute_uint32 (file_info, "unix::mode", mode);
 
   if (matches_patterns (commit_data->exclude, path) &&
       !matches_patterns (commit_data->include, path))