From d98f4593cf00ab2973f8113e30506861b24383bc Mon Sep 17 00:00:00 2001
From: Carl Dong <contact@carldong.me>
Date: Mon, 22 Feb 2021 16:22:26 -0500
Subject: [PATCH] guix: Explicitly set umask in build container

A difference in system umask value can cause non-determinism when zip
archives are produced. Set it to a reasonable default.
---
 contrib/guix/libexec/build.sh | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/contrib/guix/libexec/build.sh b/contrib/guix/libexec/build.sh
index 72588c54a75..119fe04c753 100644
--- a/contrib/guix/libexec/build.sh
+++ b/contrib/guix/libexec/build.sh
@@ -3,6 +3,16 @@ export LC_ALL=C
 set -e -o pipefail
 export TZ=UTC
 
+# Althought Guix _does_ set umask when building its own packages (in our case,
+# this is all packages in manifest.scm), it does not set it for `guix
+# environment`. It does make sense for at least `guix environment --container`
+# to set umask, so if that change gets merged upstream and we bump the
+# time-machine to a commit which includes the aforementioned change, we can
+# remove this line.
+#
+# This line should be placed before any commands which creates files.
+umask 0022
+
 if [ -n "$V" ]; then
     # Print both unexpanded (-v) and expanded (-x) forms of commands as they are
     # read from this file.