From 2448671759dca2b1843d9e1925af73ea7b0eba7a Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Wed, 26 Jun 2024 16:45:32 -0700
Subject: [PATCH] Add `gitutil.WithExec(runWithStandardUmask)` to Git
 invocations

This fixes umask bugs while building from a remote Git URL where `ADD`/`COPY`'d files end up with `666`/`777` permissions instead of `644`/`755`.

Signed-off-by: Tianon Gravi <admwiggin@gmail.com>
---
 source/git/source.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/source/git/source.go b/source/git/source.go
index 1b757500d7a3..9642a55a255f 100644
--- a/source/git/source.go
+++ b/source/git/source.go
@@ -527,7 +527,7 @@ func (gs *gitSourceHandler) Snapshot(ctx context.Context, g session.Group) (out
 		if err := os.MkdirAll(checkoutDir, 0711); err != nil {
 			return nil, err
 		}
-		checkoutGit := git.New(gitutil.WithWorkTree(checkoutDir), gitutil.WithGitDir(checkoutDirGit))
+		checkoutGit := git.New(gitutil.WithExec(runWithStandardUmask), gitutil.WithWorkTree(checkoutDir), gitutil.WithGitDir(checkoutDirGit))
 		_, err = checkoutGit.Run(ctx, "-c", "init.defaultBranch=master", "init")
 		if err != nil {
 			return nil, err
@@ -586,7 +586,7 @@ func (gs *gitSourceHandler) Snapshot(ctx context.Context, g session.Group) (out
 				return nil, errors.Wrapf(err, "failed to create temporary checkout dir")
 			}
 		}
-		checkoutGit := git.New(gitutil.WithWorkTree(cd), gitutil.WithGitDir(gitDir))
+		checkoutGit := git.New(gitutil.WithExec(runWithStandardUmask), gitutil.WithWorkTree(cd), gitutil.WithGitDir(gitDir))
 		_, err = checkoutGit.Run(ctx, "checkout", ref, "--", ".")
 		if err != nil {
 			return nil, errors.Wrapf(err, "failed to checkout remote %s", urlutil.RedactCredentials(gs.src.Remote))
@@ -620,7 +620,7 @@ func (gs *gitSourceHandler) Snapshot(ctx context.Context, g session.Group) (out
 		}
 	}
 
-	git = git.New(gitutil.WithWorkTree(checkoutDir), gitutil.WithGitDir(gitDir))
+	git = git.New(gitutil.WithExec(runWithStandardUmask), gitutil.WithWorkTree(checkoutDir), gitutil.WithGitDir(gitDir))
 	_, err = git.Run(ctx, "submodule", "update", "--init", "--recursive", "--depth=1")
 	if err != nil {
 		return nil, errors.Wrapf(err, "failed to update submodules for %s", urlutil.RedactCredentials(gs.src.Remote))