From a5794dde78340a9bceffe31fdc58cd5d355cfc86 Mon Sep 17 00:00:00 2001
From: Tim Gover <tim.gover@raspberrypi.com>
Date: Tue, 21 Jul 2020 16:06:10 +0100
Subject: [PATCH] rpi-eeprom-update: Set file permissions on the EEPROM update
 files

Normally BOOTFS is a local FAT partition but with NFS it's possible
that the NFS mount of /boot is not setup to have the equivalent
permissions as /boot. Set the .upd,.sig files to be readable by
all users to to avoid the case where the file is visible to root on the
Pi but is not readable by the TFTP daemon on the server.
---
 rpi-eeprom-update | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/rpi-eeprom-update b/rpi-eeprom-update
index 710480e..6a936fa 100755
--- a/rpi-eeprom-update
+++ b/rpi-eeprom-update
@@ -164,12 +164,18 @@ applyRecoveryUpdate()
 
         cp -f "${TMP_EEPROM_IMAGE}" "${BOOTFS}/pieeprom.upd" \
                 || die "Failed to copy ${TMP_EEPROM_IMAGE} to ${BOOTFS}"
+
+        # For NFS mounts ensure that the files are readable to the TFTP user
+        chmod -f go+r "${BOOTFS}/pieeprom.upd" "${BOOTFS}/pieeprom.sig"
    fi
 
    if [ -n "${VL805_UPDATE_IMAGE}" ]; then
         sha256sum "${VL805_UPDATE_IMAGE}" | awk '{print $1}' > "${BOOTFS}/vl805.sig" \
                 || die "Failed to create ${BOOTFS}/vl805.sig"
         cp -f "${VL805_UPDATE_IMAGE}" "${BOOTFS}/vl805.bin"
+
+        # For NFS mounts ensure that the files are readable to the TFTP user
+        chmod -f go+r "${BOOTFS}/vl805.bin" "${BOOTFS}/vl805.sig"
    fi
 
    cp -f "${RECOVERY_BIN}" "${BOOTFS}/recovery.bin" \