cmd/go: make module .zip files group/world readable

os.CreateTemp in downloadZip leaves downloaded .zip files readable only
by the owner. Make them group/world readable.

Fixes #52765

Change-Id: Iace13e4ad813201a533a1a5fc0c6d9b2e5349a42
Reviewed-on: https://go-review.googlesource.com/c/go/+/404854
Reviewed-by: Ian Lance Taylor <iant@google.com>
Reviewed-by: Bryan Mills <bcmills@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Bryan Mills <bcmills@google.com>

diff --git a/src/cmd/go/internal/modfetch/fetch.go b/src/cmd/go/internal/modfetch/fetch.go
index 426df9bc04ee0ea7428c0fe3b5703e30f31b9258..2e8c4c8acaacebf311a78124a7ca40abec77cc8d 100644 (file)
--- a/src/cmd/go/internal/modfetch/fetch.go
+++ b/src/cmd/go/internal/modfetch/fetch.go
@@ -242,7 +242,7 @@ func downloadZip(ctx context.Context, mod module.Version, zipfile string) (err e
        // contents of the file (by hashing it) before we commit it. Because the file
        // is zip-compressed, we need an actual file — or at least an io.ReaderAt — to
        // validate it: we can't just tee the stream as we write it.
-       f, err := os.CreateTemp(filepath.Dir(zipfile), tmpPattern)
+       f, err := tempFile(filepath.Dir(zipfile), filepath.Base(zipfile), 0666)
        if err != nil {
                return err
        }