Several folders incorrectly have the SGID bit set:

# ar p ../protonmail-bridge_3.5.3-1_amd64.deb data.tar.gz | tar xz
# tree -p | grep -e "\[.*s.*\]"
└── [drwxr-sr-x]  usr
    ├── [drwxr-sr-x]  lib
    │   └── [drwxr-sr-x]  protonmail
    │           ├── [drwxr-sr-x]  lib
    │           │   ├── [drwxr-sr-x]  cmake
    │           │   │   └── [drwxr-sr-x]  GTest
    │           │   └── [drwxr-sr-x]  pkgconfig
    └── [drwxr-sr-x]  share
        ├── [drwxr-sr-x]  applications
        ├── [drwxr-sr-x]  doc
        │   ├── [drwxr-sr-x]  protonmail
        └── [drwxr-sr-x]  icons
            └── [drwxr-sr-x]  hicolor
                └── [drwxr-sr-x]  scalable
                    └── [drwxr-sr-x]  apps

Expected Behavior

These folders should not have the SGID bit set.

Current Behavior

Starting with 3.5.3 (and also including 3.6.0), the SGID bit is set. With 3.5.1 it was not.

Possible Solution

Steps to Reproduce

1. Download archive.
2. Create temporary directory and cd into it: mkdir tmp; cd tmp
3. Extract with ar p ../protonmail-bridge_3.5.3-1_amd64.deb data.tar.gz | tar xz
4. Observe file permissions: ls -la
5. The behavior is only observable when extracting files as root.

Version Information

3.5.3 (and 3.6.0 as well)

Context (Environment)

I am trying to create a package (for a different OS) from the DEB binary release.

Detailed Description

Possible Implementation

Thanks for the report. We will investigate on our end, internally tracked as GODT-3034.

@ErichRitz I have tried to replicate your steps, but I am unable to get the same results on Ubuntu 22.04 LTS.

I have tried with the 3.5.3 and 3.5.4 release files from Github and no SGID bits are set.

Are you sure that you have no local settings that may affect this?

I wondered the same thing and was unable to reproduce with 3.5.1. (Which is how I noticed the behavior.)

Also I must be user root to observe the behavior. Extracting the files as a normal user apparently prevents the bits from being set.

Here's how to reproduce on Ubuntu 16.04 LTS (that's the only Ubuntu I have a VM for at the moment):

erich@ubuntu1604:~$ mkdir tmp1
erich@ubuntu1604:~$ cd tmp1
erich@ubuntu1604:~/tmp1$ ar p ../protonmail-bridge_3.5.3-1_amd64.deb data.tar.gz | sudo tar xz
erich@ubuntu1604:~/tmp1$ ls -la
total 12
drwxr-sr-x  3 root  root  4096 Oct 11 01:44 .
drwxr-xr-x 22 erich erich 4096 Oct 20 09:05 ..
drwxr-sr-x  5 root  root  4096 Oct 11 01:44 usr
erich@ubuntu1604:~/tmp1$ 

Observe the "r-s" on the group bits.

Note that if logged in as a normal user the "sudo" must be on the "tar xz" command, not "ar p ...".

@ErichRitz, it seems to me that this is issue stems from you extracting the archive as root. There is nothing we can do in this case.