new-updates-sync: set umask to be more permissive for ostree operations

See https://github.com/ostreedev/ostree/pull/1984 where OSTree was
changed to try to set group write on directories. We need to set a more
permissive umask to take advantage of it.

This is all done to support writing to the OSTree repo from OpenShift
projects that run as a random UID, but have ftpsync (gid:263) in their
supplemental groups. For more context see: https://pagure.io/releng/issue/8811#comment-629051

roles/bodhi2/backend/files/new-updates-sync

@@ -234,16 +234,22 @@ def sync_ostree(dst, ref):
     if src_commit == dst_commit:
         logger.info('OSTree at %s, ref %s in sync', dst, ref)
     else:
-        print('Syncing ostree ref %s: %s -> %s'
+        # Set the umask to be more permissive so directories get group write
-              % (ref, src_commit, dst_commit))
+        # https://github.com/ostreedev/ostree/pull/1984
-        logger.info('Syncing OSTree to %s, ref %s: %s -> %s',
+        oldumask = os.umask(0o0002)
-                    dst, ref, src_commit, dst_commit)
+        try:
-        cmd = ['ostree', 'pull-local', '--verbose', '--repo',
+            print('Syncing ostree ref %s: %s -> %s'
-               dst, OSTREESOURCE, ref]
+                  % (ref, src_commit, dst_commit))
-        out = run_command(cmd)
+            logger.info('Syncing OSTree to %s, ref %s: %s -> %s',
-        cmd = ['ostree', 'summary', '--verbose', '--repo', dst, '--update']
+                        dst, ref, src_commit, dst_commit)
-        run_command(cmd)
+            cmd = ['ostree', 'pull-local', '--verbose', '--repo',
-        print('Ostree ref %s now at %s' % (ref, src_commit))
+                   dst, OSTREESOURCE, ref]
+            out = run_command(cmd)
+            cmd = ['ostree', 'summary', '--verbose', '--repo', dst, '--update']
+            run_command(cmd)
+            print('Ostree ref %s now at %s' % (ref, src_commit))
+        finally:
+            os.umask(oldumask)
 
 
 def update_fullfilelist(modules):