grafts: Make sure files are not created world-writable.

* guix/build/graft.scm (rewrite-directory): Add 'umask' call.

guix/build/graft.scm

@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2014, 2015 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -118,6 +118,11 @@ file name pairs."
         (else
          (error "unsupported file type" stat)))))
 
+  ;; XXX: Work around occasional "suspicious ownership or permission" daemon
+  ;; errors that arise when we create the top-level /gnu/store/… directory as
+  ;; #o777.
+  (umask #o022)
+
   (n-par-for-each (parallel-job-count)
                   rewrite-leaf (find-files directory)))