blob: 86ed901e0e8dd6bb91b375d184d903ed2a0ff6a5 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
|
#!/bin/sh
#
# Copyright (c) 2007 Johannes Schindelin
#
test_description='Test shared repository initialization'
. ./test-lib.sh
# Remove a default ACL from the test dir if possible.
setfacl -k . 2>/dev/null
# User must have read permissions to the repo -> failure on --shared=0400
test_expect_success 'shared = 0400 (faulty permission u-w)' '
mkdir sub && (
cd sub && git init --shared=0400
)
ret="$?"
rm -rf sub
test $ret != "0"
'
modebits () {
ls -l "$1" | sed -e 's|^\(..........\).*|\1|'
}
for u in 002 022
do
test_expect_success POSIXPERM "shared=1 does not clear bits preset by umask $u" '
mkdir sub && (
cd sub &&
umask $u &&
git init --shared=1 &&
test 1 = "$(git config core.sharedrepository)"
) &&
actual=$(ls -l sub/.git/HEAD)
case "$actual" in
-rw-rw-r--*)
: happy
;;
*)
echo Oops, .git/HEAD is not 0664 but $actual
false
;;
esac
'
rm -rf sub
done
test_expect_success 'shared=all' '
mkdir sub &&
cd sub &&
git init --shared=all &&
test 2 = $(git config core.sharedrepository)
'
test_expect_success POSIXPERM 'update-server-info honors core.sharedRepository' '
: > a1 &&
git add a1 &&
test_tick &&
git commit -m a1 &&
umask 0277 &&
git update-server-info &&
actual="$(ls -l .git/info/refs)" &&
case "$actual" in
-r--r--r--*)
: happy
;;
*)
echo Oops, .git/info/refs is not 0444
false
;;
esac
'
for u in 0660:rw-rw---- \
0640:rw-r----- \
0600:rw------- \
0666:rw-rw-rw- \
0664:rw-rw-r--
do
x=$(expr "$u" : ".*:\([rw-]*\)") &&
y=$(echo "$x" | sed -e "s/w/-/g") &&
u=$(expr "$u" : "\([0-7]*\)") &&
git config core.sharedrepository "$u" &&
umask 0277 &&
test_expect_success POSIXPERM "shared = $u ($y) ro" '
rm -f .git/info/refs &&
git update-server-info &&
actual="$(modebits .git/info/refs)" &&
test "x$actual" = "x-$y" || {
ls -lt .git/info
false
}
'
umask 077 &&
test_expect_success POSIXPERM "shared = $u ($x) rw" '
rm -f .git/info/refs &&
git update-server-info &&
actual="$(modebits .git/info/refs)" &&
test "x$actual" = "x-$x" || {
ls -lt .git/info
false
}
'
done
test_expect_success POSIXPERM 'git reflog expire honors core.sharedRepository' '
umask 077 &&
git config core.sharedRepository group &&
git reflog expire --all &&
actual="$(ls -l .git/logs/refs/heads/master)" &&
case "$actual" in
-rw-rw-*)
: happy
;;
*)
echo Ooops, .git/logs/refs/heads/master is not 0662 [$actual]
false
;;
esac
'
test_expect_success POSIXPERM 'forced modes' '
mkdir -p templates/hooks &&
echo update-server-info >templates/hooks/post-update &&
chmod +x templates/hooks/post-update &&
echo : >random-file &&
mkdir new &&
(
cd new &&
umask 002 &&
git init --shared=0660 --template=../templates &&
>frotz &&
git add frotz &&
git commit -a -m initial &&
git repack
) &&
# List repository files meant to be protected; note that
# COMMIT_EDITMSG does not matter---0mode is not about a
# repository with a work tree.
find new/.git -type f -name COMMIT_EDITMSG -prune -o -print |
xargs ls -ld >actual &&
# Everything must be unaccessible to others
test -z "$(sed -e "/^.......---/d" actual)" &&
# All directories must have either 2770 or 770
test -z "$(sed -n -e "/^drwxrw[sx]---/d" -e "/^d/p" actual)" &&
# post-update hook must be 0770
test -z "$(sed -n -e "/post-update/{
/^-rwxrwx---/d
p
}" actual)" &&
# All files inside objects must be accessible by us
test -z "$(sed -n -e "/objects\//{
/^d/d
/^-r.-r.----/d
p
}" actual)"
'
test_done
|