summaryrefslogtreecommitdiffstats
path: root/t/t1301-shared-repo.sh (follow)
Commit message (Collapse)AuthorAgeFilesLines
* init: reset cached config when entering new repoJeff King2016-09-141-0/+32
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | After we copy the templates into place, we re-read the config in case we copied in a default config file. But since git_config() is backed by a cache these days, it's possible that the call will not actually touch the filesystem at all; we need to tell it that something has changed behind the scenes. Note that we also need to reset the shared_repository config. At first glance, it seems like this should probably just be folded into git_config_clear(). But unfortunately that is not quite right. The shared repository value may come from config, _or_ it may have been set manually. So only the caller who knows whether or not they set it is the one who can clear it (and indeed, if you _do_ put it into git_config_clear(), then many tests fail, as we have to clear the config cache any time we set a new config variable). There are three tests here. The first two actually pass already, though it's largely luck: they just don't happen to actually read any config before we enter the new repo. But the third one does fail without this patch; we look at core.sharedrepository while creating the directory, but need to make sure the value from the template config overrides it. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* config: only read .git/config from configured reposJeff King2016-09-141-0/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When git_config() runs, it looks in the system, user-wide, and repo-level config files. It gets the latter by calling git_pathdup(), which in turn calls get_git_dir(). If we haven't set up the git repository yet, this may simply return ".git", and we will look at ".git/config". This seems like it would be helpful (presumably we haven't set up the repository yet, so it tries to find it), but it turns out to be a bad idea for a few reasons: - it's not sufficient, and therefore hides bugs in a confusing way. Config will be respected if commands are run from the top-level of the working tree, but not from a subdirectory. - it's not always true that we haven't set up the repository _yet_; we may not want to do it at all. For instance, if you run "git init /some/path" from inside another repository, it should not load config from the existing repository. - there might be a path ".git/config", but it is not the actual repository we would find via setup_git_directory(). This may happen, e.g., if you are storing a git repository inside another git repository, but have munged one of the files in such a way that the inner repository is not valid (e.g., by removing HEAD). We have at least two bugs of the second type in git-init, introduced by ae5f677 (lazily load core.sharedrepository, 2016-03-11). It causes init to use git_configset(), which loads all of the config, including values from the current repo (if any). This shows up in two ways: 1. If we happen to be in an existing repository directory, we'll read and respect core.sharedrepository from it, even though it should have no bearing on the new repository. A new test in t1301 covers this. 2. Similarly, if we're in an existing repo that sets core.logallrefupdates, that will cause init to fail to set it in a newly created repository (because it thinks that the user's templates already did so). A new test in t0001 covers this. We also need to adjust an existing test in t1302, which gives another example of why this patch is an improvement. That test creates an embedded repository with a bogus core.repositoryformatversion of "99". It wants to make sure that we actually stop at the bogus repo rather than continuing upward to find the outer repo. So it checks that "git config core.repositoryformatversion" returns 99. But that only works because we blindly read ".git/config", even though we _know_ we're in a repository whose vintage we do not understand. After this patch, we avoid reading config from the unknown vintage repository at all, which is a safer choice. But we need to tweak the test, since core.repositoryformatversion will not return 99; it will claim that it could not find the variable at all. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* t1301: use modern test_* helpersJeff King2015-03-201-13/+7
| | | | | | | This shortens the code and fixes some &&-chaining. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* update-server-info: create info/* with mode 0666Jeff King2015-01-061-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | Prior to d38379e (make update-server-info more robust, 2014-09-13), we used a straight "fopen" to create the info/refs and objects/info/packs files, which creates the file using mode 0666 (less the default umask). In d38379e, we switched to creating the file with mkstemp to get a unique filename. But mkstemp also uses the more restrictive 0600 mode to create the file. This was an unintended side effect that we did not want, and causes problems when the repository is served by a different user than the one running update-server-info (it is not readable by a dumb http server running as `www`, for example). We can fix this by using git_mkstemp_mode and specifying 0666 to make sure that the umask is honored. Note that we could also say "just use core.sharedrepository", as we do call adjust_shared_perm on the result before renaming it into place. But that should not be necessary as long as everybody involved is using permissive umask to allow HTTP server to read necessary files. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* t1301: set umask in reflog sharedrepository=group testJeff King2015-01-061-0/+1
| | | | | | | | | | | | The t1301 script sets the umask globally before many of the tests. Most of the tests that care about the umask then set it explicitly at the start of the test. However, one test does not, and relies on the 077 umask setting from earlier tests. This is fragile and can break if another test is added in between. Let's be more explicit. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* Mark t1301 permission test to depend on POSIXPERMJunio C Hamano2009-04-131-6/+6
|\ | | | | | | This prepares the topic for inclusion to master.
| * Merge branch 'jc/shared-literally'Junio C Hamano2009-04-061-0/+37
| |\ | | | | | | | | | | | | | | | | | | | | | | | | * jc/shared-literally: t1301: loosen test for forced modes set_shared_perm(): sometimes we know what the final mode bits should look like move_temp_to_file(): do not forget to chmod() in "Coda hack" codepath Move chmod(foo, 0444) into move_temp_to_file() "core.sharedrepository = 0mode" should set, not loosen
| * | Skip tests that require a filesystem that obeys POSIX permissionsJohannes Sixt2009-03-221-5/+5
| | | | | | | | | | | | Signed-off-by: Johannes Sixt <j6t@kdbg.org>
* | | t1301-shared-repo: fix forced modes testJohannes Sixt2009-04-121-4/+8
| |/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This test was added recently (5a688fe, "core.sharedrepository = 0mode" should set, not loosen; 2009-03-28). It checked the result of a sed invocation for emptyness, but in some cases it forgot to print anything at all, so that those checks would never be false. Due to this mistake, it went unnoticed that the files in objects/info are not necessarily 0440, but can also be 0660. Because the 0mode setting tries to guarantee that the files are accessible only to the people they are meant to be used by, we should only make sure that they are readable by the user and the group when the configuration is set to 0660. It is a separate matter from the core.shredrepository settings that w-bit from immutable object files under objects/[0-9a-f][0-9a-f] directories should be dropped. COMMIT_EDITMSG is still world-readable, but it (and any transient files that are meant for repositories with a work tree) does not matter. If you are working on a shared machine and on a sekrit stuff, the root of the work tree would be with mode 0700 (or 0750 to allow peeking by other people in the group), and that would mean that .git/COMMIT_EDITMSG in such a repository would not be readable by the strangers anyway. Also, in the real-world use case, .git/COMMIT_EDITMSG will be given to an arbitrary editor the user happens to use, and we have no guarantee what it does (e.g. it may create a new file with umask and replace, it may rewrite in place, it may leave an editor backup file but use umask to create it, etc.), and the protection of the file lies majorly on the protection of the root of the work tree. This test cannot be run on Windows; it requires POSIXPERM when merged to 'master'. Signed-off-by: Johannes Sixt <j6t@kdbg.org> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* | t1301: loosen test for forced modesJeff King2009-04-011-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | One of the aspects of the test checked explicitly for the g+s bit to be set on created directories. However, this is only the means to an end (the "end" being having the correct group set). And in fact, on systems where DIR_HAS_BSD_GROUP_SEMANTICS is set, we do not even need to use this "means" at all, causing the test to fail. This patch removes that part of the test. In an ideal world it would be replaced by a test to check that the group was properly assigned, but that is difficult to automate because it requires the user running the test suite be a member of multiple groups. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* | "core.sharedrepository = 0mode" should set, not loosenJunio C Hamano2009-03-281-0/+37
|/ | | | | | | | | | | | | | | | | | | | | | | | | | This fixes the behaviour of octal notation to how it is defined in the documentation, while keeping the traditional "loosen only" semantics intact for "group" and "everybody". Three main points of this patch are: - For an explicit octal notation, the internal shared_repository variable is set to a negative value, so that we can tell "group" (which is to "OR" in 0660) and 0660 (which is to "SET" to 0660); - git-init did not set shared_repository variable early enough to affect the initial creation of many files, notably copied templates and the configuration. We set it very early when a command-line option specifies a custom value. - Many codepaths create files inside $GIT_DIR by various ways that all involve mkstemp(), and then call move_temp_to_file() to rename it to its final destination. We can add adjust_shared_perm() call here; for the traditional "loosen-only", this would be a no-op for many codepaths because the mode is already loose enough, but with the new behaviour it makes a difference. Signed-off-by: Junio C Hamano <gitster@pobox.com>
* Fix testcase failure when extended attributes are in useJunio C Hamano2008-10-201-4/+6
| | | | | | | | | | | | | | | | 06cbe855 (Make core.sharedRepository more generic, 2008-04-16) made several testcases in t1301-shared-repo.sh which fail if on a system which creates files with extended attributes (e.g. SELinux), since ls appends a '+' sign to the permission set in such cases. In fact, POSIX.1 allows ls to add a single printable character after the usual 3x3 permission bits to show that an optional alternate/additional access method is associated with the path. This fixes the testcase to strip any such sign prior to verifying the permission set. Signed-off-by: Junio C Hamano <gitster@pobox.com> Tested-by: Deskin Miller <deskinm@umich.edu>
* t1301-shared-repo.sh: don't let a default ACL interfere with the testMatt McCutchen2008-10-171-0/+3
| | | | | | | | | | | This test creates files with several different umasks and expects their permissions to be initialized according to the umask, so a default ACL on the trash directory (which overrides the umask for files created in that directory) causes the test to fail. To avoid that, remove the default ACL if possible with setfacl(1). Signed-off-by: Matt McCutchen <matt@mattmccutchen.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* Fix backwards-incompatible handling of core.sharedRepositoryPetr Baudis2008-07-121-0/+23
| | | | | | | | | | | | | | | | | | | | 06cbe85 (Make core.sharedRepository more generic, 2008-04-16) broke the traditional setting of core.sharedRepository to true, which was to make the repository group writable: with umask 022, it would clear the permission bits for 'other'. (umask 002 did not exhibit this behaviour since pre-chmod() check in adjust_shared_perm() fails in that case.) The call to adjust_shared_perm() should only loosen the permission. If the user has umask like 022 or 002 that allow others to read, the resulting files should be made readable and writable by group, without restricting the readability by others. This patch fixes the adjust_shared_perm() mode tweak based on Junio's suggestion and adds the appropriate tests to t/t1301-shared-repo.sh. Cc: Heikki Orsila <heikki.orsila@iki.fi> Signed-off-by: Petr Baudis <pasky@suse.cz> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* Make git reflog expire honour core.sharedRepository.Pierre Habouzit2008-06-161-0/+15
| | | | | Signed-off-by: Pierre Habouzit <madcoder@debian.org> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* Make core.sharedRepository more genericHeikki Orsila2008-04-171-0/+50
| | | | | | | | | | | | | | | git init --shared=0xxx, where '0xxx' is an octal number, will create a repository with file modes set to '0xxx'. Users with a safe umask value (0077) can use this option to force file modes. For example, '0640' is a group-readable but not group-writable regardless of user's umask value. Values compatible with old Git versions are written as they were before, for compatibility reasons. That is, "1" for "group" and "2" for "everybody". "git config core.sharedRepository 0xxx" is also handled. Signed-off-by: Heikki Orsila <heikki.orsila@iki.fi> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* t1301-shared-repo.sh: fix 'stat' portability issueArjen Laarhoven2007-08-171-1/+10
| | | | | | | | | The t1301-shared-repo.sh testscript uses /usr/bin/stat to get the file mode, which isn't portable. Implement the test in shell using 'ls' as shown by Junio. Signed-off-by: Arjen Laarhoven <arjen@yaph.org> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* Fix core.sharedRepository = 2Johannes Schindelin2007-07-111-0/+27
For compatibility reasons, "git init --shared=all" does not write "all" into the config, but a number. In the shared setup, you really have to support even older clients on the _same_ repository. But git_config_perm() did not pick up on it. Also, "git update-server-info" failed to pick up on the shared permissions. This patch fixes both issues, and adds a test to prove it. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> Tested-by: martin f krafft <madduck@madduck.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>