diff options
| author | Jed Brown <jed@59A2.org> | 2013-07-25 16:50:19 -0500 |
|---|---|---|
| committer | Jed Brown <jed@59A2.org> | 2013-07-26 09:42:20 -0500 |
| commit | 4664f2dc2eee13b86d2e426780fd1130e0086e9f (patch) | |
| tree | c8cacf87bbefa04fc7a1f410314d71a917de8014 /git-fat | |
| parent | 58db90461a596da50c3973da29c07ecc56aa5e24 (diff) | |
| download | git-fat-4664f2dc2eee13b86d2e426780fd1130e0086e9f.tar.gz | |
Set permissions for object store using current umask
tempfile.mkstemp() creates a file with mode 0600 by default, which after
pushing, prevents others from accessing the shared object store.
Instead, use 0444 (as with git-native objects) and respect umask so that
pushed objects will be readable with default configuration.
Noticed-by: Ashok Argent-Katwala <ashok@freshbooks.com>
Comments-by: Owen Jacobson <owen.jacobson@grimoire.ca>
Diffstat (limited to 'git-fat')
| -rwxr-xr-x | git-fat | 8 |
1 files changed, 8 insertions, 0 deletions
@@ -30,6 +30,12 @@ def mkdir_p(path): pass else: raise +def umask(): + """Get umask without changing it.""" + old = os.umask(0) + os.umask(old) + return old + def readblocks(stream): bytes = 0 while True: @@ -204,6 +210,8 @@ class GitFat(object): self.verbose('git-fat filter-clean: cache already exists %s' % objfile) os.remove(tmpname) else: + # Set permissions for the new file using the current umask + os.chmod(tmpname, int('444', 8) & ~umask()) os.rename(tmpname, objfile) self.verbose('git-fat filter-clean: caching to %s' % objfile) cached = True |