From 4664f2dc2eee13b86d2e426780fd1130e0086e9f Mon Sep 17 00:00:00 2001
From: Jed Brown <jed@59A2.org>
Date: Thu, 25 Jul 2013 16:50:19 -0500
Subject: Set permissions for object store using current umask

tempfile.mkstemp() creates a file with mode 0600 by default, which after
pushing, prevents others from accessing the shared object store.
Instead, use 0444 (as with git-native objects) and respect umask so that
pushed objects will be readable with default configuration.

Noticed-by: Ashok Argent-Katwala <ashok@freshbooks.com>
Comments-by: Owen Jacobson <owen.jacobson@grimoire.ca>
---
 git-fat | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'git-fat')

diff --git a/git-fat b/git-fat
index 5bc8156..f654fab 100755
--- a/git-fat
+++ b/git-fat
@@ -30,6 +30,12 @@ def mkdir_p(path):
             pass
         else: raise
 
+def umask():
+    """Get umask without changing it."""
+    old = os.umask(0)
+    os.umask(old)
+    return old
+
 def readblocks(stream):
     bytes = 0
     while True:
@@ -204,6 +210,8 @@ class GitFat(object):
                     self.verbose('git-fat filter-clean: cache already exists %s' % objfile)
                     os.remove(tmpname)
                 else:
+                    # Set permissions for the new file using the current umask
+                    os.chmod(tmpname, int('444', 8) & ~umask())
                     os.rename(tmpname, objfile)
                     self.verbose('git-fat filter-clean: caching to %s' % objfile)
                 cached = True
-- 
cgit v1.2.1