summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--builtin-init-db.c12
-rw-r--r--cache.h3
-rw-r--r--fast-import.c3
-rw-r--r--http-push.c1
-rw-r--r--http-walker.c1
-rw-r--r--index-pack.c7
-rw-r--r--path.c53
-rw-r--r--setup.c4
-rw-r--r--sha1_file.c14
-rwxr-xr-xt/t1301-shared-repo.sh37
10 files changed, 97 insertions, 38 deletions
diff --git a/builtin-init-db.c b/builtin-init-db.c
index ee3911f8ee..8199e5d4d5 100644
--- a/builtin-init-db.c
+++ b/builtin-init-db.c
@@ -195,6 +195,8 @@ static int create_default_files(const char *template_path)
git_config(git_default_config, NULL);
is_bare_repository_cfg = init_is_bare_repository;
+
+ /* reading existing config may have overwrote it */
if (init_shared_repository != -1)
shared_repository = init_shared_repository;
@@ -313,12 +315,15 @@ int init_db(const char *template_dir, unsigned int flags)
* and compatibility values for PERM_GROUP and
* PERM_EVERYBODY.
*/
- if (shared_repository == PERM_GROUP)
+ if (shared_repository < 0)
+ /* force to the mode value */
+ sprintf(buf, "0%o", -shared_repository);
+ else if (shared_repository == PERM_GROUP)
sprintf(buf, "%d", OLD_PERM_GROUP);
else if (shared_repository == PERM_EVERYBODY)
sprintf(buf, "%d", OLD_PERM_EVERYBODY);
else
- sprintf(buf, "0%o", shared_repository);
+ die("oops");
git_config_set("core.sharedrepository", buf);
git_config_set("receive.denyNonFastforwards", "true");
}
@@ -398,6 +403,9 @@ int cmd_init_db(int argc, const char **argv, const char *prefix)
usage(init_db_usage);
}
+ if (init_shared_repository != -1)
+ shared_repository = init_shared_repository;
+
/*
* GIT_WORK_TREE makes sense only in conjunction with GIT_DIR
* without --bare. Catch the error early.
diff --git a/cache.h b/cache.h
index 50179687b5..dfeb1e9c86 100644
--- a/cache.h
+++ b/cache.h
@@ -613,7 +613,8 @@ enum sharedrepo {
PERM_EVERYBODY = 0664,
};
int git_config_perm(const char *var, const char *value);
-int adjust_shared_perm(const char *path);
+int set_shared_perm(const char *path, int mode);
+#define adjust_shared_perm(path) set_shared_perm((path), 0)
int safe_create_leading_directories(char *path);
int safe_create_leading_directories_const(const char *path);
char *enter_repo(char *path, int strict);
diff --git a/fast-import.c b/fast-import.c
index 3748ddf48d..d5fc042bbf 100644
--- a/fast-import.c
+++ b/fast-import.c
@@ -902,9 +902,6 @@ static char *keep_pack(char *curr_index_name)
static const char *keep_msg = "fast-import";
int keep_fd;
- chmod(pack_data->pack_name, 0444);
- chmod(curr_index_name, 0444);
-
keep_fd = odb_pack_keep(name, sizeof(name), pack_data->sha1);
if (keep_fd < 0)
die("cannot create keep file");
diff --git a/http-push.c b/http-push.c
index 30d2d34041..968b6b0662 100644
--- a/http-push.c
+++ b/http-push.c
@@ -748,7 +748,6 @@ static void finish_request(struct transfer_request *request)
aborted = 1;
}
} else if (request->state == RUN_FETCH_LOOSE) {
- fchmod(request->local_fileno, 0444);
close(request->local_fileno); request->local_fileno = -1;
if (request->curl_result != CURLE_OK &&
diff --git a/http-walker.c b/http-walker.c
index 0dbad3c888..c5a3ea3b31 100644
--- a/http-walker.c
+++ b/http-walker.c
@@ -231,7 +231,6 @@ static void finish_object_request(struct object_request *obj_req)
{
struct stat st;
- fchmod(obj_req->local, 0444);
close(obj_req->local); obj_req->local = -1;
if (obj_req->http_code == 416) {
diff --git a/index-pack.c b/index-pack.c
index 7fee872533..5dfe03ee6c 100644
--- a/index-pack.c
+++ b/index-pack.c
@@ -823,8 +823,7 @@ static void final(const char *final_pack_name, const char *curr_pack_name,
}
if (move_temp_to_file(curr_pack_name, final_pack_name))
die("cannot store pack file");
- }
- if (from_stdin)
+ } else if (from_stdin)
chmod(final_pack_name, 0444);
if (final_index_name != curr_index_name) {
@@ -835,8 +834,8 @@ static void final(const char *final_pack_name, const char *curr_pack_name,
}
if (move_temp_to_file(curr_index_name, final_index_name))
die("cannot store index file");
- }
- chmod(final_index_name, 0444);
+ } else
+ chmod(final_index_name, 0444);
if (!from_stdin) {
printf("%s\n", sha1_to_hex(sha1));
diff --git a/path.c b/path.c
index e332b504a6..8a0a6741fd 100644
--- a/path.c
+++ b/path.c
@@ -311,36 +311,49 @@ char *enter_repo(char *path, int strict)
return NULL;
}
-int adjust_shared_perm(const char *path)
+int set_shared_perm(const char *path, int mode)
{
struct stat st;
- int mode;
+ int tweak, shared, orig_mode;
- if (!shared_repository)
+ if (!shared_repository) {
+ if (mode)
+ return chmod(path, mode & ~S_IFMT);
return 0;
- if (lstat(path, &st) < 0)
- return -1;
- mode = st.st_mode;
-
- if (shared_repository) {
- int tweak = shared_repository;
- if (!(mode & S_IWUSR))
- tweak &= ~0222;
- mode |= tweak;
- } else {
- /* Preserve old PERM_UMASK behaviour */
- if (mode & S_IWUSR)
- mode |= S_IWGRP;
}
+ if (!mode) {
+ if (lstat(path, &st) < 0)
+ return -1;
+ mode = st.st_mode;
+ orig_mode = mode;
+ } else
+ orig_mode = 0;
+ if (shared_repository < 0)
+ shared = -shared_repository;
+ else
+ shared = shared_repository;
+ tweak = shared;
+
+ if (!(mode & S_IWUSR))
+ tweak &= ~0222;
+ if (mode & S_IXUSR)
+ /* Copy read bits to execute bits */
+ tweak |= (tweak & 0444) >> 2;
+ if (shared_repository < 0)
+ mode = (mode & ~0777) | tweak;
+ else
+ mode |= tweak;
if (S_ISDIR(mode)) {
- mode |= FORCE_DIR_SET_GID;
-
/* Copy read bits to execute bits */
- mode |= (shared_repository & 0444) >> 2;
+ mode |= (shared & 0444) >> 2;
+ mode |= FORCE_DIR_SET_GID;
}
- if ((mode & st.st_mode) != mode && chmod(path, mode) < 0)
+ if (((shared_repository < 0
+ ? (orig_mode & (FORCE_DIR_SET_GID | 0777))
+ : (orig_mode & mode)) != mode) &&
+ chmod(path, (mode & ~S_IFMT)) < 0)
return -2;
return 0;
}
diff --git a/setup.c b/setup.c
index 6c2deda184..ebd60de9ce 100644
--- a/setup.c
+++ b/setup.c
@@ -434,7 +434,7 @@ int git_config_perm(const char *var, const char *value)
/*
* Treat values 0, 1 and 2 as compatibility cases, otherwise it is
- * a chmod value.
+ * a chmod value to restrict to.
*/
switch (i) {
case PERM_UMASK: /* 0 */
@@ -456,7 +456,7 @@ int git_config_perm(const char *var, const char *value)
* Mask filemode value. Others can not get write permission.
* x flags for directories are handled separately.
*/
- return i & 0666;
+ return -(i & 0666);
}
int check_repository_format_version(const char *var, const char *value, void *cb)
diff --git a/sha1_file.c b/sha1_file.c
index 37e833b77d..8fe135dc61 100644
--- a/sha1_file.c
+++ b/sha1_file.c
@@ -2216,11 +2216,15 @@ static void write_sha1_file_prepare(const void *buf, unsigned long len,
}
/*
- * Move the just written object into its final resting place
+ * Move the just written object into its final resting place.
+ * NEEDSWORK: this should be renamed to finalize_temp_file() as
+ * "moving" is only a part of what it does, when no patch between
+ * master to pu changes the call sites of this function.
*/
int move_temp_to_file(const char *tmpfile, const char *filename)
{
int ret = 0;
+
if (link(tmpfile, filename))
ret = errno;
@@ -2232,12 +2236,12 @@ int move_temp_to_file(const char *tmpfile, const char *filename)
*
* The same holds for FAT formatted media.
*
- * When this succeeds, we just return 0. We have nothing
+ * When this succeeds, we just return. We have nothing
* left to unlink.
*/
if (ret && ret != EEXIST) {
if (!rename(tmpfile, filename))
- return 0;
+ goto out;
ret = errno;
}
unlink(tmpfile);
@@ -2248,6 +2252,9 @@ int move_temp_to_file(const char *tmpfile, const char *filename)
/* FIXME!!! Collision check here ? */
}
+out:
+ if (set_shared_perm(filename, (S_IFREG|0444)))
+ return error("unable to set permission to '%s'", filename);
return 0;
}
@@ -2272,7 +2279,6 @@ static void close_sha1_file(int fd)
{
if (fsync_object_files)
fsync_or_die(fd, "sha1 file");
- fchmod(fd, 0444);
if (close(fd) != 0)
die("error when closing sha1 file (%s)", strerror(errno));
}
diff --git a/t/t1301-shared-repo.sh b/t/t1301-shared-repo.sh
index 653362ba22..3c8a2373ac 100755
--- a/t/t1301-shared-repo.sh
+++ b/t/t1301-shared-repo.sh
@@ -126,4 +126,41 @@ test_expect_success 'git reflog expire honors core.sharedRepository' '
esac
'
+test_expect_success 'forced modes' '
+ mkdir -p templates/hooks &&
+ echo update-server-info >templates/hooks/post-update &&
+ chmod +x templates/hooks/post-update &&
+ echo : >random-file &&
+ mkdir new &&
+ (
+ cd new &&
+ umask 002 &&
+ git init --shared=0660 --template=../templates &&
+ >frotz &&
+ git add frotz &&
+ git commit -a -m initial &&
+ git repack
+ ) &&
+ find new/.git -print |
+ xargs ls -ld >actual &&
+
+ # Everything must be unaccessible to others
+ test -z "$(sed -n -e "/^.......---/d" actual)" &&
+
+ # All directories must have either 2770 or 770
+ test -z "$(sed -n -e "/^drwxrw[sx]---/d" -e "/^d/p" actual)" &&
+
+ # post-update hook must be 0770
+ test -z "$(sed -n -e "/post-update/{
+ /^-rwxrwx---/d
+ p
+ }" actual)" &&
+
+ # All files inside objects must be 0440
+ test -z "$(sed -n -e "/objects\//{
+ /^d/d
+ /^-r--r-----/d
+ }" actual)"
+'
+
test_done