1#!/bin/sh 2# 3# Copyright (c) 2010 Matthieu Moy 4# 5 6test_description='Test repository with default ACL' 7 8# Create the test repo with restrictive umask 9# => this must come before . ./test-lib.sh 10umask077 11 12. ./test-lib.sh 13 14# We need an arbitrary other user give permission to using ACLs. root 15# is a good candidate: exists on all unices, and it has permission 16# anyway, so we don't create a security hole running the testsuite. 17 18setfacl_out="$(setfacl -m u:root:rwx . 2>&1)" 19setfacl_ret=$? 20 21iftest$setfacl_ret!=0 22then 23 say "Unable to use setfacl (output: '$setfacl_out'; return code: '$setfacl_ret')" 24else 25 test_set_prereq SETFACL 26fi 27 28check_perms_and_acl () { 29test -r"$1"&& 30 getfacl "$1"> actual && 31grep-q"user:root:rwx" actual && 32grep-q"user:${LOGNAME}:rwx" actual && 33egrep"mask::?r--" actual > /dev/null 2>&1&& 34grep-q"group::---" actual || false 35} 36 37dirs_to_set="./ .git/ .git/objects/ .git/objects/pack/" 38 39test_expect_success SETFACL 'Setup test repo'' 40 setfacl -m d:u::rwx,d:g::---,d:o:---,d:m:rwx$dirs_to_set&& 41 setfacl -m m:rwx$dirs_to_set&& 42 setfacl -m u:root:rwx$dirs_to_set&& 43 setfacl -m d:u:"$LOGNAME":rwx$dirs_to_set&& 44 setfacl -m d:u:root:rwx$dirs_to_set&& 45 46 touch file.txt && 47 git add file.txt && 48 git commit -m "init" 49' 50 51test_expect_success SETFACL 'Objects creation does not break ACLs with restrictive umask'' 52 # SHA1 for empty blob 53 check_perms_and_acl .git/objects/e6/9de29bb2d1d6434b8b29ae775ad8c2e48c5391 54' 55 56test_expect_success SETFACL 'git gc does not break ACLs with restrictive umask'' 57 git gc && 58 check_perms_and_acl .git/objects/pack/*.pack 59' 60 61test_done