git_config(git_default_config, NULL);
is_bare_repository_cfg = init_is_bare_repository;
+
+ /* reading existing config may have overwrote it */
if (init_shared_repository != -1)
shared_repository = init_shared_repository;
* and compatibility values for PERM_GROUP and
* PERM_EVERYBODY.
*/
- if (shared_repository == PERM_GROUP)
+ if (shared_repository < 0)
+ /* force to the mode value */
+ sprintf(buf, "0%o", -shared_repository);
+ else if (shared_repository == PERM_GROUP)
sprintf(buf, "%d", OLD_PERM_GROUP);
else if (shared_repository == PERM_EVERYBODY)
sprintf(buf, "%d", OLD_PERM_EVERYBODY);
else
- sprintf(buf, "0%o", shared_repository);
+ die("oops");
git_config_set("core.sharedrepository", buf);
git_config_set("receive.denyNonFastforwards", "true");
}
usage(init_db_usage);
}
+ if (init_shared_repository != -1)
+ shared_repository = init_shared_repository;
+
/*
* GIT_WORK_TREE makes sense only in conjunction with GIT_DIR
* without --bare. Catch the error early.
int adjust_shared_perm(const char *path)
{
struct stat st;
- int mode;
+ int mode, tweak, shared;
if (!shared_repository)
return 0;
if (lstat(path, &st) < 0)
return -1;
mode = st.st_mode;
-
- if (shared_repository) {
- int tweak = shared_repository;
- if (!(mode & S_IWUSR))
- tweak &= ~0222;
+ if (shared_repository < 0)
+ shared = -shared_repository;
+ else
+ shared = shared_repository;
+ tweak = shared;
+
+ if (!(mode & S_IWUSR))
+ tweak &= ~0222;
+ if (mode & S_IXUSR)
+ /* Copy read bits to execute bits */
+ tweak |= (tweak & 0444) >> 2;
+ if (shared_repository < 0)
+ mode = (mode & ~0777) | tweak;
+ else
mode |= tweak;
- } else {
- /* Preserve old PERM_UMASK behaviour */
- if (mode & S_IWUSR)
- mode |= S_IWGRP;
- }
if (S_ISDIR(mode)) {
- mode |= FORCE_DIR_SET_GID;
-
/* Copy read bits to execute bits */
- mode |= (shared_repository & 0444) >> 2;
+ mode |= (shared & 0444) >> 2;
+ mode |= FORCE_DIR_SET_GID;
}
- if ((mode & st.st_mode) != mode && chmod(path, mode) < 0)
+ if (((shared_repository < 0
+ ? (st.st_mode & (FORCE_DIR_SET_GID | 0777))
+ : (st.st_mode & mode)) != mode) &&
+ chmod(path, mode) < 0)
return -2;
return 0;
}
/*
* Treat values 0, 1 and 2 as compatibility cases, otherwise it is
- * a chmod value.
+ * a chmod value to restrict to.
*/
switch (i) {
case PERM_UMASK: /* 0 */
* Mask filemode value. Others can not get write permission.
* x flags for directories are handled separately.
*/
- return i & 0666;
+ return -(i & 0666);
}
int check_repository_format_version(const char *var, const char *value, void *cb)
}
/*
- * Move the just written object into its final resting place
+ * Move the just written object into its final resting place.
+ * NEEDSWORK: this should be renamed to finalize_temp_file() as
+ * "moving" is only a part of what it does, when no patch between
+ * master to pu changes the call sites of this function.
*/
int move_temp_to_file(const char *tmpfile, const char *filename)
{
int ret = 0;
+
if (link(tmpfile, filename))
ret = errno;
/* FIXME!!! Collision check here ? */
}
+ if (adjust_shared_perm(filename))
+ return error("unable to set permission to '%s'", filename);
return 0;
}
esac
'
+test_expect_success 'forced modes' '
+ mkdir -p templates/hooks &&
+ echo update-server-info >templates/hooks/post-update &&
+ chmod +x templates/hooks/post-update &&
+ echo : >random-file &&
+ mkdir new &&
+ (
+ cd new &&
+ umask 002 &&
+ git init --shared=0660 --template=../templates &&
+ >frotz &&
+ git add frotz &&
+ git commit -a -m initial &&
+ git repack
+ ) &&
+ find new/.git -print |
+ xargs ls -ld >actual &&
+
+ # Everything must be unaccessible to others
+ test -z "$(sed -n -e "/^.......---/d" actual)" &&
+
+ # All directories must have 2770
+ test -z "$(sed -n -e "/^drwxrws---/d" -e "/^d/p" actual)" &&
+
+ # post-update hook must be 0770
+ test -z "$(sed -n -e "/post-update/{
+ /^-rwxrwx---/d
+ p
+ }" actual)" &&
+
+ # All files inside objects must be 0440
+ test -z "$(sed -n -e "/objects\//{
+ /^d/d
+ /^-r--r-----/d
+ }" actual)"
+'
+
test_done