mirror of
https://github.com/git/git.git
synced 2024-11-01 06:47:52 +01:00
a14ad10911
t1304 first runs setfacl as an experiment to see whether the filesystem supports ACLs, and skips the remaining tests if it does not. However, our setfacl run did not exercise the ACLs very well, and some filesystems may support our initial setfacl, but not the rest of the test. In particular, some versions of ecryptfs will erroneously apply the umask on top of an inherited directory ACL, causing our tests to fail. Let's be more careful and make sure both that we can read back the user ACL we set, and that the inherited ACL is propagated correctly. The latter catches the ecryptfs bug, but may also catch other bugs (e.g., an implementation which does not handle inherited ACLs at all). Since we're making the setup more complex, let's move it into its own test. This will hide the output for us unless the user wants to run "-v" to see it (and we don't need to bother printing anything about setfacl failing; the remaining tests will properly print "skip" due to the missing prerequisite). Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
65 lines
1.7 KiB
Bash
Executable file
65 lines
1.7 KiB
Bash
Executable file
#!/bin/sh
|
|
#
|
|
# Copyright (c) 2010 Matthieu Moy
|
|
#
|
|
|
|
test_description='Test repository with default ACL'
|
|
|
|
# Create the test repo with restrictive umask
|
|
# => this must come before . ./test-lib.sh
|
|
umask 077
|
|
|
|
. ./test-lib.sh
|
|
|
|
# We need an arbitrary other user give permission to using ACLs. root
|
|
# is a good candidate: exists on all unices, and it has permission
|
|
# anyway, so we don't create a security hole running the testsuite.
|
|
test_expect_success 'checking for a working acl setup' '
|
|
if setfacl -m d:m:rwx -m u:root:rwx . &&
|
|
getfacl . | grep user:root:rwx &&
|
|
touch should-have-readable-acl &&
|
|
getfacl should-have-readable-acl | egrep "mask::?rw-"
|
|
then
|
|
test_set_prereq SETFACL
|
|
fi
|
|
'
|
|
|
|
if test -z "$LOGNAME"
|
|
then
|
|
LOGNAME=$USER
|
|
fi
|
|
|
|
check_perms_and_acl () {
|
|
test -r "$1" &&
|
|
getfacl "$1" > actual &&
|
|
grep -q "user:root:rwx" actual &&
|
|
grep -q "user:${LOGNAME}:rwx" actual &&
|
|
egrep "mask::?r--" actual > /dev/null 2>&1 &&
|
|
grep -q "group::---" actual || false
|
|
}
|
|
|
|
dirs_to_set="./ .git/ .git/objects/ .git/objects/pack/"
|
|
|
|
test_expect_success SETFACL 'Setup test repo' '
|
|
setfacl -m d:u::rwx,d:g::---,d:o:---,d:m:rwx $dirs_to_set &&
|
|
setfacl -m m:rwx $dirs_to_set &&
|
|
setfacl -m u:root:rwx $dirs_to_set &&
|
|
setfacl -m d:u:"$LOGNAME":rwx $dirs_to_set &&
|
|
setfacl -m d:u:root:rwx $dirs_to_set &&
|
|
|
|
touch file.txt &&
|
|
git add file.txt &&
|
|
git commit -m "init"
|
|
'
|
|
|
|
test_expect_success SETFACL 'Objects creation does not break ACLs with restrictive umask' '
|
|
# SHA1 for empty blob
|
|
check_perms_and_acl .git/objects/e6/9de29bb2d1d6434b8b29ae775ad8c2e48c5391
|
|
'
|
|
|
|
test_expect_success SETFACL 'git gc does not break ACLs with restrictive umask' '
|
|
git gc &&
|
|
check_perms_and_acl .git/objects/pack/*.pack
|
|
'
|
|
|
|
test_done
|