1
0
Fork 0
mirror of https://github.com/git/git.git synced 2024-11-15 05:33:04 +01:00
git/t/t1304-default-acl.sh
W. Trevor King 7544b2e2da t1304: Set LOGNAME even if USER is unset or null
Avoid:

  # ./t1304-default-acl.sh
  ok 1 - checking for a working acl setup
  ok 2 - Setup test repo
  not ok 3 - Objects creation does not break ACLs with restrictive umask
  #
  #               # SHA1 for empty blob
  #               check_perms_and_acl .git/objects/e6/9de29bb2d1d6434b8b29ae775ad8c2e48c5391
  #
  not ok 4 - git gc does not break ACLs with restrictive umask
  #
  #               git gc &&
  #               check_perms_and_acl .git/objects/pack/*.pack
  #
  # failed 2 among 4 test(s)
  1..4

on systems where USER isn't set.  It's usually set by the login
process, but it isn't set when launching some Docker images.  For
example:

  $ docker run --rm debian env
  HOME=/
  PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
  HOSTNAME=b2dfdfe797ed

'id -u -n' has been in POSIX from Issue 2 through 2013 [1], so I don't
expect compatibility issues.

[1]: http://pubs.opengroup.org/onlinepubs/9699919799/utilities/id.html

Signed-off-by: W. Trevor King <wking@tremily.us>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-10-19 15:47:20 -07:00

65 lines
1.7 KiB
Bash
Executable file

#!/bin/sh
#
# Copyright (c) 2010 Matthieu Moy
#
test_description='Test repository with default ACL'
# Create the test repo with restrictive umask
# => this must come before . ./test-lib.sh
umask 077
. ./test-lib.sh
# We need an arbitrary other user give permission to using ACLs. root
# is a good candidate: exists on all unices, and it has permission
# anyway, so we don't create a security hole running the testsuite.
test_expect_success 'checking for a working acl setup' '
if setfacl -m d:m:rwx -m u:root:rwx . &&
getfacl . | grep user:root:rwx &&
touch should-have-readable-acl &&
getfacl should-have-readable-acl | egrep "mask::?rw-"
then
test_set_prereq SETFACL
fi
'
if test -z "$LOGNAME"
then
LOGNAME="${USER:-$(id -u -n)}"
fi
check_perms_and_acl () {
test -r "$1" &&
getfacl "$1" > actual &&
grep -q "user:root:rwx" actual &&
grep -q "user:${LOGNAME}:rwx" actual &&
egrep "mask::?r--" actual > /dev/null 2>&1 &&
grep -q "group::---" actual || false
}
dirs_to_set="./ .git/ .git/objects/ .git/objects/pack/"
test_expect_success SETFACL 'Setup test repo' '
setfacl -m d:u::rwx,d:g::---,d:o:---,d:m:rwx $dirs_to_set &&
setfacl -m m:rwx $dirs_to_set &&
setfacl -m u:root:rwx $dirs_to_set &&
setfacl -m d:u:"$LOGNAME":rwx $dirs_to_set &&
setfacl -m d:u:root:rwx $dirs_to_set &&
touch file.txt &&
git add file.txt &&
git commit -m "init"
'
test_expect_success SETFACL 'Objects creation does not break ACLs with restrictive umask' '
# SHA1 for empty blob
check_perms_and_acl .git/objects/e6/9de29bb2d1d6434b8b29ae775ad8c2e48c5391
'
test_expect_success SETFACL 'git gc does not break ACLs with restrictive umask' '
git gc &&
check_perms_and_acl .git/objects/pack/*.pack
'
test_done