blob: cc30be4a655cad98eac233b5da9fc585ddb5d055 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
|
#!/bin/sh
#
# Copyright (c) 2010 Matthieu Moy
#
test_description='Test repository with default ACL'
# Create the test repo with restrictive umask
# => this must come before . ./test-lib.sh
umask 077
. ./test-lib.sh
# We need an arbitrary other user give permission to using ACLs. root
# is a good candidate: exists on all unices, and it has permission
# anyway, so we don't create a security hole running the testsuite.
if ! setfacl -m u:root:rwx .; then
say "Skipping ACL tests: unable to use setfacl"
test_done
fi
modebits () {
ls -l "$1" | sed -e 's|^\(..........\).*|\1|'
}
check_perms_and_acl () {
actual=$(modebits "$1") &&
case "$actual" in
-r--r-----*)
: happy
;;
*)
echo "Got permission '$actual', expected '-r--r-----'"
false
;;
esac &&
getfacl "$1" > actual &&
grep -q "user:root:rwx" actual &&
grep -q "user:${LOGNAME}:rwx" actual &&
grep -q "mask::r--" actual &&
grep -q "group::---" actual || false
}
dirs_to_set="./ .git/ .git/objects/ .git/objects/pack/"
test_expect_success 'Setup test repo' '
setfacl -m u:root:rwx $dirs_to_set &&
setfacl -d -m u:"$LOGNAME":rwx $dirs_to_set &&
setfacl -d -m u:root:rwx $dirs_to_set &&
touch file.txt &&
git add file.txt &&
git commit -m "init"
'
test_expect_success 'Objects creation does not break ACLs with restrictive umask' '
# SHA1 for empty blob
check_perms_and_acl .git/objects/e6/9de29bb2d1d6434b8b29ae775ad8c2e48c5391
'
test_expect_success 'git gc does not break ACLs with restrictive umask' '
git gc &&
check_perms_and_acl .git/objects/pack/*.pack
'
test_done
|
