2007-07-11 14:18:17 +00:00
|
|
|
#!/bin/sh
|
|
|
|
#
|
|
|
|
# Copyright (c) 2007 Johannes Schindelin
|
|
|
|
#
|
|
|
|
|
|
|
|
test_description='Test shared repository initialization'
|
|
|
|
|
2020-11-18 23:44:21 +00:00
|
|
|
GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME=main
|
tests: mark tests relying on the current default for `init.defaultBranch`
In addition to the manual adjustment to let the `linux-gcc` CI job run
the test suite with `master` and then with `main`, this patch makes sure
that GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME is set in all test scripts
that currently rely on the initial branch name being `master by default.
To determine which test scripts to mark up, the first step was to
force-set the default branch name to `master` in
- all test scripts that contain the keyword `master`,
- t4211, which expects `t/t4211/history.export` with a hard-coded ref to
initialize the default branch,
- t5560 because it sources `t/t556x_common` which uses `master`,
- t8002 and t8012 because both source `t/annotate-tests.sh` which also
uses `master`)
This trick was performed by this command:
$ sed -i '/^ *\. \.\/\(test-lib\|lib-\(bash\|cvs\|git-svn\)\|gitweb-lib\)\.sh$/i\
GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME=master\
export GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME\
' $(git grep -l master t/t[0-9]*.sh) \
t/t4211*.sh t/t5560*.sh t/t8002*.sh t/t8012*.sh
After that, careful, manual inspection revealed that some of the test
scripts containing the needle `master` do not actually rely on a
specific default branch name: either they mention `master` only in a
comment, or they initialize that branch specificially, or they do not
actually refer to the current default branch. Therefore, the
aforementioned modification was undone in those test scripts thusly:
$ git checkout HEAD -- \
t/t0027-auto-crlf.sh t/t0060-path-utils.sh \
t/t1011-read-tree-sparse-checkout.sh \
t/t1305-config-include.sh t/t1309-early-config.sh \
t/t1402-check-ref-format.sh t/t1450-fsck.sh \
t/t2024-checkout-dwim.sh \
t/t2106-update-index-assume-unchanged.sh \
t/t3040-subprojects-basic.sh t/t3301-notes.sh \
t/t3308-notes-merge.sh t/t3423-rebase-reword.sh \
t/t3436-rebase-more-options.sh \
t/t4015-diff-whitespace.sh t/t4257-am-interactive.sh \
t/t5323-pack-redundant.sh t/t5401-update-hooks.sh \
t/t5511-refspec.sh t/t5526-fetch-submodules.sh \
t/t5529-push-errors.sh t/t5530-upload-pack-error.sh \
t/t5548-push-porcelain.sh \
t/t5552-skipping-fetch-negotiator.sh \
t/t5572-pull-submodule.sh t/t5608-clone-2gb.sh \
t/t5614-clone-submodules-shallow.sh \
t/t7508-status.sh t/t7606-merge-custom.sh \
t/t9302-fast-import-unpack-limit.sh
We excluded one set of test scripts in these commands, though: the range
of `git p4` tests. The reason? `git p4` stores the (foreign) remote
branch in the branch called `p4/master`, which is obviously not the
default branch. Manual analysis revealed that only five of these tests
actually require a specific default branch name to pass; They were
modified thusly:
$ sed -i '/^ *\. \.\/lib-git-p4\.sh$/i\
GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME=master\
export GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME\
' t/t980[0167]*.sh t/t9811*.sh
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2020-11-18 23:44:19 +00:00
|
|
|
export GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME
|
|
|
|
|
2022-11-29 13:15:11 +00:00
|
|
|
TEST_CREATE_REPO_NO_TEMPLATE=1
|
tests: mark tests as passing with SANITIZE=leak
When the "ab/various-leak-fixes" topic was merged in [1] only t6021
would fail if the tests were run in the
"GIT_TEST_PASSING_SANITIZE_LEAK=check" mode, i.e. to check whether we
marked all leak-free tests with "TEST_PASSES_SANITIZE_LEAK=true".
Since then we've had various tests starting to pass under
SANITIZE=leak. Let's mark those as passing, this is when they started
to pass, narrowed down with "git bisect":
- t5317-pack-objects-filter-objects.sh: In
faebba436e6 (list-objects-filter: plug pattern_list leak, 2022-12-01).
- t3210-pack-refs.sh, t5613-info-alternate.sh,
t7403-submodule-sync.sh: In 189e97bc4ba (diff: remove parseopts member
from struct diff_options, 2022-12-01).
- t1408-packed-refs.sh: In ab91f6b7c42 (Merge branch
'rs/diff-parseopts', 2022-12-19).
- t0023-crlf-am.sh, t4152-am-subjects.sh, t4254-am-corrupt.sh,
t4256-am-format-flowed.sh, t4257-am-interactive.sh,
t5403-post-checkout-hook.sh: In a658e881c13 (am: don't pass strvec to
apply_parse_options(), 2022-12-13)
- t1301-shared-repo.sh, t1302-repo-version.sh: In b07a819c05f (reflog:
clear leftovers in reflog_expiry_cleanup(), 2022-12-13).
- t1304-default-acl.sh, t1410-reflog.sh,
t5330-no-lazy-fetch-with-commit-graph.sh, t5502-quickfetch.sh,
t5604-clone-reference.sh, t6014-rev-list-all.sh,
t7701-repack-unpack-unreachable.sh: In b0c61be3209 (Merge branch
'rs/reflog-expiry-cleanup', 2022-12-26)
- t3800-mktag.sh, t5302-pack-index.sh, t5306-pack-nobase.sh,
t5573-pull-verify-signatures.sh, t7612-merge-verify-signatures.sh: In
69bbbe484ba (hash-object: use fsck for object checks, 2023-01-18).
- t1451-fsck-buffer.sh: In 8e4309038f0 (fsck: do not assume
NUL-termination of buffers, 2023-01-19).
- t6501-freshen-objects.sh: In abf2bb895b4 (Merge branch
'jk/hash-object-fsck', 2023-01-30)
1. 9ea1378d046 (Merge branch 'ab/various-leak-fixes', 2022-12-14)
Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2023-02-06 23:07:36 +00:00
|
|
|
TEST_PASSES_SANITIZE_LEAK=true
|
2007-07-11 14:18:17 +00:00
|
|
|
. ./test-lib.sh
|
|
|
|
|
2008-10-17 02:32:14 +00:00
|
|
|
# Remove a default ACL from the test dir if possible.
|
|
|
|
setfacl -k . 2>/dev/null
|
|
|
|
|
2008-04-16 08:34:24 +00:00
|
|
|
# User must have read permissions to the repo -> failure on --shared=0400
|
|
|
|
test_expect_success 'shared = 0400 (faulty permission u-w)' '
|
2015-03-20 10:13:11 +00:00
|
|
|
test_when_finished "rm -rf sub" &&
|
2008-04-16 08:34:24 +00:00
|
|
|
mkdir sub && (
|
2015-03-20 10:13:11 +00:00
|
|
|
cd sub &&
|
|
|
|
test_must_fail git init --shared=0400
|
2008-04-16 08:34:24 +00:00
|
|
|
)
|
|
|
|
'
|
|
|
|
|
2008-07-12 01:15:03 +00:00
|
|
|
for u in 002 022
|
|
|
|
do
|
2009-03-13 21:55:27 +00:00
|
|
|
test_expect_success POSIXPERM "shared=1 does not clear bits preset by umask $u" '
|
2022-11-29 13:15:10 +00:00
|
|
|
test_when_finished "rm -rf sub" &&
|
2008-07-12 01:15:03 +00:00
|
|
|
mkdir sub && (
|
|
|
|
cd sub &&
|
|
|
|
umask $u &&
|
|
|
|
git init --shared=1 &&
|
|
|
|
test 1 = "$(git config core.sharedrepository)"
|
|
|
|
) &&
|
2015-03-20 10:13:11 +00:00
|
|
|
actual=$(ls -l sub/.git/HEAD) &&
|
2008-07-12 01:15:03 +00:00
|
|
|
case "$actual" in
|
|
|
|
-rw-rw-r--*)
|
|
|
|
: happy
|
|
|
|
;;
|
|
|
|
*)
|
|
|
|
echo Oops, .git/HEAD is not 0664 but $actual
|
|
|
|
false
|
|
|
|
;;
|
|
|
|
esac
|
|
|
|
'
|
|
|
|
done
|
|
|
|
|
2007-07-11 14:18:17 +00:00
|
|
|
test_expect_success 'shared=all' '
|
2022-06-03 11:15:07 +00:00
|
|
|
git init --template= --shared=all &&
|
2007-07-11 14:18:17 +00:00
|
|
|
test 2 = $(git config core.sharedrepository)
|
|
|
|
'
|
|
|
|
|
2023-05-16 06:33:41 +00:00
|
|
|
test_expect_failure 'template can set core.bare' '
|
|
|
|
test_when_finished "rm -rf subdir" &&
|
|
|
|
test_when_finished "rm -rf templates" &&
|
|
|
|
test_config core.bare true &&
|
|
|
|
umask 0022 &&
|
|
|
|
mkdir -p templates/ &&
|
|
|
|
cp .git/config templates/config &&
|
|
|
|
git init --template=templates subdir &&
|
|
|
|
test_path_exists subdir/HEAD
|
|
|
|
'
|
|
|
|
|
|
|
|
test_expect_success 'template can set core.bare but overridden by command line' '
|
|
|
|
test_when_finished "rm -rf subdir" &&
|
|
|
|
test_when_finished "rm -rf templates" &&
|
|
|
|
test_config core.bare true &&
|
|
|
|
umask 0022 &&
|
|
|
|
mkdir -p templates/ &&
|
|
|
|
cp .git/config templates/config &&
|
|
|
|
git init --no-bare --template=templates subdir &&
|
|
|
|
test_path_exists subdir/.git/HEAD
|
|
|
|
'
|
|
|
|
|
2009-03-13 21:55:27 +00:00
|
|
|
test_expect_success POSIXPERM 'update-server-info honors core.sharedRepository' '
|
2007-07-11 14:18:17 +00:00
|
|
|
: > a1 &&
|
|
|
|
git add a1 &&
|
|
|
|
test_tick &&
|
|
|
|
git commit -m a1 &&
|
2022-06-03 11:15:07 +00:00
|
|
|
mkdir .git/info &&
|
2007-07-11 14:18:17 +00:00
|
|
|
umask 0277 &&
|
|
|
|
git update-server-info &&
|
2007-08-16 22:02:17 +00:00
|
|
|
actual="$(ls -l .git/info/refs)" &&
|
|
|
|
case "$actual" in
|
|
|
|
-r--r--r--*)
|
|
|
|
: happy
|
|
|
|
;;
|
|
|
|
*)
|
|
|
|
echo Oops, .git/info/refs is not 0444
|
|
|
|
false
|
|
|
|
;;
|
|
|
|
esac
|
2007-07-11 14:18:17 +00:00
|
|
|
'
|
|
|
|
|
2008-04-16 08:34:24 +00:00
|
|
|
for u in 0660:rw-rw---- \
|
|
|
|
0640:rw-r----- \
|
|
|
|
0600:rw------- \
|
|
|
|
0666:rw-rw-rw- \
|
|
|
|
0664:rw-rw-r--
|
|
|
|
do
|
|
|
|
x=$(expr "$u" : ".*:\([rw-]*\)") &&
|
|
|
|
y=$(echo "$x" | sed -e "s/w/-/g") &&
|
|
|
|
u=$(expr "$u" : "\([0-7]*\)") &&
|
|
|
|
git config core.sharedrepository "$u" &&
|
|
|
|
umask 0277 &&
|
|
|
|
|
2009-03-13 21:55:27 +00:00
|
|
|
test_expect_success POSIXPERM "shared = $u ($y) ro" '
|
2008-04-16 08:34:24 +00:00
|
|
|
|
|
|
|
rm -f .git/info/refs &&
|
|
|
|
git update-server-info &&
|
2017-06-25 04:34:28 +00:00
|
|
|
actual="$(test_modebits .git/info/refs)" &&
|
t: drop "verbose" helper function
We have a small helper function called "verbose", with the idea that you
can write:
verbose foo
to get a message to stderr when the "foo" command fails, even if it does
not produce any output itself. This goes back to 8ad1652418 (t5304: use
helper to report failure of "test foo = bar", 2014-10-10). It does work,
but overall it has not been a big success for two reasons:
1. Test writers have to remember to put it there (and the resulting
test code is longer as a result).
2. It doesn't handle the opposite case (we expect "foo" to fail, but
it succeeds), leading to inconsistencies in tests (which you can
see in many hunks of this patch, e.g. ones involving "has_cr").
Most importantly, we added a136f6d8ff (test-lib.sh: support -x option
for shell-tracing, 2014-10-10) at the same time, and it does roughly the
same thing. The output is not quite as succinct as "verbose", and you
have to watch out for stray shell-traces ending up in stderr. But it
solves both of the problems above, and has clearly become the preferred
tool.
Let's consider the "verbose" function a failed experiment and remove the
last few callers (which are all many years old, and have been dwindling
as we remove them from scripts we touch for other reasons). It will be
one less thing for new test writers to see and wonder if they should be
using themselves.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2023-05-08 19:04:57 +00:00
|
|
|
test "x$actual" = "x-$y"
|
2015-03-20 10:13:11 +00:00
|
|
|
|
2008-04-16 08:34:24 +00:00
|
|
|
'
|
|
|
|
|
|
|
|
umask 077 &&
|
2009-03-13 21:55:27 +00:00
|
|
|
test_expect_success POSIXPERM "shared = $u ($x) rw" '
|
2008-04-16 08:34:24 +00:00
|
|
|
|
|
|
|
rm -f .git/info/refs &&
|
|
|
|
git update-server-info &&
|
2017-06-25 04:34:28 +00:00
|
|
|
actual="$(test_modebits .git/info/refs)" &&
|
t: drop "verbose" helper function
We have a small helper function called "verbose", with the idea that you
can write:
verbose foo
to get a message to stderr when the "foo" command fails, even if it does
not produce any output itself. This goes back to 8ad1652418 (t5304: use
helper to report failure of "test foo = bar", 2014-10-10). It does work,
but overall it has not been a big success for two reasons:
1. Test writers have to remember to put it there (and the resulting
test code is longer as a result).
2. It doesn't handle the opposite case (we expect "foo" to fail, but
it succeeds), leading to inconsistencies in tests (which you can
see in many hunks of this patch, e.g. ones involving "has_cr").
Most importantly, we added a136f6d8ff (test-lib.sh: support -x option
for shell-tracing, 2014-10-10) at the same time, and it does roughly the
same thing. The output is not quite as succinct as "verbose", and you
have to watch out for stray shell-traces ending up in stderr. But it
solves both of the problems above, and has clearly become the preferred
tool.
Let's consider the "verbose" function a failed experiment and remove the
last few callers (which are all many years old, and have been dwindling
as we remove them from scripts we touch for other reasons). It will be
one less thing for new test writers to see and wonder if they should be
using themselves.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2023-05-08 19:04:57 +00:00
|
|
|
test "x$actual" = "x-$x"
|
2008-04-16 08:34:24 +00:00
|
|
|
|
|
|
|
'
|
|
|
|
|
|
|
|
done
|
|
|
|
|
2015-01-06 03:50:49 +00:00
|
|
|
test_expect_success POSIXPERM 'info/refs respects umask in unshared repo' '
|
|
|
|
rm -f .git/info/refs &&
|
|
|
|
test_unconfig core.sharedrepository &&
|
|
|
|
umask 002 &&
|
|
|
|
git update-server-info &&
|
|
|
|
echo "-rw-rw-r--" >expect &&
|
2017-06-25 04:34:28 +00:00
|
|
|
test_modebits .git/info/refs >actual &&
|
2015-01-06 03:50:49 +00:00
|
|
|
test_cmp expect actual
|
|
|
|
'
|
|
|
|
|
2009-03-13 21:55:27 +00:00
|
|
|
test_expect_success POSIXPERM 'git reflog expire honors core.sharedRepository' '
|
2015-01-06 03:49:43 +00:00
|
|
|
umask 077 &&
|
2008-06-15 21:37:42 +00:00
|
|
|
git config core.sharedRepository group &&
|
|
|
|
git reflog expire --all &&
|
2020-11-18 23:44:21 +00:00
|
|
|
actual="$(ls -l .git/logs/refs/heads/main)" &&
|
2008-06-15 21:37:42 +00:00
|
|
|
case "$actual" in
|
|
|
|
-rw-rw-*)
|
|
|
|
: happy
|
|
|
|
;;
|
|
|
|
*)
|
2021-05-31 16:56:23 +00:00
|
|
|
echo Ooops, .git/logs/refs/heads/main is not 066x [$actual]
|
2008-06-15 21:37:42 +00:00
|
|
|
false
|
|
|
|
;;
|
|
|
|
esac
|
|
|
|
'
|
|
|
|
|
2009-04-13 00:55:18 +00:00
|
|
|
test_expect_success POSIXPERM 'forced modes' '
|
2022-11-29 13:15:10 +00:00
|
|
|
test_when_finished "rm -rf new" &&
|
2009-03-25 23:19:36 +00:00
|
|
|
mkdir -p templates/hooks &&
|
|
|
|
echo update-server-info >templates/hooks/post-update &&
|
|
|
|
chmod +x templates/hooks/post-update &&
|
|
|
|
echo : >random-file &&
|
|
|
|
mkdir new &&
|
|
|
|
(
|
|
|
|
cd new &&
|
|
|
|
umask 002 &&
|
2022-11-29 13:15:09 +00:00
|
|
|
git init --shared=0660 --template=../templates &&
|
|
|
|
test_path_is_file .git/hooks/post-update &&
|
2009-03-25 23:19:36 +00:00
|
|
|
>frotz &&
|
|
|
|
git add frotz &&
|
|
|
|
git commit -a -m initial &&
|
|
|
|
git repack
|
|
|
|
) &&
|
t1301-shared-repo: fix forced modes test
This test was added recently (5a688fe, "core.sharedrepository = 0mode"
should set, not loosen; 2009-03-28). It checked the result of a sed
invocation for emptyness, but in some cases it forgot to print anything
at all, so that those checks would never be false.
Due to this mistake, it went unnoticed that the files in objects/info are
not necessarily 0440, but can also be 0660. Because the 0mode setting
tries to guarantee that the files are accessible only to the people they
are meant to be used by, we should only make sure that they are readable
by the user and the group when the configuration is set to 0660. It is a
separate matter from the core.shredrepository settings that w-bit from
immutable object files under objects/[0-9a-f][0-9a-f] directories should
be dropped.
COMMIT_EDITMSG is still world-readable, but it (and any transient files
that are meant for repositories with a work tree) does not matter. If you
are working on a shared machine and on a sekrit stuff, the root of the
work tree would be with mode 0700 (or 0750 to allow peeking by other
people in the group), and that would mean that .git/COMMIT_EDITMSG in such
a repository would not be readable by the strangers anyway.
Also, in the real-world use case, .git/COMMIT_EDITMSG will be given to an
arbitrary editor the user happens to use, and we have no guarantee what it
does (e.g. it may create a new file with umask and replace, it may rewrite
in place, it may leave an editor backup file but use umask to create it,
etc.), and the protection of the file lies majorly on the protection of
the root of the work tree.
This test cannot be run on Windows; it requires POSIXPERM when merged to
'master'.
Signed-off-by: Johannes Sixt <j6t@kdbg.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2009-04-12 19:22:02 +00:00
|
|
|
# List repository files meant to be protected; note that
|
|
|
|
# COMMIT_EDITMSG does not matter---0mode is not about a
|
|
|
|
# repository with a work tree.
|
|
|
|
find new/.git -type f -name COMMIT_EDITMSG -prune -o -print |
|
2009-03-25 23:19:36 +00:00
|
|
|
xargs ls -ld >actual &&
|
|
|
|
|
|
|
|
# Everything must be unaccessible to others
|
t1301-shared-repo: fix forced modes test
This test was added recently (5a688fe, "core.sharedrepository = 0mode"
should set, not loosen; 2009-03-28). It checked the result of a sed
invocation for emptyness, but in some cases it forgot to print anything
at all, so that those checks would never be false.
Due to this mistake, it went unnoticed that the files in objects/info are
not necessarily 0440, but can also be 0660. Because the 0mode setting
tries to guarantee that the files are accessible only to the people they
are meant to be used by, we should only make sure that they are readable
by the user and the group when the configuration is set to 0660. It is a
separate matter from the core.shredrepository settings that w-bit from
immutable object files under objects/[0-9a-f][0-9a-f] directories should
be dropped.
COMMIT_EDITMSG is still world-readable, but it (and any transient files
that are meant for repositories with a work tree) does not matter. If you
are working on a shared machine and on a sekrit stuff, the root of the
work tree would be with mode 0700 (or 0750 to allow peeking by other
people in the group), and that would mean that .git/COMMIT_EDITMSG in such
a repository would not be readable by the strangers anyway.
Also, in the real-world use case, .git/COMMIT_EDITMSG will be given to an
arbitrary editor the user happens to use, and we have no guarantee what it
does (e.g. it may create a new file with umask and replace, it may rewrite
in place, it may leave an editor backup file but use umask to create it,
etc.), and the protection of the file lies majorly on the protection of
the root of the work tree.
This test cannot be run on Windows; it requires POSIXPERM when merged to
'master'.
Signed-off-by: Johannes Sixt <j6t@kdbg.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2009-04-12 19:22:02 +00:00
|
|
|
test -z "$(sed -e "/^.......---/d" actual)" &&
|
2009-03-25 23:19:36 +00:00
|
|
|
|
2009-03-31 20:36:00 +00:00
|
|
|
# All directories must have either 2770 or 770
|
|
|
|
test -z "$(sed -n -e "/^drwxrw[sx]---/d" -e "/^d/p" actual)" &&
|
2009-03-25 23:19:36 +00:00
|
|
|
|
|
|
|
# post-update hook must be 0770
|
|
|
|
test -z "$(sed -n -e "/post-update/{
|
|
|
|
/^-rwxrwx---/d
|
|
|
|
p
|
|
|
|
}" actual)" &&
|
|
|
|
|
t1301-shared-repo: fix forced modes test
This test was added recently (5a688fe, "core.sharedrepository = 0mode"
should set, not loosen; 2009-03-28). It checked the result of a sed
invocation for emptyness, but in some cases it forgot to print anything
at all, so that those checks would never be false.
Due to this mistake, it went unnoticed that the files in objects/info are
not necessarily 0440, but can also be 0660. Because the 0mode setting
tries to guarantee that the files are accessible only to the people they
are meant to be used by, we should only make sure that they are readable
by the user and the group when the configuration is set to 0660. It is a
separate matter from the core.shredrepository settings that w-bit from
immutable object files under objects/[0-9a-f][0-9a-f] directories should
be dropped.
COMMIT_EDITMSG is still world-readable, but it (and any transient files
that are meant for repositories with a work tree) does not matter. If you
are working on a shared machine and on a sekrit stuff, the root of the
work tree would be with mode 0700 (or 0750 to allow peeking by other
people in the group), and that would mean that .git/COMMIT_EDITMSG in such
a repository would not be readable by the strangers anyway.
Also, in the real-world use case, .git/COMMIT_EDITMSG will be given to an
arbitrary editor the user happens to use, and we have no guarantee what it
does (e.g. it may create a new file with umask and replace, it may rewrite
in place, it may leave an editor backup file but use umask to create it,
etc.), and the protection of the file lies majorly on the protection of
the root of the work tree.
This test cannot be run on Windows; it requires POSIXPERM when merged to
'master'.
Signed-off-by: Johannes Sixt <j6t@kdbg.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2009-04-12 19:22:02 +00:00
|
|
|
# All files inside objects must be accessible by us
|
2009-03-25 23:19:36 +00:00
|
|
|
test -z "$(sed -n -e "/objects\//{
|
|
|
|
/^d/d
|
t1301-shared-repo: fix forced modes test
This test was added recently (5a688fe, "core.sharedrepository = 0mode"
should set, not loosen; 2009-03-28). It checked the result of a sed
invocation for emptyness, but in some cases it forgot to print anything
at all, so that those checks would never be false.
Due to this mistake, it went unnoticed that the files in objects/info are
not necessarily 0440, but can also be 0660. Because the 0mode setting
tries to guarantee that the files are accessible only to the people they
are meant to be used by, we should only make sure that they are readable
by the user and the group when the configuration is set to 0660. It is a
separate matter from the core.shredrepository settings that w-bit from
immutable object files under objects/[0-9a-f][0-9a-f] directories should
be dropped.
COMMIT_EDITMSG is still world-readable, but it (and any transient files
that are meant for repositories with a work tree) does not matter. If you
are working on a shared machine and on a sekrit stuff, the root of the
work tree would be with mode 0700 (or 0750 to allow peeking by other
people in the group), and that would mean that .git/COMMIT_EDITMSG in such
a repository would not be readable by the strangers anyway.
Also, in the real-world use case, .git/COMMIT_EDITMSG will be given to an
arbitrary editor the user happens to use, and we have no guarantee what it
does (e.g. it may create a new file with umask and replace, it may rewrite
in place, it may leave an editor backup file but use umask to create it,
etc.), and the protection of the file lies majorly on the protection of
the root of the work tree.
This test cannot be run on Windows; it requires POSIXPERM when merged to
'master'.
Signed-off-by: Johannes Sixt <j6t@kdbg.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2009-04-12 19:22:02 +00:00
|
|
|
/^-r.-r.----/d
|
|
|
|
p
|
2009-03-25 23:19:36 +00:00
|
|
|
}" actual)"
|
|
|
|
'
|
|
|
|
|
config: only read .git/config from configured repos
When git_config() runs, it looks in the system, user-wide,
and repo-level config files. It gets the latter by calling
git_pathdup(), which in turn calls get_git_dir(). If we
haven't set up the git repository yet, this may simply
return ".git", and we will look at ".git/config". This
seems like it would be helpful (presumably we haven't set up
the repository yet, so it tries to find it), but it turns
out to be a bad idea for a few reasons:
- it's not sufficient, and therefore hides bugs in a
confusing way. Config will be respected if commands are
run from the top-level of the working tree, but not from
a subdirectory.
- it's not always true that we haven't set up the
repository _yet_; we may not want to do it at all. For
instance, if you run "git init /some/path" from inside
another repository, it should not load config from the
existing repository.
- there might be a path ".git/config", but it is not the
actual repository we would find via setup_git_directory().
This may happen, e.g., if you are storing a git
repository inside another git repository, but have
munged one of the files in such a way that the
inner repository is not valid (e.g., by removing HEAD).
We have at least two bugs of the second type in git-init,
introduced by ae5f677 (lazily load core.sharedrepository,
2016-03-11). It causes init to use git_configset(), which
loads all of the config, including values from the current
repo (if any). This shows up in two ways:
1. If we happen to be in an existing repository directory,
we'll read and respect core.sharedrepository from it,
even though it should have no bearing on the new
repository. A new test in t1301 covers this.
2. Similarly, if we're in an existing repo that sets
core.logallrefupdates, that will cause init to fail to
set it in a newly created repository (because it thinks
that the user's templates already did so). A new test
in t0001 covers this.
We also need to adjust an existing test in t1302, which
gives another example of why this patch is an improvement.
That test creates an embedded repository with a bogus
core.repositoryformatversion of "99". It wants to make sure
that we actually stop at the bogus repo rather than
continuing upward to find the outer repo. So it checks that
"git config core.repositoryformatversion" returns 99. But
that only works because we blindly read ".git/config", even
though we _know_ we're in a repository whose vintage we do
not understand.
After this patch, we avoid reading config from the unknown
vintage repository at all, which is a safer choice. But we
need to tweak the test, since core.repositoryformatversion
will not return 99; it will claim that it could not find the
variable at all.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-09-13 03:24:15 +00:00
|
|
|
test_expect_success POSIXPERM 'remote init does not use config from cwd' '
|
2022-11-29 13:15:10 +00:00
|
|
|
test_when_finished "rm -rf child.git" &&
|
config: only read .git/config from configured repos
When git_config() runs, it looks in the system, user-wide,
and repo-level config files. It gets the latter by calling
git_pathdup(), which in turn calls get_git_dir(). If we
haven't set up the git repository yet, this may simply
return ".git", and we will look at ".git/config". This
seems like it would be helpful (presumably we haven't set up
the repository yet, so it tries to find it), but it turns
out to be a bad idea for a few reasons:
- it's not sufficient, and therefore hides bugs in a
confusing way. Config will be respected if commands are
run from the top-level of the working tree, but not from
a subdirectory.
- it's not always true that we haven't set up the
repository _yet_; we may not want to do it at all. For
instance, if you run "git init /some/path" from inside
another repository, it should not load config from the
existing repository.
- there might be a path ".git/config", but it is not the
actual repository we would find via setup_git_directory().
This may happen, e.g., if you are storing a git
repository inside another git repository, but have
munged one of the files in such a way that the
inner repository is not valid (e.g., by removing HEAD).
We have at least two bugs of the second type in git-init,
introduced by ae5f677 (lazily load core.sharedrepository,
2016-03-11). It causes init to use git_configset(), which
loads all of the config, including values from the current
repo (if any). This shows up in two ways:
1. If we happen to be in an existing repository directory,
we'll read and respect core.sharedrepository from it,
even though it should have no bearing on the new
repository. A new test in t1301 covers this.
2. Similarly, if we're in an existing repo that sets
core.logallrefupdates, that will cause init to fail to
set it in a newly created repository (because it thinks
that the user's templates already did so). A new test
in t0001 covers this.
We also need to adjust an existing test in t1302, which
gives another example of why this patch is an improvement.
That test creates an embedded repository with a bogus
core.repositoryformatversion of "99". It wants to make sure
that we actually stop at the bogus repo rather than
continuing upward to find the outer repo. So it checks that
"git config core.repositoryformatversion" returns 99. But
that only works because we blindly read ".git/config", even
though we _know_ we're in a repository whose vintage we do
not understand.
After this patch, we avoid reading config from the unknown
vintage repository at all, which is a safer choice. But we
need to tweak the test, since core.repositoryformatversion
will not return 99; it will claim that it could not find the
variable at all.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-09-13 03:24:15 +00:00
|
|
|
git config core.sharedrepository 0666 &&
|
|
|
|
umask 0022 &&
|
|
|
|
git init --bare child.git &&
|
|
|
|
echo "-rw-r--r--" >expect &&
|
2017-06-25 04:34:28 +00:00
|
|
|
test_modebits child.git/config >actual &&
|
config: only read .git/config from configured repos
When git_config() runs, it looks in the system, user-wide,
and repo-level config files. It gets the latter by calling
git_pathdup(), which in turn calls get_git_dir(). If we
haven't set up the git repository yet, this may simply
return ".git", and we will look at ".git/config". This
seems like it would be helpful (presumably we haven't set up
the repository yet, so it tries to find it), but it turns
out to be a bad idea for a few reasons:
- it's not sufficient, and therefore hides bugs in a
confusing way. Config will be respected if commands are
run from the top-level of the working tree, but not from
a subdirectory.
- it's not always true that we haven't set up the
repository _yet_; we may not want to do it at all. For
instance, if you run "git init /some/path" from inside
another repository, it should not load config from the
existing repository.
- there might be a path ".git/config", but it is not the
actual repository we would find via setup_git_directory().
This may happen, e.g., if you are storing a git
repository inside another git repository, but have
munged one of the files in such a way that the
inner repository is not valid (e.g., by removing HEAD).
We have at least two bugs of the second type in git-init,
introduced by ae5f677 (lazily load core.sharedrepository,
2016-03-11). It causes init to use git_configset(), which
loads all of the config, including values from the current
repo (if any). This shows up in two ways:
1. If we happen to be in an existing repository directory,
we'll read and respect core.sharedrepository from it,
even though it should have no bearing on the new
repository. A new test in t1301 covers this.
2. Similarly, if we're in an existing repo that sets
core.logallrefupdates, that will cause init to fail to
set it in a newly created repository (because it thinks
that the user's templates already did so). A new test
in t0001 covers this.
We also need to adjust an existing test in t1302, which
gives another example of why this patch is an improvement.
That test creates an embedded repository with a bogus
core.repositoryformatversion of "99". It wants to make sure
that we actually stop at the bogus repo rather than
continuing upward to find the outer repo. So it checks that
"git config core.repositoryformatversion" returns 99. But
that only works because we blindly read ".git/config", even
though we _know_ we're in a repository whose vintage we do
not understand.
After this patch, we avoid reading config from the unknown
vintage repository at all, which is a safer choice. But we
need to tweak the test, since core.repositoryformatversion
will not return 99; it will claim that it could not find the
variable at all.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-09-13 03:24:15 +00:00
|
|
|
test_cmp expect actual
|
|
|
|
'
|
|
|
|
|
2016-09-13 03:24:23 +00:00
|
|
|
test_expect_success POSIXPERM 're-init respects core.sharedrepository (local)' '
|
|
|
|
git config core.sharedrepository 0666 &&
|
|
|
|
umask 0022 &&
|
|
|
|
echo whatever >templates/foo &&
|
|
|
|
git init --template=templates &&
|
|
|
|
echo "-rw-rw-rw-" >expect &&
|
2017-06-25 04:34:28 +00:00
|
|
|
test_modebits .git/foo >actual &&
|
2016-09-13 03:24:23 +00:00
|
|
|
test_cmp expect actual
|
|
|
|
'
|
|
|
|
|
|
|
|
test_expect_success POSIXPERM 're-init respects core.sharedrepository (remote)' '
|
2022-11-29 13:15:10 +00:00
|
|
|
test_when_finished "rm -rf child.git" &&
|
2016-09-13 03:24:23 +00:00
|
|
|
umask 0022 &&
|
|
|
|
git init --bare --shared=0666 child.git &&
|
|
|
|
test_path_is_missing child.git/foo &&
|
2019-05-10 10:46:57 +00:00
|
|
|
git init --bare --template=templates child.git &&
|
2016-09-13 03:24:23 +00:00
|
|
|
echo "-rw-rw-rw-" >expect &&
|
2017-06-25 04:34:28 +00:00
|
|
|
test_modebits child.git/foo >actual &&
|
2016-09-13 03:24:23 +00:00
|
|
|
test_cmp expect actual
|
|
|
|
'
|
|
|
|
|
|
|
|
test_expect_success POSIXPERM 'template can set core.sharedrepository' '
|
2022-11-29 13:15:10 +00:00
|
|
|
test_when_finished "rm -rf child.git" &&
|
2016-09-13 03:24:23 +00:00
|
|
|
umask 0022 &&
|
|
|
|
git config core.sharedrepository 0666 &&
|
|
|
|
cp .git/config templates/config &&
|
2019-05-10 10:46:57 +00:00
|
|
|
git init --bare --template=templates child.git &&
|
2016-09-13 03:24:23 +00:00
|
|
|
echo "-rw-rw-rw-" >expect &&
|
2017-06-25 04:34:28 +00:00
|
|
|
test_modebits child.git/HEAD >actual &&
|
2016-09-13 03:24:23 +00:00
|
|
|
test_cmp expect actual
|
|
|
|
'
|
|
|
|
|
2007-07-11 14:18:17 +00:00
|
|
|
test_done
|