From: Johan Herland <johan@herland.net>
To: git@vger.kernel.org
Cc: Junio C Hamano <gitster@pobox.com>
Subject: [PATCH/RFC 5/7] Add tests for "core.restrictedRepository" and "git init --restricted"
Date: Wed, 25 Mar 2009 22:40:43 +0100 [thread overview]
Message-ID: <200903252240.44049.johan@herland.net> (raw)
In-Reply-To: <200903252236.03010.johan@herland.net>
These tests are based on - and analogous to - the existing tests for
"core.sharedRepository" and "git init --shared"
Signed-off-by: Johan Herland <johan@herland.net>
---
t/t0001-init.sh | 24 +++++++-
t/t1304-restricted-repo.sh | 132 ++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 153 insertions(+), 3 deletions(-)
create mode 100755 t/t1304-restricted-repo.sh
diff --git a/t/t0001-init.sh b/t/t0001-init.sh
index 5ac0a27..639a88d 100755
--- a/t/t0001-init.sh
+++ b/t/t0001-init.sh
@@ -167,7 +167,7 @@ test_expect_success 'init with --template (blank)' '
! test -f template-blank/.git/info/exclude
'
-test_expect_success 'init --bare/--shared overrides system/global config' '
+test_expect_success 'init --bare/--shared/--restricted overrides system/global config' '
(
HOME="`pwd`" &&
export HOME &&
@@ -175,13 +175,16 @@ test_expect_success 'init --bare/--shared overrides system/global config' '
unset GIT_CONFIG_NOGLOBAL &&
git config -f "$test_config" core.bare false &&
git config -f "$test_config" core.sharedRepository 0640 &&
+ git config -f "$test_config" core.restrictedRepository 0027 &&
mkdir init-bare-shared-override &&
cd init-bare-shared-override &&
- git init --bare --shared=0666
+ git init --bare --shared=0644 --restricted=0022
) &&
check_config init-bare-shared-override true unset &&
- test x0666 = \
+ test x0644 = \
x`git config -f init-bare-shared-override/config core.sharedRepository`
+ test x0022 = \
+ x`git config -f init-bare-shared-override/config core.restrictedRepository`
'
test_expect_success 'init honors global core.sharedRepository' '
@@ -199,4 +202,19 @@ test_expect_success 'init honors global core.sharedRepository' '
x`git config -f shared-honor-global/.git/config core.sharedRepository`
'
+test_expect_success 'init honors global core.restrictedRepository' '
+ (
+ HOME="`pwd`" &&
+ export HOME &&
+ test_config="$HOME"/.gitconfig &&
+ unset GIT_CONFIG_NOGLOBAL &&
+ git config -f "$test_config" core.restrictedRepository 0077 &&
+ mkdir restricted-honor-global &&
+ cd restricted-honor-global &&
+ git init
+ ) &&
+ test x0077 = \
+ x`git config -f restricted-honor-global/.git/config core.restrictedRepository`
+'
+
test_done
diff --git a/t/t1304-restricted-repo.sh b/t/t1304-restricted-repo.sh
new file mode 100755
index 0000000..012cdf1
--- /dev/null
+++ b/t/t1304-restricted-repo.sh
@@ -0,0 +1,132 @@
+#!/bin/sh
+#
+# Copied and modified from t1301-shared-repo.sh
+#
+
+test_description='Test restricted repository initialization'
+
+. ./test-lib.sh
+
+# Remove a default ACL from the test dir if possible.
+setfacl -k . 2>/dev/null
+
+# User must have r/w permissions to the repo -> failure on --restricted=0600
+test_expect_success 'restricted = 0600 (faulty permission u-rw)' '
+ mkdir sub && (
+ cd sub && git init --restricted=0600
+ )
+ ret="$?"
+ rm -rf sub
+ test $ret != "0"
+'
+
+modebits () {
+ ls -l "$1" | sed -e 's|^\(..........\).*|\1|'
+}
+
+for u in 0007 0077
+do
+ test_expect_success POSIXPERM "restricted=group does not clear bits preset by umask $u" '
+ mkdir sub && (
+ cd sub &&
+ umask $u &&
+ git init --restricted=group &&
+ test "0007" = "$(git config core.restrictedrepository)"
+ ) &&
+ actual=$(ls -l sub/.git/HEAD)
+ case "$u$actual" in
+ 0007-rw-rw----*)
+ : happy
+ ;;
+ 0077-rw-------*)
+ : happy
+ ;;
+ *)
+ echo Oops, .git/HEAD is not 06x0 but $actual
+ false
+ ;;
+ esac
+ '
+ rm -rf sub
+done
+
+test_expect_success 'restricted=user' '
+ mkdir sub &&
+ cd sub &&
+ git init --restricted=user &&
+ test "0077" = "$(git config core.restrictedrepository)"
+'
+
+test_expect_success POSIXPERM 'update-server-info honors core.restrictedRepository' '
+ : > a1 &&
+ git add a1 &&
+ test_tick &&
+ git commit -m a1 &&
+ umask 0277 &&
+ git update-server-info &&
+ actual="$(ls -l .git/info/refs)" &&
+ case "$actual" in
+ -r--------*)
+ : happy
+ ;;
+ *)
+ echo Oops, .git/info/refs is not 0400
+ false
+ ;;
+ esac
+'
+
+for u in 0000:rw-rw-rw- \
+ 0002:rw-rw-r-- \
+ 0007:rw-rw---- \
+ 0027:rw-r----- \
+ 0077:rw-------
+do
+ x=$(expr "$u" : ".*:\([rw-]*\)") &&
+ y=$(echo "$x" | sed -e "s/w/-/g") &&
+ u=$(expr "$u" : "\([0-7]*\)"); test $? -le 1 &&
+ git config core.restrictedrepository "$u" &&
+ umask 0222 &&
+ test_expect_success POSIXPERM "shared = $u ($y) ro" '
+
+ rm -f .git/info/refs &&
+ git update-server-info &&
+ actual="$(modebits .git/info/refs)" &&
+ test "x$actual" = "x-$y" || {
+ ls -lt .git/info
+ false
+ }
+ '
+
+ umask 0000 &&
+ test_expect_success POSIXPERM "shared = $u ($x) rw" '
+
+ rm -f .git/info/refs &&
+ git update-server-info &&
+ actual="$(modebits .git/info/refs)" &&
+ test "x$actual" = "x-$x" || {
+ ls -lt .git/info
+ false
+ }
+
+ '
+
+done
+
+test_expect_success POSIXPERM 'git reflog expire honors core.restrictedRepository' '
+ umask 0000
+ git config core.restrictedRepository group &&
+ git reflog expire --all &&
+ actual="$(ls -l .git/logs/refs/heads/master)" &&
+ case "$actual" in
+ -rw-rw----*)
+ : happy
+ ;;
+ *)
+ echo Ooops, .git/logs/refs/heads/master is not 0660 [$actual]
+ false
+ ;;
+ esac
+'
+
+test_done
--
1.6.2.1.473.g92672
next prev parent reply other threads:[~2009-03-25 21:42 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-03-25 0:05 [BUG?] How to make a shared/restricted repo? Johan Herland
2009-03-25 0:26 ` Brandon Casey
2009-03-25 0:45 ` Johan Herland
2009-03-25 0:49 ` Junio C Hamano
2009-03-25 0:46 ` Junio C Hamano
2009-03-25 2:11 ` Johan Herland
2009-03-25 2:24 ` Junio C Hamano
2009-03-25 21:36 ` [PATCH/RFC 0/7] Restricting repository access (Was: [BUG?] How to make a shared/restricted repo?) Johan Herland
2009-03-25 21:37 ` [PATCH/RFC 1/7] Clarify documentation on permissions in shared repositories Johan Herland
2009-03-25 21:38 ` [PATCH/RFC 2/7] Cleanup: Remove unnecessary if-else clause Johan Herland
2009-03-25 21:39 ` [PATCH/RFC 3/7] Introduce core.restrictedRepository for restricting repository permissions Johan Herland
2009-03-25 21:39 ` [PATCH/RFC 4/7] git-init: Introduce --restricted for restricting repository access Johan Herland
2009-03-25 21:40 ` Johan Herland [this message]
2009-03-25 21:41 ` [PATCH/RFC 6/7] git-init: Apply correct mode bits to template files in shared/restricted repo Johan Herland
2009-03-25 21:42 ` [PATCH/RFC 7/7] Apply restricted permissions to loose objects and pack files Johan Herland
2009-03-25 23:19 ` [BUG?] How to make a shared/restricted repo? Junio C Hamano
2009-03-26 0:22 ` Johan Herland
2009-03-26 7:23 ` Junio C Hamano
2009-03-26 8:29 ` Johan Herland
2009-03-26 8:41 ` Johannes Sixt
2009-03-26 9:44 ` Johan Herland
2009-03-26 9:58 ` Johannes Sixt
2009-03-26 15:02 ` [PATCH 0/2] chmod cleanup (Was: [BUG?] How to make a shared/restricted repo?) Johan Herland
2009-03-26 15:16 ` [PATCH 1/2] Move chmod(foo, 0444) into move_temp_to_file() Johan Herland
2009-03-28 6:14 ` Junio C Hamano
2009-03-28 10:48 ` Johan Herland
2009-03-26 15:17 ` [PATCH 2/2] Resolve double chmod() in move_temp_to_file() Johan Herland
2009-03-28 6:21 ` Junio C Hamano
2009-03-28 11:01 ` Johan Herland
2009-03-29 20:31 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200903252240.44049.johan@herland.net \
--to=johan@herland.net \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).