Rafal Rusin <rafal.rusin@xxxxxxxxx> writes:
> As for detecting this particular case, I think it's not possible.
Why not?
> I think the best solution is to add repository config switch like
> 'usefilepermissions' true by default. If set to false, git would skip
> chmod during push.
> Does that make sense to you?
Not at all. That is like creating an "allow broken behaviour" option and
hoping for the best.
You shouldn't have to invent such a configuration variable to begin with,
as "let umask set whatever permission and leave it be" should already be
the case for !core.sharedrepository. There is something wrong in your
set up and you need to get to the bottom of it, instead of coming up with
an even worse breakage as a unworkable workaround.
There are some things I noticed while looking at the codepaths that are
involved.
move_temp_to_file() is designed to move a temporary file that was created
by odb_mkstemp(). As the latter eventually uses mkstemp(), some
implementations of which ignore umask and create a file that is readable
only by the user, move_temp_to_file() must loosen the permission, even in
a private repository that honors umask (i.e. not in a shared repository)..
Side note. The creation of the temporary files in http.c that are
given to move_temp_to_file() is not quite correct; they are created by
fopen() without proper locking with mkstemp(). But that is a separate
issue.
But the codepath tries to loosen it a bit too much. Even if user's umask
is 077, files created in this codepath end up with world-readable because
we pretend that lstat() on the file returned 0444 (that is what a non-zero
value given as the second parameter to set_shared_perm() means). We
should tighten it perhaps like the attached patch does.
In case it is not obvious, this patch is _not_ meant to help you work
around the chmod() failure you are seeing on your filesystem. You need to
first see _why_ it fails for you, in order to come closer to the real
solution.
-- >8 --
Subject: [PATCH] move_temp_to_file(): don't loosen permission too much
We always feed 0444 as the second parameter to set_shared_perm() when
finalizing a temporary file we created using mkstemp(), as some versions
of glibc creates a temporary file with too tight a permission, ignoring
the user's umask. As the second parameter tells set_shared_perm() to
pretend that it is the permission bits the file currently has (i.e. what
should have been set by the user's umask), we should make it just as
restrictive as user's umask suggests.
---
sha1_file.c | 19 ++++++++++++++++---
1 files changed, 16 insertions(+), 3 deletions(-)
diff --git a/sha1_file.c b/sha1_file.c
index 63981fb..f0b8969 100644
--- a/sha1_file.c
+++ b/sha1_file.c
@@ -2233,6 +2233,21 @@ static void write_sha1_file_prepare(const void *buf, unsigned long len,
git_SHA1_Final(sha1, &c);
}
+static int fix_tempfile_mode(const char *filename)
+{
+ static mode_t user_mode;
+
+ if (!user_mode) {
+ user_mode = umask(0);
+ umask(user_mode);
+ user_mode = S_IFREG | ((user_mode ^ 0777) & 0666);
+ }
+
+ if (!set_shared_perm(filename, user_mode))
+ return 0;
+ return error("unable to set permission to '%s'", filename);
+}
+
/*
* Move the just written object into its final resting place.
* NEEDSWORK: this should be renamed to finalize_temp_file() as
@@ -2274,9 +2289,7 @@ int move_temp_to_file(const char *tmpfile, const char *filename)
}
out:
- if (set_shared_perm(filename, (S_IFREG|0444)))
- return error("unable to set permission to '%s'", filename);
- return 0;
+ return fix_tempfile_mode(filename);
}
static int write_buffer(int fd, const void *buf, size_t len)
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html