Loose objects and pack files are normally created with mode 0444, but in a
repository that uses core.restrictedRepository to restrict file modes, we
further limit permissions on loose objects and pack files, according to the
restrictedRepository setting.
Signed-off-by: Johan Herland <johan@xxxxxxxxxxx>
---
cache.h | 1 +
fast-import.c | 4 ++--
http-push.c | 2 +-
http-walker.c | 2 +-
index-pack.c | 4 ++--
sha1_file.c | 2 +-
6 files changed, 8 insertions(+), 7 deletions(-)
diff --git a/cache.h b/cache.h
index 4730f33..82e562b 100644
--- a/cache.h
+++ b/cache.h
@@ -509,6 +509,7 @@ extern int log_all_ref_updates;
extern int warn_ambiguous_refs;
extern int shared_repository;
extern int restricted_repository;
+#define PERM_SHA1_FILE (0444 & ~restricted_repository)
extern const char *apply_default_whitespace;
extern int zlib_compression_level;
extern int core_compression_level;
diff --git a/fast-import.c b/fast-import.c
index beeac0d..feafe6f 100644
--- a/fast-import.c
+++ b/fast-import.c
@@ -902,8 +902,8 @@ static char *keep_pack(char *curr_index_name)
static const char *keep_msg = "fast-import";
int keep_fd;
- chmod(pack_data->pack_name, 0444);
- chmod(curr_index_name, 0444);
+ chmod(pack_data->pack_name, PERM_SHA1_FILE);
+ chmod(curr_index_name, PERM_SHA1_FILE);
keep_fd = odb_pack_keep(name, sizeof(name), pack_data->sha1);
if (keep_fd < 0)
diff --git a/http-push.c b/http-push.c
index 6ce5a1d..e33044f 100644
--- a/http-push.c
+++ b/http-push.c
@@ -748,7 +748,7 @@ static void finish_request(struct transfer_request *request)
aborted = 1;
}
} else if (request->state == RUN_FETCH_LOOSE) {
- fchmod(request->local_fileno, 0444);
+ fchmod(request->local_fileno, PERM_SHA1_FILE);
close(request->local_fileno); request->local_fileno = -1;
if (request->curl_result != CURLE_OK &&
diff --git a/http-walker.c b/http-walker.c
index 0dbad3c..a0dd5d2 100644
--- a/http-walker.c
+++ b/http-walker.c
@@ -231,7 +231,7 @@ static void finish_object_request(struct object_request *obj_req)
{
struct stat st;
- fchmod(obj_req->local, 0444);
+ fchmod(obj_req->local, PERM_SHA1_FILE);
close(obj_req->local); obj_req->local = -1;
if (obj_req->http_code == 416) {
diff --git a/index-pack.c b/index-pack.c
index 7546822..c82e60a 100644
--- a/index-pack.c
+++ b/index-pack.c
@@ -825,7 +825,7 @@ static void final(const char *final_pack_name, const char *curr_pack_name,
die("cannot store pack file");
}
if (from_stdin)
- chmod(final_pack_name, 0444);
+ chmod(final_pack_name, PERM_SHA1_FILE);
if (final_index_name != curr_index_name) {
if (!final_index_name) {
@@ -836,7 +836,7 @@ static void final(const char *final_pack_name, const char *curr_pack_name,
if (move_temp_to_file(curr_index_name, final_index_name))
die("cannot store index file");
}
- chmod(final_index_name, 0444);
+ chmod(final_index_name, PERM_SHA1_FILE);
if (!from_stdin) {
printf("%s\n", sha1_to_hex(sha1));
diff --git a/sha1_file.c b/sha1_file.c
index a354f06..ad63fe1 100644
--- a/sha1_file.c
+++ b/sha1_file.c
@@ -2272,7 +2272,7 @@ static void close_sha1_file(int fd)
{
if (fsync_object_files)
fsync_or_die(fd, "sha1 file");
- fchmod(fd, 0444);
+ fchmod(fd, PERM_SHA1_FILE);
if (close(fd) != 0)
die("unable to write sha1 file");
}
--
1.6.2.1.473.g92672
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
