1#!/bin/sh 2# 3# Copyright (c) 2010 Matthieu Moy 4# 5 6test_description='Test repository with default ACL' 7 8# Create the test repo with restrictive umask 9# => this must come before . ./test-lib.sh 10umask 077 11 12. ./test-lib.sh 13 14# We need an arbitrary other user give permission to using ACLs. root 15# is a good candidate: exists on all unices, and it has permission 16# anyway, so we don't create a security hole running the testsuite. 17test_expect_success 'checking for a working acl setup' ' 18 if setfacl -m d:m:rwx -m u:root:rwx . && 19 getfacl . | grep user:root:rwx && 20 touch should-have-readable-acl && 21 getfacl should-have-readable-acl | egrep "mask::?rw-" 22 then 23 test_set_prereq SETFACL 24 fi 25' 26 27if test -z "$LOGNAME" 28then 29 LOGNAME="${USER:-$(id -u -n)}" 30fi 31 32check_perms_and_acl () { 33 test -r "$1" && 34 getfacl "$1" > actual && 35 grep -q "user:root:rwx" actual && 36 grep -q "user:${LOGNAME}:rwx" actual && 37 egrep "mask::?r--" actual > /dev/null 2>&1 && 38 grep -q "group::---" actual || false 39} 40 41dirs_to_set="./ .git/ .git/objects/ .git/objects/pack/" 42 43test_expect_success SETFACL 'Setup test repo' ' 44 setfacl -m d:u::rwx,d:g::---,d:o:---,d:m:rwx $dirs_to_set && 45 setfacl -m m:rwx $dirs_to_set && 46 setfacl -m u:root:rwx $dirs_to_set && 47 setfacl -m d:u:"$LOGNAME":rwx $dirs_to_set && 48 setfacl -m d:u:root:rwx $dirs_to_set && 49 50 touch file.txt && 51 git add file.txt && 52 git commit -m "init" 53' 54 55test_expect_success SETFACL 'Objects creation does not break ACLs with restrictive umask' ' 56 # SHA1 for empty blob 57 check_perms_and_acl .git/objects/$(echo $EMPTY_BLOB | sed -e "s,^\(..\),\1/,") 58' 59 60test_expect_success SETFACL 'git gc does not break ACLs with restrictive umask' ' 61 git gc && 62 check_perms_and_acl .git/objects/pack/*.pack 63' 64 65test_done 66