]> git.ipfire.org Git - thirdparty/git.git/blob - t/t1304-default-acl.sh
clone: allow "--bare" with "-o"
[thirdparty/git.git] / t / t1304-default-acl.sh
1 #!/bin/sh
2 #
3 # Copyright (c) 2010 Matthieu Moy
4 #
5
6 test_description='Test repository with default ACL'
7
8 # Create the test repo with restrictive umask
9 # => this must come before . ./test-lib.sh
10 umask 077
11
12 . ./test-lib.sh
13
14 # We need an arbitrary other user give permission to using ACLs. root
15 # is a good candidate: exists on all unices, and it has permission
16 # anyway, so we don't create a security hole running the testsuite.
17 test_expect_success 'checking for a working acl setup' '
18 if setfacl -m d:m:rwx -m u:root:rwx . &&
19 getfacl . | grep user:root:rwx &&
20 touch should-have-readable-acl &&
21 getfacl should-have-readable-acl | egrep "mask::?rw-"
22 then
23 test_set_prereq SETFACL
24 fi
25 '
26
27 if test -z "$LOGNAME"
28 then
29 LOGNAME="${USER:-$(id -u -n)}"
30 fi
31
32 check_perms_and_acl () {
33 test -r "$1" &&
34 getfacl "$1" > actual &&
35 grep -q "user:root:rwx" actual &&
36 grep -q "user:${LOGNAME}:rwx" actual &&
37 egrep "mask::?r--" actual > /dev/null 2>&1 &&
38 grep -q "group::---" actual || false
39 }
40
41 dirs_to_set="./ .git/ .git/objects/ .git/objects/pack/"
42
43 test_expect_success SETFACL 'Setup test repo' '
44 setfacl -m d:u::rwx,d:g::---,d:o:---,d:m:rwx $dirs_to_set &&
45 setfacl -m m:rwx $dirs_to_set &&
46 setfacl -m u:root:rwx $dirs_to_set &&
47 setfacl -m d:u:"$LOGNAME":rwx $dirs_to_set &&
48 setfacl -m d:u:root:rwx $dirs_to_set &&
49
50 touch file.txt &&
51 git add file.txt &&
52 git commit -m "init"
53 '
54
55 test_expect_success SETFACL 'Objects creation does not break ACLs with restrictive umask' '
56 # SHA1 for empty blob
57 check_perms_and_acl .git/objects/$(echo $EMPTY_BLOB | sed -e "s,^\(..\),\1/,")
58 '
59
60 test_expect_success SETFACL 'git gc does not break ACLs with restrictive umask' '
61 git gc &&
62 check_perms_and_acl .git/objects/pack/*.pack
63 '
64
65 test_done