From d79482cba6b7be41c20a4661f51ff25f00c5722c Mon Sep 17 00:00:00 2001 From: "jrayhawk+piny.be@omgwallhack.org" Date: Sun, 12 Jun 2011 23:43:20 -0700 Subject: Adding distinction between immutable and normal git file permissions --- libpiny/lib/Piny/Repo.pm | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) (limited to 'libpiny/lib/Piny/Repo.pm') diff --git a/libpiny/lib/Piny/Repo.pm b/libpiny/lib/Piny/Repo.pm index fea6846..f0299c8 100644 --- a/libpiny/lib/Piny/Repo.pm +++ b/libpiny/lib/Piny/Repo.pm @@ -240,6 +240,7 @@ sub rebuild_git { my ( $s ) = @_; my $dirperm; + my $immutablefileperm; my $fileperm; unless( getgrnam("git-" . $s->shortname ) ) { @@ -261,15 +262,19 @@ sub rebuild_git { if ( $s->config->core_sharedrepository eq "0666" ) { $dirperm = "2777"; - $fileperm = "0644"; + $immutablefileperm = "0644"; + $fileperm = "0666"; } elsif ( $s->config->core_sharedrepository =~ /^(0664|all|everybody|world)$/ ) { $dirperm = "2775"; - $fileperm = "0644"; + $immutablefileperm = "0644"; + $fileperm = "0664"; } elsif ( $s->config->core_sharedrepository =~ /^(0660|true|1|group)$/ ) { $dirperm = "2770"; - $fileperm = "0640"; + $immutablefileperm = "0640"; + $fileperm = "0660"; } elsif ( $s->config->core_sharedrepository =~ /^(0640|false|0)$/ ) { $dirperm = "2750"; + $immutablefileperm = "0640"; $fileperm = "0640"; } else { die $s->config->core_sharedrepository . "is an unhandled value!" @@ -277,7 +282,8 @@ sub rebuild_git { # FIXME: we should verify we are not breaking someone else's object hardlinks with these chmod or chown operations system( "/usr/bin/find " . $s->path . "/refs " . $s->path . "/info " . $s->path . "/branches " . $s->path . "/objects " . $s->path . "/logs " . $s->path . "/HEAD " . $s->path . "/packed-refs -type d -print0 | /usr/bin/xargs -0 /bin/chmod $dirperm" ) and die "Could not chmod shared git resources!"; - system( "/usr/bin/find " . $s->path . "/refs " . $s->path . "/info " . $s->path . "/branches " . $s->path . "/objects " . $s->path . "/logs " . $s->path . "/HEAD " . $s->path . "/packed-refs -type f -print0 | /usr/bin/xargs -0 /bin/chmod $fileperm" ) and die "Could not chmod shared git resources!"; # most files are either immutable or replaced at link level + system( "/usr/bin/find " . $s->path . "/objects " . "-type f -print0 | /usr/bin/xargs -0 /bin/chmod $immutablefileperm" ) and die "Could not chmod shared git resources!"; # most files are either immutable or replaced at link level + system( "/usr/bin/find " . $s->path . "/refs " . $s->path . "/info " . $s->path . "/branches " . $s->path . "/logs " . $s->path . "/HEAD " . $s->path . "/packed-refs -type f -print0 | /usr/bin/xargs -0 /bin/chmod $fileperm" ) and die "Could not chmod shared git resources!"; # most files are either immutable or replaced at link level system( "/usr/bin/find " . $s->path . "/refs " . $s->path . "/info " . $s->path . "/branches " . $s->path . "/objects " . $s->path . "/logs " . $s->path . "/HEAD " . $s->path . "/packed-refs -print0 | /usr/bin/xargs -0 /bin/chgrp " . $s->group->name ) and die "Could not chgrp shared git resources!"; $ENV{"GIT_DIR"} = $s->path; -- cgit v1.2.3