Use git_mkstemp_mode instead of plain mkstemp to create object files

moy · gitster · commit 5256b006312e · 2010-02-22T15:24:46.000-08:00
We used to unnecessarily give the read permission to group and others,
regardless of the umask, which isn't serious because the objects are
still protected by their containing directory, but isn't necessary
either.

Signed-off-by: Matthieu Moy &lt;Matthieu.Moy@imag.fr&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
diff --git a/sha1_file.c b/sha1_file.c
@@ -2206,7 +2206,7 @@ int move_temp_to_file(const char *tmpfile, const char *filename)
 	}
 
 out:
-	if (set_shared_perm(filename, (S_IFREG|0444)))
+	if (adjust_shared_perm(filename))
 		return error("unable to set permission to '%s'", filename);
 	return 0;
 }
@@ -2262,7 +2262,7 @@ static int create_tmpfile(char *buffer, size_t bufsiz, const char *filename)
 	}
 	memcpy(buffer, filename, dirlen);
 	strcpy(buffer + dirlen, "tmp_obj_XXXXXX");
-	fd = mkstemp(buffer);
+	fd = git_mkstemp_mode(buffer, 0444);
 	if (fd < 0 && dirlen && errno == ENOENT) {
 		/* Make sure the directory exists */
 		memcpy(buffer, filename, dirlen);
@@ -2272,7 +2272,7 @@ static int create_tmpfile(char *buffer, size_t bufsiz, const char *filename)
 
 		/* Try again */
 		strcpy(buffer + dirlen - 1, "/tmp_obj_XXXXXX");
-		fd = mkstemp(buffer);
+		fd = git_mkstemp_mode(buffer, 0444);
 	}
 	return fd;
 }
diff --git a/t/t1304-default-acl.sh b/t/t1304-default-acl.sh
@@ -54,7 +54,7 @@ test_expect_success 'Setup test repo' '
 	git commit -m "init"
 '
 
-test_expect_failure 'Objects creation does not break ACLs with restrictive umask' '
+test_expect_success 'Objects creation does not break ACLs with restrictive umask' '
 	# SHA1 for empty blob
 	check_perms_and_acl .git/objects/e6/9de29bb2d1d6434b8b29ae775ad8c2e48c5391
 '

Original file line number	Diff line number	Diff line change
`@@ -2206,7 +2206,7 @@ int move_temp_to_file(const char tmpfile, const char filename)`
`2206`	`2206`	`}`
`2207`	`2207`
`2208`	`2208`	`out:`
`2209`		`- if (set_shared_perm(filename, (S_IFREG\|0444)))`
	`2209`	`+ if (adjust_shared_perm(filename))`
`2210`	`2210`	`return error("unable to set permission to '%s'", filename);`
`2211`	`2211`	`return 0;`
`2212`	`2212`	`}`
`@@ -2262,7 +2262,7 @@ static int create_tmpfile(char buffer, size_t bufsiz, const char filename)`
`2262`	`2262`	`}`
`2263`	`2263`	`memcpy(buffer, filename, dirlen);`
`2264`	`2264`	`strcpy(buffer + dirlen, "tmp_obj_XXXXXX");`
`2265`		`- fd = mkstemp(buffer);`
	`2265`	`+ fd = git_mkstemp_mode(buffer, 0444);`
`2266`	`2266`	`if (fd < 0 && dirlen && errno == ENOENT) {`
`2267`	`2267`	`/* Make sure the directory exists */`
`2268`	`2268`	`memcpy(buffer, filename, dirlen);`
`@@ -2272,7 +2272,7 @@ static int create_tmpfile(char buffer, size_t bufsiz, const char filename)`
`2272`	`2272`
`2273`	`2273`	`/* Try again */`
`2274`	`2274`	`strcpy(buffer + dirlen - 1, "/tmp_obj_XXXXXX");`
`2275`		`- fd = mkstemp(buffer);`
	`2275`	`+ fd = git_mkstemp_mode(buffer, 0444);`
`2276`	`2276`	`}`
`2277`	`2277`	`return fd;`
`2278`	`2278`	`}`
Original file line number	Diff line number	Diff line change
`@@ -54,7 +54,7 @@ test_expect_success 'Setup test repo' '`
`54`	`54`	`git commit -m "init"`
`55`	`55`	`'`
`56`	`56`
`57`		`-test_expect_failure 'Objects creation does not break ACLs with restrictive umask' '`
	`57`	`+test_expect_success 'Objects creation does not break ACLs with restrictive umask' '`
`58`	`58`	`# SHA1 for empty blob`
`59`	`59`	`check_perms_and_acl .git/objects/e6/9de29bb2d1d6434b8b29ae775ad8c2e48c5391`
`60`	`60`	`'`