From: Eric Wong <e@80x24.org>
To: meta@public-inbox.org
Subject: [PATCH 27/28] cindex: respect existing permissions
Date: Tue, 21 Mar 2023 23:07:42 +0000 [thread overview]
Message-ID: <20230321230743.3020032-27-e@80x24.org> (raw)
In-Reply-To: <20230321230743.3020032-1-e@80x24.org>
For internal ($GIT_DIR/public-inbox-cindex) Xapian DBs, we can
rely on core.sharedRepository. For external ones, we'll just
rely on existing permissions if the directory already exists.
---
lib/PublicInbox/CodeSearchIdx.pm | 29 ++++++++++++++++++++++++++++-
t/cindex.t | 22 +++++++++++++++++++---
2 files changed, 47 insertions(+), 4 deletions(-)
diff --git a/lib/PublicInbox/CodeSearchIdx.pm b/lib/PublicInbox/CodeSearchIdx.pm
index 21c43973..704baa9c 100644
--- a/lib/PublicInbox/CodeSearchIdx.pm
+++ b/lib/PublicInbox/CodeSearchIdx.pm
@@ -710,8 +710,35 @@ sub init_tmp_git_dir ($) {
$TMP_GIT->{-tmp} = $tmp;
}
+sub prep_umask ($) {
+ my ($self) = @_;
+ my $um;
+ my $cur = umask;
+ if ($self->{-internal}) { # respect core.sharedRepository
+ @{$self->{git_dirs}} == 1 or die 'BUG: only for GIT_DIR';
+ # yuck, FIXME move umask handling out of inbox-specific stuff
+ require PublicInbox::InboxWritable;
+ my $git = PublicInbox::Git->new($self->{git_dirs}->[0]);
+ chomp($um = $git->qx('config', 'core.sharedRepository') // '');
+ $um = PublicInbox::InboxWritable::_git_config_perm(undef, $um);
+ $um = PublicInbox::InboxWritable::_umask_for($um);
+ umask == $um or progress($self, 'umask from git: ',
+ sprintf('0%03o', $um));
+ } elsif (-d $self->{cidx_dir}) { # respect existing perms
+ my @st = stat(_);
+ $um = (~$st[2] & 0777);
+ umask == $um or progress($self, 'using umask from ',
+ $self->{cidx_dir}, ': ',
+ sprintf('0%03o', $um));
+ }
+ defined($um) ?
+ PublicInbox::OnDestroy->new(\&CORE::umask, umask($um)) :
+ undef;
+}
+
sub cidx_run { # main entry point
my ($self) = @_;
+ my $restore_umask = prep_umask($self);
local $self->{todo} = [];
local $DEFER = $self->{todo};
local $SIGSET = PublicInbox::DS::block_signals();
@@ -800,7 +827,7 @@ sub shard_done_wait { # awaitpid cb via ipc_worker_reap
++$self->{shard_err} if defined($self->{shard_err});
}
-sub with_umask { # TODO
+sub with_umask { # TODO get rid of this treewide and rely on OnDestroy
my ($self, $cb, @arg) = @_;
$cb->(@arg);
}
diff --git a/t/cindex.t b/t/cindex.t
index eb66b2e6..9da0ba69 100644
--- a/t/cindex.t
+++ b/t/cindex.t
@@ -12,9 +12,10 @@ my $pwd = getcwd();
# I reworked CodeSearchIdx->shard_worker to handle empty trees
# in the initial commit generated by cvs2svn for xapian.git
-create_coderepo 'empty-tree-root', tmpdir => "$tmp/wt0", sub {
+create_coderepo 'empty-tree-root-0600', tmpdir => "$tmp/wt0", sub {
xsys_e([qw(/bin/sh -c), <<'EOM']);
git init -q &&
+git config core.sharedRepository 0600
tree=$(git mktree </dev/null) &&
head=$(git symbolic-ref HEAD) &&
cmt=$(echo 'empty root' | git commit-tree $tree) &&
@@ -27,8 +28,14 @@ EOM
}; # /create_coderepo
ok(run_script([qw(-cindex --dangerous -q), "$tmp/wt0"]), 'cindex internal');
-ok(-e "$tmp/wt0/.git/public-inbox-cindex/cidx.lock", 'internal dir created');
-
+{
+ my $exists = -e "$tmp/wt0/.git/public-inbox-cindex/cidx.lock";
+ my @st = stat(_);
+ ok($exists, 'internal dir created');
+ is($st[2] & 0600, 0600, 'mode respects core.sharedRepository');
+ @st = stat("$tmp/wt0/.git/public-inbox-cindex");
+ is($st[2] & 0700, 0700, 'dir mode respects core.sharedRepository');
+}
# it's possible for git to emit NUL characters in diffs
# (see c4201214cbf10636e2c1ab9131573f735b42c8d4 in linux.git)
@@ -115,4 +122,13 @@ if ('--prune') {
'hit stays pruned since GIT_DIR was previously pruned');
}
+File::Path::remove_tree("$tmp/ext");
+ok(mkdir("$tmp/ext", 0707), 'create $tmp/ext with odd permissions');
+ok(run_script([qw(-cindex --dangerous -q -d), "$tmp/ext", $zp]),
+ 'external on existing dir');
+{
+ my @st = stat("$tmp/ext/cidx.lock");
+ is($st[2] & 0777, 0604, 'created lock respects odd permissions');
+}
+
done_testing;
next prev parent reply other threads:[~2023-03-21 23:07 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-21 23:07 [PATCH 00/28] cindex coderepo commit indexer Eric Wong
2023-03-21 23:07 ` [PATCH 01/28] ipc: move nproc_shards from v2writable Eric Wong
2023-03-21 23:07 ` [PATCH 02/28] search: relocate all_terms from lei_search Eric Wong
2023-03-21 23:07 ` [PATCH 03/28] admin: hoist out resolve_git_dir Eric Wong
2023-03-21 23:07 ` [PATCH 04/28] admin: ensure resolved GIT_DIR is absolute Eric Wong
2023-03-21 23:07 ` [PATCH 05/28] test_common: create_inbox: use `$!' properly on mkdir failure Eric Wong
2023-03-21 23:07 ` [PATCH 06/28] codesearch: initial cut w/ -cindex tool Eric Wong
2023-03-21 23:07 ` [PATCH 07/28] cindex: parallelize prep phases Eric Wong
2023-03-21 23:07 ` [PATCH 08/28] cindex: use read-only shards during " Eric Wong
2023-03-21 23:07 ` [PATCH 09/28] searchidxshard: improve comment wording Eric Wong
2023-03-21 23:07 ` [PATCH 10/28] cindex: use DS and workqueues for parallelism Eric Wong
2023-03-21 23:07 ` [PATCH 11/28] ds: @post_loop_do replaces SetPostLoopCallback Eric Wong
2023-03-21 23:07 ` [PATCH 12/28] cindex: implement --exclude= like -clone Eric Wong
2023-03-21 23:07 ` [PATCH 13/28] cindex: show shard number in progress message Eric Wong
2023-03-21 23:07 ` [PATCH 14/28] cindex: drop `unchanged' " Eric Wong
2023-03-21 23:07 ` [PATCH 15/28] cindex: handle graceful shutdown by default Eric Wong
2023-03-21 23:07 ` [PATCH 16/28] sigfd: pass signal name rather than number to callback Eric Wong
2023-03-21 23:07 ` [PATCH 17/28] cindex: implement --max-size=SIZE Eric Wong
2023-03-21 23:07 ` [PATCH 18/28] cindex: check for checkpoint before giant messages Eric Wong
2023-03-21 23:07 ` [PATCH 19/28] cindex: truncate or drop body for over-sized commits Eric Wong
2023-03-21 23:07 ` [PATCH 20/28] cindex: attempt to give oldest commits lowest docids Eric Wong
2023-03-21 23:07 ` [PATCH 21/28] cindex: improve granularity of quit checks Eric Wong
2023-03-21 23:07 ` [PATCH 22/28] spawn: show failing directory for chdir failures Eric Wong
2023-03-21 23:07 ` [PATCH 23/28] cindex: filter out non-existent git directories Eric Wong
2023-03-21 23:07 ` [PATCH 24/28] cindex: add support for --prune Eric Wong
2023-03-21 23:07 ` [PATCH 25/28] cindex: implement reindex Eric Wong
2023-03-21 23:07 ` [PATCH 26/28] cindex: squelch incompatible options Eric Wong
2023-03-21 23:07 ` Eric Wong [this message]
2023-03-21 23:07 ` [PATCH 28/28] cindex: ignore SIGPIPE Eric Wong
2023-03-24 10:40 ` [PATCH 29/28] cindex: --prune checkpoints to avoid OOM Eric Wong
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://public-inbox.org/README
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230321230743.3020032-27-e@80x24.org \
--to=e@80x24.org \
--cc=meta@public-inbox.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/public-inbox.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).