Re: [PATCH v2 4/4] commit-graph.c: ensure graph layers respect core.sharedRepository

From: Taylor Blau <me@ttaylorr.com>
To: git@vger.kernel.org
Cc: peff@peff.net, dstolee@microsoft.com, gitster@pobox.com,
	mhagger@alum.mit.edu
Subject: Re: [PATCH v2 4/4] commit-graph.c: ensure graph layers respect core.sharedRepository
Date: Mon, 27 Apr 2020 11:21:11 -0600	[thread overview]
Message-ID: <20200427172111.GA58509@syl.local> (raw)
In-Reply-To: <f83437f130812d172167d335ba2d13b1545a9f58.1588004647.git.me@ttaylorr.com>

On Mon, Apr 27, 2020 at 10:28:05AM -0600, Taylor Blau wrote:
> Non-layered commit-graphs use 'adjust_shared_perm' to make the
> commit-graph file readable (or not) to a combination of the user, group,
> and others.
>
> Call 'adjust_shared_perm' for split-graph layers to make sure that these
> also respect 'core.sharedRepository'. The 'commit-graph-chain' file
> already respects this configuration since it uses
> 'hold_lock_file_for_update' (which calls 'adjust_shared_perm' eventually
> in 'create_tempfile_mode').

It occurs to me that we might want to apply the same treatment to
'commit-graph-chain's, too.

Junio: I'm not sure if you want to apply the below in this series on
top, or if you'd prefer me send it as a separate series. Either way,
here's a patch to do just that:

-- >8 --

Subject: [PATCH] commit-graph.c: make 'commit-graph-chain's read-only

In a previous commit, we made incremental graph layers read-only by
using 'git_mkstemp_mode' with permissions '0444'.

There is no reason that 'commit-graph-chain's should be modifiable by
the user, since they are generated at a temporary location and then
atomically renamed into place.

To ensure that these files are read-only, too, use
'hold_lock_file_for_update_mode' with the same read-only permission
bits, and let the umask and 'adjust_shared_perm' take care of the rest.

Signed-off-by: Taylor Blau <me@ttaylorr.com>
---
 commit-graph.c                | 3 ++-
 t/t5324-split-commit-graph.sh | 2 ++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/commit-graph.c b/commit-graph.c
index d05a55901d..b2dfd7701f 100644
--- a/commit-graph.c
+++ b/commit-graph.c
@@ -1378,7 +1378,8 @@ static int write_commit_graph_file(struct write_commit_graph_context *ctx)
 	if (ctx->split) {
 		char *lock_name = get_chain_filename(ctx->odb);

-		hold_lock_file_for_update(&lk, lock_name, LOCK_DIE_ON_ERROR);
+		hold_lock_file_for_update_mode(&lk, lock_name,
+					       LOCK_DIE_ON_ERROR, 0444);

 		fd = git_mkstemp_mode(ctx->graph_name, 0444);
 		if (fd < 0) {
diff --git a/t/t5324-split-commit-graph.sh b/t/t5324-split-commit-graph.sh
index 61136c737f..a8b12c8110 100755
--- a/t/t5324-split-commit-graph.sh
+++ b/t/t5324-split-commit-graph.sh
@@ -362,6 +362,8 @@ do
 		test_line_count = 1 graph-files &&
 		echo "$modebits" >expect &&
 		test_modebits $graphdir/graph-*.graph >actual &&
+		test_cmp expect actual &&
+		test_modebits $graphdir/commit-graph-chain >actual &&
 		test_cmp expect actual
 	'
 done <<\EOF
--
2.26.0.113.ge9739cdccc

