1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
|
[[!comment format=mdwn
username="joey"
subject="""comment 1"""
date="2016-04-14T20:43:05Z"
content="""
umask 077 means a file will be mode 400. The 400 mode is indeed retained
when that object is transferred to another repository.
git-annex does make sure that the file can be read by the current user.
Which mode 400 does allow.
Did your problem involve some other user needing to read the file?
If you configure core.sharedrepository group or world, then git-annex
will adjust the mode of the received object to let the group or everyone
read it.
----
The simplest way to make it use the umask would be this patch. But,
with this patch, if I have a file that's mode 664 and my umask is 077, git
annex add will change the file mode to 600.
So, I don't like this patch; its impact is too broad.
diff --git a/Annex/Perms.hs b/Annex/Perms.hs
index 6444025..9b35bb8 100644
--- a/Annex/Perms.hs
+++ b/Annex/Perms.hs
@@ -5,6 +5,8 @@
- Licensed under the GNU GPL version 3 or higher.
-}
+{-# LANGUAGE CPP #-}
+
module Annex.Perms (
setAnnexFilePerm,
setAnnexDirPerm,
@@ -28,6 +30,10 @@ import Git.SharedRepository
import qualified Annex
import Config
+#ifndef mingw32_HOST_OS
+import Data.Bits
+#endif
+
withShared :: (SharedRepository -> Annex a) -> Annex a
withShared a = a =<< coreSharedRepository <$> Annex.getGitConfig
@@ -82,7 +88,7 @@ createAnnexDirectory dir = walk dir [] =<< top
setAnnexDirPerm p
{- Normally, blocks writing to an annexed file, and modifies file
- - permissions to allow reading it.
+ - permissions to not allow writing it and otherwise reflect the umask.
-
- When core.sharedRepository is set, the write bits are not removed from
- the file, but instead the appropriate group write bits are set. This is
@@ -98,9 +104,18 @@ freezeContent file = unlessM crippledFileSystem $
addModes [ownerReadMode, groupReadMode, ownerWriteMode, groupWriteMode]
go AllShared = liftIO $ void $ tryIO $ modifyFileMode file $
addModes (readModes ++ writeModes)
- go _ = liftIO $ modifyFileMode file $
- removeModes writeModes .
- addModes [ownerReadMode]
+#ifndef mingw32_HOST_OS
+ go _ = liftIO $ bracket
+ (liftIO $ setFileCreationMask 0o22) -- set umask to get it
+ (liftIO . setFileCreationMask)
+ $ \umask -> modifyFileMode file $
+ removeModes writeModes .
+ (\mode -> mode .&. complement umask)
+#else
+ go _ = liftIO $ modifyFileMode file $
+ removeModes writeModes .
+ addModes [ ownerReadMode ]
+#endif
isContentWritePermOk :: FilePath -> Annex Bool
isContentWritePermOk file = ifM crippledFileSystem
The umask-based mode setting could be put into every remote
that uses a transfer method that preserves permissions. (Including the
external special remote I suppose, since it *might* do so.) Or put in
`gitViaTmp` but there are a few places `getViaTmp` is used that do not
involve transfers from remotes.
Also this would add the overhead of umask()+stat()+chmod()+umask()
to every file downloaded by git-annex, on top of the chmodding it already
does.
"""]]
|
