Use git_mkstemp_mode instead of plain mkstemp to create object files

We used to unnecessarily give the read permission to group and others,
regardless of the umask, which isn't serious because the objects are
still protected by their containing directory, but isn't necessary
either.

Signed-off-by: Matthieu Moy <Matthieu.Moy@imag.fr>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
Matthieu Moy 2010-02-22 23:32:16 +01:00 committed by Junio C Hamano
parent 1d9740cb32
commit 5256b00631
2 changed files with 4 additions and 4 deletions

View File

@ -2206,7 +2206,7 @@ int move_temp_to_file(const char *tmpfile, const char *filename)
} }
out: out:
if (set_shared_perm(filename, (S_IFREG|0444))) if (adjust_shared_perm(filename))
return error("unable to set permission to '%s'", filename); return error("unable to set permission to '%s'", filename);
return 0; return 0;
} }
@ -2262,7 +2262,7 @@ static int create_tmpfile(char *buffer, size_t bufsiz, const char *filename)
} }
memcpy(buffer, filename, dirlen); memcpy(buffer, filename, dirlen);
strcpy(buffer + dirlen, "tmp_obj_XXXXXX"); strcpy(buffer + dirlen, "tmp_obj_XXXXXX");
fd = mkstemp(buffer); fd = git_mkstemp_mode(buffer, 0444);
if (fd < 0 && dirlen && errno == ENOENT) { if (fd < 0 && dirlen && errno == ENOENT) {
/* Make sure the directory exists */ /* Make sure the directory exists */
memcpy(buffer, filename, dirlen); memcpy(buffer, filename, dirlen);
@ -2272,7 +2272,7 @@ static int create_tmpfile(char *buffer, size_t bufsiz, const char *filename)
/* Try again */ /* Try again */
strcpy(buffer + dirlen - 1, "/tmp_obj_XXXXXX"); strcpy(buffer + dirlen - 1, "/tmp_obj_XXXXXX");
fd = mkstemp(buffer); fd = git_mkstemp_mode(buffer, 0444);
} }
return fd; return fd;
} }

View File

@ -54,7 +54,7 @@ test_expect_success 'Setup test repo' '
git commit -m "init" git commit -m "init"
' '
test_expect_failure 'Objects creation does not break ACLs with restrictive umask' ' test_expect_success 'Objects creation does not break ACLs with restrictive umask' '
# SHA1 for empty blob # SHA1 for empty blob
check_perms_and_acl .git/objects/e6/9de29bb2d1d6434b8b29ae775ad8c2e48c5391 check_perms_and_acl .git/objects/e6/9de29bb2d1d6434b8b29ae775ad8c2e48c5391
' '