| commit | d53ecaeb04182b04b5e872d7707000adb6c418fa | |
| author | Kyle J. McKay <mackyle@gmail.com> | |
| Mon, 26 Oct 2020 09:44:56 +0000 (26 02:44 -0700) | ||
| committer | Kyle J. McKay <mackyle@gmail.com> | |
| Mon, 26 Oct 2020 09:44:56 +0000 (26 02:44 -0700) | ||
| tree | e76a102ad3bf8e4035aa68133548fb9ce381adce | treesnapshot (tar.gz zip) |
| parent | 7bad76b8137ba3c89d23155d2906c84431a6093d | commitdiff |
hooks/pre-receive: make stale incoming-* dirs removable
In order for gc.sh to remove stale objects/incoming-* directories
(those that are over 12 hours old), gc.sh must have the permissions
to do so.
The $GIT_QUARANTINE_PATH directory is created with very stingy
permissions namely mode 0700.
Since the push operation that creates the $GIT_QUARANTINE_PATH
directory will be running as a different user than the one
running gc.sh (either the www user for https push or an
ssh jail user for ssh push), gc.sh (which runs as the mirror
user) cannot remove the $GIT_QUARANTINE_PATH directory as long
as it retains only mode 0700 permissions.
During the incoming receive, both git-shell-verify and
git-http-backend-verify take great pains to make sure that any
incoming pack files are not unpacked.
This means there are only two directories that need to be "fixed"
in the pre-receive hook, $GIT_QUARANTINE_PATH and
$GIT_QUARANTINE_PATH/pack.
Make sure both of them are ug+rwx,o+rx and also take this
opportunity to fixup any pack file parts as well as they will
also have "stingy" permissions.
Previously, the pre-receive hook was guaranteeing that pack
file parts received g+w, but that can leave some of them with
no group or other read permission (e.g. pack-*.keep parts).
When fixing up pack file parts, make sure they all get
ug+rw,o+r rather than just ug+w to eliminate the issue.
Signed-off-by: Kyle J. McKay <mackyle@gmail.com>
In order for gc.sh to remove stale objects/incoming-* directories
(those that are over 12 hours old), gc.sh must have the permissions
to do so.
The $GIT_QUARANTINE_PATH directory is created with very stingy
permissions namely mode 0700.
Since the push operation that creates the $GIT_QUARANTINE_PATH
directory will be running as a different user than the one
running gc.sh (either the www user for https push or an
ssh jail user for ssh push), gc.sh (which runs as the mirror
user) cannot remove the $GIT_QUARANTINE_PATH directory as long
as it retains only mode 0700 permissions.
During the incoming receive, both git-shell-verify and
git-http-backend-verify take great pains to make sure that any
incoming pack files are not unpacked.
This means there are only two directories that need to be "fixed"
in the pre-receive hook, $GIT_QUARANTINE_PATH and
$GIT_QUARANTINE_PATH/pack.
Make sure both of them are ug+rwx,o+rx and also take this
opportunity to fixup any pack file parts as well as they will
also have "stingy" permissions.
Previously, the pre-receive hook was guaranteeing that pack
file parts received g+w, but that can leave some of them with
no group or other read permission (e.g. pack-*.keep parts).
When fixing up pack file parts, make sure they all get
ug+rw,o+r rather than just ug+w to eliminate the issue.
Signed-off-by: Kyle J. McKay <mackyle@gmail.com>
| hooks/pre-receive | diffblobblamehistory |