diff options
| author | James Fargher <proglottis@gmail.com> | 2023-02-07 02:12:56 +0300 |
|---|---|---|
| committer | James Fargher <proglottis@gmail.com> | 2023-02-07 02:12:56 +0300 |
| commit | 747602ecd05fb9d4aeb56bf4090c3a672561e11b (patch) | |
| tree | b5cf72d4d069c6e1622910679f1fd05fe228fef0 /internal | |
| parent | 6f245e94aebd51a39886eda6de9445a1c810c621 (diff) | |
| parent | 01bd57b688349b14b92437d7432b50a53231e555 (diff) | |
Merge branch 'centralise_dir_perms' into 'master'
Centralise directory permissions within the gitaly project
See merge request https://gitlab.com/gitlab-org/gitaly/-/merge_requests/5334
Merged-by: James Fargher <proglottis@gmail.com>
Approved-by: Patrick Steinhardt <psteinhardt@gitlab.com>
Approved-by: Pavlo Strokov <pstrokov@gitlab.com>
Reviewed-by: Patrick Steinhardt <psteinhardt@gitlab.com>
Co-authored-by: James Fargher <jfargher@gitlab.com>
Diffstat (limited to 'internal')
80 files changed, 249 insertions, 144 deletions
diff --git a/internal/backup/backup_test.go b/internal/backup/backup_test.go index eabbd921c..8bf225ff1 100644 --- a/internal/backup/backup_test.go +++ b/internal/backup/backup_test.go @@ -16,6 +16,7 @@ import ( "gitlab.com/gitlab-org/gitaly/v15/internal/git/gittest" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/service/setup" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/storage" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/metadata/featureflag" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper/testcfg" @@ -59,7 +60,7 @@ func TestManager_Create(t *testing.T) { hooksRepo, hooksRepoPath := gittest.CreateRepository(tb, ctx, cfg, gittest.CreateRepositoryConfig{ Seed: gittest.SeedGitLabTest, }) - require.NoError(tb, os.Mkdir(filepath.Join(hooksRepoPath, "custom_hooks"), os.ModePerm)) + require.NoError(tb, os.Mkdir(filepath.Join(hooksRepoPath, "custom_hooks"), perm.PublicDir)) require.NoError(tb, os.WriteFile(filepath.Join(hooksRepoPath, "custom_hooks/pre-commit.sample"), []byte("Some hooks"), os.ModePerm)) return hooksRepo, hooksRepoPath }, @@ -184,7 +185,7 @@ func TestManager_Create_incremental(t *testing.T) { bundlePath := filepath.Join(backupPath, "001.bundle") refsPath := filepath.Join(backupPath, "001.refs") - require.NoError(tb, os.MkdirAll(backupPath, os.ModePerm)) + require.NoError(tb, os.MkdirAll(backupPath, perm.PublicDir)) gittest.Exec(tb, cfg, "-C", repoPath, "bundle", "create", bundlePath, "--all") refs := gittest.Exec(tb, cfg, "-C", repoPath, "show-ref", "--head") @@ -209,7 +210,7 @@ func TestManager_Create_incremental(t *testing.T) { bundlePath := filepath.Join(backupPath, "001.bundle") refsPath := filepath.Join(backupPath, "001.refs") - require.NoError(tb, os.MkdirAll(backupPath, os.ModePerm)) + require.NoError(tb, os.MkdirAll(backupPath, perm.PublicDir)) gittest.Exec(tb, cfg, "-C", repoPath, "bundle", "create", bundlePath, "--all") refs := gittest.Exec(tb, cfg, "-C", repoPath, "show-ref", "--head") @@ -304,7 +305,7 @@ func testManagerRestore(t *testing.T, ctx context.Context) { repo, _ := gittest.CreateRepository(t, ctx, cfg) relativePath := stripRelativePath(tb, repo) - require.NoError(tb, os.MkdirAll(filepath.Join(backupRoot, relativePath), os.ModePerm)) + require.NoError(tb, os.MkdirAll(filepath.Join(backupRoot, relativePath), perm.PublicDir)) bundlePath := filepath.Join(backupRoot, relativePath+".bundle") gittest.BundleRepo(tb, cfg, repoPath, bundlePath) @@ -321,7 +322,7 @@ func testManagerRestore(t *testing.T, ctx context.Context) { relativePath := stripRelativePath(tb, repo) bundlePath := filepath.Join(backupRoot, relativePath+".bundle") customHooksPath := filepath.Join(backupRoot, relativePath, "custom_hooks.tar") - require.NoError(tb, os.MkdirAll(filepath.Join(backupRoot, relativePath), os.ModePerm)) + require.NoError(tb, os.MkdirAll(filepath.Join(backupRoot, relativePath), perm.PublicDir)) gittest.BundleRepo(tb, cfg, repoPath, bundlePath) testhelper.CopyFile(tb, "../gitaly/service/repository/testdata/custom_hooks.tar", customHooksPath) @@ -363,7 +364,7 @@ func testManagerRestore(t *testing.T, ctx context.Context) { } relativePath := stripRelativePath(tb, repo) - require.NoError(tb, os.MkdirAll(filepath.Dir(filepath.Join(backupRoot, relativePath)), os.ModePerm)) + require.NoError(tb, os.MkdirAll(filepath.Dir(filepath.Join(backupRoot, relativePath)), perm.PublicDir)) bundlePath := filepath.Join(backupRoot, relativePath+".bundle") gittest.BundleRepo(tb, cfg, repoPath, bundlePath) @@ -379,7 +380,7 @@ func testManagerRestore(t *testing.T, ctx context.Context) { repo, _ := gittest.CreateRepository(t, ctx, cfg) repoBackupPath := joinBackupPath(tb, backupRoot, repo) backupPath := filepath.Join(repoBackupPath, backupID) - require.NoError(tb, os.MkdirAll(backupPath, os.ModePerm)) + require.NoError(tb, os.MkdirAll(backupPath, perm.PublicDir)) require.NoError(tb, os.WriteFile(filepath.Join(repoBackupPath, "LATEST"), []byte(backupID), os.ModePerm)) require.NoError(tb, os.WriteFile(filepath.Join(backupPath, "LATEST"), []byte("001"), os.ModePerm)) bundlePath := filepath.Join(backupPath, "001.bundle") @@ -400,7 +401,7 @@ func testManagerRestore(t *testing.T, ctx context.Context) { repo, _ := gittest.CreateRepository(t, ctx, cfg) repoBackupPath := joinBackupPath(tb, backupRoot, repo) backupPath := filepath.Join(repoBackupPath, backupID) - require.NoError(tb, os.MkdirAll(backupPath, os.ModePerm)) + require.NoError(tb, os.MkdirAll(backupPath, perm.PublicDir)) require.NoError(tb, os.WriteFile(filepath.Join(repoBackupPath, "LATEST"), []byte(backupID), os.ModePerm)) require.NoError(tb, os.WriteFile(filepath.Join(backupPath, "LATEST"), []byte("002"), os.ModePerm)) diff --git a/internal/backup/filesystem_sink.go b/internal/backup/filesystem_sink.go index f2462105c..e9dad6188 100644 --- a/internal/backup/filesystem_sink.go +++ b/internal/backup/filesystem_sink.go @@ -7,6 +7,8 @@ import ( "io" "os" "path/filepath" + + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" ) // FilesystemSink is a sink for creating and restoring backups from the local filesystem. @@ -26,7 +28,7 @@ func NewFilesystemSink(path string) *FilesystemSink { func (fs *FilesystemSink) Write(ctx context.Context, relativePath string, r io.Reader) (returnErr error) { path := filepath.Join(fs.path, relativePath) dir := filepath.Dir(path) - if err := os.MkdirAll(dir, 0o700); err != nil { + if err := os.MkdirAll(dir, perm.PrivateDir); err != nil { return fmt.Errorf("create directory structure %q: %w", dir, err) } diff --git a/internal/backup/filesystem_sink_test.go b/internal/backup/filesystem_sink_test.go index 5ec47c759..7e4025851 100644 --- a/internal/backup/filesystem_sink_test.go +++ b/internal/backup/filesystem_sink_test.go @@ -11,6 +11,7 @@ import ( "testing" "github.com/stretchr/testify/require" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" ) @@ -77,7 +78,7 @@ func TestFilesystemSink_Write(t *testing.T) { const relativePath = "nested/dir/test.dat" fullPath := filepath.Join(dir, relativePath) - require.NoError(t, os.MkdirAll(filepath.Dir(fullPath), 0o755)) + require.NoError(t, os.MkdirAll(filepath.Dir(fullPath), perm.SharedDir)) require.NoError(t, os.WriteFile(fullPath, []byte("initial"), 0o655)) fsSink := NewFilesystemSink(dir) diff --git a/internal/backup/locator_test.go b/internal/backup/locator_test.go index 9fbefc8f5..fee45645b 100644 --- a/internal/backup/locator_test.go +++ b/internal/backup/locator_test.go @@ -13,6 +13,7 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "gitlab.com/gitlab-org/gitaly/v15/internal/git/gittest" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper/testcfg" ) @@ -189,7 +190,7 @@ func TestPointerLocator(t *testing.T) { _, err := l.FindLatest(ctx, repo) require.ErrorIs(t, err, ErrDoesntExist) - require.NoError(t, os.MkdirAll(filepath.Join(backupPath, repo.RelativePath, backupID), 0o755)) + require.NoError(t, os.MkdirAll(filepath.Join(backupPath, repo.RelativePath, backupID), perm.SharedDir)) require.NoError(t, os.WriteFile(filepath.Join(backupPath, repo.RelativePath, "LATEST"), []byte(backupID), 0o644)) require.NoError(t, os.WriteFile(filepath.Join(backupPath, repo.RelativePath, backupID, "LATEST"), []byte("003"), 0o644)) expected := &Backup{ @@ -243,7 +244,7 @@ func TestPointerLocator(t *testing.T) { require.NoError(t, err) require.Equal(t, expectedFallback, fallbackFull) - require.NoError(t, os.MkdirAll(filepath.Join(backupPath, repo.RelativePath, backupID), 0o755)) + require.NoError(t, os.MkdirAll(filepath.Join(backupPath, repo.RelativePath, backupID), perm.SharedDir)) require.NoError(t, os.WriteFile(filepath.Join(backupPath, repo.RelativePath, "LATEST"), []byte(backupID), 0o644)) require.NoError(t, os.WriteFile(filepath.Join(backupPath, repo.RelativePath, backupID, "LATEST"), []byte("001"), 0o644)) expected := &Backup{ @@ -272,7 +273,7 @@ func TestPointerLocator(t *testing.T) { _, err := l.FindLatest(ctx, repo) require.ErrorIs(t, err, ErrDoesntExist) - require.NoError(t, os.MkdirAll(filepath.Join(backupPath, repo.RelativePath), 0o755)) + require.NoError(t, os.MkdirAll(filepath.Join(backupPath, repo.RelativePath), perm.SharedDir)) require.NoError(t, os.WriteFile(filepath.Join(backupPath, repo.RelativePath, "LATEST"), []byte("invalid"), 0o644)) _, err = l.FindLatest(ctx, repo) require.EqualError(t, err, "pointer locator: find latest: find: find latest ID: filesystem sink: get reader for \"TestPointerLocator/invalid/LATEST\": doesn't exist") @@ -289,7 +290,7 @@ func TestPointerLocator(t *testing.T) { _, err := l.FindLatest(ctx, repo) require.ErrorIs(t, err, ErrDoesntExist) - require.NoError(t, os.MkdirAll(filepath.Join(backupPath, repo.RelativePath, backupID), 0o755)) + require.NoError(t, os.MkdirAll(filepath.Join(backupPath, repo.RelativePath, backupID), perm.SharedDir)) require.NoError(t, os.WriteFile(filepath.Join(backupPath, repo.RelativePath, "LATEST"), []byte(backupID), 0o644)) require.NoError(t, os.WriteFile(filepath.Join(backupPath, repo.RelativePath, backupID, "LATEST"), []byte("invalid"), 0o644)) diff --git a/internal/cache/diskcache.go b/internal/cache/diskcache.go index 60408f4af..d2c9fe02a 100644 --- a/internal/cache/diskcache.go +++ b/internal/cache/diskcache.go @@ -13,6 +13,7 @@ import ( "gitlab.com/gitlab-org/gitaly/v15/internal/dontpanic" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/config" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/storage" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/safe" "gitlab.com/gitlab-org/gitaly/v15/proto/go/gitalypb" "google.golang.org/protobuf/proto" @@ -290,7 +291,7 @@ func (c *DiskCache) PutStream(ctx context.Context, repo *gitalypb.Repository, re } }() - if err := os.MkdirAll(filepath.Dir(reqPath), 0o755); err != nil { + if err := os.MkdirAll(filepath.Dir(reqPath), perm.SharedDir); err != nil { return err } diff --git a/internal/cache/keyer.go b/internal/cache/keyer.go index c3cdf5738..42a80f2da 100644 --- a/internal/cache/keyer.go +++ b/internal/cache/keyer.go @@ -16,6 +16,7 @@ import ( "github.com/google/uuid" "github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/storage" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/metadata/featureflag" "gitlab.com/gitlab-org/gitaly/v15/internal/safe" "gitlab.com/gitlab-org/gitaly/v15/internal/version" @@ -62,7 +63,7 @@ func (keyer leaseKeyer) updateLatest(ctx context.Context, repo *gitalypb.Reposit } lPath := latestPath(repoStatePath) - if err := os.MkdirAll(filepath.Dir(lPath), 0o755); err != nil { + if err := os.MkdirAll(filepath.Dir(lPath), perm.SharedDir); err != nil { return "", err } @@ -181,7 +182,7 @@ func (keyer leaseKeyer) newPendingLease(repo *gitalypb.Repository) (string, erro } pDir := pendingDir(repoStatePath) - if err := os.MkdirAll(pDir, 0o755); err != nil { + if err := os.MkdirAll(pDir, perm.SharedDir); err != nil { return "", err } diff --git a/internal/cache/walker.go b/internal/cache/walker.go index b14c8adf6..58ffba7af 100644 --- a/internal/cache/walker.go +++ b/internal/cache/walker.go @@ -16,6 +16,7 @@ import ( "github.com/sirupsen/logrus" "gitlab.com/gitlab-org/gitaly/v15/internal/dontpanic" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/config" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/log" ) @@ -156,7 +157,7 @@ func (c *DiskCache) moveAndClear(storage config.Storage) error { return fmt.Errorf("temp dir: %w", err) } - if err := os.MkdirAll(tempPath, 0o755); err != nil { + if err := os.MkdirAll(tempPath, perm.SharedDir); err != nil { return err } diff --git a/internal/cache/walker_test.go b/internal/cache/walker_test.go index dc4f55f39..39ce3675e 100644 --- a/internal/cache/walker_test.go +++ b/internal/cache/walker_test.go @@ -14,6 +14,7 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/config" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper/testcfg" ) @@ -38,7 +39,7 @@ func TestDiskCacheObjectWalker(t *testing.T) { require.NoError(t, err) path := filepath.Join(cacheDir, tt.name) - require.NoError(t, os.MkdirAll(filepath.Dir(path), 0o755)) + require.NoError(t, os.MkdirAll(filepath.Dir(path), perm.SharedDir)) f, err := os.Create(path) require.NoError(t, err) @@ -79,7 +80,7 @@ func TestDiskCacheInitialClear(t *testing.T) { require.NoError(t, err) canary := filepath.Join(cacheDir, "canary.txt") - require.NoError(t, os.MkdirAll(filepath.Dir(canary), 0o755)) + require.NoError(t, os.MkdirAll(filepath.Dir(canary), perm.SharedDir)) require.NoError(t, os.WriteFile(canary, []byte("chirp chirp"), 0o755)) cache := New(cfg, locator, withDisabledWalker()) @@ -115,7 +116,7 @@ func TestCleanWalkEmptyDirs(t *testing.T) { } { p := filepath.Join(tmp, tt.path) if strings.HasSuffix(tt.path, "/") { - require.NoError(t, os.MkdirAll(p, 0o755)) + require.NoError(t, os.MkdirAll(p, perm.SharedDir)) } else { require.NoError(t, os.WriteFile(p, nil, 0o655)) if tt.stale { diff --git a/internal/cgroups/cgroups_linux_test.go b/internal/cgroups/cgroups_linux_test.go index cf1861397..2bc21be35 100644 --- a/internal/cgroups/cgroups_linux_test.go +++ b/internal/cgroups/cgroups_linux_test.go @@ -13,6 +13,7 @@ import ( "github.com/sirupsen/logrus/hooks/test" "github.com/stretchr/testify/require" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/config/cgroups" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" ) @@ -163,8 +164,8 @@ func TestPruneOldCgroups(t *testing.T) { tc.cfg.HierarchyRoot, ) - require.NoError(t, os.MkdirAll(cpuRoot, os.ModePerm)) - require.NoError(t, os.MkdirAll(memoryRoot, os.ModePerm)) + require.NoError(t, os.MkdirAll(cpuRoot, perm.PublicDir)) + require.NoError(t, os.MkdirAll(memoryRoot, perm.PublicDir)) pid := tc.setup(t, tc.cfg) diff --git a/internal/cgroups/mock_linux_test.go b/internal/cgroups/mock_linux_test.go index fe57beec1..472a195ad 100644 --- a/internal/cgroups/mock_linux_test.go +++ b/internal/cgroups/mock_linux_test.go @@ -29,6 +29,7 @@ import ( "github.com/containerd/cgroups" "github.com/stretchr/testify/require" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" ) @@ -46,7 +47,7 @@ func newMock(t *testing.T) *mockCgroup { require.NoError(t, err) for _, s := range subsystems { - require.NoError(t, os.MkdirAll(filepath.Join(root, string(s.Name())), os.FileMode(0o755))) + require.NoError(t, os.MkdirAll(filepath.Join(root, string(s.Name())), perm.SharedDir)) } return &mockCgroup{ @@ -66,7 +67,7 @@ func (m *mockCgroup) setupMockCgroupFiles( ) { for _, s := range m.subsystems { cgroupPath := filepath.Join(m.root, string(s.Name()), manager.currentProcessCgroup()) - require.NoError(t, os.MkdirAll(cgroupPath, 0o755)) + require.NoError(t, os.MkdirAll(cgroupPath, perm.SharedDir)) contentByFilename := map[string]string{ "cgroup.procs": "", @@ -107,7 +108,7 @@ func (m *mockCgroup) setupMockCgroupFiles( for shard := uint(0); shard < manager.cfg.Repositories.Count; shard++ { shardPath := filepath.Join(cgroupPath, fmt.Sprintf("repos-%d", shard)) - require.NoError(t, os.MkdirAll(shardPath, 0o755)) + require.NoError(t, os.MkdirAll(shardPath, perm.SharedDir)) for filename, content := range contentByFilename { shardControlFilePath := filepath.Join(shardPath, filename) diff --git a/internal/git/dirs_test.go b/internal/git/dirs_test.go index 7bc231df5..ae1d7c138 100644 --- a/internal/git/dirs_test.go +++ b/internal/git/dirs_test.go @@ -6,6 +6,7 @@ import ( "testing" "github.com/stretchr/testify/require" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" ) @@ -53,7 +54,7 @@ func TestObjectDirsOutsideStorage(t *testing.T) { repoPath := filepath.Join(storageRoot, "repo") alternatesFile := filepath.Join(repoPath, "objects", "info", "alternates") altObjDir := filepath.Join(tmp, "outside-storage-sibling", "objects") - require.NoError(t, os.MkdirAll(filepath.Dir(alternatesFile), 0o700)) + require.NoError(t, os.MkdirAll(filepath.Dir(alternatesFile), perm.PrivateDir)) expectedErr := alternateOutsideStorageError(altObjDir) for _, tc := range []struct { diff --git a/internal/git/gitattributes/check_attr_test.go b/internal/git/gitattributes/check_attr_test.go index 3e3ae7fb0..b39003110 100644 --- a/internal/git/gitattributes/check_attr_test.go +++ b/internal/git/gitattributes/check_attr_test.go @@ -8,6 +8,7 @@ import ( "github.com/stretchr/testify/require" "gitlab.com/gitlab-org/gitaly/v15/internal/git/gittest" "gitlab.com/gitlab-org/gitaly/v15/internal/git/localrepo" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper/testcfg" ) @@ -26,7 +27,7 @@ func TestCheckAttrCmd_Check(t *testing.T) { // Until https://gitlab.com/groups/gitlab-org/-/epics/9006 is completed // we rely on info/attributes. infoPath := filepath.Join(repoPath, "info") - require.NoError(t, os.MkdirAll(infoPath, 0o755)) + require.NoError(t, os.MkdirAll(infoPath, perm.SharedDir)) attrPath := filepath.Join(infoPath, "attributes") for _, tc := range []struct { diff --git a/internal/git/gittest/commit.go b/internal/git/gittest/commit.go index 2a39a2fd7..dc5c50d06 100644 --- a/internal/git/gittest/commit.go +++ b/internal/git/gittest/commit.go @@ -11,6 +11,7 @@ import ( "github.com/stretchr/testify/require" "gitlab.com/gitlab-org/gitaly/v15/internal/git" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/config" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/helper/text" "gitlab.com/gitlab-org/gitaly/v15/proto/go/gitalypb" "google.golang.org/protobuf/types/known/timestamppb" @@ -204,7 +205,7 @@ func WriteCommit(tb testing.TB, cfg config.Cfg, repoPath string, opts ...WriteCo if writeCommitConfig.alternateObjectDir != "" { require.True(tb, filepath.IsAbs(writeCommitConfig.alternateObjectDir), "alternate object directory must be an absolute path") - require.NoError(tb, os.MkdirAll(writeCommitConfig.alternateObjectDir, 0o755)) + require.NoError(tb, os.MkdirAll(writeCommitConfig.alternateObjectDir, perm.SharedDir)) env = append(env, fmt.Sprintf("GIT_OBJECT_DIRECTORY=%s", writeCommitConfig.alternateObjectDir), diff --git a/internal/git/gittest/repo.go b/internal/git/gittest/repo.go index a1f277993..208d189f8 100644 --- a/internal/git/gittest/repo.go +++ b/internal/git/gittest/repo.go @@ -17,6 +17,7 @@ import ( "gitlab.com/gitlab-org/gitaly/v15/internal/git/repository" internalclient "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/client" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/config" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/helper/text" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" "gitlab.com/gitlab-org/gitaly/v15/proto/go/gitalypb" @@ -41,7 +42,7 @@ const ( // InitRepoDir creates a temporary directory for a repo, without initializing it func InitRepoDir(tb testing.TB, storagePath, relativePath string) *gitalypb.Repository { repoPath := filepath.Join(storagePath, relativePath, "..") - require.NoError(tb, os.MkdirAll(repoPath, 0o755), "making repo parent dir") + require.NoError(tb, os.MkdirAll(repoPath, perm.SharedDir), "making repo parent dir") return &gitalypb.Repository{ StorageName: "default", RelativePath: relativePath, diff --git a/internal/git/gittest/testhelper_test.go b/internal/git/gittest/testhelper_test.go index 98b6a6cdd..fad4a2e80 100644 --- a/internal/git/gittest/testhelper_test.go +++ b/internal/git/gittest/testhelper_test.go @@ -8,6 +8,7 @@ import ( "github.com/stretchr/testify/require" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/config" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" "gitlab.com/gitlab-org/gitaly/v15/proto/go/gitalypb" ) @@ -35,21 +36,21 @@ func setup(tb testing.TB) (config.Cfg, *gitalypb.Repository, string) { Path: filepath.Join(rootDir, "storage.d"), }, } - require.NoError(tb, os.Mkdir(cfg.Storages[0].Path, 0o755)) + require.NoError(tb, os.Mkdir(cfg.Storages[0].Path, perm.SharedDir)) _, currentFile, _, ok := runtime.Caller(0) require.True(tb, ok, "could not get caller info") cfg.Ruby.Dir = filepath.Join(filepath.Dir(currentFile), "../../../ruby") cfg.GitlabShell.Dir = filepath.Join(rootDir, "shell.d") - require.NoError(tb, os.Mkdir(cfg.GitlabShell.Dir, 0o755)) + require.NoError(tb, os.Mkdir(cfg.GitlabShell.Dir, perm.SharedDir)) cfg.BinDir = filepath.Join(rootDir, "bin.d") - require.NoError(tb, os.Mkdir(cfg.BinDir, 0o755)) + require.NoError(tb, os.Mkdir(cfg.BinDir, perm.SharedDir)) cfg.RuntimeDir = filepath.Join(rootDir, "run.d") - require.NoError(tb, os.Mkdir(cfg.RuntimeDir, 0o700)) - require.NoError(tb, os.Mkdir(cfg.InternalSocketDir(), 0o700)) + require.NoError(tb, os.Mkdir(cfg.RuntimeDir, perm.PrivateDir)) + require.NoError(tb, os.Mkdir(cfg.InternalSocketDir(), perm.PrivateDir)) require.NoError(tb, cfg.Validate()) diff --git a/internal/git/housekeeping/clean_stale_data_test.go b/internal/git/housekeeping/clean_stale_data_test.go index 2a8283bc5..3352764da 100644 --- a/internal/git/housekeeping/clean_stale_data_test.go +++ b/internal/git/housekeeping/clean_stale_data_test.go @@ -18,6 +18,7 @@ import ( "gitlab.com/gitlab-org/gitaly/v15/internal/git/gittest" "gitlab.com/gitlab-org/gitaly/v15/internal/git/localrepo" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/transaction" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper/testcfg" "gitlab.com/gitlab-org/gitaly/v15/internal/transaction/txinfo" @@ -100,7 +101,7 @@ func (d *dirEntry) create(t *testing.T, parent string) { dirname := filepath.Join(parent, d.name) - if err := os.Mkdir(dirname, 0o700); err != nil { + if err := os.Mkdir(dirname, perm.PrivateDir); err != nil { require.True(t, os.IsExist(err), "mkdir failed: %v", dirname) } @@ -393,7 +394,7 @@ func TestRepositoryManager_CleanStaleData_references(t *testing.T) { for _, ref := range tc.refs { path := filepath.Join(repoPath, ref.name) - require.NoError(t, os.MkdirAll(filepath.Dir(path), 0o755)) + require.NoError(t, os.MkdirAll(filepath.Dir(path), perm.SharedDir)) require.NoError(t, os.WriteFile(path, bytes.Repeat([]byte{0}, ref.size), 0o644)) filetime := time.Now().Add(-ref.age) require.NoError(t, os.Chtimes(path, filetime, filetime)) diff --git a/internal/git/housekeeping/optimize_repository_ext_test.go b/internal/git/housekeeping/optimize_repository_ext_test.go index e38a57375..c37cb3a5b 100644 --- a/internal/git/housekeeping/optimize_repository_ext_test.go +++ b/internal/git/housekeeping/optimize_repository_ext_test.go @@ -22,6 +22,7 @@ import ( "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/config" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/service/setup" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/transaction" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/metadata/featureflag" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper/testcfg" @@ -218,7 +219,7 @@ func testPruneIfNeeded(t *testing.T, ctx context.Context) { for _, looseObjectPath := range tc.looseObjects { looseObjectPath := filepath.Join(repoPath, "objects", looseObjectPath) - require.NoError(t, os.MkdirAll(filepath.Dir(looseObjectPath), 0o755)) + require.NoError(t, os.MkdirAll(filepath.Dir(looseObjectPath), perm.SharedDir)) looseObjectFile, err := os.Create(looseObjectPath) require.NoError(t, err) diff --git a/internal/git/housekeeping/optimize_repository_test.go b/internal/git/housekeeping/optimize_repository_test.go index c13f08ead..831d22f85 100644 --- a/internal/git/housekeeping/optimize_repository_test.go +++ b/internal/git/housekeeping/optimize_repository_test.go @@ -20,6 +20,7 @@ import ( "gitlab.com/gitlab-org/gitaly/v15/internal/git/stats" gitalycfgprom "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/config/prometheus" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/transaction" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/metadata/featureflag" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper/testcfg" @@ -413,7 +414,7 @@ func testOptimizeRepository(t *testing.T, ctx context.Context) { // The repack won't repack the following objects because they're // broken, and thus we'll retry to prune them afterwards. - require.NoError(t, os.MkdirAll(filepath.Join(repoPath, "objects", "17"), 0o755)) + require.NoError(t, os.MkdirAll(filepath.Join(repoPath, "objects", "17"), perm.SharedDir)) // We set the object's mtime to be almost two weeks ago. Given that // our timeout is at exactly two weeks this shouldn't caused them to @@ -456,7 +457,7 @@ func testOptimizeRepository(t *testing.T, ctx context.Context) { // The repack won't repack the following objects because they're // broken, and thus we'll retry to prune them afterwards. - require.NoError(t, os.MkdirAll(filepath.Join(repoPath, "objects", "17"), 0o755)) + require.NoError(t, os.MkdirAll(filepath.Join(repoPath, "objects", "17"), perm.SharedDir)) moreThanTwoWeeksAgo := time.Now().Add(stats.StaleObjectsGracePeriod).Add(-time.Minute) diff --git a/internal/git/housekeeping/worktrees_test.go b/internal/git/housekeeping/worktrees_test.go index 3c928bec0..b6374fd54 100644 --- a/internal/git/housekeeping/worktrees_test.go +++ b/internal/git/housekeeping/worktrees_test.go @@ -10,6 +10,7 @@ import ( "gitlab.com/gitlab-org/gitaly/v15/internal/git/gittest" "gitlab.com/gitlab-org/gitaly/v15/internal/git/localrepo" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/config" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper/testcfg" ) @@ -66,7 +67,7 @@ func TestRemoveWorktree(t *testing.T) { require.NoError(t, os.RemoveAll(disconnectedWorktreePath)) orphanedWorktreePath := filepath.Join(repoPath, worktreePrefix, "orphaned") - require.NoError(t, os.MkdirAll(orphanedWorktreePath, os.ModePerm)) + require.NoError(t, os.MkdirAll(orphanedWorktreePath, perm.PublicDir)) for _, tc := range []struct { worktree string diff --git a/internal/git/localrepo/commit.go b/internal/git/localrepo/commit.go index 5e3ac1248..45466fdab 100644 --- a/internal/git/localrepo/commit.go +++ b/internal/git/localrepo/commit.go @@ -11,6 +11,7 @@ import ( "time" "gitlab.com/gitlab-org/gitaly/v15/internal/git" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/helper/text" ) @@ -87,7 +88,7 @@ func (repo *Repo) WriteCommit(ctx context.Context, cfg WriteCommitConfig) (git.O return "", errors.New("alternate object directory must be an absolute path") } - if err := os.MkdirAll(cfg.AlternateObjectDir, 0o755); err != nil { + if err := os.MkdirAll(cfg.AlternateObjectDir, perm.SharedDir); err != nil { return "", err } diff --git a/internal/git/localrepo/objects_test.go b/internal/git/localrepo/objects_test.go index f3e172fa9..2edca3cd0 100644 --- a/internal/git/localrepo/objects_test.go +++ b/internal/git/localrepo/objects_test.go @@ -16,6 +16,7 @@ import ( "gitlab.com/gitlab-org/gitaly/v15/internal/git/catfile" "gitlab.com/gitlab-org/gitaly/v15/internal/git/gittest" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/config" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/helper/text" "gitlab.com/gitlab-org/gitaly/v15/internal/metadata/featureflag" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" @@ -79,7 +80,7 @@ func testRepoWriteBlob(t *testing.T, ctx context.Context) { } { t.Run(tc.desc, func(t *testing.T) { attributesPath := filepath.Join(repoPath, "info", "attributes") - require.NoError(t, os.MkdirAll(filepath.Dir(attributesPath), 0o755)) + require.NoError(t, os.MkdirAll(filepath.Dir(attributesPath), perm.SharedDir)) require.NoError(t, os.WriteFile(attributesPath, []byte(tc.attributes), os.ModePerm)) sha, err := repo.WriteBlob(ctx, "file-path", tc.input) diff --git a/internal/git/localrepo/paths_test.go b/internal/git/localrepo/paths_test.go index 974110f13..bd0520d7e 100644 --- a/internal/git/localrepo/paths_test.go +++ b/internal/git/localrepo/paths_test.go @@ -10,6 +10,7 @@ import ( "gitlab.com/gitlab-org/gitaly/v15/internal/git/localrepo" "gitlab.com/gitlab-org/gitaly/v15/internal/git/quarantine" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/config" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/structerr" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper/testcfg" @@ -55,7 +56,7 @@ func TestRepo_Path(t *testing.T) { // Recreate the repository as a simple empty directory to simulate // that the repository is in a partially-created state. require.NoError(t, os.RemoveAll(repoPath)) - require.NoError(t, os.MkdirAll(repoPath, 0o777)) + require.NoError(t, os.MkdirAll(repoPath, perm.PublicDir)) _, err := repo.Path() require.Equal(t, structerr.NewNotFound("GetRepoPath: not a git repository: %q", repoPath), err) diff --git a/internal/git/localrepo/repo.go b/internal/git/localrepo/repo.go index 557f25b59..eca19b173 100644 --- a/internal/git/localrepo/repo.go +++ b/internal/git/localrepo/repo.go @@ -20,6 +20,7 @@ import ( "gitlab.com/gitlab-org/gitaly/v15/internal/git/repository" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/config" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/storage" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper/testcfg" "gitlab.com/gitlab-org/gitaly/v15/proto/go/gitalypb" @@ -219,7 +220,7 @@ func (repo *Repo) StorageTempDir() (string, error) { return "", err } - if err := os.MkdirAll(tempPath, 0o755); err != nil { + if err := os.MkdirAll(tempPath, perm.SharedDir); err != nil { return "", err } diff --git a/internal/git/objectpool/create_test.go b/internal/git/objectpool/create_test.go index 14350a136..4cb3e2031 100644 --- a/internal/git/objectpool/create_test.go +++ b/internal/git/objectpool/create_test.go @@ -16,6 +16,7 @@ import ( "gitlab.com/gitlab-org/gitaly/v15/internal/git/localrepo" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/config" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/transaction" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/structerr" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper/testcfg" @@ -81,7 +82,7 @@ func TestCreate(t *testing.T) { // We currently allow creating object pools when the target path is an empty // directory. This can be considered a bug, but for now we abide. - require.NoError(t, os.MkdirAll(fullPath, 0o755)) + require.NoError(t, os.MkdirAll(fullPath, perm.SharedDir)) _, _, err := createPool(t, &gitalypb.ObjectPool{ Repository: &gitalypb.Repository{ diff --git a/internal/git/objectpool/pool_test.go b/internal/git/objectpool/pool_test.go index 550199f30..13e5b4798 100644 --- a/internal/git/objectpool/pool_test.go +++ b/internal/git/objectpool/pool_test.go @@ -8,6 +8,7 @@ import ( "github.com/stretchr/testify/require" "gitlab.com/gitlab-org/gitaly/v15/internal/git/gittest" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/config" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/structerr" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper/testcfg" @@ -107,7 +108,7 @@ func TestFromRepo_failures(t *testing.T) { repoPath, err := repo.Path() require.NoError(t, err) - require.NoError(t, os.MkdirAll(filepath.Join(repoPath, "objects", "info"), 0o755)) + require.NoError(t, os.MkdirAll(filepath.Join(repoPath, "objects", "info"), perm.SharedDir)) alternateFilePath := filepath.Join(repoPath, "objects", "info", "alternates") require.NoError(t, os.WriteFile(alternateFilePath, tc.fileContent, 0o644)) poolFromRepo, err := FromRepo(locator, pool.gitCmdFactory, nil, nil, nil, repo) diff --git a/internal/git/quarantine/quarantine.go b/internal/git/quarantine/quarantine.go index 41afb8e1f..504803144 100644 --- a/internal/git/quarantine/quarantine.go +++ b/internal/git/quarantine/quarantine.go @@ -10,6 +10,7 @@ import ( "strings" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/storage" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/structerr" "gitlab.com/gitlab-org/gitaly/v15/internal/tempdir" "gitlab.com/gitlab-org/gitaly/v15/proto/go/gitalypb" @@ -101,7 +102,7 @@ func migrate(sourcePath, targetPath string) error { nestedSourcePath := filepath.Join(sourcePath, entry.Name()) if entry.IsDir() { - if err := os.Mkdir(nestedTargetPath, 0o777); err != nil { + if err := os.Mkdir(nestedTargetPath, perm.PublicDir); err != nil { if !errors.Is(err, os.ErrExist) { return fmt.Errorf("creating target directory %q: %w", nestedTargetPath, err) } diff --git a/internal/git/quarantine/quarantine_test.go b/internal/git/quarantine/quarantine_test.go index f1b0d7a16..390bdf9e1 100644 --- a/internal/git/quarantine/quarantine_test.go +++ b/internal/git/quarantine/quarantine_test.go @@ -11,6 +11,7 @@ import ( "gitlab.com/gitlab-org/gitaly/v15/internal/git/gittest" "gitlab.com/gitlab-org/gitaly/v15/internal/git/localrepo" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/config" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper/testcfg" "gitlab.com/gitlab-org/gitaly/v15/proto/go/gitalypb" @@ -27,7 +28,7 @@ func (e entry) create(t *testing.T, root string) { require.True(t, e.contents == "" || e.children == nil, "An entry cannot have both file contents and children") if e.children != nil { - require.NoError(t, os.Mkdir(root, 0o777)) + require.NoError(t, os.Mkdir(root, perm.PublicDir)) for name, child := range e.children { child.create(t, filepath.Join(root, name)) diff --git a/internal/git/stats/repository_info_test.go b/internal/git/stats/repository_info_test.go index 7838cb050..3e11904f5 100644 --- a/internal/git/stats/repository_info_test.go +++ b/internal/git/stats/repository_info_test.go @@ -19,6 +19,7 @@ import ( "gitlab.com/gitlab-org/gitaly/v15/internal/git/gittest" "gitlab.com/gitlab-org/gitaly/v15/internal/git/localrepo" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/config" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper/testcfg" "gitlab.com/gitlab-org/gitaly/v15/proto/go/gitalypb" @@ -513,7 +514,7 @@ func TestCountLooseObjects(t *testing.T) { repo, repoPath := createRepo(t) differentShard := filepath.Join(repoPath, "objects", "a0") - require.NoError(t, os.MkdirAll(differentShard, 0o755)) + require.NoError(t, os.MkdirAll(differentShard, perm.SharedDir)) require.NoError(t, os.WriteFile(filepath.Join(differentShard, "123456"), []byte("foobar"), 0o644)) requireLooseObjectsInfo(t, repo, time.Now(), LooseObjectsInfo{ @@ -529,7 +530,7 @@ func TestCountLooseObjects(t *testing.T) { for i, shard := range []string{"00", "17", "32", "ff"} { shardPath := filepath.Join(repoPath, "objects", shard) - require.NoError(t, os.MkdirAll(shardPath, 0o755)) + require.NoError(t, os.MkdirAll(shardPath, perm.SharedDir)) require.NoError(t, os.WriteFile(filepath.Join(shardPath, "123456"), make([]byte, i), 0o644)) } @@ -545,7 +546,7 @@ func TestCountLooseObjects(t *testing.T) { repo, repoPath := createRepo(t) shard := filepath.Join(repoPath, "objects", "17") - require.NoError(t, os.MkdirAll(shard, 0o755)) + require.NoError(t, os.MkdirAll(shard, perm.SharedDir)) objectPaths := []string{ filepath.Join(shard, "123456"), @@ -584,7 +585,7 @@ func TestCountLooseObjects(t *testing.T) { repo, repoPath := createRepo(t) shard := filepath.Join(repoPath, "objects", "17") - require.NoError(t, os.MkdirAll(shard, 0o755)) + require.NoError(t, os.MkdirAll(shard, perm.SharedDir)) require.NoError(t, os.WriteFile(filepath.Join(shard, "012345"), []byte("valid"), 0o644)) require.NoError(t, os.WriteFile(filepath.Join(shard, "garbage"), []byte("garbage"), 0o644)) @@ -625,7 +626,7 @@ func BenchmarkCountLooseObjects(b *testing.B) { repo, repoPath := createRepo(b) objectPath := filepath.Join(repoPath, "objects", "17", "12345") - require.NoError(b, os.Mkdir(filepath.Dir(objectPath), 0o755)) + require.NoError(b, os.Mkdir(filepath.Dir(objectPath), perm.SharedDir)) require.NoError(b, os.WriteFile(objectPath, nil, 0o644)) b.ResetTimer() @@ -640,7 +641,7 @@ func BenchmarkCountLooseObjects(b *testing.B) { for i := 0; i < 256; i++ { objectPath := filepath.Join(repoPath, "objects", fmt.Sprintf("%02x", i), "12345") - require.NoError(b, os.Mkdir(filepath.Dir(objectPath), 0o755)) + require.NoError(b, os.Mkdir(filepath.Dir(objectPath), perm.SharedDir)) require.NoError(b, os.WriteFile(objectPath, nil, 0o644)) } @@ -666,7 +667,7 @@ func BenchmarkCountLooseObjects(b *testing.B) { for i := 0; i < 256; i++ { shardPath := filepath.Join(repoPath, "objects", fmt.Sprintf("%02x", i)) - require.NoError(b, os.Mkdir(shardPath, 0o755)) + require.NoError(b, os.Mkdir(shardPath, perm.SharedDir)) for j := 0; j < looseObjectCount; j++ { objectPath := filepath.Join(shardPath, fmt.Sprintf("%d", j)) @@ -686,7 +687,7 @@ func BenchmarkCountLooseObjects(b *testing.B) { for i := 0; i < 256; i++ { shardPath := filepath.Join(repoPath, "objects", fmt.Sprintf("%02x", i)) - require.NoError(b, os.Mkdir(shardPath, 0o755)) + require.NoError(b, os.Mkdir(shardPath, perm.SharedDir)) for j := 0; j < 1000; j++ { objectPath := filepath.Join(shardPath, fmt.Sprintf("%d", j)) @@ -723,7 +724,7 @@ func TestPackfileInfoForRepository(t *testing.T) { desc: "single packfile", seedRepository: func(t *testing.T, repoPath string) { packfileDir := filepath.Join(repoPath, "objects", "pack") - require.NoError(t, os.MkdirAll(packfileDir, 0o755)) + require.NoError(t, os.MkdirAll(packfileDir, perm.SharedDir)) require.NoError(t, os.WriteFile(filepath.Join(packfileDir, "pack-foo.pack"), []byte("foobar"), 0o644)) }, expectedInfo: PackfilesInfo{ @@ -735,7 +736,7 @@ func TestPackfileInfoForRepository(t *testing.T) { desc: "keep packfile", seedRepository: func(t *testing.T, repoPath string) { packfileDir := filepath.Join(repoPath, "objects", "pack") - require.NoError(t, os.MkdirAll(packfileDir, 0o755)) + require.NoError(t, os.MkdirAll(packfileDir, perm.SharedDir)) require.NoError(t, os.WriteFile(filepath.Join(packfileDir, "pack-foo.pack"), []byte("foobar"), 0o644)) require.NoError(t, os.WriteFile(filepath.Join(packfileDir, "pack-foo.keep"), []byte("foobar"), 0o644)) }, @@ -748,7 +749,7 @@ func TestPackfileInfoForRepository(t *testing.T) { desc: "cruft packfile", seedRepository: func(t *testing.T, repoPath string) { packfileDir := filepath.Join(repoPath, "objects", "pack") - require.NoError(t, os.MkdirAll(packfileDir, 0o755)) + require.NoError(t, os.MkdirAll(packfileDir, perm.SharedDir)) require.NoError(t, os.WriteFile(filepath.Join(packfileDir, "pack-foo.pack"), []byte("foobar"), 0o644)) require.NoError(t, os.WriteFile(filepath.Join(packfileDir, "pack-foo.mtimes"), []byte("foobar"), 0o644)) }, @@ -761,7 +762,7 @@ func TestPackfileInfoForRepository(t *testing.T) { desc: "multiple packfiles", seedRepository: func(t *testing.T, repoPath string) { packfileDir := filepath.Join(repoPath, "objects", "pack") - require.NoError(t, os.MkdirAll(packfileDir, 0o755)) + require.NoError(t, os.MkdirAll(packfileDir, perm.SharedDir)) require.NoError(t, os.WriteFile(filepath.Join(packfileDir, "pack-foo.pack"), []byte("foobar"), 0o644)) require.NoError(t, os.WriteFile(filepath.Join(packfileDir, "pack-bar.pack"), []byte("123"), 0o644)) }, @@ -791,7 +792,7 @@ func TestPackfileInfoForRepository(t *testing.T) { desc: "multi-pack-index", seedRepository: func(t *testing.T, repoPath string) { packfileDir := filepath.Join(repoPath, "objects", "pack") - require.NoError(t, os.MkdirAll(packfileDir, 0o755)) + require.NoError(t, os.MkdirAll(packfileDir, perm.SharedDir)) require.NoError(t, os.WriteFile(filepath.Join(packfileDir, "multi-pack-index"), nil, 0o644)) }, expectedInfo: PackfilesInfo{ diff --git a/internal/gitaly/config/config.go b/internal/gitaly/config/config.go index 7c1ceb621..1e11c95ab 100644 --- a/internal/gitaly/config/config.go +++ b/internal/gitaly/config/config.go @@ -20,6 +20,7 @@ import ( "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/config/prometheus" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/config/sentry" "gitlab.com/gitlab-org/gitaly/v15/internal/helper/duration" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" ) const ( @@ -634,7 +635,7 @@ func SetupRuntimeDirectory(cfg Cfg, processID int) (string, error) { } } - if err := os.Mkdir(runtimeDir, 0o700); err != nil { + if err := os.Mkdir(runtimeDir, perm.PrivateDir); err != nil { return "", fmt.Errorf("creating runtime directory: %w", err) } } @@ -647,7 +648,7 @@ func SetupRuntimeDirectory(cfg Cfg, processID int) (string, error) { // socket paths. We hope/expect that os.MkdirTemp creates a directory // that is not too deep. We need a directory, not a tempfile, because we // will later want to set its permissions to 0700 - if err := os.Mkdir(cfg.InternalSocketDir(), 0o700); err != nil { + if err := os.Mkdir(cfg.InternalSocketDir(), perm.PrivateDir); err != nil { return "", fmt.Errorf("create internal socket directory: %w", err) } diff --git a/internal/gitaly/config/config_test.go b/internal/gitaly/config/config_test.go index b1da72475..78560f408 100644 --- a/internal/gitaly/config/config_test.go +++ b/internal/gitaly/config/config_test.go @@ -18,6 +18,7 @@ import ( "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/config/prometheus" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/config/sentry" "gitlab.com/gitlab-org/gitaly/v15/internal/helper/duration" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" ) @@ -183,7 +184,7 @@ func TestValidateStorages(t *testing.T) { repositories := testhelper.TempDir(t) repositories2 := testhelper.TempDir(t) nestedRepositories := filepath.Join(repositories, "nested") - require.NoError(t, os.MkdirAll(nestedRepositories, os.ModePerm)) + require.NoError(t, os.MkdirAll(nestedRepositories, perm.PublicDir)) filePath := filepath.Join(testhelper.TempDir(t), "temporary-file") require.NoError(t, os.WriteFile(filePath, []byte{}, 0o666)) @@ -426,7 +427,7 @@ func TestValidateGitConfig(t *testing.T) { func TestValidateShellPath(t *testing.T) { tmpDir := testhelper.TempDir(t) - require.NoError(t, os.MkdirAll(filepath.Join(tmpDir, "bin"), 0o755)) + require.NoError(t, os.MkdirAll(filepath.Join(tmpDir, "bin"), perm.SharedDir)) tmpFile := filepath.Join(tmpDir, "my-file") require.NoError(t, os.WriteFile(tmpFile, []byte{}, 0o666)) @@ -635,7 +636,7 @@ func TestSetupRuntimeDirectory_validateInternalSocket(t *testing.T) { desc: "symlinked runtime directory", setup: func(t *testing.T) string { runtimeDir := testhelper.TempDir(t) - require.NoError(t, os.Mkdir(filepath.Join(runtimeDir, "sock.d"), os.ModePerm)) + require.NoError(t, os.Mkdir(filepath.Join(runtimeDir, "sock.d"), perm.PublicDir)) // Create a symlink which points to the real runtime directory. symlinkDir := testhelper.TempDir(t) @@ -662,7 +663,7 @@ func TestSetupRuntimeDirectory_validateInternalSocket(t *testing.T) { runtimeDirTooLongForSockets := filepath.Join(tempDir, strings.Repeat("/nested_directory", 10)) socketDir := filepath.Join(runtimeDirTooLongForSockets, "sock.d") - require.NoError(t, os.MkdirAll(socketDir, os.ModePerm)) + require.NoError(t, os.MkdirAll(socketDir, perm.PublicDir)) return runtimeDirTooLongForSockets }, diff --git a/internal/gitaly/config/locator_test.go b/internal/gitaly/config/locator_test.go index e647fc822..e2ab093f9 100644 --- a/internal/gitaly/config/locator_test.go +++ b/internal/gitaly/config/locator_test.go @@ -12,6 +12,7 @@ import ( "gitlab.com/gitlab-org/gitaly/v15/internal/git/gittest" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/config" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/service/setup" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/structerr" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper/testcfg" @@ -42,7 +43,7 @@ func TestConfigLocator_GetRepoPath(t *testing.T) { // The repository path exists on the disk, but it is not a git repository. const notRepositoryFolder = "not-a-git-repo" - require.NoError(t, os.MkdirAll(filepath.Join(cfg.Storages[0].Path, notRepositoryFolder), 0o755)) + require.NoError(t, os.MkdirAll(filepath.Join(cfg.Storages[0].Path, notRepositoryFolder), perm.SharedDir)) for _, tc := range []struct { desc string @@ -106,7 +107,7 @@ func TestConfigLocator_GetPath(t *testing.T) { // The repository path exists on the disk, but it is not a git repository. const notRepositoryFolder = "not-a-git-repo" - require.NoError(t, os.MkdirAll(filepath.Join(cfg.Storages[0].Path, notRepositoryFolder), 0o755)) + require.NoError(t, os.MkdirAll(filepath.Join(cfg.Storages[0].Path, notRepositoryFolder), perm.SharedDir)) for _, tc := range []struct { desc string diff --git a/internal/gitaly/config/temp_dir_test.go b/internal/gitaly/config/temp_dir_test.go index 25c99bab0..251d8eabf 100644 --- a/internal/gitaly/config/temp_dir_test.go +++ b/internal/gitaly/config/temp_dir_test.go @@ -11,6 +11,7 @@ import ( "github.com/sirupsen/logrus/hooks/test" "github.com/stretchr/testify/require" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" ) @@ -76,7 +77,7 @@ func TestPruneOldGitalyProcessDirectories(t *testing.T) { "gitaly-invalidpid", } { dirPath := filepath.Join(baseDir, dirName) - require.NoError(t, os.Mkdir(dirPath, os.ModePerm)) + require.NoError(t, os.Mkdir(dirPath, perm.PublicDir)) expectedLogs[dirPath] = "could not prune entry" expectedErrs[dirPath] = errors.New("gitaly process directory contains an unexpected directory") nonPrunableDirs = append(nonPrunableDirs, dirPath) diff --git a/internal/gitaly/hook/custom_test.go b/internal/gitaly/hook/custom_test.go index d9273e04d..25048a66c 100644 --- a/internal/gitaly/hook/custom_test.go +++ b/internal/gitaly/hook/custom_test.go @@ -16,6 +16,7 @@ import ( "gitlab.com/gitlab-org/gitaly/v15/internal/git/gittest" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/config" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/storage" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/helper/text" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper/testcfg" @@ -270,7 +271,7 @@ func TestCustomHooksWithSymlinks(t *testing.T) { // bad -> /path/to/nowhere BAD firstDir := filepath.Join(globalHooksPath, "first_dir") secondDir := filepath.Join(globalHooksPath, "second_dir") - require.NoError(t, os.MkdirAll(firstDir, 0o755)) + require.NoError(t, os.MkdirAll(firstDir, perm.SharedDir)) require.NoError(t, os.Symlink(firstDir, secondDir)) filename := filepath.Join(firstDir, "update") @@ -451,7 +452,7 @@ type customHookResults struct { } func writeCustomHook(t *testing.T, hookName, dir string, content []byte) func() { - require.NoError(t, os.MkdirAll(dir, 0o755)) + require.NoError(t, os.MkdirAll(dir, perm.SharedDir)) require.NoError(t, os.WriteFile(filepath.Join(dir, hookName), content, 0o755)) return func() { diff --git a/internal/gitaly/hook/sidechannel.go b/internal/gitaly/hook/sidechannel.go index 678e19283..03fb2a0a0 100644 --- a/internal/gitaly/hook/sidechannel.go +++ b/internal/gitaly/hook/sidechannel.go @@ -12,6 +12,7 @@ import ( "time" "gitlab.com/gitlab-org/gitaly/v15/internal/git" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" gitaly_metadata "gitlab.com/gitlab-org/gitaly/v15/internal/metadata" "google.golang.org/grpc/metadata" ) @@ -56,7 +57,7 @@ func SetupSidechannel(ctx context.Context, payload git.HooksPayload, callback fu // Note that we don't use `os.MkdirAll()` here: we don't want to accidentally create // the full directory hierarchy, and the assumption is that the runtime directory // must exist already. - if err := os.Mkdir(sidechannelDir, 0o700); err != nil && !errors.Is(err, fs.ErrExist) { + if err := os.Mkdir(sidechannelDir, perm.PrivateDir); err != nil && !errors.Is(err, fs.ErrExist) { return nil, nil, err } diff --git a/internal/gitaly/linguist/linguist_test.go b/internal/gitaly/linguist/linguist_test.go index 3a67ce07e..1fd1bb633 100644 --- a/internal/gitaly/linguist/linguist_test.go +++ b/internal/gitaly/linguist/linguist_test.go @@ -13,6 +13,7 @@ import ( "gitlab.com/gitlab-org/gitaly/v15/internal/git/gittest" "gitlab.com/gitlab-org/gitaly/v15/internal/git/localrepo" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/config" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper/testcfg" "gitlab.com/gitlab-org/gitaly/v15/proto/go/gitalypb" @@ -528,7 +529,7 @@ func TestInstance_Stats(t *testing.T) { // Apply the gitattributes // We should get rid of this with https://gitlab.com/groups/gitlab-org/-/epics/9006 infoPath := filepath.Join(repoPath, "info") - require.NoError(t, os.MkdirAll(infoPath, 0o755)) + require.NoError(t, os.MkdirAll(infoPath, perm.SharedDir)) attrData, err := gittest.NewCommand(t, cfg, "-C", repoPath, "cat-file", "blob", objectID.String()+":.gitattributes").Output() if err == nil { require.NoError(t, os.WriteFile(filepath.Join(infoPath, "attributes"), attrData, 0o644)) diff --git a/internal/gitaly/maintenance/randomwalker_test.go b/internal/gitaly/maintenance/randomwalker_test.go index 7e3dc8c0a..0b6a8e7bf 100644 --- a/internal/gitaly/maintenance/randomwalker_test.go +++ b/internal/gitaly/maintenance/randomwalker_test.go @@ -9,6 +9,7 @@ import ( "testing" "github.com/stretchr/testify/require" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" ) @@ -151,7 +152,7 @@ func TestRandomWalk(t *testing.T) { root := testhelper.TempDir(t) for _, dir := range tc.dirs { - require.NoError(t, os.MkdirAll(filepath.Join(root, dir), 0o777)) + require.NoError(t, os.MkdirAll(filepath.Join(root, dir), perm.PublicDir)) } for _, file := range tc.files { @@ -195,7 +196,7 @@ func TestRandomWalk_withRemovedDirs(t *testing.T) { root := testhelper.TempDir(t) for _, dir := range []string{"foo/bar", "foo/bar/deleteme", "foo/baz/qux", "foo/baz/other"} { - require.NoError(t, os.MkdirAll(filepath.Join(root, dir), 0o777)) + require.NoError(t, os.MkdirAll(filepath.Join(root, dir), perm.PublicDir)) } walker := newRandomWalker(root, rand.New(rand.NewSource(1))) diff --git a/internal/gitaly/repoutil/create.go b/internal/gitaly/repoutil/create.go index 3cbc6f441..759204e35 100644 --- a/internal/gitaly/repoutil/create.go +++ b/internal/gitaly/repoutil/create.go @@ -13,6 +13,7 @@ import ( "gitlab.com/gitlab-org/gitaly/v15/internal/git" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/storage" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/transaction" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/safe" "gitlab.com/gitlab-org/gitaly/v15/internal/structerr" "gitlab.com/gitlab-org/gitaly/v15/internal/tempdir" @@ -81,7 +82,7 @@ func Create( } // Create the parent directory in case it doesn't exist yet. - if err := os.MkdirAll(filepath.Dir(targetPath), 0o770); err != nil { + if err := os.MkdirAll(filepath.Dir(targetPath), perm.GroupPrivateDir); err != nil { return structerr.NewInternal("create directories: %w", err) } diff --git a/internal/gitaly/repoutil/create_test.go b/internal/gitaly/repoutil/create_test.go index e4b7b38d2..838970617 100644 --- a/internal/gitaly/repoutil/create_test.go +++ b/internal/gitaly/repoutil/create_test.go @@ -14,6 +14,7 @@ import ( "gitlab.com/gitlab-org/gitaly/v15/internal/git/gittest" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/config" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/transaction" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/helper/text" "gitlab.com/gitlab-org/gitaly/v15/internal/safe" "gitlab.com/gitlab-org/gitaly/v15/internal/structerr" @@ -95,7 +96,7 @@ func TestCreate(t *testing.T) { { desc: "preexisting directory", setup: func(t *testing.T, repo *gitalypb.Repository, repoPath string) { - require.NoError(t, os.MkdirAll(repoPath, 0o777)) + require.NoError(t, os.MkdirAll(repoPath, perm.PublicDir)) }, verify: func(t *testing.T, tempRepo *gitalypb.Repository, tempRepoPath string, realRepo *gitalypb.Repository, realRepoPath string) { require.NoDirExists(t, tempRepoPath) @@ -110,7 +111,7 @@ func TestCreate(t *testing.T) { { desc: "locked", setup: func(t *testing.T, repo *gitalypb.Repository, repoPath string) { - require.NoError(t, os.MkdirAll(filepath.Dir(repoPath), 0o777)) + require.NoError(t, os.MkdirAll(filepath.Dir(repoPath), perm.PublicDir)) // Lock the target repository such that we must fail. lock, err := os.Create(repoPath + ".lock") @@ -184,7 +185,7 @@ func TestCreate(t *testing.T) { // should try locking the repository before casting any votes, we do // not expect to see a voting error. - require.NoError(t, os.MkdirAll(filepath.Dir(repoPath), 0o777)) + require.NoError(t, os.MkdirAll(filepath.Dir(repoPath), perm.PublicDir)) lock, err := os.Create(repoPath + ".lock") require.NoError(t, err) require.NoError(t, lock.Close()) @@ -212,19 +213,19 @@ func TestCreate(t *testing.T) { seed: func(t *testing.T, repo *gitalypb.Repository, repoPath string) error { // Remove the repository first so we can start from a clean state. require.NoError(t, os.RemoveAll(repoPath)) - require.NoError(t, os.Mkdir(repoPath, 0o777)) + require.NoError(t, os.Mkdir(repoPath, perm.PublicDir)) // Objects and FETCH_HEAD should both be ignored. They may contain // indeterministic data that's different across replicas and would // thus cause us to not reach quorum. - require.NoError(t, os.Mkdir(filepath.Join(repoPath, "objects"), 0o777)) + require.NoError(t, os.Mkdir(filepath.Join(repoPath, "objects"), perm.PublicDir)) require.NoError(t, os.WriteFile(filepath.Join(repoPath, "objects", "object"), []byte("object"), 0o666)) require.NoError(t, os.WriteFile(filepath.Join(repoPath, "FETCH_HEAD"), []byte("fetch-head"), 0o666)) // All the other files should be hashed though. require.NoError(t, os.WriteFile(filepath.Join(repoPath, "HEAD"), []byte("head"), 0o666)) require.NoError(t, os.WriteFile(filepath.Join(repoPath, "config"), []byte("cfg"), 0o666)) - require.NoError(t, os.MkdirAll(filepath.Join(repoPath, "refs", "heads"), 0o777)) + require.NoError(t, os.MkdirAll(filepath.Join(repoPath, "refs", "heads"), perm.PublicDir)) require.NoError(t, os.WriteFile(filepath.Join(repoPath, "refs", "heads", "foo"), []byte("foo"), 0o666)) return nil diff --git a/internal/gitaly/rubyserver/rubyserver.go b/internal/gitaly/rubyserver/rubyserver.go index 7e661954a..34f3e80c6 100644 --- a/internal/gitaly/rubyserver/rubyserver.go +++ b/internal/gitaly/rubyserver/rubyserver.go @@ -18,6 +18,7 @@ import ( "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/rubyserver/balancer" "gitlab.com/gitlab-org/gitaly/v15/internal/helper" "gitlab.com/gitlab-org/gitaly/v15/internal/helper/env" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/supervisor" "gitlab.com/gitlab-org/gitaly/v15/internal/version" "gitlab.com/gitlab-org/gitaly/v15/proto/go/gitalypb" @@ -153,7 +154,7 @@ func (s *Server) start() error { // released (https://github.com/libgit2/rugged/pull/918). if cfg.Ruby.RuggedGitConfigSearchPath == "" { gitconfigDir := filepath.Join(cfg.RuntimeDir, "ruby-gitconfig") - if err := os.Mkdir(gitconfigDir, 0o777); err != nil { + if err := os.Mkdir(gitconfigDir, perm.PublicDir); err != nil { return fmt.Errorf("creating gitconfig dir: %w", err) } diff --git a/internal/gitaly/service/blob/lfs_pointers_test.go b/internal/gitaly/service/blob/lfs_pointers_test.go index 5ff60c722..f2373101f 100644 --- a/internal/gitaly/service/blob/lfs_pointers_test.go +++ b/internal/gitaly/service/blob/lfs_pointers_test.go @@ -16,6 +16,7 @@ import ( "gitlab.com/gitlab-org/gitaly/v15/internal/git/catfile" "gitlab.com/gitlab-org/gitaly/v15/internal/git/gittest" "gitlab.com/gitlab-org/gitaly/v15/internal/git/localrepo" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/helper/text" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" "gitlab.com/gitlab-org/gitaly/v15/proto/go/gitalypb" @@ -250,7 +251,7 @@ size 12345` // may want to inspect all newly pushed objects, denoted by a repository proto // message which only has its object directory set to the quarantine directory. quarantineDir := "objects/incoming-123456" - require.NoError(t, os.Mkdir(filepath.Join(repoPath, quarantineDir), 0o777)) + require.NoError(t, os.Mkdir(filepath.Join(repoPath, quarantineDir), perm.PublicDir)) repoProto.GitObjectDirectory = quarantineDir repoProto.GitAlternateObjectDirectories = nil diff --git a/internal/gitaly/service/commit/list_all_commits_test.go b/internal/gitaly/service/commit/list_all_commits_test.go index a828df9c8..5e04ea82c 100644 --- a/internal/gitaly/service/commit/list_all_commits_test.go +++ b/internal/gitaly/service/commit/list_all_commits_test.go @@ -11,6 +11,7 @@ import ( "github.com/stretchr/testify/require" "gitlab.com/gitlab-org/gitaly/v15/internal/git/gittest" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" "gitlab.com/gitlab-org/gitaly/v15/proto/go/gitalypb" "google.golang.org/grpc/codes" @@ -101,7 +102,7 @@ func TestListAllCommits(t *testing.T) { cfg, repo, repoPath, client := setupCommitServiceWithRepo(t, ctx) quarantineDir := filepath.Join("objects", "incoming-123456") - require.NoError(t, os.Mkdir(filepath.Join(repoPath, quarantineDir), 0o777)) + require.NoError(t, os.Mkdir(filepath.Join(repoPath, quarantineDir), perm.PublicDir)) repo.GitObjectDirectory = quarantineDir repo.GitAlternateObjectDirectories = nil diff --git a/internal/gitaly/service/namespace/namespace.go b/internal/gitaly/service/namespace/namespace.go index 1c2ab5773..7c77f10aa 100644 --- a/internal/gitaly/service/namespace/namespace.go +++ b/internal/gitaly/service/namespace/namespace.go @@ -7,6 +7,7 @@ import ( "os" "path/filepath" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/structerr" "gitlab.com/gitlab-org/gitaly/v15/proto/go/gitalypb" "google.golang.org/grpc/codes" @@ -47,7 +48,7 @@ func (s *server) AddNamespace(ctx context.Context, in *gitalypb.AddNamespaceRequ return nil, noNameError } - if err = os.MkdirAll(namespacePath(storagePath, name), 0o770); err != nil { + if err = os.MkdirAll(namespacePath(storagePath, name), perm.GroupPrivateDir); err != nil { return nil, structerr.NewInternal("create directory: %w", err) } @@ -84,7 +85,7 @@ func (s *server) RenameNamespace(ctx context.Context, in *gitalypb.RenameNamespa targetPath := namespacePath(storagePath, in.GetTo()) // Create the parent directory. - if err = os.MkdirAll(filepath.Dir(targetPath), 0o775); err != nil { + if err = os.MkdirAll(filepath.Dir(targetPath), perm.SharedDir); err != nil { return nil, structerr.NewInternal("create directory: %w", err) } diff --git a/internal/gitaly/service/namespace/namespace_test.go b/internal/gitaly/service/namespace/namespace_test.go index 9d00df97e..917682460 100644 --- a/internal/gitaly/service/namespace/namespace_test.go +++ b/internal/gitaly/service/namespace/namespace_test.go @@ -9,6 +9,7 @@ import ( "github.com/stretchr/testify/require" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/config" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/structerr" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper/testserver" @@ -25,7 +26,7 @@ func TestNamespaceExists(t *testing.T) { ctx := testhelper.Context(t) const existingNamespace = "existing" - require.NoError(t, os.MkdirAll(filepath.Join(existingStorage.Path, existingNamespace), 0o755)) + require.NoError(t, os.MkdirAll(filepath.Join(existingStorage.Path, existingNamespace), perm.SharedDir)) for _, tc := range []struct { desc string @@ -156,7 +157,7 @@ func TestRemoveNamespace(t *testing.T) { ctx := testhelper.Context(t) const existingNamespace = "created" - require.NoError(t, os.MkdirAll(filepath.Join(existingStorage.Path, existingNamespace), 0o755), "test setup") + require.NoError(t, os.MkdirAll(filepath.Join(existingStorage.Path, existingNamespace), perm.SharedDir), "test setup") queries := []struct { desc string @@ -210,7 +211,7 @@ func TestRenameNamespace(t *testing.T) { ctx := testhelper.Context(t) const existingNamespace = "existing" - require.NoError(t, os.MkdirAll(filepath.Join(existingStorage.Path, existingNamespace), 0o755)) + require.NoError(t, os.MkdirAll(filepath.Join(existingStorage.Path, existingNamespace), perm.SharedDir)) for _, tc := range []struct { desc string diff --git a/internal/gitaly/service/objectpool/alternates.go b/internal/gitaly/service/objectpool/alternates.go index 33f5b6d5f..667c8612a 100644 --- a/internal/gitaly/service/objectpool/alternates.go +++ b/internal/gitaly/service/objectpool/alternates.go @@ -14,6 +14,7 @@ import ( "gitlab.com/gitlab-org/gitaly/v15/internal/git" "gitlab.com/gitlab-org/gitaly/v15/internal/git/localrepo" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/service" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/helper/text" "gitlab.com/gitlab-org/gitaly/v15/internal/metadata/featureflag" "gitlab.com/gitlab-org/gitaly/v15/internal/structerr" @@ -89,7 +90,7 @@ func (s *server) disconnectAlternates(ctx context.Context, repo *localrepo.Repo) source := filepath.Join(altDir, path) target := filepath.Join(repoPath, "objects", path) - if err := os.MkdirAll(filepath.Dir(target), 0o755); err != nil { + if err := os.MkdirAll(filepath.Dir(target), perm.SharedDir); err != nil { return err } diff --git a/internal/gitaly/service/objectpool/create_test.go b/internal/gitaly/service/objectpool/create_test.go index 8ea7125f2..b4dba6096 100644 --- a/internal/gitaly/service/objectpool/create_test.go +++ b/internal/gitaly/service/objectpool/create_test.go @@ -17,6 +17,7 @@ import ( "gitlab.com/gitlab-org/gitaly/v15/internal/git/objectpool" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/config" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/transaction" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/structerr" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper/testcfg" @@ -88,7 +89,7 @@ func TestCreate_unsuccessful(t *testing.T) { // gets honored as expected. lockedRelativePath := gittest.NewObjectPoolName(t) lockedFullPath := filepath.Join(cfg.Storages[0].Path, lockedRelativePath+".lock") - require.NoError(t, os.MkdirAll(filepath.Dir(lockedFullPath), 0o755)) + require.NoError(t, os.MkdirAll(filepath.Dir(lockedFullPath), perm.SharedDir)) require.NoError(t, os.WriteFile(lockedFullPath, nil, 0o644)) // Create a preexisting object pool. diff --git a/internal/gitaly/service/objectpool/fetch_into_object_pool_test.go b/internal/gitaly/service/objectpool/fetch_into_object_pool_test.go index 2d9bec21c..1e73ef205 100644 --- a/internal/gitaly/service/objectpool/fetch_into_object_pool_test.go +++ b/internal/gitaly/service/objectpool/fetch_into_object_pool_test.go @@ -20,6 +20,7 @@ import ( "gitlab.com/gitlab-org/gitaly/v15/internal/git/stats" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/config" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/transaction" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/metadata" "gitlab.com/gitlab-org/gitaly/v15/internal/metadata/featureflag" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" @@ -80,7 +81,7 @@ func testFetchIntoObjectPoolSuccess(t *testing.T, ctx context.Context) { // break many Git commands, including git-fetch(1). We should know to prune stale broken // references though and thus be able to recover. brokenRef := filepath.Join(poolPath, "refs", "heads", "broken") - require.NoError(t, os.MkdirAll(filepath.Dir(brokenRef), 0o755)) + require.NoError(t, os.MkdirAll(filepath.Dir(brokenRef), perm.SharedDir)) require.NoError(t, os.WriteFile(brokenRef, []byte{}, 0o777)) oldTime := time.Now().Add(-25 * time.Hour) require.NoError(t, os.Chtimes(brokenRef, oldTime, oldTime)) diff --git a/internal/gitaly/service/objectpool/get_test.go b/internal/gitaly/service/objectpool/get_test.go index 75a49caf8..c9789a607 100644 --- a/internal/gitaly/service/objectpool/get_test.go +++ b/internal/gitaly/service/objectpool/get_test.go @@ -9,6 +9,7 @@ import ( "github.com/stretchr/testify/require" "gitlab.com/gitlab-org/gitaly/v15/internal/git/localrepo" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" "gitlab.com/gitlab-org/gitaly/v15/proto/go/gitalypb" "google.golang.org/grpc/codes" @@ -55,7 +56,7 @@ func TestGetObjectPoolBadFile(t *testing.T) { _, repo, repoPath, _, client := setup(t, ctx) alternatesFilePath := filepath.Join(repoPath, "objects", "info", "alternates") - require.NoError(t, os.MkdirAll(filepath.Dir(alternatesFilePath), 0o755)) + require.NoError(t, os.MkdirAll(filepath.Dir(alternatesFilePath), perm.SharedDir)) require.NoError(t, os.WriteFile(alternatesFilePath, []byte("not-a-directory"), 0o644)) resp, err := client.GetObjectPool(ctx, &gitalypb.GetObjectPoolRequest{ diff --git a/internal/gitaly/service/repository/apply_gitattributes.go b/internal/gitaly/service/repository/apply_gitattributes.go index 973d59581..6b10b13aa 100644 --- a/internal/gitaly/service/repository/apply_gitattributes.go +++ b/internal/gitaly/service/repository/apply_gitattributes.go @@ -14,6 +14,7 @@ import ( "gitlab.com/gitlab-org/gitaly/v15/internal/git/localrepo" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/service" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/transaction" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/safe" "gitlab.com/gitlab-org/gitaly/v15/internal/structerr" "gitlab.com/gitlab-org/gitaly/v15/internal/transaction/txinfo" @@ -42,7 +43,7 @@ func (s *server) applyGitattributes(ctx context.Context, repo *localrepo.Repo, o } // Create /info folder if it doesn't exist - if err := os.MkdirAll(infoPath, 0o755); err != nil { + if err := os.MkdirAll(infoPath, perm.SharedDir); err != nil { return err } diff --git a/internal/gitaly/service/repository/apply_gitattributes_test.go b/internal/gitaly/service/repository/apply_gitattributes_test.go index a168f08b1..0eeb7ecb5 100644 --- a/internal/gitaly/service/repository/apply_gitattributes_test.go +++ b/internal/gitaly/service/repository/apply_gitattributes_test.go @@ -11,6 +11,7 @@ import ( "github.com/stretchr/testify/require" "gitlab.com/gitlab-org/gitaly/v15/internal/backchannel" "gitlab.com/gitlab-org/gitaly/v15/internal/git/gittest" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/metadata" "gitlab.com/gitlab-org/gitaly/v15/internal/structerr" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" @@ -61,13 +62,13 @@ func TestApplyGitattributes_successful(t *testing.T) { t.Run("without 'info/attributes' directory", func(t *testing.T) { require.NoError(t, os.RemoveAll(infoPath)) - require.NoError(t, os.Mkdir(infoPath, 0o755)) + require.NoError(t, os.Mkdir(infoPath, perm.SharedDir)) requireApplyGitattributes(t, ctx, client, repo, attributesPath, tc.revision, tc.expectedContent) }) t.Run("with preexisting 'info/attributes'", func(t *testing.T) { require.NoError(t, os.RemoveAll(infoPath)) - require.NoError(t, os.Mkdir(infoPath, 0o755)) + require.NoError(t, os.Mkdir(infoPath, perm.SharedDir)) require.NoError(t, os.WriteFile(attributesPath, []byte("*.docx diff=word"), 0o644)) requireApplyGitattributes(t, ctx, client, repo, attributesPath, tc.revision, tc.expectedContent) }) diff --git a/internal/gitaly/service/repository/backup_custom_hooks_test.go b/internal/gitaly/service/repository/backup_custom_hooks_test.go index 6aa538790..9c897bcd2 100644 --- a/internal/gitaly/service/repository/backup_custom_hooks_test.go +++ b/internal/gitaly/service/repository/backup_custom_hooks_test.go @@ -13,6 +13,7 @@ import ( "github.com/stretchr/testify/require" "gitlab.com/gitlab-org/gitaly/v15/internal/git/gittest" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" "gitlab.com/gitlab-org/gitaly/v15/proto/go/gitalypb" "gitlab.com/gitlab-org/gitaly/v15/streamio" @@ -33,7 +34,7 @@ func TestBackupCustomHooks_successful(t *testing.T) { "custom_hooks/prepare-commit-msg.sample", "custom_hooks/pre-push.sample", } - require.NoError(t, os.Mkdir(filepath.Join(repoPath, "custom_hooks"), 0o700), "Could not create custom_hooks dir") + require.NoError(t, os.Mkdir(filepath.Join(repoPath, "custom_hooks"), perm.PrivateDir), "Could not create custom_hooks dir") for _, fileName := range expectedTarResponse[1:] { require.NoError(t, os.WriteFile(filepath.Join(repoPath, fileName), []byte("Some hooks"), 0o700), fmt.Sprintf("Could not create %s", fileName)) } diff --git a/internal/gitaly/service/repository/calculate_checksum_test.go b/internal/gitaly/service/repository/calculate_checksum_test.go index 1679d05c8..229d34f83 100644 --- a/internal/gitaly/service/repository/calculate_checksum_test.go +++ b/internal/gitaly/service/repository/calculate_checksum_test.go @@ -11,6 +11,7 @@ import ( "github.com/stretchr/testify/require" "gitlab.com/gitlab-org/gitaly/v15/internal/git" "gitlab.com/gitlab-org/gitaly/v15/internal/git/gittest" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" "gitlab.com/gitlab-org/gitaly/v15/proto/go/gitalypb" "google.golang.org/grpc/codes" @@ -26,7 +27,7 @@ func TestSuccessfulCalculateChecksum(t *testing.T) { // Force the refs database of testRepo into a known state require.NoError(t, os.RemoveAll(filepath.Join(repoPath, "refs"))) for _, d := range []string{"refs/heads", "refs/tags", "refs/notes"} { - require.NoError(t, os.MkdirAll(filepath.Join(repoPath, d), 0o755)) + require.NoError(t, os.MkdirAll(filepath.Join(repoPath, d), perm.SharedDir)) } testhelper.CopyFile(t, "testdata/checksum-test-packed-refs", filepath.Join(repoPath, "packed-refs")) @@ -117,7 +118,7 @@ func TestInvalidRefsCalculateChecksum(t *testing.T) { // Force the refs database of testRepo into a known state require.NoError(t, os.RemoveAll(filepath.Join(repoPath, "refs"))) for _, d := range []string{"refs/heads", "refs/tags", "refs/notes"} { - require.NoError(t, os.MkdirAll(filepath.Join(repoPath, d), 0o755)) + require.NoError(t, os.MkdirAll(filepath.Join(repoPath, d), perm.SharedDir)) } require.NoError(t, exec.Command("cp", "testdata/checksum-test-invalid-refs", filepath.Join(repoPath, "packed-refs")).Run()) diff --git a/internal/gitaly/service/repository/cleanup_test.go b/internal/gitaly/service/repository/cleanup_test.go index 6c57b77d4..01a921173 100644 --- a/internal/gitaly/service/repository/cleanup_test.go +++ b/internal/gitaly/service/repository/cleanup_test.go @@ -12,6 +12,7 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "gitlab.com/gitlab-org/gitaly/v15/internal/git/gittest" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" "gitlab.com/gitlab-org/gitaly/v15/proto/go/gitalypb" "google.golang.org/grpc/codes" @@ -101,7 +102,7 @@ func TestCleanupDeletesOrphanedWorktrees(t *testing.T) { basePath := filepath.Join(repoPath, "worktrees") worktreePath := filepath.Join(basePath, "test-worktree") - require.NoError(t, os.MkdirAll(worktreeCheckoutPath, os.ModePerm)) + require.NoError(t, os.MkdirAll(worktreeCheckoutPath, perm.PublicDir)) require.NoError(t, os.Chtimes(worktreeCheckoutPath, oldWorktreeTime, oldWorktreeTime)) //nolint:staticcheck diff --git a/internal/gitaly/service/repository/create_bundle_from_ref_list_test.go b/internal/gitaly/service/repository/create_bundle_from_ref_list_test.go index 6653ad339..e95ea57df 100644 --- a/internal/gitaly/service/repository/create_bundle_from_ref_list_test.go +++ b/internal/gitaly/service/repository/create_bundle_from_ref_list_test.go @@ -12,6 +12,7 @@ import ( "github.com/stretchr/testify/require" "gitlab.com/gitlab-org/gitaly/v15/internal/git/gittest" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/helper/text" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" "gitlab.com/gitlab-org/gitaly/v15/proto/go/gitalypb" @@ -30,7 +31,7 @@ func TestCreateBundleFromRefList_success(t *testing.T) { // clean this up before creating the bundle. sha := gittest.WriteCommit(t, cfg, repoPath, gittest.WithBranch("branch")) - require.NoError(t, os.MkdirAll(filepath.Join(repoPath, "gitlab-worktree"), 0o755)) + require.NoError(t, os.MkdirAll(filepath.Join(repoPath, "gitlab-worktree"), perm.SharedDir)) gittest.Exec(t, cfg, "-C", repoPath, "worktree", "add", "gitlab-worktree/worktree1", sha.String()) require.NoError(t, os.Chtimes(filepath.Join(repoPath, "gitlab-worktree", "worktree1"), time.Now().Add(-7*time.Hour), time.Now().Add(-7*time.Hour))) diff --git a/internal/gitaly/service/repository/create_bundle_test.go b/internal/gitaly/service/repository/create_bundle_test.go index 9cc63d30c..6276242a8 100644 --- a/internal/gitaly/service/repository/create_bundle_test.go +++ b/internal/gitaly/service/repository/create_bundle_test.go @@ -12,6 +12,7 @@ import ( "github.com/stretchr/testify/require" "gitlab.com/gitlab-org/gitaly/v15/internal/git/gittest" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/config" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/tempdir" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" "gitlab.com/gitlab-org/gitaly/v15/proto/go/gitalypb" @@ -30,7 +31,7 @@ func TestSuccessfulCreateBundleRequest(t *testing.T) { // clean this up before creating the bundle. sha := gittest.WriteCommit(t, cfg, repoPath, gittest.WithBranch("branch")) - require.NoError(t, os.MkdirAll(filepath.Join(repoPath, "gitlab-worktree"), 0o755)) + require.NoError(t, os.MkdirAll(filepath.Join(repoPath, "gitlab-worktree"), perm.SharedDir)) gittest.Exec(t, cfg, "-C", repoPath, "worktree", "add", "gitlab-worktree/worktree1", sha.String()) require.NoError(t, os.Chtimes(filepath.Join(repoPath, "gitlab-worktree", "worktree1"), time.Now().Add(-7*time.Hour), time.Now().Add(-7*time.Hour))) diff --git a/internal/gitaly/service/repository/create_fork_test.go b/internal/gitaly/service/repository/create_fork_test.go index 45a7cedd4..9b40586b3 100644 --- a/internal/gitaly/service/repository/create_fork_test.go +++ b/internal/gitaly/service/repository/create_fork_test.go @@ -17,6 +17,7 @@ import ( "gitlab.com/gitlab-org/gitaly/v15/client" "gitlab.com/gitlab-org/gitaly/v15/internal/git/gittest" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/config" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/helper/text" "gitlab.com/gitlab-org/gitaly/v15/internal/praefect/praefectutil" "gitlab.com/gitlab-org/gitaly/v15/internal/structerr" @@ -232,14 +233,14 @@ func TestCreateFork_targetExists(t *testing.T) { { desc: "empty target directory", seed: func(t *testing.T, targetPath string) { - require.NoError(t, os.MkdirAll(targetPath, 0o770)) + require.NoError(t, os.MkdirAll(targetPath, perm.GroupPrivateDir)) }, expectedErrWithAtomicCreation: structerr.NewAlreadyExists("creating fork: repository exists already"), }, { desc: "non-empty target directory", seed: func(t *testing.T, targetPath string) { - require.NoError(t, os.MkdirAll(targetPath, 0o770)) + require.NoError(t, os.MkdirAll(targetPath, perm.GroupPrivateDir)) require.NoError(t, os.WriteFile( filepath.Join(targetPath, "config"), nil, @@ -251,7 +252,7 @@ func TestCreateFork_targetExists(t *testing.T) { { desc: "target file", seed: func(t *testing.T, targetPath string) { - require.NoError(t, os.MkdirAll(filepath.Dir(targetPath), 0o770)) + require.NoError(t, os.MkdirAll(filepath.Dir(targetPath), perm.GroupPrivateDir)) require.NoError(t, os.WriteFile(targetPath, nil, 0o644)) }, expectedErrWithAtomicCreation: structerr.NewAlreadyExists("creating fork: repository exists already"), diff --git a/internal/gitaly/service/repository/create_repository_from_url_test.go b/internal/gitaly/service/repository/create_repository_from_url_test.go index 6d4ba8da0..027bf13fd 100644 --- a/internal/gitaly/service/repository/create_repository_from_url_test.go +++ b/internal/gitaly/service/repository/create_repository_from_url_test.go @@ -15,6 +15,7 @@ import ( "github.com/stretchr/testify/require" "gitlab.com/gitlab-org/gitaly/v15/internal/git" "gitlab.com/gitlab-org/gitaly/v15/internal/git/gittest" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/helper/text" "gitlab.com/gitlab-org/gitaly/v15/internal/praefect/praefectutil" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" @@ -130,9 +131,9 @@ func TestCreateRepositoryFromURL_existingTarget(t *testing.T) { importedRepoPath := filepath.Join(cfg.Storages[0].Path, importedRepo.GetRelativePath()) if testCase.isDir { - require.NoError(t, os.MkdirAll(importedRepoPath, 0o770)) + require.NoError(t, os.MkdirAll(importedRepoPath, perm.GroupPrivateDir)) } else { - require.NoError(t, os.MkdirAll(filepath.Dir(importedRepoPath), os.ModePerm)) + require.NoError(t, os.MkdirAll(filepath.Dir(importedRepoPath), perm.PublicDir)) require.NoError(t, os.WriteFile(importedRepoPath, nil, 0o644)) } t.Cleanup(func() { require.NoError(t, os.RemoveAll(importedRepoPath)) }) diff --git a/internal/gitaly/service/repository/gc_test.go b/internal/gitaly/service/repository/gc_test.go index 585b682aa..97ea88b17 100644 --- a/internal/gitaly/service/repository/gc_test.go +++ b/internal/gitaly/service/repository/gc_test.go @@ -18,6 +18,7 @@ import ( "gitlab.com/gitlab-org/gitaly/v15/internal/git" "gitlab.com/gitlab-org/gitaly/v15/internal/git/gittest" "gitlab.com/gitlab-org/gitaly/v15/internal/git/stats" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/helper/text" "gitlab.com/gitlab-org/gitaly/v15/internal/metadata/featureflag" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" @@ -506,7 +507,7 @@ func testCleanupInvalidKeepAroundRefs(t *testing.T, ctx context.Context) { cfg, repo, repoPath, client := setupRepositoryService(t, ctx) // Make the directory, so we can create random reflike things in it - require.NoError(t, os.MkdirAll(filepath.Join(repoPath, "refs", "keep-around"), 0o755)) + require.NoError(t, os.MkdirAll(filepath.Join(repoPath, "refs", "keep-around"), perm.SharedDir)) testCases := []struct { desc string @@ -589,7 +590,7 @@ func testCleanupInvalidKeepAroundRefs(t *testing.T, ctx context.Context) { func mustCreateFileWithTimes(tb testing.TB, path string, mTime time.Time) { tb.Helper() - require.NoError(tb, os.MkdirAll(filepath.Dir(path), 0o755)) + require.NoError(tb, os.MkdirAll(filepath.Dir(path), perm.SharedDir)) require.NoError(tb, os.WriteFile(path, nil, 0o644)) require.NoError(tb, os.Chtimes(path, mTime, mTime)) } diff --git a/internal/gitaly/service/repository/info_attributes_test.go b/internal/gitaly/service/repository/info_attributes_test.go index eb1f2ea06..7c5ea034d 100644 --- a/internal/gitaly/service/repository/info_attributes_test.go +++ b/internal/gitaly/service/repository/info_attributes_test.go @@ -10,6 +10,7 @@ import ( "testing" "github.com/stretchr/testify/require" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" "gitlab.com/gitlab-org/gitaly/v15/proto/go/gitalypb" "gitlab.com/gitlab-org/gitaly/v15/streamio" @@ -24,7 +25,7 @@ func TestGetInfoAttributesExisting(t *testing.T) { _, repo, repoPath, client := setupRepositoryService(t, ctx) infoPath := filepath.Join(repoPath, "info") - require.NoError(t, os.MkdirAll(infoPath, 0o755)) + require.NoError(t, os.MkdirAll(infoPath, perm.SharedDir)) buffSize := streamio.WriteBufferSize + 1 data := bytes.Repeat([]byte("*.pbxproj binary\n"), buffSize) diff --git a/internal/gitaly/service/repository/optimize_test.go b/internal/gitaly/service/repository/optimize_test.go index 618a6f2b5..c54fddcca 100644 --- a/internal/gitaly/service/repository/optimize_test.go +++ b/internal/gitaly/service/repository/optimize_test.go @@ -18,6 +18,7 @@ import ( "gitlab.com/gitlab-org/gitaly/v15/internal/git/housekeeping" "gitlab.com/gitlab-org/gitaly/v15/internal/git/localrepo" "gitlab.com/gitlab-org/gitaly/v15/internal/git/stats" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/helper/text" "gitlab.com/gitlab-org/gitaly/v15/internal/metadata/featureflag" "gitlab.com/gitlab-org/gitaly/v15/internal/structerr" @@ -228,7 +229,7 @@ func testOptimizeRepository(t *testing.T, ctx context.Context) { // Git will leave behind empty refs directories at times. In order to not slow down // enumerating refs we want to make sure that they get cleaned up properly. emptyRefsDir := filepath.Join(repoPath, "refs", "merge-requests", "1") - require.NoError(t, os.MkdirAll(emptyRefsDir, 0o755)) + require.NoError(t, os.MkdirAll(emptyRefsDir, perm.SharedDir)) // But we don't expect the first call to OptimizeRepository to do anything. This is // because we have a grace period so that we don't delete empty ref directories that diff --git a/internal/gitaly/service/repository/remove.go b/internal/gitaly/service/repository/remove.go index 08967d7a5..f59db5025 100644 --- a/internal/gitaly/service/repository/remove.go +++ b/internal/gitaly/service/repository/remove.go @@ -10,6 +10,7 @@ import ( "github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/service" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/transaction" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/safe" "gitlab.com/gitlab-org/gitaly/v15/internal/structerr" "gitlab.com/gitlab-org/gitaly/v15/internal/transaction/txinfo" @@ -32,7 +33,7 @@ func (s *server) RemoveRepository(ctx context.Context, in *gitalypb.RemoveReposi return nil, structerr.NewInternal("temporary directory: %w", err) } - if err := os.MkdirAll(tempDir, 0o755); err != nil { + if err := os.MkdirAll(tempDir, perm.SharedDir); err != nil { return nil, structerr.NewInternal("%w", err) } diff --git a/internal/gitaly/service/repository/rename.go b/internal/gitaly/service/repository/rename.go index 5e4079cd8..2ebc68484 100644 --- a/internal/gitaly/service/repository/rename.go +++ b/internal/gitaly/service/repository/rename.go @@ -9,6 +9,7 @@ import ( "github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/service" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/safe" "gitlab.com/gitlab-org/gitaly/v15/internal/structerr" "gitlab.com/gitlab-org/gitaly/v15/proto/go/gitalypb" @@ -48,7 +49,7 @@ func (s *server) renameRepository(ctx context.Context, sourceRepo, targetRepo *g return structerr.NewAlreadyExists("target repo exists already") } - if err := os.MkdirAll(filepath.Dir(targetPath), 0o770); err != nil { + if err := os.MkdirAll(filepath.Dir(targetPath), perm.GroupPrivateDir); err != nil { return fmt.Errorf("create target parent dir: %w", err) } diff --git a/internal/gitaly/service/repository/replicate.go b/internal/gitaly/service/repository/replicate.go index 9f2227312..a5eb1ab11 100644 --- a/internal/gitaly/service/repository/replicate.go +++ b/internal/gitaly/service/repository/replicate.go @@ -20,6 +20,7 @@ import ( "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/service" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/storage" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/transaction" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/metadata" "gitlab.com/gitlab-org/gitaly/v15/internal/safe" "gitlab.com/gitlab-org/gitaly/v15/internal/structerr" @@ -319,7 +320,7 @@ func (s *server) syncInfoAttributes(ctx context.Context, in *gitalypb.ReplicateR func (s *server) writeFile(ctx context.Context, path string, mode os.FileMode, reader io.Reader) (returnedErr error) { parentDir := filepath.Dir(path) - if err := os.MkdirAll(parentDir, 0o755); err != nil { + if err := os.MkdirAll(parentDir, perm.SharedDir); err != nil { return err } diff --git a/internal/gitaly/service/repository/replicate_test.go b/internal/gitaly/service/repository/replicate_test.go index f0d3f5a33..ca10e838f 100644 --- a/internal/gitaly/service/repository/replicate_test.go +++ b/internal/gitaly/service/repository/replicate_test.go @@ -25,6 +25,7 @@ import ( gitalyhook "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/hook" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/storage" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/transaction" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/helper/text" "gitlab.com/gitlab-org/gitaly/v15/internal/metadata" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" @@ -63,7 +64,7 @@ func TestReplicateRepository(t *testing.T) { // write info attributes attrFilePath := filepath.Join(repoPath, "info", "attributes") - require.NoError(t, os.MkdirAll(filepath.Dir(attrFilePath), 0o755)) + require.NoError(t, os.MkdirAll(filepath.Dir(attrFilePath), perm.SharedDir)) attrData := []byte("*.pbxproj binary\n") require.NoError(t, os.WriteFile(attrFilePath, attrData, 0o644)) diff --git a/internal/gitaly/service/repository/restore_custom_hooks.go b/internal/gitaly/service/repository/restore_custom_hooks.go index 51a82714b..a3b24d392 100644 --- a/internal/gitaly/service/repository/restore_custom_hooks.go +++ b/internal/gitaly/service/repository/restore_custom_hooks.go @@ -15,6 +15,7 @@ import ( "gitlab.com/gitlab-org/gitaly/v15/internal/git/repository" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/service" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/transaction" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/metadata/featureflag" "gitlab.com/gitlab-org/gitaly/v15/internal/safe" "gitlab.com/gitlab-org/gitaly/v15/internal/structerr" @@ -124,7 +125,7 @@ func (s *server) restoreCustomHooks(ctx context.Context, tar io.Reader, repo rep // it means the repository should be set with an empty `custom_hooks` // directory. Create `custom_hooks` in the temporary directory so that any // existing repository hooks will be replaced with this empty directory. - if err := os.Mkdir(tempHooksPath, os.ModePerm); err != nil && !errors.Is(err, fs.ErrExist) { + if err := os.Mkdir(tempHooksPath, perm.PublicDir); err != nil && !errors.Is(err, fs.ErrExist) { return fmt.Errorf("making temp hooks directory: %w", err) } diff --git a/internal/gitaly/service/repository/restore_custom_hooks_test.go b/internal/gitaly/service/repository/restore_custom_hooks_test.go index 48afedb17..f9bee0ba1 100644 --- a/internal/gitaly/service/repository/restore_custom_hooks_test.go +++ b/internal/gitaly/service/repository/restore_custom_hooks_test.go @@ -14,6 +14,7 @@ import ( "github.com/stretchr/testify/require" "gitlab.com/gitlab-org/gitaly/v15/internal/git/gittest" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/transaction" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/metadata" "gitlab.com/gitlab-org/gitaly/v15/internal/metadata/featureflag" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" @@ -228,7 +229,7 @@ func setupTestHooks(t *testing.T, files []testFile) string { tmpDir := testhelper.TempDir(t) hooksPath := filepath.Join(tmpDir, customHooksDir) - err := os.Mkdir(hooksPath, 0o755) + err := os.Mkdir(hooksPath, perm.SharedDir) require.NoError(t, err) for _, f := range files { diff --git a/internal/gitaly/service/repository/snapshot_test.go b/internal/gitaly/service/repository/snapshot_test.go index fe52c42a4..8a543c400 100644 --- a/internal/gitaly/service/repository/snapshot_test.go +++ b/internal/gitaly/service/repository/snapshot_test.go @@ -18,6 +18,7 @@ import ( "gitlab.com/gitlab-org/gitaly/v15/internal/git/localrepo" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/archive" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/config" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" "gitlab.com/gitlab-org/gitaly/v15/proto/go/gitalypb" "gitlab.com/gitlab-org/gitaly/v15/streamio" @@ -56,8 +57,8 @@ func TestGetSnapshotSuccess(t *testing.T) { // WriteCommit produces a loose object with the given sha sha := gittest.WriteCommit(t, cfg, repoPath, gittest.WithBranch("master")) zeroes := strings.Repeat("0", 40) - require.NoError(t, os.MkdirAll(filepath.Join(repoPath, "hooks"), 0o755)) - require.NoError(t, os.MkdirAll(filepath.Join(repoPath, "objects/pack"), 0o755)) + require.NoError(t, os.MkdirAll(filepath.Join(repoPath, "hooks"), perm.SharedDir)) + require.NoError(t, os.MkdirAll(filepath.Join(repoPath, "objects/pack"), perm.SharedDir)) touch(t, filepath.Join(repoPath, "shallow")) touch(t, filepath.Join(repoPath, "objects/pack/pack-%s.pack"), zeroes) touch(t, filepath.Join(repoPath, "objects/pack/pack-%s.idx"), zeroes) diff --git a/internal/gitaly/service/smarthttp/inforefs_test.go b/internal/gitaly/service/smarthttp/inforefs_test.go index 3a29d5158..6fabe6a21 100644 --- a/internal/gitaly/service/smarthttp/inforefs_test.go +++ b/internal/gitaly/service/smarthttp/inforefs_test.go @@ -22,6 +22,7 @@ import ( "gitlab.com/gitlab-org/gitaly/v15/internal/git/stats" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/config" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/transaction" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/metadata/featureflag" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper/testcfg" @@ -537,7 +538,7 @@ func withInfoRefCache(cache infoRefCache) ServerOpt { func createInvalidRepo(tb testing.TB, repoDir string) func() { for _, subDir := range []string{"objects", "refs", "HEAD"} { - require.NoError(tb, os.MkdirAll(filepath.Join(repoDir, subDir), 0o755)) + require.NoError(tb, os.MkdirAll(filepath.Join(repoDir, subDir), perm.SharedDir)) } return func() { require.NoError(tb, os.RemoveAll(repoDir)) } } diff --git a/internal/gitlab/test_server.go b/internal/gitlab/test_server.go index bc25c2d36..89b0dad2d 100644 --- a/internal/gitlab/test_server.go +++ b/internal/gitlab/test_server.go @@ -17,6 +17,7 @@ import ( "github.com/golang-jwt/jwt/v4" "github.com/stretchr/testify/require" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" ) @@ -26,7 +27,7 @@ var changeLineRegex = regexp.MustCompile("^[a-f0-9]{40} [a-f0-9]{40} refs/[^ ]+$ func WriteShellSecretFile(tb testing.TB, dir, secretToken string) string { tb.Helper() - require.NoError(tb, os.MkdirAll(dir, os.ModeDir)) + require.NoError(tb, os.MkdirAll(dir, perm.PublicDir)) filePath := filepath.Join(dir, ".gitlab_shell_secret") require.NoError(tb, os.WriteFile(filePath, []byte(secretToken), 0o644)) return filePath diff --git a/internal/helper/perm/perm.go b/internal/helper/perm/perm.go new file mode 100644 index 000000000..4bb476949 --- /dev/null +++ b/internal/helper/perm/perm.go @@ -0,0 +1,25 @@ +// Package perm provides constants for file and directory permissions. +// +// Note that these permissions are further restricted by the system configured +// umask. +package perm + +import "io/fs" + +const ( + // PrivateDir is the permissions given for a directory that must only be + // used by gitaly. + PrivateDir fs.FileMode = 0o700 + + // GroupPrivateDir is the permissions given for a directory that must only + // be used by gitaly and the git group. + GroupPrivateDir fs.FileMode = 0o770 + + // SharedDir is the permission given for a directory that may be read + // outside of gitaly. + SharedDir fs.FileMode = 0o755 + + // PublicDir is the permission given for a directory that may be read or + // written outside of gitaly. + PublicDir fs.FileMode = 0o777 +) diff --git a/internal/streamcache/cache_test.go b/internal/streamcache/cache_test.go index 4010f95fe..f18f5a6dc 100644 --- a/internal/streamcache/cache_test.go +++ b/internal/streamcache/cache_test.go @@ -19,6 +19,7 @@ import ( "github.com/stretchr/testify/require" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/config" "gitlab.com/gitlab-org/gitaly/v15/internal/helper/duration" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/log" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" ) @@ -161,7 +162,7 @@ func TestCache_deletedFile(t *testing.T) { require.True(t, created) require.NoError(t, os.RemoveAll(tmp), "wipe out underlying files of cache") - require.NoError(t, os.MkdirAll(tmp, 0o755)) + require.NoError(t, os.MkdirAll(tmp, perm.SharedDir)) // File is gone from filesystem but not from cache requireCacheFiles(t, tmp, 0) diff --git a/internal/streamcache/filestore.go b/internal/streamcache/filestore.go index 5cd6f1d6a..acb756dab 100644 --- a/internal/streamcache/filestore.go +++ b/internal/streamcache/filestore.go @@ -15,6 +15,7 @@ import ( "github.com/sirupsen/logrus" "gitlab.com/gitlab-org/gitaly/v15/internal/dontpanic" "gitlab.com/gitlab-org/gitaly/v15/internal/git/housekeeping" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" ) var ( @@ -106,7 +107,7 @@ func (fs *filestore) Create() (namedWriteCloser, error) { ) path := filepath.Join(fs.dir, fmt.Sprintf("%02x", uint8(fileID)), name) - if err := os.MkdirAll(filepath.Dir(path), 0o700); err != nil { + if err := os.MkdirAll(filepath.Dir(path), perm.PrivateDir); err != nil { return nil, fmt.Errorf("Create: mkdir: %w", err) } diff --git a/internal/streamcache/filestore_test.go b/internal/streamcache/filestore_test.go index 9606ad3a6..e24f93c36 100644 --- a/internal/streamcache/filestore_test.go +++ b/internal/streamcache/filestore_test.go @@ -11,6 +11,7 @@ import ( "time" "github.com/stretchr/testify/require" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/log" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" ) @@ -109,8 +110,8 @@ func TestFilestoreCleanwalk(t *testing.T) { dir1 := filepath.Join(tmp, "dir1") dir2 := filepath.Join(tmp, "dir2") file := filepath.Join(dir2, "file") - require.NoError(t, os.Mkdir(dir1, 0o755)) - require.NoError(t, os.Mkdir(dir2, 0o755)) + require.NoError(t, os.Mkdir(dir1, perm.SharedDir)) + require.NoError(t, os.Mkdir(dir2, perm.SharedDir)) require.NoError(t, os.WriteFile(file, nil, 0o644)) require.NoError(t, os.Chmod(dir2, 0), "create dir with pathological permissions") diff --git a/internal/tempdir/clean_test.go b/internal/tempdir/clean_test.go index cc6592d85..b309b178e 100644 --- a/internal/tempdir/clean_test.go +++ b/internal/tempdir/clean_test.go @@ -13,6 +13,7 @@ import ( "gitlab.com/gitlab-org/gitaly/v15/internal/git/gittest" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/config" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/storage" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper/testcfg" ) @@ -24,7 +25,7 @@ func TestCleanSuccess(t *testing.T) { cleanRoot, err := locator.TempDir(cfg.Storages[0].Name) require.NoError(t, err) - require.NoError(t, os.MkdirAll(cleanRoot, 0o755), "create clean root before setup") + require.NoError(t, os.MkdirAll(cleanRoot, perm.SharedDir), "create clean root before setup") testhelper.MustRunCommand(t, nil, "chmod", "-R", "0700", cleanRoot) require.NoError(t, os.RemoveAll(cleanRoot), "clean up test clean root") @@ -152,6 +153,6 @@ func makeDir(t *testing.T, locator storage.Locator, storage config.Storage, dirP require.NoError(t, err) fullPath := filepath.Join(root, dirPath) - require.NoError(t, os.MkdirAll(fullPath, 0o700)) + require.NoError(t, os.MkdirAll(fullPath, perm.PrivateDir)) require.NoError(t, os.Chtimes(fullPath, mtime, mtime)) } diff --git a/internal/tempdir/tempdir.go b/internal/tempdir/tempdir.go index 0e59f4cea..9cc3aef6a 100644 --- a/internal/tempdir/tempdir.go +++ b/internal/tempdir/tempdir.go @@ -9,6 +9,7 @@ import ( "github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/storage" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/proto/go/gitalypb" ) @@ -79,7 +80,7 @@ func newDirectory(ctx context.Context, storageName string, prefix string, loc st return Dir{}, fmt.Errorf("temp directory: %w", err) } - if err := os.MkdirAll(root, 0o700); err != nil { + if err := os.MkdirAll(root, perm.PrivateDir); err != nil { return Dir{}, err } diff --git a/internal/testhelper/configure.go b/internal/testhelper/configure.go index ad5df7ad9..76a751082 100644 --- a/internal/testhelper/configure.go +++ b/internal/testhelper/configure.go @@ -9,6 +9,7 @@ import ( "testing" log "github.com/sirupsen/logrus" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" gitalylog "gitlab.com/gitlab-org/gitaly/v15/internal/log" ) @@ -185,7 +186,7 @@ func configureTestDirectory() (_ func(), returnedErr error) { // around after our tests. To avoid this, we thus set the TMPDIR environment variable to // point into a directory inside of out test directory. globalTempDir := filepath.Join(testDirectory, "tmp") - if err := os.Mkdir(globalTempDir, 0o755); err != nil { + if err := os.Mkdir(globalTempDir, perm.SharedDir); err != nil { return nil, fmt.Errorf("creating global temporary directory: %w", err) } if err := os.Setenv("TMPDIR", globalTempDir); err != nil { diff --git a/internal/testhelper/logger.go b/internal/testhelper/logger.go index 68dfc3b00..c654f959d 100644 --- a/internal/testhelper/logger.go +++ b/internal/testhelper/logger.go @@ -9,6 +9,7 @@ import ( "github.com/sirupsen/logrus" "github.com/stretchr/testify/require" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" ) // NewDiscardingLogger creates a logger that discards everything. @@ -60,7 +61,7 @@ func CreateTestLogDir(tb testing.TB) string { logDir := filepath.Join(testLogDir, tb.Name()) - require.NoError(tb, os.MkdirAll(logDir, 0o755)) + require.NoError(tb, os.MkdirAll(logDir, perm.SharedDir)) return logDir } diff --git a/internal/testhelper/testcfg/binaries.go b/internal/testhelper/testcfg/binaries.go index 0eb03031d..fc4ee9529 100644 --- a/internal/testhelper/testcfg/binaries.go +++ b/internal/testhelper/testcfg/binaries.go @@ -11,6 +11,7 @@ import ( "github.com/stretchr/testify/require" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/config" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" ) @@ -123,7 +124,7 @@ func BuildBinary(tb testing.TB, targetDir, sourcePath string) string { require.FileExists(tb, sharedBinaryPath, "%s does not exist", executableName) require.NoFileExists(tb, targetPath, "%s exists already -- do you try to build it twice?", executableName) - require.NoError(tb, os.MkdirAll(targetDir, os.ModePerm)) + require.NoError(tb, os.MkdirAll(targetDir, perm.PublicDir)) // We hard-link the file into place instead of copying it because copying used to cause // ETXTBSY errors in CI. This is likely caused by a bug in the overlay filesystem used by diff --git a/internal/testhelper/testcfg/gitaly.go b/internal/testhelper/testcfg/gitaly.go index faef5e2b6..e3bbf3823 100644 --- a/internal/testhelper/testcfg/gitaly.go +++ b/internal/testhelper/testcfg/gitaly.go @@ -8,6 +8,7 @@ import ( "github.com/stretchr/testify/require" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/config" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" ) @@ -77,7 +78,7 @@ func (gc *GitalyCfgBuilder) Build(tb testing.TB) config.Cfg { if cfg.BinDir == "" { cfg.BinDir = filepath.Join(root, "bin.d") - require.NoError(tb, os.Mkdir(cfg.BinDir, 0o755)) + require.NoError(tb, os.Mkdir(cfg.BinDir, perm.SharedDir)) } if cfg.Ruby.Dir == "" { @@ -92,19 +93,19 @@ func (gc *GitalyCfgBuilder) Build(tb testing.TB) config.Cfg { cfg.Logging.Dir = logDir } else { cfg.Logging.Dir = filepath.Join(root, "log.d") - require.NoError(tb, os.Mkdir(cfg.Logging.Dir, 0o755)) + require.NoError(tb, os.Mkdir(cfg.Logging.Dir, perm.SharedDir)) } } if cfg.GitlabShell.Dir == "" { cfg.GitlabShell.Dir = filepath.Join(root, "shell.d") - require.NoError(tb, os.Mkdir(cfg.GitlabShell.Dir, 0o755)) + require.NoError(tb, os.Mkdir(cfg.GitlabShell.Dir, perm.SharedDir)) } if cfg.RuntimeDir == "" { cfg.RuntimeDir = filepath.Join(root, "runtime.d") - require.NoError(tb, os.Mkdir(cfg.RuntimeDir, 0o700)) - require.NoError(tb, os.Mkdir(cfg.InternalSocketDir(), 0o755)) + require.NoError(tb, os.Mkdir(cfg.RuntimeDir, perm.PrivateDir)) + require.NoError(tb, os.Mkdir(cfg.InternalSocketDir(), perm.SharedDir)) } if len(cfg.Storages) != 0 && len(gc.storages) != 0 { @@ -113,7 +114,7 @@ func (gc *GitalyCfgBuilder) Build(tb testing.TB) config.Cfg { if len(cfg.Storages) == 0 { storagesDir := filepath.Join(root, "storages.d") - require.NoError(tb, os.Mkdir(storagesDir, 0o755)) + require.NoError(tb, os.Mkdir(storagesDir, perm.SharedDir)) if len(gc.storages) == 0 { gc.storages = []string{"default"} @@ -123,7 +124,7 @@ func (gc *GitalyCfgBuilder) Build(tb testing.TB) config.Cfg { cfg.Storages = make([]config.Storage, len(gc.storages)) for i, storageName := range gc.storages { storagePath := filepath.Join(storagesDir, storageName) - require.NoError(tb, os.MkdirAll(storagePath, 0o755)) + require.NoError(tb, os.MkdirAll(storagePath, perm.SharedDir)) cfg.Storages[i].Name = storageName cfg.Storages[i].Path = storagePath } diff --git a/internal/testhelper/testhelper.go b/internal/testhelper/testhelper.go index 3ff1ae7bc..50dd122a1 100644 --- a/internal/testhelper/testhelper.go +++ b/internal/testhelper/testhelper.go @@ -26,6 +26,7 @@ import ( log "github.com/sirupsen/logrus" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/metadata/featureflag" ) @@ -212,7 +213,7 @@ func ContextWithoutCancel(opts ...ContextOpt) context.Context { func CreateGlobalDirectory(tb testing.TB, name string) string { require.NotEmpty(tb, testDirectory, "global temporary directory does not exist") path := filepath.Join(testDirectory, name) - require.NoError(tb, os.Mkdir(path, 0o777)) + require.NoError(tb, os.Mkdir(path, perm.PublicDir)) return path } @@ -240,7 +241,7 @@ type Cleanup func() // executable. func WriteExecutable(tb testing.TB, path string, content []byte) string { dir := filepath.Dir(path) - require.NoError(tb, os.MkdirAll(dir, 0o755)) + require.NoError(tb, os.MkdirAll(dir, perm.SharedDir)) tb.Cleanup(func() { assert.NoError(tb, os.RemoveAll(dir)) }) diff --git a/internal/testhelper/testserver/gitaly.go b/internal/testhelper/testserver/gitaly.go index d2a377710..12da30497 100644 --- a/internal/testhelper/testserver/gitaly.go +++ b/internal/testhelper/testserver/gitaly.go @@ -30,6 +30,7 @@ import ( "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/storage" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/transaction" "gitlab.com/gitlab-org/gitaly/v15/internal/gitlab" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/middleware/limithandler" praefectconfig "gitlab.com/gitlab-org/gitaly/v15/internal/praefect/config" "gitlab.com/gitlab-org/gitaly/v15/internal/streamcache" @@ -180,7 +181,7 @@ func runGitaly(tb testing.TB, cfg config.Cfg, rubyServer *rubyserver.Server, reg registrar(internalServer, deps) registerHealthServerIfNotRegistered(internalServer) - require.NoError(tb, os.MkdirAll(cfg.InternalSocketDir(), 0o700)) + require.NoError(tb, os.MkdirAll(cfg.InternalSocketDir(), perm.PrivateDir)) tb.Cleanup(func() { require.NoError(tb, os.RemoveAll(cfg.InternalSocketDir())) }) internalListener, err := net.Listen("unix", cfg.InternalSocketPath()) |