diff options
Diffstat (limited to 'internal/gitaly')
39 files changed, 100 insertions, 61 deletions
diff --git a/internal/gitaly/config/config.go b/internal/gitaly/config/config.go index 7c1ceb621..1e11c95ab 100644 --- a/internal/gitaly/config/config.go +++ b/internal/gitaly/config/config.go @@ -20,6 +20,7 @@ import ( "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/config/prometheus" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/config/sentry" "gitlab.com/gitlab-org/gitaly/v15/internal/helper/duration" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" ) const ( @@ -634,7 +635,7 @@ func SetupRuntimeDirectory(cfg Cfg, processID int) (string, error) { } } - if err := os.Mkdir(runtimeDir, 0o700); err != nil { + if err := os.Mkdir(runtimeDir, perm.PrivateDir); err != nil { return "", fmt.Errorf("creating runtime directory: %w", err) } } @@ -647,7 +648,7 @@ func SetupRuntimeDirectory(cfg Cfg, processID int) (string, error) { // socket paths. We hope/expect that os.MkdirTemp creates a directory // that is not too deep. We need a directory, not a tempfile, because we // will later want to set its permissions to 0700 - if err := os.Mkdir(cfg.InternalSocketDir(), 0o700); err != nil { + if err := os.Mkdir(cfg.InternalSocketDir(), perm.PrivateDir); err != nil { return "", fmt.Errorf("create internal socket directory: %w", err) } diff --git a/internal/gitaly/config/config_test.go b/internal/gitaly/config/config_test.go index b1da72475..78560f408 100644 --- a/internal/gitaly/config/config_test.go +++ b/internal/gitaly/config/config_test.go @@ -18,6 +18,7 @@ import ( "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/config/prometheus" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/config/sentry" "gitlab.com/gitlab-org/gitaly/v15/internal/helper/duration" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" ) @@ -183,7 +184,7 @@ func TestValidateStorages(t *testing.T) { repositories := testhelper.TempDir(t) repositories2 := testhelper.TempDir(t) nestedRepositories := filepath.Join(repositories, "nested") - require.NoError(t, os.MkdirAll(nestedRepositories, os.ModePerm)) + require.NoError(t, os.MkdirAll(nestedRepositories, perm.PublicDir)) filePath := filepath.Join(testhelper.TempDir(t), "temporary-file") require.NoError(t, os.WriteFile(filePath, []byte{}, 0o666)) @@ -426,7 +427,7 @@ func TestValidateGitConfig(t *testing.T) { func TestValidateShellPath(t *testing.T) { tmpDir := testhelper.TempDir(t) - require.NoError(t, os.MkdirAll(filepath.Join(tmpDir, "bin"), 0o755)) + require.NoError(t, os.MkdirAll(filepath.Join(tmpDir, "bin"), perm.SharedDir)) tmpFile := filepath.Join(tmpDir, "my-file") require.NoError(t, os.WriteFile(tmpFile, []byte{}, 0o666)) @@ -635,7 +636,7 @@ func TestSetupRuntimeDirectory_validateInternalSocket(t *testing.T) { desc: "symlinked runtime directory", setup: func(t *testing.T) string { runtimeDir := testhelper.TempDir(t) - require.NoError(t, os.Mkdir(filepath.Join(runtimeDir, "sock.d"), os.ModePerm)) + require.NoError(t, os.Mkdir(filepath.Join(runtimeDir, "sock.d"), perm.PublicDir)) // Create a symlink which points to the real runtime directory. symlinkDir := testhelper.TempDir(t) @@ -662,7 +663,7 @@ func TestSetupRuntimeDirectory_validateInternalSocket(t *testing.T) { runtimeDirTooLongForSockets := filepath.Join(tempDir, strings.Repeat("/nested_directory", 10)) socketDir := filepath.Join(runtimeDirTooLongForSockets, "sock.d") - require.NoError(t, os.MkdirAll(socketDir, os.ModePerm)) + require.NoError(t, os.MkdirAll(socketDir, perm.PublicDir)) return runtimeDirTooLongForSockets }, diff --git a/internal/gitaly/config/locator_test.go b/internal/gitaly/config/locator_test.go index e647fc822..e2ab093f9 100644 --- a/internal/gitaly/config/locator_test.go +++ b/internal/gitaly/config/locator_test.go @@ -12,6 +12,7 @@ import ( "gitlab.com/gitlab-org/gitaly/v15/internal/git/gittest" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/config" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/service/setup" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/structerr" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper/testcfg" @@ -42,7 +43,7 @@ func TestConfigLocator_GetRepoPath(t *testing.T) { // The repository path exists on the disk, but it is not a git repository. const notRepositoryFolder = "not-a-git-repo" - require.NoError(t, os.MkdirAll(filepath.Join(cfg.Storages[0].Path, notRepositoryFolder), 0o755)) + require.NoError(t, os.MkdirAll(filepath.Join(cfg.Storages[0].Path, notRepositoryFolder), perm.SharedDir)) for _, tc := range []struct { desc string @@ -106,7 +107,7 @@ func TestConfigLocator_GetPath(t *testing.T) { // The repository path exists on the disk, but it is not a git repository. const notRepositoryFolder = "not-a-git-repo" - require.NoError(t, os.MkdirAll(filepath.Join(cfg.Storages[0].Path, notRepositoryFolder), 0o755)) + require.NoError(t, os.MkdirAll(filepath.Join(cfg.Storages[0].Path, notRepositoryFolder), perm.SharedDir)) for _, tc := range []struct { desc string diff --git a/internal/gitaly/config/temp_dir_test.go b/internal/gitaly/config/temp_dir_test.go index 25c99bab0..251d8eabf 100644 --- a/internal/gitaly/config/temp_dir_test.go +++ b/internal/gitaly/config/temp_dir_test.go @@ -11,6 +11,7 @@ import ( "github.com/sirupsen/logrus/hooks/test" "github.com/stretchr/testify/require" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" ) @@ -76,7 +77,7 @@ func TestPruneOldGitalyProcessDirectories(t *testing.T) { "gitaly-invalidpid", } { dirPath := filepath.Join(baseDir, dirName) - require.NoError(t, os.Mkdir(dirPath, os.ModePerm)) + require.NoError(t, os.Mkdir(dirPath, perm.PublicDir)) expectedLogs[dirPath] = "could not prune entry" expectedErrs[dirPath] = errors.New("gitaly process directory contains an unexpected directory") nonPrunableDirs = append(nonPrunableDirs, dirPath) diff --git a/internal/gitaly/hook/custom_test.go b/internal/gitaly/hook/custom_test.go index d9273e04d..25048a66c 100644 --- a/internal/gitaly/hook/custom_test.go +++ b/internal/gitaly/hook/custom_test.go @@ -16,6 +16,7 @@ import ( "gitlab.com/gitlab-org/gitaly/v15/internal/git/gittest" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/config" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/storage" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/helper/text" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper/testcfg" @@ -270,7 +271,7 @@ func TestCustomHooksWithSymlinks(t *testing.T) { // bad -> /path/to/nowhere BAD firstDir := filepath.Join(globalHooksPath, "first_dir") secondDir := filepath.Join(globalHooksPath, "second_dir") - require.NoError(t, os.MkdirAll(firstDir, 0o755)) + require.NoError(t, os.MkdirAll(firstDir, perm.SharedDir)) require.NoError(t, os.Symlink(firstDir, secondDir)) filename := filepath.Join(firstDir, "update") @@ -451,7 +452,7 @@ type customHookResults struct { } func writeCustomHook(t *testing.T, hookName, dir string, content []byte) func() { - require.NoError(t, os.MkdirAll(dir, 0o755)) + require.NoError(t, os.MkdirAll(dir, perm.SharedDir)) require.NoError(t, os.WriteFile(filepath.Join(dir, hookName), content, 0o755)) return func() { diff --git a/internal/gitaly/hook/sidechannel.go b/internal/gitaly/hook/sidechannel.go index 678e19283..03fb2a0a0 100644 --- a/internal/gitaly/hook/sidechannel.go +++ b/internal/gitaly/hook/sidechannel.go @@ -12,6 +12,7 @@ import ( "time" "gitlab.com/gitlab-org/gitaly/v15/internal/git" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" gitaly_metadata "gitlab.com/gitlab-org/gitaly/v15/internal/metadata" "google.golang.org/grpc/metadata" ) @@ -56,7 +57,7 @@ func SetupSidechannel(ctx context.Context, payload git.HooksPayload, callback fu // Note that we don't use `os.MkdirAll()` here: we don't want to accidentally create // the full directory hierarchy, and the assumption is that the runtime directory // must exist already. - if err := os.Mkdir(sidechannelDir, 0o700); err != nil && !errors.Is(err, fs.ErrExist) { + if err := os.Mkdir(sidechannelDir, perm.PrivateDir); err != nil && !errors.Is(err, fs.ErrExist) { return nil, nil, err } diff --git a/internal/gitaly/linguist/linguist_test.go b/internal/gitaly/linguist/linguist_test.go index 3a67ce07e..1fd1bb633 100644 --- a/internal/gitaly/linguist/linguist_test.go +++ b/internal/gitaly/linguist/linguist_test.go @@ -13,6 +13,7 @@ import ( "gitlab.com/gitlab-org/gitaly/v15/internal/git/gittest" "gitlab.com/gitlab-org/gitaly/v15/internal/git/localrepo" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/config" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper/testcfg" "gitlab.com/gitlab-org/gitaly/v15/proto/go/gitalypb" @@ -528,7 +529,7 @@ func TestInstance_Stats(t *testing.T) { // Apply the gitattributes // We should get rid of this with https://gitlab.com/groups/gitlab-org/-/epics/9006 infoPath := filepath.Join(repoPath, "info") - require.NoError(t, os.MkdirAll(infoPath, 0o755)) + require.NoError(t, os.MkdirAll(infoPath, perm.SharedDir)) attrData, err := gittest.NewCommand(t, cfg, "-C", repoPath, "cat-file", "blob", objectID.String()+":.gitattributes").Output() if err == nil { require.NoError(t, os.WriteFile(filepath.Join(infoPath, "attributes"), attrData, 0o644)) diff --git a/internal/gitaly/maintenance/randomwalker_test.go b/internal/gitaly/maintenance/randomwalker_test.go index 7e3dc8c0a..0b6a8e7bf 100644 --- a/internal/gitaly/maintenance/randomwalker_test.go +++ b/internal/gitaly/maintenance/randomwalker_test.go @@ -9,6 +9,7 @@ import ( "testing" "github.com/stretchr/testify/require" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" ) @@ -151,7 +152,7 @@ func TestRandomWalk(t *testing.T) { root := testhelper.TempDir(t) for _, dir := range tc.dirs { - require.NoError(t, os.MkdirAll(filepath.Join(root, dir), 0o777)) + require.NoError(t, os.MkdirAll(filepath.Join(root, dir), perm.PublicDir)) } for _, file := range tc.files { @@ -195,7 +196,7 @@ func TestRandomWalk_withRemovedDirs(t *testing.T) { root := testhelper.TempDir(t) for _, dir := range []string{"foo/bar", "foo/bar/deleteme", "foo/baz/qux", "foo/baz/other"} { - require.NoError(t, os.MkdirAll(filepath.Join(root, dir), 0o777)) + require.NoError(t, os.MkdirAll(filepath.Join(root, dir), perm.PublicDir)) } walker := newRandomWalker(root, rand.New(rand.NewSource(1))) diff --git a/internal/gitaly/repoutil/create.go b/internal/gitaly/repoutil/create.go index 3cbc6f441..759204e35 100644 --- a/internal/gitaly/repoutil/create.go +++ b/internal/gitaly/repoutil/create.go @@ -13,6 +13,7 @@ import ( "gitlab.com/gitlab-org/gitaly/v15/internal/git" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/storage" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/transaction" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/safe" "gitlab.com/gitlab-org/gitaly/v15/internal/structerr" "gitlab.com/gitlab-org/gitaly/v15/internal/tempdir" @@ -81,7 +82,7 @@ func Create( } // Create the parent directory in case it doesn't exist yet. - if err := os.MkdirAll(filepath.Dir(targetPath), 0o770); err != nil { + if err := os.MkdirAll(filepath.Dir(targetPath), perm.GroupPrivateDir); err != nil { return structerr.NewInternal("create directories: %w", err) } diff --git a/internal/gitaly/repoutil/create_test.go b/internal/gitaly/repoutil/create_test.go index e4b7b38d2..838970617 100644 --- a/internal/gitaly/repoutil/create_test.go +++ b/internal/gitaly/repoutil/create_test.go @@ -14,6 +14,7 @@ import ( "gitlab.com/gitlab-org/gitaly/v15/internal/git/gittest" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/config" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/transaction" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/helper/text" "gitlab.com/gitlab-org/gitaly/v15/internal/safe" "gitlab.com/gitlab-org/gitaly/v15/internal/structerr" @@ -95,7 +96,7 @@ func TestCreate(t *testing.T) { { desc: "preexisting directory", setup: func(t *testing.T, repo *gitalypb.Repository, repoPath string) { - require.NoError(t, os.MkdirAll(repoPath, 0o777)) + require.NoError(t, os.MkdirAll(repoPath, perm.PublicDir)) }, verify: func(t *testing.T, tempRepo *gitalypb.Repository, tempRepoPath string, realRepo *gitalypb.Repository, realRepoPath string) { require.NoDirExists(t, tempRepoPath) @@ -110,7 +111,7 @@ func TestCreate(t *testing.T) { { desc: "locked", setup: func(t *testing.T, repo *gitalypb.Repository, repoPath string) { - require.NoError(t, os.MkdirAll(filepath.Dir(repoPath), 0o777)) + require.NoError(t, os.MkdirAll(filepath.Dir(repoPath), perm.PublicDir)) // Lock the target repository such that we must fail. lock, err := os.Create(repoPath + ".lock") @@ -184,7 +185,7 @@ func TestCreate(t *testing.T) { // should try locking the repository before casting any votes, we do // not expect to see a voting error. - require.NoError(t, os.MkdirAll(filepath.Dir(repoPath), 0o777)) + require.NoError(t, os.MkdirAll(filepath.Dir(repoPath), perm.PublicDir)) lock, err := os.Create(repoPath + ".lock") require.NoError(t, err) require.NoError(t, lock.Close()) @@ -212,19 +213,19 @@ func TestCreate(t *testing.T) { seed: func(t *testing.T, repo *gitalypb.Repository, repoPath string) error { // Remove the repository first so we can start from a clean state. require.NoError(t, os.RemoveAll(repoPath)) - require.NoError(t, os.Mkdir(repoPath, 0o777)) + require.NoError(t, os.Mkdir(repoPath, perm.PublicDir)) // Objects and FETCH_HEAD should both be ignored. They may contain // indeterministic data that's different across replicas and would // thus cause us to not reach quorum. - require.NoError(t, os.Mkdir(filepath.Join(repoPath, "objects"), 0o777)) + require.NoError(t, os.Mkdir(filepath.Join(repoPath, "objects"), perm.PublicDir)) require.NoError(t, os.WriteFile(filepath.Join(repoPath, "objects", "object"), []byte("object"), 0o666)) require.NoError(t, os.WriteFile(filepath.Join(repoPath, "FETCH_HEAD"), []byte("fetch-head"), 0o666)) // All the other files should be hashed though. require.NoError(t, os.WriteFile(filepath.Join(repoPath, "HEAD"), []byte("head"), 0o666)) require.NoError(t, os.WriteFile(filepath.Join(repoPath, "config"), []byte("cfg"), 0o666)) - require.NoError(t, os.MkdirAll(filepath.Join(repoPath, "refs", "heads"), 0o777)) + require.NoError(t, os.MkdirAll(filepath.Join(repoPath, "refs", "heads"), perm.PublicDir)) require.NoError(t, os.WriteFile(filepath.Join(repoPath, "refs", "heads", "foo"), []byte("foo"), 0o666)) return nil diff --git a/internal/gitaly/rubyserver/rubyserver.go b/internal/gitaly/rubyserver/rubyserver.go index 7e661954a..34f3e80c6 100644 --- a/internal/gitaly/rubyserver/rubyserver.go +++ b/internal/gitaly/rubyserver/rubyserver.go @@ -18,6 +18,7 @@ import ( "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/rubyserver/balancer" "gitlab.com/gitlab-org/gitaly/v15/internal/helper" "gitlab.com/gitlab-org/gitaly/v15/internal/helper/env" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/supervisor" "gitlab.com/gitlab-org/gitaly/v15/internal/version" "gitlab.com/gitlab-org/gitaly/v15/proto/go/gitalypb" @@ -153,7 +154,7 @@ func (s *Server) start() error { // released (https://github.com/libgit2/rugged/pull/918). if cfg.Ruby.RuggedGitConfigSearchPath == "" { gitconfigDir := filepath.Join(cfg.RuntimeDir, "ruby-gitconfig") - if err := os.Mkdir(gitconfigDir, 0o777); err != nil { + if err := os.Mkdir(gitconfigDir, perm.PublicDir); err != nil { return fmt.Errorf("creating gitconfig dir: %w", err) } diff --git a/internal/gitaly/service/blob/lfs_pointers_test.go b/internal/gitaly/service/blob/lfs_pointers_test.go index 5ff60c722..f2373101f 100644 --- a/internal/gitaly/service/blob/lfs_pointers_test.go +++ b/internal/gitaly/service/blob/lfs_pointers_test.go @@ -16,6 +16,7 @@ import ( "gitlab.com/gitlab-org/gitaly/v15/internal/git/catfile" "gitlab.com/gitlab-org/gitaly/v15/internal/git/gittest" "gitlab.com/gitlab-org/gitaly/v15/internal/git/localrepo" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/helper/text" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" "gitlab.com/gitlab-org/gitaly/v15/proto/go/gitalypb" @@ -250,7 +251,7 @@ size 12345` // may want to inspect all newly pushed objects, denoted by a repository proto // message which only has its object directory set to the quarantine directory. quarantineDir := "objects/incoming-123456" - require.NoError(t, os.Mkdir(filepath.Join(repoPath, quarantineDir), 0o777)) + require.NoError(t, os.Mkdir(filepath.Join(repoPath, quarantineDir), perm.PublicDir)) repoProto.GitObjectDirectory = quarantineDir repoProto.GitAlternateObjectDirectories = nil diff --git a/internal/gitaly/service/commit/list_all_commits_test.go b/internal/gitaly/service/commit/list_all_commits_test.go index a828df9c8..5e04ea82c 100644 --- a/internal/gitaly/service/commit/list_all_commits_test.go +++ b/internal/gitaly/service/commit/list_all_commits_test.go @@ -11,6 +11,7 @@ import ( "github.com/stretchr/testify/require" "gitlab.com/gitlab-org/gitaly/v15/internal/git/gittest" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" "gitlab.com/gitlab-org/gitaly/v15/proto/go/gitalypb" "google.golang.org/grpc/codes" @@ -101,7 +102,7 @@ func TestListAllCommits(t *testing.T) { cfg, repo, repoPath, client := setupCommitServiceWithRepo(t, ctx) quarantineDir := filepath.Join("objects", "incoming-123456") - require.NoError(t, os.Mkdir(filepath.Join(repoPath, quarantineDir), 0o777)) + require.NoError(t, os.Mkdir(filepath.Join(repoPath, quarantineDir), perm.PublicDir)) repo.GitObjectDirectory = quarantineDir repo.GitAlternateObjectDirectories = nil diff --git a/internal/gitaly/service/namespace/namespace.go b/internal/gitaly/service/namespace/namespace.go index 1c2ab5773..7c77f10aa 100644 --- a/internal/gitaly/service/namespace/namespace.go +++ b/internal/gitaly/service/namespace/namespace.go @@ -7,6 +7,7 @@ import ( "os" "path/filepath" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/structerr" "gitlab.com/gitlab-org/gitaly/v15/proto/go/gitalypb" "google.golang.org/grpc/codes" @@ -47,7 +48,7 @@ func (s *server) AddNamespace(ctx context.Context, in *gitalypb.AddNamespaceRequ return nil, noNameError } - if err = os.MkdirAll(namespacePath(storagePath, name), 0o770); err != nil { + if err = os.MkdirAll(namespacePath(storagePath, name), perm.GroupPrivateDir); err != nil { return nil, structerr.NewInternal("create directory: %w", err) } @@ -84,7 +85,7 @@ func (s *server) RenameNamespace(ctx context.Context, in *gitalypb.RenameNamespa targetPath := namespacePath(storagePath, in.GetTo()) // Create the parent directory. - if err = os.MkdirAll(filepath.Dir(targetPath), 0o775); err != nil { + if err = os.MkdirAll(filepath.Dir(targetPath), perm.SharedDir); err != nil { return nil, structerr.NewInternal("create directory: %w", err) } diff --git a/internal/gitaly/service/namespace/namespace_test.go b/internal/gitaly/service/namespace/namespace_test.go index 9d00df97e..917682460 100644 --- a/internal/gitaly/service/namespace/namespace_test.go +++ b/internal/gitaly/service/namespace/namespace_test.go @@ -9,6 +9,7 @@ import ( "github.com/stretchr/testify/require" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/config" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/structerr" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper/testserver" @@ -25,7 +26,7 @@ func TestNamespaceExists(t *testing.T) { ctx := testhelper.Context(t) const existingNamespace = "existing" - require.NoError(t, os.MkdirAll(filepath.Join(existingStorage.Path, existingNamespace), 0o755)) + require.NoError(t, os.MkdirAll(filepath.Join(existingStorage.Path, existingNamespace), perm.SharedDir)) for _, tc := range []struct { desc string @@ -156,7 +157,7 @@ func TestRemoveNamespace(t *testing.T) { ctx := testhelper.Context(t) const existingNamespace = "created" - require.NoError(t, os.MkdirAll(filepath.Join(existingStorage.Path, existingNamespace), 0o755), "test setup") + require.NoError(t, os.MkdirAll(filepath.Join(existingStorage.Path, existingNamespace), perm.SharedDir), "test setup") queries := []struct { desc string @@ -210,7 +211,7 @@ func TestRenameNamespace(t *testing.T) { ctx := testhelper.Context(t) const existingNamespace = "existing" - require.NoError(t, os.MkdirAll(filepath.Join(existingStorage.Path, existingNamespace), 0o755)) + require.NoError(t, os.MkdirAll(filepath.Join(existingStorage.Path, existingNamespace), perm.SharedDir)) for _, tc := range []struct { desc string diff --git a/internal/gitaly/service/objectpool/alternates.go b/internal/gitaly/service/objectpool/alternates.go index 33f5b6d5f..667c8612a 100644 --- a/internal/gitaly/service/objectpool/alternates.go +++ b/internal/gitaly/service/objectpool/alternates.go @@ -14,6 +14,7 @@ import ( "gitlab.com/gitlab-org/gitaly/v15/internal/git" "gitlab.com/gitlab-org/gitaly/v15/internal/git/localrepo" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/service" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/helper/text" "gitlab.com/gitlab-org/gitaly/v15/internal/metadata/featureflag" "gitlab.com/gitlab-org/gitaly/v15/internal/structerr" @@ -89,7 +90,7 @@ func (s *server) disconnectAlternates(ctx context.Context, repo *localrepo.Repo) source := filepath.Join(altDir, path) target := filepath.Join(repoPath, "objects", path) - if err := os.MkdirAll(filepath.Dir(target), 0o755); err != nil { + if err := os.MkdirAll(filepath.Dir(target), perm.SharedDir); err != nil { return err } diff --git a/internal/gitaly/service/objectpool/create_test.go b/internal/gitaly/service/objectpool/create_test.go index 8ea7125f2..b4dba6096 100644 --- a/internal/gitaly/service/objectpool/create_test.go +++ b/internal/gitaly/service/objectpool/create_test.go @@ -17,6 +17,7 @@ import ( "gitlab.com/gitlab-org/gitaly/v15/internal/git/objectpool" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/config" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/transaction" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/structerr" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper/testcfg" @@ -88,7 +89,7 @@ func TestCreate_unsuccessful(t *testing.T) { // gets honored as expected. lockedRelativePath := gittest.NewObjectPoolName(t) lockedFullPath := filepath.Join(cfg.Storages[0].Path, lockedRelativePath+".lock") - require.NoError(t, os.MkdirAll(filepath.Dir(lockedFullPath), 0o755)) + require.NoError(t, os.MkdirAll(filepath.Dir(lockedFullPath), perm.SharedDir)) require.NoError(t, os.WriteFile(lockedFullPath, nil, 0o644)) // Create a preexisting object pool. diff --git a/internal/gitaly/service/objectpool/fetch_into_object_pool_test.go b/internal/gitaly/service/objectpool/fetch_into_object_pool_test.go index 2d9bec21c..1e73ef205 100644 --- a/internal/gitaly/service/objectpool/fetch_into_object_pool_test.go +++ b/internal/gitaly/service/objectpool/fetch_into_object_pool_test.go @@ -20,6 +20,7 @@ import ( "gitlab.com/gitlab-org/gitaly/v15/internal/git/stats" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/config" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/transaction" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/metadata" "gitlab.com/gitlab-org/gitaly/v15/internal/metadata/featureflag" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" @@ -80,7 +81,7 @@ func testFetchIntoObjectPoolSuccess(t *testing.T, ctx context.Context) { // break many Git commands, including git-fetch(1). We should know to prune stale broken // references though and thus be able to recover. brokenRef := filepath.Join(poolPath, "refs", "heads", "broken") - require.NoError(t, os.MkdirAll(filepath.Dir(brokenRef), 0o755)) + require.NoError(t, os.MkdirAll(filepath.Dir(brokenRef), perm.SharedDir)) require.NoError(t, os.WriteFile(brokenRef, []byte{}, 0o777)) oldTime := time.Now().Add(-25 * time.Hour) require.NoError(t, os.Chtimes(brokenRef, oldTime, oldTime)) diff --git a/internal/gitaly/service/objectpool/get_test.go b/internal/gitaly/service/objectpool/get_test.go index 75a49caf8..c9789a607 100644 --- a/internal/gitaly/service/objectpool/get_test.go +++ b/internal/gitaly/service/objectpool/get_test.go @@ -9,6 +9,7 @@ import ( "github.com/stretchr/testify/require" "gitlab.com/gitlab-org/gitaly/v15/internal/git/localrepo" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" "gitlab.com/gitlab-org/gitaly/v15/proto/go/gitalypb" "google.golang.org/grpc/codes" @@ -55,7 +56,7 @@ func TestGetObjectPoolBadFile(t *testing.T) { _, repo, repoPath, _, client := setup(t, ctx) alternatesFilePath := filepath.Join(repoPath, "objects", "info", "alternates") - require.NoError(t, os.MkdirAll(filepath.Dir(alternatesFilePath), 0o755)) + require.NoError(t, os.MkdirAll(filepath.Dir(alternatesFilePath), perm.SharedDir)) require.NoError(t, os.WriteFile(alternatesFilePath, []byte("not-a-directory"), 0o644)) resp, err := client.GetObjectPool(ctx, &gitalypb.GetObjectPoolRequest{ diff --git a/internal/gitaly/service/repository/apply_gitattributes.go b/internal/gitaly/service/repository/apply_gitattributes.go index 973d59581..6b10b13aa 100644 --- a/internal/gitaly/service/repository/apply_gitattributes.go +++ b/internal/gitaly/service/repository/apply_gitattributes.go @@ -14,6 +14,7 @@ import ( "gitlab.com/gitlab-org/gitaly/v15/internal/git/localrepo" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/service" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/transaction" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/safe" "gitlab.com/gitlab-org/gitaly/v15/internal/structerr" "gitlab.com/gitlab-org/gitaly/v15/internal/transaction/txinfo" @@ -42,7 +43,7 @@ func (s *server) applyGitattributes(ctx context.Context, repo *localrepo.Repo, o } // Create /info folder if it doesn't exist - if err := os.MkdirAll(infoPath, 0o755); err != nil { + if err := os.MkdirAll(infoPath, perm.SharedDir); err != nil { return err } diff --git a/internal/gitaly/service/repository/apply_gitattributes_test.go b/internal/gitaly/service/repository/apply_gitattributes_test.go index a168f08b1..0eeb7ecb5 100644 --- a/internal/gitaly/service/repository/apply_gitattributes_test.go +++ b/internal/gitaly/service/repository/apply_gitattributes_test.go @@ -11,6 +11,7 @@ import ( "github.com/stretchr/testify/require" "gitlab.com/gitlab-org/gitaly/v15/internal/backchannel" "gitlab.com/gitlab-org/gitaly/v15/internal/git/gittest" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/metadata" "gitlab.com/gitlab-org/gitaly/v15/internal/structerr" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" @@ -61,13 +62,13 @@ func TestApplyGitattributes_successful(t *testing.T) { t.Run("without 'info/attributes' directory", func(t *testing.T) { require.NoError(t, os.RemoveAll(infoPath)) - require.NoError(t, os.Mkdir(infoPath, 0o755)) + require.NoError(t, os.Mkdir(infoPath, perm.SharedDir)) requireApplyGitattributes(t, ctx, client, repo, attributesPath, tc.revision, tc.expectedContent) }) t.Run("with preexisting 'info/attributes'", func(t *testing.T) { require.NoError(t, os.RemoveAll(infoPath)) - require.NoError(t, os.Mkdir(infoPath, 0o755)) + require.NoError(t, os.Mkdir(infoPath, perm.SharedDir)) require.NoError(t, os.WriteFile(attributesPath, []byte("*.docx diff=word"), 0o644)) requireApplyGitattributes(t, ctx, client, repo, attributesPath, tc.revision, tc.expectedContent) }) diff --git a/internal/gitaly/service/repository/backup_custom_hooks_test.go b/internal/gitaly/service/repository/backup_custom_hooks_test.go index 6aa538790..9c897bcd2 100644 --- a/internal/gitaly/service/repository/backup_custom_hooks_test.go +++ b/internal/gitaly/service/repository/backup_custom_hooks_test.go @@ -13,6 +13,7 @@ import ( "github.com/stretchr/testify/require" "gitlab.com/gitlab-org/gitaly/v15/internal/git/gittest" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" "gitlab.com/gitlab-org/gitaly/v15/proto/go/gitalypb" "gitlab.com/gitlab-org/gitaly/v15/streamio" @@ -33,7 +34,7 @@ func TestBackupCustomHooks_successful(t *testing.T) { "custom_hooks/prepare-commit-msg.sample", "custom_hooks/pre-push.sample", } - require.NoError(t, os.Mkdir(filepath.Join(repoPath, "custom_hooks"), 0o700), "Could not create custom_hooks dir") + require.NoError(t, os.Mkdir(filepath.Join(repoPath, "custom_hooks"), perm.PrivateDir), "Could not create custom_hooks dir") for _, fileName := range expectedTarResponse[1:] { require.NoError(t, os.WriteFile(filepath.Join(repoPath, fileName), []byte("Some hooks"), 0o700), fmt.Sprintf("Could not create %s", fileName)) } diff --git a/internal/gitaly/service/repository/calculate_checksum_test.go b/internal/gitaly/service/repository/calculate_checksum_test.go index 1679d05c8..229d34f83 100644 --- a/internal/gitaly/service/repository/calculate_checksum_test.go +++ b/internal/gitaly/service/repository/calculate_checksum_test.go @@ -11,6 +11,7 @@ import ( "github.com/stretchr/testify/require" "gitlab.com/gitlab-org/gitaly/v15/internal/git" "gitlab.com/gitlab-org/gitaly/v15/internal/git/gittest" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" "gitlab.com/gitlab-org/gitaly/v15/proto/go/gitalypb" "google.golang.org/grpc/codes" @@ -26,7 +27,7 @@ func TestSuccessfulCalculateChecksum(t *testing.T) { // Force the refs database of testRepo into a known state require.NoError(t, os.RemoveAll(filepath.Join(repoPath, "refs"))) for _, d := range []string{"refs/heads", "refs/tags", "refs/notes"} { - require.NoError(t, os.MkdirAll(filepath.Join(repoPath, d), 0o755)) + require.NoError(t, os.MkdirAll(filepath.Join(repoPath, d), perm.SharedDir)) } testhelper.CopyFile(t, "testdata/checksum-test-packed-refs", filepath.Join(repoPath, "packed-refs")) @@ -117,7 +118,7 @@ func TestInvalidRefsCalculateChecksum(t *testing.T) { // Force the refs database of testRepo into a known state require.NoError(t, os.RemoveAll(filepath.Join(repoPath, "refs"))) for _, d := range []string{"refs/heads", "refs/tags", "refs/notes"} { - require.NoError(t, os.MkdirAll(filepath.Join(repoPath, d), 0o755)) + require.NoError(t, os.MkdirAll(filepath.Join(repoPath, d), perm.SharedDir)) } require.NoError(t, exec.Command("cp", "testdata/checksum-test-invalid-refs", filepath.Join(repoPath, "packed-refs")).Run()) diff --git a/internal/gitaly/service/repository/cleanup_test.go b/internal/gitaly/service/repository/cleanup_test.go index 6c57b77d4..01a921173 100644 --- a/internal/gitaly/service/repository/cleanup_test.go +++ b/internal/gitaly/service/repository/cleanup_test.go @@ -12,6 +12,7 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "gitlab.com/gitlab-org/gitaly/v15/internal/git/gittest" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" "gitlab.com/gitlab-org/gitaly/v15/proto/go/gitalypb" "google.golang.org/grpc/codes" @@ -101,7 +102,7 @@ func TestCleanupDeletesOrphanedWorktrees(t *testing.T) { basePath := filepath.Join(repoPath, "worktrees") worktreePath := filepath.Join(basePath, "test-worktree") - require.NoError(t, os.MkdirAll(worktreeCheckoutPath, os.ModePerm)) + require.NoError(t, os.MkdirAll(worktreeCheckoutPath, perm.PublicDir)) require.NoError(t, os.Chtimes(worktreeCheckoutPath, oldWorktreeTime, oldWorktreeTime)) //nolint:staticcheck diff --git a/internal/gitaly/service/repository/create_bundle_from_ref_list_test.go b/internal/gitaly/service/repository/create_bundle_from_ref_list_test.go index 6653ad339..e95ea57df 100644 --- a/internal/gitaly/service/repository/create_bundle_from_ref_list_test.go +++ b/internal/gitaly/service/repository/create_bundle_from_ref_list_test.go @@ -12,6 +12,7 @@ import ( "github.com/stretchr/testify/require" "gitlab.com/gitlab-org/gitaly/v15/internal/git/gittest" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/helper/text" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" "gitlab.com/gitlab-org/gitaly/v15/proto/go/gitalypb" @@ -30,7 +31,7 @@ func TestCreateBundleFromRefList_success(t *testing.T) { // clean this up before creating the bundle. sha := gittest.WriteCommit(t, cfg, repoPath, gittest.WithBranch("branch")) - require.NoError(t, os.MkdirAll(filepath.Join(repoPath, "gitlab-worktree"), 0o755)) + require.NoError(t, os.MkdirAll(filepath.Join(repoPath, "gitlab-worktree"), perm.SharedDir)) gittest.Exec(t, cfg, "-C", repoPath, "worktree", "add", "gitlab-worktree/worktree1", sha.String()) require.NoError(t, os.Chtimes(filepath.Join(repoPath, "gitlab-worktree", "worktree1"), time.Now().Add(-7*time.Hour), time.Now().Add(-7*time.Hour))) diff --git a/internal/gitaly/service/repository/create_bundle_test.go b/internal/gitaly/service/repository/create_bundle_test.go index 9cc63d30c..6276242a8 100644 --- a/internal/gitaly/service/repository/create_bundle_test.go +++ b/internal/gitaly/service/repository/create_bundle_test.go @@ -12,6 +12,7 @@ import ( "github.com/stretchr/testify/require" "gitlab.com/gitlab-org/gitaly/v15/internal/git/gittest" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/config" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/tempdir" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" "gitlab.com/gitlab-org/gitaly/v15/proto/go/gitalypb" @@ -30,7 +31,7 @@ func TestSuccessfulCreateBundleRequest(t *testing.T) { // clean this up before creating the bundle. sha := gittest.WriteCommit(t, cfg, repoPath, gittest.WithBranch("branch")) - require.NoError(t, os.MkdirAll(filepath.Join(repoPath, "gitlab-worktree"), 0o755)) + require.NoError(t, os.MkdirAll(filepath.Join(repoPath, "gitlab-worktree"), perm.SharedDir)) gittest.Exec(t, cfg, "-C", repoPath, "worktree", "add", "gitlab-worktree/worktree1", sha.String()) require.NoError(t, os.Chtimes(filepath.Join(repoPath, "gitlab-worktree", "worktree1"), time.Now().Add(-7*time.Hour), time.Now().Add(-7*time.Hour))) diff --git a/internal/gitaly/service/repository/create_fork_test.go b/internal/gitaly/service/repository/create_fork_test.go index 45a7cedd4..9b40586b3 100644 --- a/internal/gitaly/service/repository/create_fork_test.go +++ b/internal/gitaly/service/repository/create_fork_test.go @@ -17,6 +17,7 @@ import ( "gitlab.com/gitlab-org/gitaly/v15/client" "gitlab.com/gitlab-org/gitaly/v15/internal/git/gittest" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/config" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/helper/text" "gitlab.com/gitlab-org/gitaly/v15/internal/praefect/praefectutil" "gitlab.com/gitlab-org/gitaly/v15/internal/structerr" @@ -232,14 +233,14 @@ func TestCreateFork_targetExists(t *testing.T) { { desc: "empty target directory", seed: func(t *testing.T, targetPath string) { - require.NoError(t, os.MkdirAll(targetPath, 0o770)) + require.NoError(t, os.MkdirAll(targetPath, perm.GroupPrivateDir)) }, expectedErrWithAtomicCreation: structerr.NewAlreadyExists("creating fork: repository exists already"), }, { desc: "non-empty target directory", seed: func(t *testing.T, targetPath string) { - require.NoError(t, os.MkdirAll(targetPath, 0o770)) + require.NoError(t, os.MkdirAll(targetPath, perm.GroupPrivateDir)) require.NoError(t, os.WriteFile( filepath.Join(targetPath, "config"), nil, @@ -251,7 +252,7 @@ func TestCreateFork_targetExists(t *testing.T) { { desc: "target file", seed: func(t *testing.T, targetPath string) { - require.NoError(t, os.MkdirAll(filepath.Dir(targetPath), 0o770)) + require.NoError(t, os.MkdirAll(filepath.Dir(targetPath), perm.GroupPrivateDir)) require.NoError(t, os.WriteFile(targetPath, nil, 0o644)) }, expectedErrWithAtomicCreation: structerr.NewAlreadyExists("creating fork: repository exists already"), diff --git a/internal/gitaly/service/repository/create_repository_from_url_test.go b/internal/gitaly/service/repository/create_repository_from_url_test.go index 6d4ba8da0..027bf13fd 100644 --- a/internal/gitaly/service/repository/create_repository_from_url_test.go +++ b/internal/gitaly/service/repository/create_repository_from_url_test.go @@ -15,6 +15,7 @@ import ( "github.com/stretchr/testify/require" "gitlab.com/gitlab-org/gitaly/v15/internal/git" "gitlab.com/gitlab-org/gitaly/v15/internal/git/gittest" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/helper/text" "gitlab.com/gitlab-org/gitaly/v15/internal/praefect/praefectutil" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" @@ -130,9 +131,9 @@ func TestCreateRepositoryFromURL_existingTarget(t *testing.T) { importedRepoPath := filepath.Join(cfg.Storages[0].Path, importedRepo.GetRelativePath()) if testCase.isDir { - require.NoError(t, os.MkdirAll(importedRepoPath, 0o770)) + require.NoError(t, os.MkdirAll(importedRepoPath, perm.GroupPrivateDir)) } else { - require.NoError(t, os.MkdirAll(filepath.Dir(importedRepoPath), os.ModePerm)) + require.NoError(t, os.MkdirAll(filepath.Dir(importedRepoPath), perm.PublicDir)) require.NoError(t, os.WriteFile(importedRepoPath, nil, 0o644)) } t.Cleanup(func() { require.NoError(t, os.RemoveAll(importedRepoPath)) }) diff --git a/internal/gitaly/service/repository/gc_test.go b/internal/gitaly/service/repository/gc_test.go index 585b682aa..97ea88b17 100644 --- a/internal/gitaly/service/repository/gc_test.go +++ b/internal/gitaly/service/repository/gc_test.go @@ -18,6 +18,7 @@ import ( "gitlab.com/gitlab-org/gitaly/v15/internal/git" "gitlab.com/gitlab-org/gitaly/v15/internal/git/gittest" "gitlab.com/gitlab-org/gitaly/v15/internal/git/stats" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/helper/text" "gitlab.com/gitlab-org/gitaly/v15/internal/metadata/featureflag" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" @@ -506,7 +507,7 @@ func testCleanupInvalidKeepAroundRefs(t *testing.T, ctx context.Context) { cfg, repo, repoPath, client := setupRepositoryService(t, ctx) // Make the directory, so we can create random reflike things in it - require.NoError(t, os.MkdirAll(filepath.Join(repoPath, "refs", "keep-around"), 0o755)) + require.NoError(t, os.MkdirAll(filepath.Join(repoPath, "refs", "keep-around"), perm.SharedDir)) testCases := []struct { desc string @@ -589,7 +590,7 @@ func testCleanupInvalidKeepAroundRefs(t *testing.T, ctx context.Context) { func mustCreateFileWithTimes(tb testing.TB, path string, mTime time.Time) { tb.Helper() - require.NoError(tb, os.MkdirAll(filepath.Dir(path), 0o755)) + require.NoError(tb, os.MkdirAll(filepath.Dir(path), perm.SharedDir)) require.NoError(tb, os.WriteFile(path, nil, 0o644)) require.NoError(tb, os.Chtimes(path, mTime, mTime)) } diff --git a/internal/gitaly/service/repository/info_attributes_test.go b/internal/gitaly/service/repository/info_attributes_test.go index eb1f2ea06..7c5ea034d 100644 --- a/internal/gitaly/service/repository/info_attributes_test.go +++ b/internal/gitaly/service/repository/info_attributes_test.go @@ -10,6 +10,7 @@ import ( "testing" "github.com/stretchr/testify/require" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" "gitlab.com/gitlab-org/gitaly/v15/proto/go/gitalypb" "gitlab.com/gitlab-org/gitaly/v15/streamio" @@ -24,7 +25,7 @@ func TestGetInfoAttributesExisting(t *testing.T) { _, repo, repoPath, client := setupRepositoryService(t, ctx) infoPath := filepath.Join(repoPath, "info") - require.NoError(t, os.MkdirAll(infoPath, 0o755)) + require.NoError(t, os.MkdirAll(infoPath, perm.SharedDir)) buffSize := streamio.WriteBufferSize + 1 data := bytes.Repeat([]byte("*.pbxproj binary\n"), buffSize) diff --git a/internal/gitaly/service/repository/optimize_test.go b/internal/gitaly/service/repository/optimize_test.go index 618a6f2b5..c54fddcca 100644 --- a/internal/gitaly/service/repository/optimize_test.go +++ b/internal/gitaly/service/repository/optimize_test.go @@ -18,6 +18,7 @@ import ( "gitlab.com/gitlab-org/gitaly/v15/internal/git/housekeeping" "gitlab.com/gitlab-org/gitaly/v15/internal/git/localrepo" "gitlab.com/gitlab-org/gitaly/v15/internal/git/stats" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/helper/text" "gitlab.com/gitlab-org/gitaly/v15/internal/metadata/featureflag" "gitlab.com/gitlab-org/gitaly/v15/internal/structerr" @@ -228,7 +229,7 @@ func testOptimizeRepository(t *testing.T, ctx context.Context) { // Git will leave behind empty refs directories at times. In order to not slow down // enumerating refs we want to make sure that they get cleaned up properly. emptyRefsDir := filepath.Join(repoPath, "refs", "merge-requests", "1") - require.NoError(t, os.MkdirAll(emptyRefsDir, 0o755)) + require.NoError(t, os.MkdirAll(emptyRefsDir, perm.SharedDir)) // But we don't expect the first call to OptimizeRepository to do anything. This is // because we have a grace period so that we don't delete empty ref directories that diff --git a/internal/gitaly/service/repository/remove.go b/internal/gitaly/service/repository/remove.go index 08967d7a5..f59db5025 100644 --- a/internal/gitaly/service/repository/remove.go +++ b/internal/gitaly/service/repository/remove.go @@ -10,6 +10,7 @@ import ( "github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/service" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/transaction" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/safe" "gitlab.com/gitlab-org/gitaly/v15/internal/structerr" "gitlab.com/gitlab-org/gitaly/v15/internal/transaction/txinfo" @@ -32,7 +33,7 @@ func (s *server) RemoveRepository(ctx context.Context, in *gitalypb.RemoveReposi return nil, structerr.NewInternal("temporary directory: %w", err) } - if err := os.MkdirAll(tempDir, 0o755); err != nil { + if err := os.MkdirAll(tempDir, perm.SharedDir); err != nil { return nil, structerr.NewInternal("%w", err) } diff --git a/internal/gitaly/service/repository/rename.go b/internal/gitaly/service/repository/rename.go index 5e4079cd8..2ebc68484 100644 --- a/internal/gitaly/service/repository/rename.go +++ b/internal/gitaly/service/repository/rename.go @@ -9,6 +9,7 @@ import ( "github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/service" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/safe" "gitlab.com/gitlab-org/gitaly/v15/internal/structerr" "gitlab.com/gitlab-org/gitaly/v15/proto/go/gitalypb" @@ -48,7 +49,7 @@ func (s *server) renameRepository(ctx context.Context, sourceRepo, targetRepo *g return structerr.NewAlreadyExists("target repo exists already") } - if err := os.MkdirAll(filepath.Dir(targetPath), 0o770); err != nil { + if err := os.MkdirAll(filepath.Dir(targetPath), perm.GroupPrivateDir); err != nil { return fmt.Errorf("create target parent dir: %w", err) } diff --git a/internal/gitaly/service/repository/replicate.go b/internal/gitaly/service/repository/replicate.go index 9f2227312..a5eb1ab11 100644 --- a/internal/gitaly/service/repository/replicate.go +++ b/internal/gitaly/service/repository/replicate.go @@ -20,6 +20,7 @@ import ( "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/service" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/storage" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/transaction" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/metadata" "gitlab.com/gitlab-org/gitaly/v15/internal/safe" "gitlab.com/gitlab-org/gitaly/v15/internal/structerr" @@ -319,7 +320,7 @@ func (s *server) syncInfoAttributes(ctx context.Context, in *gitalypb.ReplicateR func (s *server) writeFile(ctx context.Context, path string, mode os.FileMode, reader io.Reader) (returnedErr error) { parentDir := filepath.Dir(path) - if err := os.MkdirAll(parentDir, 0o755); err != nil { + if err := os.MkdirAll(parentDir, perm.SharedDir); err != nil { return err } diff --git a/internal/gitaly/service/repository/replicate_test.go b/internal/gitaly/service/repository/replicate_test.go index f0d3f5a33..ca10e838f 100644 --- a/internal/gitaly/service/repository/replicate_test.go +++ b/internal/gitaly/service/repository/replicate_test.go @@ -25,6 +25,7 @@ import ( gitalyhook "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/hook" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/storage" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/transaction" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/helper/text" "gitlab.com/gitlab-org/gitaly/v15/internal/metadata" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" @@ -63,7 +64,7 @@ func TestReplicateRepository(t *testing.T) { // write info attributes attrFilePath := filepath.Join(repoPath, "info", "attributes") - require.NoError(t, os.MkdirAll(filepath.Dir(attrFilePath), 0o755)) + require.NoError(t, os.MkdirAll(filepath.Dir(attrFilePath), perm.SharedDir)) attrData := []byte("*.pbxproj binary\n") require.NoError(t, os.WriteFile(attrFilePath, attrData, 0o644)) diff --git a/internal/gitaly/service/repository/restore_custom_hooks.go b/internal/gitaly/service/repository/restore_custom_hooks.go index 51a82714b..a3b24d392 100644 --- a/internal/gitaly/service/repository/restore_custom_hooks.go +++ b/internal/gitaly/service/repository/restore_custom_hooks.go @@ -15,6 +15,7 @@ import ( "gitlab.com/gitlab-org/gitaly/v15/internal/git/repository" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/service" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/transaction" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/metadata/featureflag" "gitlab.com/gitlab-org/gitaly/v15/internal/safe" "gitlab.com/gitlab-org/gitaly/v15/internal/structerr" @@ -124,7 +125,7 @@ func (s *server) restoreCustomHooks(ctx context.Context, tar io.Reader, repo rep // it means the repository should be set with an empty `custom_hooks` // directory. Create `custom_hooks` in the temporary directory so that any // existing repository hooks will be replaced with this empty directory. - if err := os.Mkdir(tempHooksPath, os.ModePerm); err != nil && !errors.Is(err, fs.ErrExist) { + if err := os.Mkdir(tempHooksPath, perm.PublicDir); err != nil && !errors.Is(err, fs.ErrExist) { return fmt.Errorf("making temp hooks directory: %w", err) } diff --git a/internal/gitaly/service/repository/restore_custom_hooks_test.go b/internal/gitaly/service/repository/restore_custom_hooks_test.go index 48afedb17..f9bee0ba1 100644 --- a/internal/gitaly/service/repository/restore_custom_hooks_test.go +++ b/internal/gitaly/service/repository/restore_custom_hooks_test.go @@ -14,6 +14,7 @@ import ( "github.com/stretchr/testify/require" "gitlab.com/gitlab-org/gitaly/v15/internal/git/gittest" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/transaction" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/metadata" "gitlab.com/gitlab-org/gitaly/v15/internal/metadata/featureflag" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" @@ -228,7 +229,7 @@ func setupTestHooks(t *testing.T, files []testFile) string { tmpDir := testhelper.TempDir(t) hooksPath := filepath.Join(tmpDir, customHooksDir) - err := os.Mkdir(hooksPath, 0o755) + err := os.Mkdir(hooksPath, perm.SharedDir) require.NoError(t, err) for _, f := range files { diff --git a/internal/gitaly/service/repository/snapshot_test.go b/internal/gitaly/service/repository/snapshot_test.go index fe52c42a4..8a543c400 100644 --- a/internal/gitaly/service/repository/snapshot_test.go +++ b/internal/gitaly/service/repository/snapshot_test.go @@ -18,6 +18,7 @@ import ( "gitlab.com/gitlab-org/gitaly/v15/internal/git/localrepo" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/archive" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/config" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" "gitlab.com/gitlab-org/gitaly/v15/proto/go/gitalypb" "gitlab.com/gitlab-org/gitaly/v15/streamio" @@ -56,8 +57,8 @@ func TestGetSnapshotSuccess(t *testing.T) { // WriteCommit produces a loose object with the given sha sha := gittest.WriteCommit(t, cfg, repoPath, gittest.WithBranch("master")) zeroes := strings.Repeat("0", 40) - require.NoError(t, os.MkdirAll(filepath.Join(repoPath, "hooks"), 0o755)) - require.NoError(t, os.MkdirAll(filepath.Join(repoPath, "objects/pack"), 0o755)) + require.NoError(t, os.MkdirAll(filepath.Join(repoPath, "hooks"), perm.SharedDir)) + require.NoError(t, os.MkdirAll(filepath.Join(repoPath, "objects/pack"), perm.SharedDir)) touch(t, filepath.Join(repoPath, "shallow")) touch(t, filepath.Join(repoPath, "objects/pack/pack-%s.pack"), zeroes) touch(t, filepath.Join(repoPath, "objects/pack/pack-%s.idx"), zeroes) diff --git a/internal/gitaly/service/smarthttp/inforefs_test.go b/internal/gitaly/service/smarthttp/inforefs_test.go index 3a29d5158..6fabe6a21 100644 --- a/internal/gitaly/service/smarthttp/inforefs_test.go +++ b/internal/gitaly/service/smarthttp/inforefs_test.go @@ -22,6 +22,7 @@ import ( "gitlab.com/gitlab-org/gitaly/v15/internal/git/stats" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/config" "gitlab.com/gitlab-org/gitaly/v15/internal/gitaly/transaction" + "gitlab.com/gitlab-org/gitaly/v15/internal/helper/perm" "gitlab.com/gitlab-org/gitaly/v15/internal/metadata/featureflag" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper" "gitlab.com/gitlab-org/gitaly/v15/internal/testhelper/testcfg" @@ -537,7 +538,7 @@ func withInfoRefCache(cache infoRefCache) ServerOpt { func createInvalidRepo(tb testing.TB, repoDir string) func() { for _, subDir := range []string{"objects", "refs", "HEAD"} { - require.NoError(tb, os.MkdirAll(filepath.Join(repoDir, subDir), 0o755)) + require.NoError(tb, os.MkdirAll(filepath.Join(repoDir, subDir), perm.SharedDir)) } return func() { require.NoError(tb, os.RemoveAll(repoDir)) } } |