Skip to content

Commit

Permalink
add man and tests for removing write permission from template result
Browse files Browse the repository at this point in the history
Signed-off-by: Tin Lai <[email protected]>
  • Loading branch information
soraxas committed Nov 9, 2023
1 parent b4e76f2 commit f8deb5c
Show file tree
Hide file tree
Showing 5 changed files with 36 additions and 2 deletions.
1 change: 1 addition & 0 deletions test/conftest.py
Original file line number Diff line number Diff line change
Expand Up @@ -145,6 +145,7 @@ def supported_configs():
'yadm.openssl-old',
'yadm.openssl-program',
'yadm.ssh-perms',
'yadm.template-read-only',
]


Expand Down
23 changes: 23 additions & 0 deletions test/test_alt.py
Original file line number Diff line number Diff line change
Expand Up @@ -285,6 +285,29 @@ def test_ensure_alt_path(runner, paths, style):
assert run.out == ''
assert paths.work.join(filename).read().strip() == 'test-data'

@pytest.mark.usefixtures("ds1_repo_copy")
@pytest.mark.parametrize("readonly", [None, "true", "false"])
def test_template_readonly(runner, yadm_cmd, paths, tst_sys, readonly):
"""Remove symlinks before processing a template
If a symlink is in the way of the output of a template, the target of the
symlink will get the template content. To prevent this, the symlink should
be removed just before processing a template.
"""
# set the value of template read-only
if readonly:
runner(yadm_cmd("config", "yadm.template-read-only", readonly))

utils.create_alt_files(paths, f"##template.default")
run = runner(yadm_cmd("alt"))

for stale_path in [utils.ALT_FILE1, utils.ALT_FILE2]:
write_perm_mask = os.stat(paths.work.join(stale_path)).st_mode & 0o222
if readonly == "false":
assert write_perm_mask > 0
else:
assert write_perm_mask == 0


def setup_standard_yadm_dir(paths):
"""Configure a yadm home within the work tree"""
Expand Down
3 changes: 2 additions & 1 deletion yadm
Original file line number Diff line number Diff line change
Expand Up @@ -540,7 +540,7 @@ function move_file() {

mv -f "$temp_file" "$output"
copy_perms "$input" "$output"
[ "$(config --bool yadm.template-read-only)" == "true" ] && chmod a-w "$output"
[ "$(config --bool yadm.template-read-only)" != "false" ] && chmod a-w "$output"
}

# ****** yadm Commands ******
Expand Down Expand Up @@ -1267,6 +1267,7 @@ yadm.openssl-ciphername
yadm.openssl-old
yadm.openssl-program
yadm.ssh-perms
yadm.template-read-only
EOF
printf '%s' "$msg"
}
Expand Down
7 changes: 7 additions & 0 deletions yadm.1
Original file line number Diff line number Diff line change
Expand Up @@ -108,6 +108,9 @@ unnecessary to run this command, as yadm automatically processes alternates by
default. This automatic behavior can be disabled by setting the configuration
.I yadm.auto-alt
to "false".
The resulting file's write permission can be controlled with the
.I yadm.template-read-only
configuration.
.TP
.B bootstrap
Execute
Expand Down Expand Up @@ -425,6 +428,10 @@ By default, the first "openssl" found in $PATH is used.
Disable the permission changes to
.IR $HOME/.ssh/* .
This feature is enabled by default.
.TP
.B yadm.template-read-only
Remove write permissions from the resulting template file.
This feature is enabled by default.

.RE
The following five "local" configurations are not stored in the
Expand Down
4 changes: 3 additions & 1 deletion yadm.md
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,9 @@
TEMPLATES sections. It is usually unnecessary to run this com‐
mand, as yadm automatically processes alternates by default.
This automatic behavior can be disabled by setting the configu‐
ration yadm.auto-alt to "false".
ration yadm.auto-alt to "false". The resulting file's write
permission can be controlled with the yadm.template-read-only
configuration.

bootstrap
Execute $HOME/.config/yadm/bootstrap if it exists.
Expand Down

0 comments on commit f8deb5c

Please sign in to comment.