repo/commit: Support group-writable files for bare-user-only

These exist in the wild for flatpak, and aren't really a problem. The canonical
permissions are still either `0755` or `0644`, we just support the additional
writable bit for the group (i.e. extend the set to include `0775` and `0664`)
now to avoid breaking some flatpak content.

Closes: #913
Approved by: alexlarsson

diff --git a/src/libostree/ostree-repo-commit.c b/src/libostree/ostree-repo-commit.c
index da0a5cdcb87b9c4e2f777bc6188e95ba4df0a39d..93d22f65394c35f88262967f3ae133f3a16fdae8 100644 (file)
--- a/src/libostree/ostree-repo-commit.c
+++ b/src/libostree/ostree-repo-commit.c
@@ -301,10 +301,10 @@ commit_loose_object_trusted (OstreeRepo        *self,
                self->mode == OSTREE_REPO_MODE_BARE_USER_ONLY
                && !object_is_symlink)
         {
-          guint32 invalid_modebits = (mode & ~S_IFMT) & ~0755;
+          guint32 invalid_modebits = (mode & ~S_IFMT) & ~0775;
           if (invalid_modebits > 0)
             return glnx_throw (error, "Invalid mode 0%04o with bits 0%04o in bare-user-only repository",
-                                   mode, invalid_modebits);
+                               mode, invalid_modebits);
 
           if (fchmod (fd, mode) < 0)
             return glnx_throw_errno_prefix (error, "fchmod");

diff --git a/tests/test-basic-user-only.sh b/tests/test-basic-user-only.sh
index 7184fe94204dcac4a20efc2985d486765a55e918..deca0e005d5245d3605d91b0704118808d21517a 100755 (executable)
--- a/tests/test-basic-user-only.sh
+++ b/tests/test-basic-user-only.sh
@@ -22,7 +22,7 @@ set -euo pipefail
 . $(dirname $0)/libtest.sh
 
 setup_test_repository "bare-user-only"
-extra_basic_tests=1
+extra_basic_tests=2
 . $(dirname $0)/basic-test.sh
 
 # Reset things so we don't inherit a lot of state from earlier tests
@@ -47,3 +47,15 @@ if $CMD_PREFIX ostree pull-local --repo=repo repo-input 2>err.txt; then
 fi
 assert_file_has_content err.txt "Invalid mode.*with bits 040.*in bare-user-only"
 echo "ok failed to commit suid"
+
+cd ${test_tmpdir}
+rm repo-input -rf
+ostree_repo_init repo-input init --mode=archive
+rm files -rf && mkdir files
+echo "a group writable file" > files/some-group-writable
+chmod 0664 files/some-group-writable
+$CMD_PREFIX ostree --repo=repo-input commit -b content-with-group-writable --tree=dir=files
+$CMD_PREFIX ostree pull-local --repo=repo repo-input
+$CMD_PREFIX ostree --repo=repo checkout -U -H content-with-group-writable groupwritable-co
+assert_file_has_mode groupwritable-co/some-group-writable 664
+echo "ok supported group writable"