1
0
Fork 0
mirror of synced 2024-12-21 06:01:08 -05:00

add man and tests for removing write permission from template result

Signed-off-by: Tin Lai <oscar@tinyiu.com>
This commit is contained in:
Tin Lai 2023-11-09 13:21:26 +11:00
parent d7669f2256
commit df4c1a5624
5 changed files with 35 additions and 2 deletions

View file

@ -157,6 +157,7 @@ def supported_configs():
"yadm.openssl-old",
"yadm.openssl-program",
"yadm.ssh-perms",
"yadm.template-read-only",
]

View file

@ -292,6 +292,28 @@ def test_ensure_alt_path(runner, paths, style):
assert run.out == ""
assert paths.work.join(filename).read().strip() == "test-data"
@pytest.mark.usefixtures("ds1_repo_copy")
@pytest.mark.parametrize("readonly", [None, "true", "false"])
def test_template_readonly(runner, yadm_cmd, paths, tst_sys, readonly):
"""Remove write permission for template result file.
If the `yadm.template-read-only` configuration is not set to false,
the resulting file from processing a template should has no write permission.
"""
# set the value of template read-only
if readonly:
runner(yadm_cmd("config", "yadm.template-read-only", readonly))
utils.create_alt_files(paths, f"##template.default")
run = runner(yadm_cmd("alt"))
for stale_path in [utils.ALT_FILE1, utils.ALT_FILE2]:
write_perm_mask = os.stat(paths.work.join(stale_path)).st_mode & 0o222
if readonly == "false":
assert write_perm_mask > 0
else:
assert write_perm_mask == 0
def setup_standard_yadm_dir(paths):
"""Configure a yadm home within the work tree"""

3
yadm
View file

@ -540,7 +540,7 @@ function move_file() {
mv -f "$temp_file" "$output"
copy_perms "$input" "$output"
[ "$(config --bool yadm.template-read-only)" == "true" ] && chmod a-w "$output"
[ "$(config --bool yadm.template-read-only)" != "false" ] && chmod a-w "$output"
}
# ****** yadm Commands ******
@ -1267,6 +1267,7 @@ yadm.openssl-ciphername
yadm.openssl-old
yadm.openssl-program
yadm.ssh-perms
yadm.template-read-only
EOF
printf '%s' "$msg"
}

7
yadm.1
View file

@ -108,6 +108,9 @@ unnecessary to run this command, as yadm automatically processes alternates by
default. This automatic behavior can be disabled by setting the configuration
.I yadm.auto-alt
to "false".
The resulting file's write permission can be controlled with the
.I yadm.template-read-only
configuration.
.TP
.B bootstrap
Execute
@ -425,6 +428,10 @@ By default, the first "openssl" found in $PATH is used.
Disable the permission changes to
.IR $HOME/.ssh/* .
This feature is enabled by default.
.TP
.B yadm.template-read-only
Remove write permissions from the resulting template file.
This feature is enabled by default.
.RE
The following five "local" configurations are not stored in the

View file

@ -67,7 +67,9 @@
TEMPLATES sections. It is usually unnecessary to run this com
mand, as yadm automatically processes alternates by default.
This automatic behavior can be disabled by setting the configu
ration yadm.auto-alt to "false".
ration yadm.auto-alt to "false". The resulting file's write
permission can be controlled with the yadm.template-read-only
configuration.
bootstrap
Execute $HOME/.config/yadm/bootstrap if it exists.