Merge df4c1a5624 into 76ce3defea

add man and tests for removing write permission from template result
Signed-off-by: Tin Lai <oscar@tinyiu.com>
2024-07-01 19:01:09 -04:00 · 2023-11-20 04:39:53 +00:00 · 2023-11-20 15:36:03 +11:00 · 2023-11-20 15:32:43 +11:00 · 2023-11-20 15:32:43 +11:00
5 changed files with 35 additions and 1 deletions
--- a/test/conftest.py
+++ b/test/conftest.py
@ -157,6 +157,7 @@ def supported_configs():
        "yadm.openssl-old",
        "yadm.openssl-program",
        "yadm.ssh-perms",
        "yadm.template-read-only",
    ]
--- a/test/test_alt.py
+++ b/test/test_alt.py
@ -292,6 +292,28 @@ def test_ensure_alt_path(runner, paths, style):
    assert run.out == ""
    assert paths.work.join(filename).read().strip() == "test-data"
@pytest.mark.usefixtures("ds1_repo_copy")
@pytest.mark.parametrize("readonly", [None, "true", "false"])
 def test_template_readonly(runner, yadm_cmd, paths, tst_sys, readonly):
    """Remove write permission for template result file.
    If the `yadm.template-read-only` configuration is not set to false,
    the resulting file from processing a template should has no write permission.
    """
    # set the value of template read-only
    if readonly:
        runner(yadm_cmd("config", "yadm.template-read-only", readonly))
    utils.create_alt_files(paths, f"##template.default")
    run = runner(yadm_cmd("alt"))
    for stale_path in [utils.ALT_FILE1, utils.ALT_FILE2]:
        write_perm_mask = os.stat(paths.work.join(stale_path)).st_mode & 0o222
        if readonly == "false":
            assert write_perm_mask > 0
        else:
            assert write_perm_mask == 0
 def setup_standard_yadm_dir(paths):
    """Configure a yadm home within the work tree"""
--- a/2
+++ b/2
@ -540,6 +540,7 @@ function move_file() {
  mv -f "$temp_file" "$output"
  copy_perms "$input" "$output"
  [ "$(config --bool yadm.template-read-only)" != "false" ] && chmod a-w "$output"
 }
 # ****** yadm Commands ******
@ -1266,6 +1267,7 @@ yadm.openssl-ciphername
 yadm.openssl-old
 yadm.openssl-program
 yadm.ssh-perms
 yadm.template-read-only
 EOF
  printf '%s' "$msg"
 }
--- a/yadm.1
+++ b/yadm.1
@ -108,6 +108,9 @@ unnecessary to run this command, as yadm automatically processes alternates by
 default. This automatic behavior can be disabled by setting the configuration
 .I yadm.auto-alt
 to "false".
 The resulting file's write permission can be controlled with the
 .I yadm.template-read-only
 configuration.
 .TP
 .B bootstrap
 Execute
@ -425,6 +428,10 @@ By default, the first "openssl" found in $PATH is used.
 Disable the permission changes to
 .IR $HOME/.ssh/* .
 This feature is enabled by default.
 .TP
 .B yadm.template-read-only
 Remove write permissions from the resulting template file.
 This feature is enabled by default.
 .RE
 The following five "local" configurations are not stored in the
--- a/yadm.md
+++ b/yadm.md
@ -67,7 +67,9 @@
              TEMPLATES sections. It is usually unnecessary to run  this  com‐
              mand,  as  yadm  automatically  processes alternates by default.
              This automatic behavior can be disabled by setting the  configu‐
-              ration yadm.auto-alt to "false".
+              ration  yadm.auto-alt  to  "false".   The resulting file's write
              permission can be controlled  with  the  yadm.template-read-only
              configuration.
       bootstrap
              Execute $HOME/.config/yadm/bootstrap if it exists.
Author	SHA1	Message	Date
Tin Lai	864dbb9743	Merge `df4c1a5624` into `76ce3defea`	2023-11-20 04:39:53 +00:00
Tin Lai	df4c1a5624	add man and tests for removing write permission from template result Signed-off-by: Tin Lai <oscar@tinyiu.com>	2023-11-20 15:36:03 +11:00
Tin Lai	d7669f2256	template ro removes write permission for all Signed-off-by: Tin Lai <oscar@tinyiu.com>	2023-11-20 15:32:43 +11:00
Tin Lai	4f8554ba29	add config for yadm to create read-only template output Signed-off-by: Tin Lai <oscar@tinyiu.com>	2023-11-20 15:32:43 +11:00