Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add config for yadm to create read-only template output #454

Open
wants to merge 3 commits into
base: develop
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions test/conftest.py
Original file line number Diff line number Diff line change
Expand Up @@ -157,6 +157,7 @@ def supported_configs():
"yadm.openssl-old",
"yadm.openssl-program",
"yadm.ssh-perms",
"yadm.template-read-only",
]


Expand Down
22 changes: 22 additions & 0 deletions test/test_alt.py
Original file line number Diff line number Diff line change
Expand Up @@ -292,6 +292,28 @@ def test_ensure_alt_path(runner, paths, style):
assert run.out == ""
assert paths.work.join(filename).read().strip() == "test-data"

@pytest.mark.usefixtures("ds1_repo_copy")
@pytest.mark.parametrize("readonly", [None, "true", "false"])
def test_template_readonly(runner, yadm_cmd, paths, tst_sys, readonly):
"""Remove write permission for template result file.

If the `yadm.template-read-only` configuration is not set to false,
the resulting file from processing a template should has no write permission.
"""
# set the value of template read-only
if readonly:
runner(yadm_cmd("config", "yadm.template-read-only", readonly))

utils.create_alt_files(paths, f"##template.default")
run = runner(yadm_cmd("alt"))

for stale_path in [utils.ALT_FILE1, utils.ALT_FILE2]:
write_perm_mask = os.stat(paths.work.join(stale_path)).st_mode & 0o222
if readonly == "false":
assert write_perm_mask > 0
else:
assert write_perm_mask == 0


def setup_standard_yadm_dir(paths):
"""Configure a yadm home within the work tree"""
Expand Down
2 changes: 2 additions & 0 deletions yadm
Original file line number Diff line number Diff line change
Expand Up @@ -540,6 +540,7 @@ function move_file() {

mv -f "$temp_file" "$output"
copy_perms "$input" "$output"
[ "$(config --bool yadm.template-read-only)" != "false" ] && chmod a-w "$output"
}

# ****** yadm Commands ******
Expand Down Expand Up @@ -1266,6 +1267,7 @@ yadm.openssl-ciphername
yadm.openssl-old
yadm.openssl-program
yadm.ssh-perms
yadm.template-read-only
EOF
printf '%s' "$msg"
}
Expand Down
7 changes: 7 additions & 0 deletions yadm.1
Original file line number Diff line number Diff line change
Expand Up @@ -108,6 +108,9 @@ unnecessary to run this command, as yadm automatically processes alternates by
default. This automatic behavior can be disabled by setting the configuration
.I yadm.auto-alt
to "false".
The resulting file's write permission can be controlled with the
.I yadm.template-read-only
configuration.
.TP
.B bootstrap
Execute
Expand Down Expand Up @@ -425,6 +428,10 @@ By default, the first "openssl" found in $PATH is used.
Disable the permission changes to
.IR $HOME/.ssh/* .
This feature is enabled by default.
.TP
.B yadm.template-read-only
Remove write permissions from the resulting template file.
This feature is enabled by default.

.RE
The following five "local" configurations are not stored in the
Expand Down
4 changes: 3 additions & 1 deletion yadm.md
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,9 @@
TEMPLATES sections. It is usually unnecessary to run this com‐
mand, as yadm automatically processes alternates by default.
This automatic behavior can be disabled by setting the configu‐
ration yadm.auto-alt to "false".
ration yadm.auto-alt to "false". The resulting file's write
permission can be controlled with the yadm.template-read-only
configuration.

bootstrap
Execute $HOME/.config/yadm/bootstrap if it exists.
Expand Down
Loading