BBlack has submitted this change and it was merged.
Change subject: fix git::clone umask issues T87843
......................................................................
fix git::clone umask issues T87843
Change-Id: Ifb3935d6ac310114d724ac6366255e583785c6f8
---
M manifests/role/zuul.pp
M modules/geowiki/manifests/private_data.pp
M modules/git/manifests/clone.pp
3 files changed, 21 insertions(+), 2 deletions(-)
Approvals:
Krinkle: Looks good to me, but someone else must approve
BBlack: Verified; Looks good to me, approved
diff --git a/manifests/role/zuul.pp b/manifests/role/zuul.pp
index 355fcd5..6e2e028 100644
--- a/manifests/role/zuul.pp
+++ b/manifests/role/zuul.pp
@@ -115,6 +115,7 @@
owner => zuul,
group => zuul,
mode => '0775',
+ umask => '002',
origin => 'https://gerrit.wikimedia.org/r/p/integration/config.git',
branch =>
$role::zuul::configuration::server[$::realm]['config_git_branch'],
}
diff --git a/modules/geowiki/manifests/private_data.pp
b/modules/geowiki/manifests/private_data.pp
index 8e1dc01..25f30a1 100644
--- a/modules/geowiki/manifests/private_data.pp
+++ b/modules/geowiki/manifests/private_data.pp
@@ -38,6 +38,7 @@
owner => $::geowiki::params::user,
group => 'www-data',
mode => 0750,
+ umask => 027,
require => File[$::geowiki::params::private_data_bare_path],
}
}
diff --git a/modules/git/manifests/clone.pp b/modules/git/manifests/clone.pp
index 8340494..76cbd62 100644
--- a/modules/git/manifests/clone.pp
+++ b/modules/git/manifests/clone.pp
@@ -22,6 +22,8 @@
# $+recurse_submodules:: If true, git
# $+shared+:: Enable git's core.sharedRepository=group setting for sharing the
# repository between serveral users, default: false
+# $+umask+:: umask value that git operations should run under,
+# default 002 if shared, 022 otherwise.
# $+mode+:: Permission mode of $directory, default: 2755 if shared, 0755
otherwise
# $+ssh+:: SSH command/wrapper to use when checking out, default: ''
# $+timeout+:: Time out in seconds for the exec command, default: 300
@@ -54,6 +56,7 @@
$timeout='300',
$depth='full',
$recurse_submodules=false,
+ $umask=undef,
$mode=undef) {
$gerrit_url_format = 'https://gerrit.wikimedia.org/r/p/%s.git'
@@ -72,6 +75,17 @@
fail('Shared repositories must leave "mode" unspecified or set to
277?, specified as octal.')
} else {
$file_mode = $mode
+ }
+
+ if $umask == undef {
+ $git_umask = $shared ? {
+ true => '002',
+ default => '022',
+ }
+ } elsif $shared and $umask !~ /^00\d$/ {
+ fail('Shared repositories must leave "umask" unspecified or set to
00?, specified as octal.')
+ } else {
+ $git_umask = $umask
}
case $ensure {
@@ -109,11 +123,11 @@
if $shared {
$shared_arg = '-c core.sharedRepository=group'
- $git = 'umask 002; /usr/bin/git'
} else {
$shared_arg = ''
- $git = '/usr/bin/git'
}
+
+ $git = '/usr/bin/git'
# set PATH for following execs
Exec { path => '/usr/bin:/bin' }
@@ -127,6 +141,7 @@
creates => "${directory}/.git/config",
user => $owner,
group => $group,
+ umask => $git_umask,
timeout => $timeout,
require => Package['git-core'],
}
@@ -153,6 +168,7 @@
unless => "${git} fetch && /usr/bin/git diff --quiet
remotes/origin/HEAD",
user => $owner,
group => $group,
+ umask => $git_umask,
require => Exec["git_clone_${title}"],
}
# If we want submodules up to date, then we need
@@ -167,6 +183,7 @@
refreshonly => true,
user => $owner,
group => $group,
+ umask => $git_umask,
subscribe => Exec["git_pull_${title}"],
}
}
--
To view, visit https://gerrit.wikimedia.org/r/187331
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Ifb3935d6ac310114d724ac6366255e583785c6f8
Gerrit-PatchSet: 3
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: BBlack <[email protected]>
Gerrit-Reviewer: BBlack <[email protected]>
Gerrit-Reviewer: BryanDavis <[email protected]>
Gerrit-Reviewer: Hashar <[email protected]>
Gerrit-Reviewer: Krinkle <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
