From 557a1fa25a0a1d60bdb71ea3ad0e4e9a9cd9cc61 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Tue, 17 Sep 2013 17:39:10 -0400
Subject: [PATCH] Ignore the contents of a default .git/description file

---
 src/main/java/com/gitblit/utils/JGitUtils.java |  124 ++++++++++++++++++++++++++++++++++-------
 1 files changed, 103 insertions(+), 21 deletions(-)

diff --git a/src/main/java/com/gitblit/utils/JGitUtils.java b/src/main/java/com/gitblit/utils/JGitUtils.java
index 03b54ee..cf6ec26 100644
--- a/src/main/java/com/gitblit/utils/JGitUtils.java
+++ b/src/main/java/com/gitblit/utils/JGitUtils.java
@@ -32,6 +32,7 @@
 import java.util.Map.Entry;
 import java.util.regex.Pattern;
 
+import org.apache.commons.io.filefilter.TrueFileFilter;
 import org.eclipse.jgit.api.CloneCommand;
 import org.eclipse.jgit.api.FetchCommand;
 import org.eclipse.jgit.api.Git;
@@ -260,17 +261,12 @@
 	 * @return Repository
 	 */
 	public static Repository createRepository(File repositoriesFolder, String name) {
-		try {
-			Git git = Git.init().setDirectory(new File(repositoriesFolder, name)).setBare(true).call();
-			return git.getRepository();
-		} catch (GitAPIException e) {
-			throw new RuntimeException(e);
-		}
+		return createRepository(repositoriesFolder, name, "FALSE");
 	}
 
 	/**
 	 * Creates a bare, shared repository.
-	 * 
+	 *
 	 * @param repositoriesFolder
 	 * @param name
 	 * @param shared
@@ -279,7 +275,13 @@
 	 */
 	public static Repository createRepository(File repositoriesFolder, String name, String shared) {
 		try {
-			Repository repo = createRepository(repositoriesFolder, name);
+			Repository repo = null;
+			try {
+				Git git = Git.init().setDirectory(new File(repositoriesFolder, name)).setBare(true).call();
+				repo = git.getRepository();
+			} catch (GitAPIException e) {
+				throw new RuntimeException(e);
+			}
 
 			GitConfigSharedRepository sharedRepository = new GitConfigSharedRepository(shared);
 			if (sharedRepository.isShared()) {
@@ -289,8 +291,12 @@
 				config.save();
 
 				if (! JnaUtils.isWindows()) {
-
-					//libc.chmod("/path/to/file", 0755);
+					Iterator<File> iter = org.apache.commons.io.FileUtils.iterateFilesAndDirs(repo.getDirectory(),
+							TrueFileFilter.INSTANCE, TrueFileFilter.INSTANCE);
+					// Adjust permissions on file/directory
+					while (iter.hasNext()) {
+						adjustSharedPerm(iter.next(), sharedRepository);
+					}
 				}
 			}
 
@@ -299,7 +305,9 @@
 			throw new RuntimeException(e);
 		}
 	}
-	private enum GitConfigSharedRepositoryValue {
+
+	private enum GitConfigSharedRepositoryValue
+	{
 		UMASK("0", 0), FALSE("0", 0), OFF("0", 0), NO("0", 0),
 		GROUP("1", 0660), TRUE("1", 0660), ON("1", 0660), YES("1", 0660),
 		ALL("2", 0664), WORLD("2", 0664), EVERYBODY("2", 0664),
@@ -313,13 +321,13 @@
 		public int getPerm() { return permValue; };
 
 	}
+
 	private static class GitConfigSharedRepository
 	{
 		private int intValue;
-		GitConfigSharedRepositoryValue enumValue;
+		private GitConfigSharedRepositoryValue enumValue;
 
-		GitConfigSharedRepository(String s)
-		{
+		GitConfigSharedRepository(String s) {
 			if ( s == null || s.trim().isEmpty() ) {
 				enumValue = GitConfigSharedRepositoryValue.GROUP;
 			}
@@ -344,22 +352,94 @@
 			}
 		}
 
-		String getValue()
-		{
-			if ( enumValue == GitConfigSharedRepositoryValue.Oxxx ) return Integer.toOctalString(intValue);
+		String getValue() {
+			if ( enumValue == GitConfigSharedRepositoryValue.Oxxx ) {
+				if (intValue == 0) return "0";
+				return String.format("0%o", intValue);
+			}
 			return enumValue.getConfigValue();
 		}
 
-		int getPerm()
-		{
+		int getPerm() {
 			if ( enumValue == GitConfigSharedRepositoryValue.Oxxx ) return intValue;
 			return enumValue.getPerm();
 		}
 
-		boolean isShared()
-		{
+		boolean isCustom() {
+			return enumValue == GitConfigSharedRepositoryValue.Oxxx;
+		}
+
+		boolean isShared() {
 			return (enumValue.getPerm() > 0) || enumValue == GitConfigSharedRepositoryValue.Oxxx;
 		}
+	}
+
+
+	/**
+	 * Adjust file permissions of a file/directory for shared repositories
+	 *
+	 * @param path
+	 * 			File that should get its permissions changed.
+	 * @param configShared
+	 * 			Configuration string value for the shared mode.
+	 * @return Upon successful completion, a value of 0 is returned. Otherwise, a value of -1 is returned.
+	 */
+	public static int adjustSharedPerm(File path, String configShared) {
+		return adjustSharedPerm(path, new GitConfigSharedRepository(configShared));
+	}
+
+
+	/**
+	 * Adjust file permissions of a file/directory for shared repositories
+	 *
+	 * @param path
+	 * 			File that should get its permissions changed.
+	 * @param configShared
+	 * 			Configuration setting for the shared mode.
+	 * @return Upon successful completion, a value of 0 is returned. Otherwise, a value of -1 is returned.
+	 */
+	public static int adjustSharedPerm(File path, GitConfigSharedRepository configShared) {
+		if (! configShared.isShared()) return 0;
+		if (! path.exists()) return -1;
+
+		int perm = configShared.getPerm();
+		JnaUtils.Filestat stat = JnaUtils.getFilestat(path);
+		if (stat == null) return -1;
+		int mode = stat.mode;
+		if (mode < 0) return -1;
+
+		// Now, here is the kicker: Under Linux, chmod'ing a sgid file whose guid is different from the process'
+		// effective guid will reset the sgid flag of the file. Since there is no way to get the sgid flag back in
+		// that case, we decide to rather not touch is and getting the right permissions will have to be achieved
+		// in a different way, e.g. by using an appropriate umask for the Gitblit process.
+		if (System.getProperty("os.name").toLowerCase().startsWith("linux")) {
+			if ( ((mode & (JnaUtils.S_ISGID | JnaUtils.S_ISUID)) != 0)
+				&& stat.gid != JnaUtils.getegid() ) {
+				LOGGER.debug("Not adjusting permissions to prevent clearing suid/sgid bits for '" + path + "'" );
+				return 0;
+			}
+		}
+
+		// If the owner has no write access, delete it from group and other, too.
+		if ((mode & JnaUtils.S_IWUSR) == 0) perm &= ~0222;
+		// If the owner has execute access, set it for all blocks that have read access.
+		if ((mode & JnaUtils.S_IXUSR) == JnaUtils.S_IXUSR) perm |= (perm & 0444) >> 2;
+
+		if (configShared.isCustom()) {
+			// Use the custom value for access permissions.
+			mode = (mode & ~0777) | perm;
+		}
+		else {
+			// Just add necessary bits to existing permissions.
+			mode |= perm;
+		}
+
+		if (path.isDirectory()) {
+			mode |= (mode & 0444) >> 2;
+			mode |= JnaUtils.S_ISGID;
+		}
+
+		return JnaUtils.setFilemode(path, mode);
 	}
 
 
@@ -662,6 +742,8 @@
 		try {
 			if (tree == null) {
 				ObjectId object = getDefaultBranch(repository);
+				if (object == null)
+					return null;
 				RevCommit commit = rw.parseCommit(object);
 				tree = commit.getTree();
 			}

--
Gitblit v1.9.1