From 92ba675e4bffaca19af1d354783c33b0d9dca069 Mon Sep 17 00:00:00 2001 From: Wolfgang Müller Date: Thu, 3 Mar 2022 15:15:19 +0100 Subject: Rename git-init-shared(1) to git-init-acl(1) We have always felt that the name of this program was too close to the invocation of 'git init --shared' which does something similar. Make it clear in the name that we're working with POSIX ACLs instead of normal permission sets as 'git init --shared' does. --- Makefile | 6 +++--- README.md | 2 +- git-init-acl | 36 ++++++++++++++++++++++++++++++++++++ git-init-acl.1 | 42 ++++++++++++++++++++++++++++++++++++++++++ git-init-shared | 36 ------------------------------------ git-init-shared.1 | 42 ------------------------------------------ 6 files changed, 82 insertions(+), 82 deletions(-) create mode 100755 git-init-acl create mode 100644 git-init-acl.1 delete mode 100755 git-init-shared delete mode 100644 git-init-shared.1 diff --git a/Makefile b/Makefile index 6244684..64201f1 100644 --- a/Makefile +++ b/Makefile @@ -1,7 +1,7 @@ PREFIX ?= /usr/local -install: git-init-shared git-init-shared.1 git-package git-package.1 git-sign-for-cgit git-sign-for-cgit.1 - install -D -m 755 -t '${DESTDIR}${PREFIX}/bin' git-init-shared git-package git-sign-for-cgit - install -D -m 644 -t '${DESTDIR}${PREFIX}/share/man/man1' git-init-shared.1 git-package.1 git-sign-for-cgit.1 +install: git-init-acl git-init-acl.1 git-package git-package.1 git-sign-for-cgit git-sign-for-cgit.1 + install -D -m 755 -t '${DESTDIR}${PREFIX}/bin' git-init-acl git-package git-sign-for-cgit + install -D -m 644 -t '${DESTDIR}${PREFIX}/share/man/man1' git-init-acl.1 git-package.1 git-sign-for-cgit.1 .PHONY: install diff --git a/README.md b/README.md index 60d06d5..1e3fb33 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ personal use. ## Scripts -- [`git-init-shared(1)`](git-init-shared.1): Initialize a bare repo that multiple users have write access +- [`git-init-acl(1)`](git-init-acl.1): Initialize a bare repo that multiple users have write access to. This uses `setfacl(1)` and thereby relies on ACL support. - [`git-package(1)`](git-package.1): Create an archive of a named tree suitable for distribution. - [`git-sign-for-cgit(1)`](git-sign-for-cgit.1): Generate a snapshot and store its [signify](https://www.openbsd.org/papers/bsdcan-signify.html) signature for diff --git a/git-init-acl b/git-init-acl new file mode 100755 index 0000000..50950b5 --- /dev/null +++ b/git-init-acl @@ -0,0 +1,36 @@ +#!/bin/sh + +set -e + +usage() { + printf "usage: git init-acl directory [user...]\n" >&2 + exit 1 +} + +acl_mask() { + # Set the ACL mask for the directory. The default mask will be inherited by + # new directories and files (where it will correctly be set to rw-) + setfacl -m "d:m:rwx,m:rwx" "$1" +} + +add_to_acl() { + # Recursively apply all necessary ACL settings as we may be reinitializing + # the git repository with additional authorised users. + # Take care *not* to recalculate the ACL mask (-n), since rwX translates to + # a mask of rwx even on non-directory files. + setfacl -Rnm "d:u:$2:rwX,u:$2:rwX" "$1" +} + +test $# -ge 1 || usage +dir=$1 +shift + +mkdir -p "$dir" + +acl_mask "$dir" + +for user in "$(id -un)" "$@"; do + add_to_acl "$dir" "$user" +done + +exec git init --bare "$dir" diff --git a/git-init-acl.1 b/git-init-acl.1 new file mode 100644 index 0000000..2bf8b12 --- /dev/null +++ b/git-init-acl.1 @@ -0,0 +1,42 @@ +.Dd July 19, 2021 +.Dt GIT-INIT-ACL 1 +.Os +.Sh NAME +.Nm git-init-acl +.Nd create and share a git repository amongst multiple users +.Sh SYNOPSIS +.Nm git init-acl +.Ar directory +.Op Ar user... +.Sh DESCRIPTION +.Nm +creates (or reinitializes) a git repository at +.Ar directory +and grants the owner and all other specified users write access to it. +Access rights are stored in POSIX Access Control Lists as per +.Xr acl 5 . +.Pp +It is safe to run this command on an already existing git repository. +Previously unauthorized users that are included in the subsequent +invocation will be granted write access. +.Pp +.Nm +only ever grants access. +If you need to remove access for a user, use the following +invocation of +.Xr setfacl 1 +instead: +.Bd -literal -offset indent +setfacl -Rnx 'u:,d:u:' +.Ed +.Sh SEE ALSO +.Xr getfacl 1 , +.Xr git 1 , +.Xr git-init 1 , +.Xr setfacl 1 , +.Xr acl 5 +.Sh AUTHORS +.An -nosplit +.Nm +was written by +.An Wolfgang Müller Aq Mt wolf@oriole.systems . diff --git a/git-init-shared b/git-init-shared deleted file mode 100755 index b0ffac5..0000000 --- a/git-init-shared +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/sh - -set -e - -usage() { - printf "usage: git init-shared directory [user...]\n" >&2 - exit 1 -} - -acl_mask() { - # Set the ACL mask for the directory. The default mask will be inherited by - # new directories and files (where it will correctly be set to rw-) - setfacl -m "d:m:rwx,m:rwx" "$1" -} - -add_to_acl() { - # Recursively apply all necessary ACL settings as we may be reinitializing - # the git repository with additional authorised users. - # Take care *not* to recalculate the ACL mask (-n), since rwX translates to - # a mask of rwx even on non-directory files. - setfacl -Rnm "d:u:$2:rwX,u:$2:rwX" "$1" -} - -test $# -ge 1 || usage -dir=$1 -shift - -mkdir -p "$dir" - -acl_mask "$dir" - -for user in "$(id -un)" "$@"; do - add_to_acl "$dir" "$user" -done - -exec git init --bare "$dir" diff --git a/git-init-shared.1 b/git-init-shared.1 deleted file mode 100644 index dfd9ffa..0000000 --- a/git-init-shared.1 +++ /dev/null @@ -1,42 +0,0 @@ -.Dd July 19, 2021 -.Dt GIT-INIT-SHARED 1 -.Os -.Sh NAME -.Nm git-init-shared -.Nd create and share a git repository amongst multiple users -.Sh SYNOPSIS -.Nm git init-shared -.Ar directory -.Op Ar user... -.Sh DESCRIPTION -.Nm -creates (or reinitializes) a git repository at -.Ar directory -and grants the owner and all other specified users write access to it. -Access rights are stored in POSIX Access Control Lists as per -.Xr acl 5 . -.Pp -It is safe to run this command on an already existing git repository. -Previously unauthorized users that are included in the subsequent -invocation will be granted write access. -.Pp -.Nm -only ever grants access. -If you need to remove access for a user, use the following -invocation of -.Xr setfacl 1 -instead: -.Bd -literal -offset indent -setfacl -Rnx 'u:,d:u:' -.Ed -.Sh SEE ALSO -.Xr getfacl 1 , -.Xr git 1 , -.Xr git-init 1 , -.Xr setfacl 1 , -.Xr acl 5 -.Sh AUTHORS -.An -nosplit -.Nm -was written by -.An Wolfgang Müller Aq Mt wolf@oriole.systems . -- cgit v1.2.3-2-gb3c3