kotovalexarian-likes-github/capistrano
1
0
Fork 0
mirror of https://github.com/capistrano/capistrano synced 2023-03-27 23:21:18 -04:00
Code Releases Activity

Restricting the uploaded git wrapper file permissions to 700.

Browse source 
Additional step in the 'Creating the repo' scenario to test this adjustment.
This commit is contained in:
Maciek Dubinski 2016-05-17 16:25:38 +02:00
parent 552eeaab63
commit b3f7c46c19
5 changed files with 12 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
CHANGELOG.md
View file

@ -6,6 +6,7 @@ Reverse Chronological Order:
https://github.com/capistrano/capistrano/compare/v3.5.0...HEAD https://github.com/capistrano/capistrano/compare/v3.5.0...HEAD
* Restrict the uploaded git wrapper script permissions to 700 (@irvingwashington)
* Make path to git wrapper script configurable (@thickpaddy) * Make path to git wrapper script configurable (@thickpaddy)
* Change git wrapper path to work better with multiple users (@thickpaddy) * Change git wrapper path to work better with multiple users (@thickpaddy)
* Make name of current directory configurable via configuration variable `:current_directory` (@websi) * Make name of current directory configurable via configuration variable `:current_directory` (@websi)

1
features/deploy.feature
View file

@ -8,6 +8,7 @@ Feature: Deploy
When I run cap "git:check" When I run cap "git:check"
Then the task is successful Then the task is successful
And references in the remote repo are listed And references in the remote repo are listed
And git wrapper permissions are 0700
Scenario: Creating the directory structure Scenario: Creating the directory structure
When I run cap "deploy:check:directories" When I run cap "deploy:check:directories"

5
features/step_definitions/assertions.rb
View file

@ -2,6 +2,11 @@ Then(/^references in the remote repo are listed$/) do
expect(@output).to include("refs/heads/master") expect(@output).to include("refs/heads/master")
end end
Then(/^git wrapper permissions are 0700$/) do
permissions_test = %Q([ $(stat -c "%a" #{TestApp.git_wrapper_path}) == "700" ])
expect(vagrant_cli_command("ssh -c '#{permissions_test}'")).to be_success
end
Then(/^the shared path is created$/) do Then(/^the shared path is created$/) do
run_vagrant_command(test_dir_exists(TestApp.shared_path)) run_vagrant_command(test_dir_exists(TestApp.shared_path))
end end

2
lib/capistrano/tasks/git.rake
View file

@ -22,7 +22,7 @@ namespace :git do
on release_roles :all do on release_roles :all do
execute :mkdir, "-p", File.dirname(fetch(:git_wrapper_path)) execute :mkdir, "-p", File.dirname(fetch(:git_wrapper_path))
upload! StringIO.new("#!/bin/sh -e\nexec /usr/bin/ssh -o PasswordAuthentication=no -o StrictHostKeyChecking=no \"$@\"\n"), fetch(:git_wrapper_path) upload! StringIO.new("#!/bin/sh -e\nexec /usr/bin/ssh -o PasswordAuthentication=no -o StrictHostKeyChecking=no \"$@\"\n"), fetch(:git_wrapper_path)
execute :chmod, "+rx", fetch(:git_wrapper_path) execute :chmod, "700", fetch(:git_wrapper_path)
end end
end end

4
spec/support/test_app.rb
View file

@ -175,4 +175,8 @@ module TestApp
FileUtils.mkdir_p(location) FileUtils.mkdir_p(location)
FileUtils.mv(config_path, location) FileUtils.mv(config_path, location)
end end
def git_wrapper_path
"/tmp/git-ssh-my_app_name-#{stage}-#{current_user}.sh"
end
end end