storage: filesystem, Fix permissions for loose and packed objs

pjbgf · pjbgf · commit 5d20a62c72b0 · 2026-02-24T23:41:28.000Z
Align behaviour with upstream and v6, whereby all loose and packed objects
are saved on disk as read-only as they are not meant to be modified due
to their nature, as they are content addressable files.

Signed-off-by: Paulo Gomes &lt;pjbgf@linux.com&gt;
diff --git a/go.mod b/go.mod
@@ -13,7 +13,7 @@ require (
 	github.com/emirpasic/gods v1.18.1
 	github.com/gliderlabs/ssh v0.3.8
 	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376
-	github.com/go-git/go-billy/v5 v5.6.2
+	github.com/go-git/go-billy/v5 v5.7.0
 	github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399
 	github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8
 	github.com/google/go-cmp v0.7.0
diff --git a/go.sum b/go.sum
@@ -25,8 +25,8 @@ github.com/gliderlabs/ssh v0.3.8 h1:a4YXD1V7xMF9g5nTkdfnja3Sxy1PVDCj1Zg4Wb8vY6c=
 github.com/gliderlabs/ssh v0.3.8/go.mod h1:xYoytBv1sV0aL3CavoDuJIQNURXkkfPA/wxQ1pL1fAU=
 github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI=
 github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic=
-github.com/go-git/go-billy/v5 v5.6.2 h1:6Q86EsPXMa7c3YZ3aLAQsMA0VlWmy43r6FHqa/UNbRM=
-github.com/go-git/go-billy/v5 v5.6.2/go.mod h1:rcFC2rAsp/erv7CMz9GczHcuD0D32fWzH+MJAU+jaUU=
+github.com/go-git/go-billy/v5 v5.7.0 h1:83lBUJhGWhYp0ngzCMSgllhUSuoHP1iEWYjsPl9nwqM=
+github.com/go-git/go-billy/v5 v5.7.0/go.mod h1:/1IUejTKH8xipsAcdfcSAlUlo2J7lkYV8GTKxAT/L3E=
 github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMje31YglSBqCdIqdhKBW8lokaMrL3uTkpGYlE2OOT4=
 github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399/go.mod h1:1OCfN199q1Jm3HZlxleg+Dw/mwps2Wbk9frAWm+4FII=
 github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 h1:f+oWsMOmNPc8JmEHVZIycC7hBoQxHH9pNKQORJNozsQ=
diff --git a/storage/filesystem/dotgit/writers.go b/storage/filesystem/dotgit/writers.go
@@ -3,13 +3,15 @@ package dotgit
 import (
 	"fmt"
 	"io"
+	"runtime"
 	"sync/atomic"
 
 	"github.com/go-git/go-git/v5/plumbing"
 	"github.com/go-git/go-git/v5/plumbing/format/idxfile"
 	"github.com/go-git/go-git/v5/plumbing/format/objfile"
 	"github.com/go-git/go-git/v5/plumbing/format/packfile"
 	"github.com/go-git/go-git/v5/plumbing/hash"
+	"github.com/go-git/go-git/v5/utils/trace"
 
 	"github.com/go-git/go-billy/v5"
 )
@@ -137,14 +139,22 @@ func (w *PackWriter) save() error {
 	}
 
 	if err := w.encodeIdx(idx); err != nil {
+		_ = idx.Close()
 		return err
 	}
 
 	if err := idx.Close(); err != nil {
 		return err
 	}
+	fixPermissions(w.fs, fmt.Sprintf("%s.idx", base))
 
-	return w.fs.Rename(w.fw.Name(), fmt.Sprintf("%s.pack", base))
+	packPath := fmt.Sprintf("%s.pack", base)
+	if err := w.fs.Rename(w.fw.Name(), packPath); err != nil {
+		return err
+	}
+	fixPermissions(w.fs, packPath)
+
+	return nil
 }
 
 func (w *PackWriter) encodeIdx(writer io.Writer) error {
@@ -281,5 +291,22 @@ func (w *ObjectWriter) save() error {
 	hex := w.Hash().String()
 	file := w.fs.Join(objectsPath, hex[0:2], hex[2:hash.HexSize])
 
-	return w.fs.Rename(w.f.Name(), file)
+	if err := w.fs.Rename(w.f.Name(), file); err != nil {
+		return err
+	}
+	fixPermissions(w.fs, file)
+
+	return nil
+}
+
+func fixPermissions(fs billy.Filesystem, path string) {
+	if runtime.GOOS == "windows" {
+		return
+	}
+
+	if chmodFS, ok := fs.(billy.Chmod); ok {
+		if err := chmodFS.Chmod(path, 0o444); err != nil {
+			trace.General.Printf("failed to chmod %s: %v", path, err)
+		}
+	}
 }
diff --git a/storage/filesystem/dotgit/writers_test.go b/storage/filesystem/dotgit/writers_test.go
@@ -5,12 +5,15 @@ import (
 	"io"
 	"os"
 	"strconv"
+	"testing"
 
 	"github.com/go-git/go-billy/v5/osfs"
 	"github.com/go-git/go-billy/v5/util"
 	"github.com/go-git/go-git/v5/plumbing"
 	"github.com/go-git/go-git/v5/plumbing/format/idxfile"
 	"github.com/go-git/go-git/v5/plumbing/format/packfile"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 
 	fixtures "github.com/go-git/go-git-fixtures/v4"
 	. "gopkg.in/check.v1"
@@ -135,3 +138,55 @@ func (s *SuiteDotGit) TestPackWriterUnusedNotify(c *C) {
 
 	c.Assert(w.Close(), IsNil)
 }
+
+func TestPackWriterPermissions(t *testing.T) {
+	t.Parallel()
+
+	f := fixtures.Basic().One()
+
+	fs := osfs.New(t.TempDir(), osfs.WithBoundOS())
+	dot := New(fs)
+	require.NoError(t, dot.Initialize())
+
+	w, err := dot.NewObjectPack()
+	require.NoError(t, err)
+
+	_, err = io.Copy(w, f.Packfile())
+	require.NoError(t, err)
+
+	require.NoError(t, w.Close())
+
+	pfPath := fmt.Sprintf("objects/pack/pack-%s.pack", f.PackfileHash)
+	idxPath := fmt.Sprintf("objects/pack/pack-%s.idx", f.PackfileHash)
+
+	stat, err := fs.Stat(pfPath)
+	require.NoError(t, err)
+	assert.Equal(t, os.FileMode(0o444), stat.Mode().Perm())
+
+	stat, err = fs.Stat(idxPath)
+	require.NoError(t, err)
+	assert.Equal(t, os.FileMode(0o444), stat.Mode().Perm())
+}
+
+func TestObjectWriterPermissions(t *testing.T) {
+	t.Parallel()
+
+	fs := osfs.New(t.TempDir(), osfs.WithBoundOS())
+	dot := New(fs)
+	require.NoError(t, dot.Initialize())
+
+	w, err := dot.NewObject()
+	require.NoError(t, err)
+
+	err = w.WriteHeader(plumbing.BlobObject, 14)
+	require.NoError(t, err)
+
+	_, err = w.Write([]byte("this is a test"))
+	require.NoError(t, err)
+
+	require.NoError(t, w.Close())
+
+	stat, err := fs.Stat("objects/a8/a940627d132695a9769df883f85992f0ff4a43")
+	require.NoError(t, err)
+	assert.Equal(t, os.FileMode(0o444), stat.Mode().Perm())
+}
