From d313ae60b0a712d7f2f1e8042f5b86e7f44b6adf Mon Sep 17 00:00:00 2001
From: Colin Walters <walters@verbum.org>
Date: Wed, 7 Jun 2017 13:18:04 -0400
Subject: [PATCH] repo/commit: Support group-writable files for bare-user-only

These exist in the wild for flatpak, and aren't really a problem. The canonical
permissions are still either `0755` or `0644`, we just support the additional
writable bit for the group (i.e. extend the set to include `0775` and `0664`)
now to avoid breaking some flatpak content.
---
 src/libostree/ostree-repo-commit.c |  4 ++--
 tests/test-basic-user-only.sh      | 14 +++++++++++++-
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/src/libostree/ostree-repo-commit.c b/src/libostree/ostree-repo-commit.c
index 3ecea29da3..729bc444fa 100644
--- a/src/libostree/ostree-repo-commit.c
+++ b/src/libostree/ostree-repo-commit.c
@@ -301,10 +301,10 @@ commit_loose_object_trusted (OstreeRepo        *self,
                self->mode == OSTREE_REPO_MODE_BARE_USER_ONLY
                && !object_is_symlink)
         {
-          guint32 invalid_modebits = (mode & ~S_IFMT) & ~0755;
+          guint32 invalid_modebits = (mode & ~S_IFMT) & ~0775;
           if (invalid_modebits > 0)
             return glnx_throw (error, "Invalid mode 0%04o with bits 0%04o in bare-user-only repository",
-                                   mode, invalid_modebits);
+                               mode, invalid_modebits);
 
           if (fchmod (fd, mode) < 0)
             return glnx_throw_errno_prefix (error, "fchmod");
diff --git a/tests/test-basic-user-only.sh b/tests/test-basic-user-only.sh
index 20f09749b7..36573874cd 100755
--- a/tests/test-basic-user-only.sh
+++ b/tests/test-basic-user-only.sh
@@ -22,7 +22,7 @@ set -euo pipefail
 . $(dirname $0)/libtest.sh
 
 setup_test_repository "bare-user-only"
-extra_basic_tests=1
+extra_basic_tests=2
 . $(dirname $0)/basic-test.sh
 
 # Reset things so we don't inherit a lot of state from earlier tests
@@ -47,3 +47,15 @@ if $CMD_PREFIX ostree pull-local --repo=repo repo-input 2>err.txt; then
 fi
 assert_file_has_content err.txt "Invalid mode.*with bits 040.*in bare-user-only"
 echo "ok failed to commit suid"
+
+cd ${test_tmpdir}
+rm repo-input -rf
+ostree --repo=repo-input init --mode=archive
+rm files -rf && mkdir files
+echo "a group writable file" > files/some-group-writable
+chmod 0664 files/some-group-writable
+$CMD_PREFIX ostree --repo=repo-input commit -b content-with-group-writable --tree=dir=files
+$CMD_PREFIX ostree pull-local --repo=repo repo-input
+$CMD_PREFIX ostree --repo=repo checkout -U -H content-with-group-writable groupwritable-co
+assert_file_has_mode groupwritable-co/some-group-writable 664
+echo "ok supported group writable"