feat: Add gix_testtools::umask, safe but only meant for tests

This implements a function for tests to safely read the current
process umask without the usual race condition of doing so, at the
expense of using subprocesses to do it. This just calls a shell and
runs `umask` from it (which is expected to be a builtin and, on
many systems, is available as a builtin but not an executable).

Even though this is safe, including thread-safe, it is unlikely to
be suitable for use outside of tests, because of its use of
`expect` and assertions when there are errors, combined with the
possibly slow speed of using subprocesses.

Given that this is effecitvely running a tiny shell script to do
the work, why is it not instead a fixture script that is named in
a `.gitignore` file so that it is not tracked? The reason is that
the outcomes of running such fixture scripts are still saved across
separate test runs, but it is useful to be able to run the tests
with differnt umasks, e.g. `(umask 077; cargo nextest run ...)`.

The immediate purpose is in forthcoming tests that, when checkout
sets +x on an existing file, it doesn't set excessive permissions.
The fix to pass such a test is not currently planned to use the
umask explicitly. But the tests will use it, at least to detect
when they cannot really verify the code under test on the grounds
that they are running with an excessively permissive umask that
doesn't allow behavior that only occurs with a generally reasonable
umask to be observed.

Author: EliahKagan

tests/tools/src/lib.rs

@@ -944,6 +944,19 @@ pub fn size_ok(actual_size: usize, expected_64_bit_size: usize) -> bool {
     return actual_size <= expected_64_bit_size;
 }
 
+/// Get the umask in a way that is safe, but may be too slow for use outside of tests.
+#[cfg(unix)]
+pub fn umask() -> u32 {
+    let output = std::process::Command::new("/bin/sh")
+        .args(["-c", "umask"])
+        .output()
+        .expect("can execute `sh -c umask`");
+    assert!(output.status.success(), "`sh -c umask` failed");
+    assert!(output.stderr.is_empty(), "`sh -c umask` unexpected message");
+    let text = output.stdout.trim_ascii().to_str().expect("valid Unicode");
+    u32::from_str_radix(text, 8).expect("parses as octal number")
+}
+
 #[cfg(test)]
 mod tests {
     use super::*;

tests/tools/src/main.rs

@@ -1,16 +1,25 @@
 use std::{fs, io, io::prelude::*, path::PathBuf};
+
 fn mess_in_the_middle(path: PathBuf) -> io::Result<()> {
     let mut file = fs::OpenOptions::new().read(false).write(true).open(path)?;
     file.seek(io::SeekFrom::Start(file.metadata()?.len() / 2))?;
     file.write_all(b"hello")?;
     Ok(())
 }
 
+#[cfg(unix)]
+fn umask() -> io::Result<()> {
+    println!("{:04o}", gix_testtools::umask());
+    Ok(())
+}
+
 fn main() -> Result<(), Box<dyn std::error::Error>> {
     let mut args = std::env::args().skip(1);
     let scmd = args.next().expect("sub command");
     match &*scmd {
         "mess-in-the-middle" => mess_in_the_middle(PathBuf::from(args.next().expect("path to file to mess with")))?,
+        #[cfg(unix)]
+        "umask" => umask()?,
         _ => unreachable!("Unknown subcommand: {}", scmd),
     };
     Ok(())

tests/tools/tests/umask.rs

@@ -0,0 +1,20 @@
+use std::fs::File;
+use std::io::{BufRead, BufReader};
+
+use bstr::ByteSlice;
+
+#[test]
+#[cfg(unix)]
+#[cfg_attr(not(target_os = "linux"), ignore = "The test itself uses /proc")]
+fn umask() {
+    // Check against the umask obtained via a less portable but also completely safe method.
+    let less_portable = BufReader::new(File::open("/proc/self/status").expect("can open"))
+        .split(b'\n')
+        .find_map(|line| line.expect("can read").strip_prefix(b"Umask:\t").map(ToOwned::to_owned))
+        .expect("has umask line")
+        .to_str()
+        .expect("umask line is valid UTF-8")
+        .to_owned();
+    let more_portable = format!("{:04o}", gix_testtools::umask());
+    assert_eq!(more_portable, less_portable);
+}