]>
Commit | Line | Data |
---|---|---|
1 | #include "git-compat-util.h" | |
2 | #include "abspath.h" | |
3 | #include "copy.h" | |
4 | #include "environment.h" | |
5 | #include "exec-cmd.h" | |
6 | #include "gettext.h" | |
7 | #include "object-name.h" | |
8 | #include "refs.h" | |
9 | #include "repository.h" | |
10 | #include "config.h" | |
11 | #include "dir.h" | |
12 | #include "setup.h" | |
13 | #include "string-list.h" | |
14 | #include "chdir-notify.h" | |
15 | #include "path.h" | |
16 | #include "promisor-remote.h" | |
17 | #include "quote.h" | |
18 | #include "trace2.h" | |
19 | #include "worktree.h" | |
20 | ||
21 | static int inside_git_dir = -1; | |
22 | static int inside_work_tree = -1; | |
23 | static int work_tree_config_is_bogus; | |
24 | enum allowed_bare_repo { | |
25 | ALLOWED_BARE_REPO_EXPLICIT = 0, | |
26 | ALLOWED_BARE_REPO_ALL, | |
27 | }; | |
28 | ||
29 | static struct startup_info the_startup_info; | |
30 | struct startup_info *startup_info = &the_startup_info; | |
31 | const char *tmp_original_cwd; | |
32 | ||
33 | /* | |
34 | * The input parameter must contain an absolute path, and it must already be | |
35 | * normalized. | |
36 | * | |
37 | * Find the part of an absolute path that lies inside the work tree by | |
38 | * dereferencing symlinks outside the work tree, for example: | |
39 | * /dir1/repo/dir2/file (work tree is /dir1/repo) -> dir2/file | |
40 | * /dir/file (work tree is /) -> dir/file | |
41 | * /dir/symlink1/symlink2 (symlink1 points to work tree) -> symlink2 | |
42 | * /dir/repolink/file (repolink points to /dir/repo) -> file | |
43 | * /dir/repo (exactly equal to work tree) -> (empty string) | |
44 | */ | |
45 | static int abspath_part_inside_repo(char *path) | |
46 | { | |
47 | size_t len; | |
48 | size_t wtlen; | |
49 | char *path0; | |
50 | int off; | |
51 | const char *work_tree = get_git_work_tree(); | |
52 | struct strbuf realpath = STRBUF_INIT; | |
53 | ||
54 | if (!work_tree) | |
55 | return -1; | |
56 | wtlen = strlen(work_tree); | |
57 | len = strlen(path); | |
58 | off = offset_1st_component(path); | |
59 | ||
60 | /* check if work tree is already the prefix */ | |
61 | if (wtlen <= len && !fspathncmp(path, work_tree, wtlen)) { | |
62 | if (path[wtlen] == '/') { | |
63 | memmove(path, path + wtlen + 1, len - wtlen); | |
64 | return 0; | |
65 | } else if (path[wtlen - 1] == '/' || path[wtlen] == '\0') { | |
66 | /* work tree is the root, or the whole path */ | |
67 | memmove(path, path + wtlen, len - wtlen + 1); | |
68 | return 0; | |
69 | } | |
70 | /* work tree might match beginning of a symlink to work tree */ | |
71 | off = wtlen; | |
72 | } | |
73 | path0 = path; | |
74 | path += off; | |
75 | ||
76 | /* check each '/'-terminated level */ | |
77 | while (*path) { | |
78 | path++; | |
79 | if (*path == '/') { | |
80 | *path = '\0'; | |
81 | strbuf_realpath(&realpath, path0, 1); | |
82 | if (fspathcmp(realpath.buf, work_tree) == 0) { | |
83 | memmove(path0, path + 1, len - (path - path0)); | |
84 | strbuf_release(&realpath); | |
85 | return 0; | |
86 | } | |
87 | *path = '/'; | |
88 | } | |
89 | } | |
90 | ||
91 | /* check whole path */ | |
92 | strbuf_realpath(&realpath, path0, 1); | |
93 | if (fspathcmp(realpath.buf, work_tree) == 0) { | |
94 | *path0 = '\0'; | |
95 | strbuf_release(&realpath); | |
96 | return 0; | |
97 | } | |
98 | ||
99 | strbuf_release(&realpath); | |
100 | return -1; | |
101 | } | |
102 | ||
103 | /* | |
104 | * Normalize "path", prepending the "prefix" for relative paths. If | |
105 | * remaining_prefix is not NULL, return the actual prefix still | |
106 | * remains in the path. For example, prefix = sub1/sub2/ and path is | |
107 | * | |
108 | * foo -> sub1/sub2/foo (full prefix) | |
109 | * ../foo -> sub1/foo (remaining prefix is sub1/) | |
110 | * ../../bar -> bar (no remaining prefix) | |
111 | * ../../sub1/sub2/foo -> sub1/sub2/foo (but no remaining prefix) | |
112 | * `pwd`/../bar -> sub1/bar (no remaining prefix) | |
113 | */ | |
114 | char *prefix_path_gently(const char *prefix, int len, | |
115 | int *remaining_prefix, const char *path) | |
116 | { | |
117 | const char *orig = path; | |
118 | char *sanitized; | |
119 | if (is_absolute_path(orig)) { | |
120 | sanitized = xmallocz(strlen(path)); | |
121 | if (remaining_prefix) | |
122 | *remaining_prefix = 0; | |
123 | if (normalize_path_copy_len(sanitized, path, remaining_prefix)) { | |
124 | free(sanitized); | |
125 | return NULL; | |
126 | } | |
127 | if (abspath_part_inside_repo(sanitized)) { | |
128 | free(sanitized); | |
129 | return NULL; | |
130 | } | |
131 | } else { | |
132 | sanitized = xstrfmt("%.*s%s", len, len ? prefix : "", path); | |
133 | if (remaining_prefix) | |
134 | *remaining_prefix = len; | |
135 | if (normalize_path_copy_len(sanitized, sanitized, remaining_prefix)) { | |
136 | free(sanitized); | |
137 | return NULL; | |
138 | } | |
139 | } | |
140 | return sanitized; | |
141 | } | |
142 | ||
143 | char *prefix_path(const char *prefix, int len, const char *path) | |
144 | { | |
145 | char *r = prefix_path_gently(prefix, len, NULL, path); | |
146 | if (!r) { | |
147 | const char *hint_path = get_git_work_tree(); | |
148 | if (!hint_path) | |
149 | hint_path = get_git_dir(); | |
150 | die(_("'%s' is outside repository at '%s'"), path, | |
151 | absolute_path(hint_path)); | |
152 | } | |
153 | return r; | |
154 | } | |
155 | ||
156 | int path_inside_repo(const char *prefix, const char *path) | |
157 | { | |
158 | int len = prefix ? strlen(prefix) : 0; | |
159 | char *r = prefix_path_gently(prefix, len, NULL, path); | |
160 | if (r) { | |
161 | free(r); | |
162 | return 1; | |
163 | } | |
164 | return 0; | |
165 | } | |
166 | ||
167 | int check_filename(const char *prefix, const char *arg) | |
168 | { | |
169 | char *to_free = NULL; | |
170 | struct stat st; | |
171 | ||
172 | if (skip_prefix(arg, ":/", &arg)) { | |
173 | if (!*arg) /* ":/" is root dir, always exists */ | |
174 | return 1; | |
175 | prefix = NULL; | |
176 | } else if (skip_prefix(arg, ":!", &arg) || | |
177 | skip_prefix(arg, ":^", &arg)) { | |
178 | if (!*arg) /* excluding everything is silly, but allowed */ | |
179 | return 1; | |
180 | } | |
181 | ||
182 | if (prefix) | |
183 | arg = to_free = prefix_filename(prefix, arg); | |
184 | ||
185 | if (!lstat(arg, &st)) { | |
186 | free(to_free); | |
187 | return 1; /* file exists */ | |
188 | } | |
189 | if (is_missing_file_error(errno)) { | |
190 | free(to_free); | |
191 | return 0; /* file does not exist */ | |
192 | } | |
193 | die_errno(_("failed to stat '%s'"), arg); | |
194 | } | |
195 | ||
196 | static void NORETURN die_verify_filename(struct repository *r, | |
197 | const char *prefix, | |
198 | const char *arg, | |
199 | int diagnose_misspelt_rev) | |
200 | { | |
201 | if (!diagnose_misspelt_rev) | |
202 | die(_("%s: no such path in the working tree.\n" | |
203 | "Use 'git <command> -- <path>...' to specify paths that do not exist locally."), | |
204 | arg); | |
205 | /* | |
206 | * Saying "'(icase)foo' does not exist in the index" when the | |
207 | * user gave us ":(icase)foo" is just stupid. A magic pathspec | |
208 | * begins with a colon and is followed by a non-alnum; do not | |
209 | * let maybe_die_on_misspelt_object_name() even trigger. | |
210 | */ | |
211 | if (!(arg[0] == ':' && !isalnum(arg[1]))) | |
212 | maybe_die_on_misspelt_object_name(r, arg, prefix); | |
213 | ||
214 | /* ... or fall back the most general message. */ | |
215 | die(_("ambiguous argument '%s': unknown revision or path not in the working tree.\n" | |
216 | "Use '--' to separate paths from revisions, like this:\n" | |
217 | "'git <command> [<revision>...] -- [<file>...]'"), arg); | |
218 | ||
219 | } | |
220 | ||
221 | /* | |
222 | * Check for arguments that don't resolve as actual files, | |
223 | * but which look sufficiently like pathspecs that we'll consider | |
224 | * them such for the purposes of rev/pathspec DWIM parsing. | |
225 | */ | |
226 | static int looks_like_pathspec(const char *arg) | |
227 | { | |
228 | const char *p; | |
229 | int escaped = 0; | |
230 | ||
231 | /* | |
232 | * Wildcard characters imply the user is looking to match pathspecs | |
233 | * that aren't in the filesystem. Note that this doesn't include | |
234 | * backslash even though it's a glob special; by itself it doesn't | |
235 | * cause any increase in the match. Likewise ignore backslash-escaped | |
236 | * wildcard characters. | |
237 | */ | |
238 | for (p = arg; *p; p++) { | |
239 | if (escaped) { | |
240 | escaped = 0; | |
241 | } else if (is_glob_special(*p)) { | |
242 | if (*p == '\\') | |
243 | escaped = 1; | |
244 | else | |
245 | return 1; | |
246 | } | |
247 | } | |
248 | ||
249 | /* long-form pathspec magic */ | |
250 | if (starts_with(arg, ":(")) | |
251 | return 1; | |
252 | ||
253 | return 0; | |
254 | } | |
255 | ||
256 | /* | |
257 | * Verify a filename that we got as an argument for a pathspec | |
258 | * entry. Note that a filename that begins with "-" never verifies | |
259 | * as true, because even if such a filename were to exist, we want | |
260 | * it to be preceded by the "--" marker (or we want the user to | |
261 | * use a format like "./-filename") | |
262 | * | |
263 | * The "diagnose_misspelt_rev" is used to provide a user-friendly | |
264 | * diagnosis when dying upon finding that "name" is not a pathname. | |
265 | * If set to 1, the diagnosis will try to diagnose "name" as an | |
266 | * invalid object name (e.g. HEAD:foo). If set to 0, the diagnosis | |
267 | * will only complain about an inexisting file. | |
268 | * | |
269 | * This function is typically called to check that a "file or rev" | |
270 | * argument is unambiguous. In this case, the caller will want | |
271 | * diagnose_misspelt_rev == 1 when verifying the first non-rev | |
272 | * argument (which could have been a revision), and | |
273 | * diagnose_misspelt_rev == 0 for the next ones (because we already | |
274 | * saw a filename, there's not ambiguity anymore). | |
275 | */ | |
276 | void verify_filename(const char *prefix, | |
277 | const char *arg, | |
278 | int diagnose_misspelt_rev) | |
279 | { | |
280 | if (*arg == '-') | |
281 | die(_("option '%s' must come before non-option arguments"), arg); | |
282 | if (looks_like_pathspec(arg) || check_filename(prefix, arg)) | |
283 | return; | |
284 | die_verify_filename(the_repository, prefix, arg, diagnose_misspelt_rev); | |
285 | } | |
286 | ||
287 | /* | |
288 | * Opposite of the above: the command line did not have -- marker | |
289 | * and we parsed the arg as a refname. It should not be interpretable | |
290 | * as a filename. | |
291 | */ | |
292 | void verify_non_filename(const char *prefix, const char *arg) | |
293 | { | |
294 | if (!is_inside_work_tree() || is_inside_git_dir()) | |
295 | return; | |
296 | if (*arg == '-') | |
297 | return; /* flag */ | |
298 | if (!check_filename(prefix, arg)) | |
299 | return; | |
300 | die(_("ambiguous argument '%s': both revision and filename\n" | |
301 | "Use '--' to separate paths from revisions, like this:\n" | |
302 | "'git <command> [<revision>...] -- [<file>...]'"), arg); | |
303 | } | |
304 | ||
305 | int get_common_dir(struct strbuf *sb, const char *gitdir) | |
306 | { | |
307 | const char *git_env_common_dir = getenv(GIT_COMMON_DIR_ENVIRONMENT); | |
308 | if (git_env_common_dir) { | |
309 | strbuf_addstr(sb, git_env_common_dir); | |
310 | return 1; | |
311 | } else { | |
312 | return get_common_dir_noenv(sb, gitdir); | |
313 | } | |
314 | } | |
315 | ||
316 | int get_common_dir_noenv(struct strbuf *sb, const char *gitdir) | |
317 | { | |
318 | struct strbuf data = STRBUF_INIT; | |
319 | struct strbuf path = STRBUF_INIT; | |
320 | int ret = 0; | |
321 | ||
322 | strbuf_addf(&path, "%s/commondir", gitdir); | |
323 | if (file_exists(path.buf)) { | |
324 | if (strbuf_read_file(&data, path.buf, 0) <= 0) | |
325 | die_errno(_("failed to read %s"), path.buf); | |
326 | while (data.len && (data.buf[data.len - 1] == '\n' || | |
327 | data.buf[data.len - 1] == '\r')) | |
328 | data.len--; | |
329 | data.buf[data.len] = '\0'; | |
330 | strbuf_reset(&path); | |
331 | if (!is_absolute_path(data.buf)) | |
332 | strbuf_addf(&path, "%s/", gitdir); | |
333 | strbuf_addbuf(&path, &data); | |
334 | strbuf_add_real_path(sb, path.buf); | |
335 | ret = 1; | |
336 | } else { | |
337 | strbuf_addstr(sb, gitdir); | |
338 | } | |
339 | ||
340 | strbuf_release(&data); | |
341 | strbuf_release(&path); | |
342 | return ret; | |
343 | } | |
344 | ||
345 | /* | |
346 | * Test if it looks like we're at a git directory. | |
347 | * We want to see: | |
348 | * | |
349 | * - either an objects/ directory _or_ the proper | |
350 | * GIT_OBJECT_DIRECTORY environment variable | |
351 | * - a refs/ directory | |
352 | * - either a HEAD symlink or a HEAD file that is formatted as | |
353 | * a proper "ref:", or a regular file HEAD that has a properly | |
354 | * formatted sha1 object name. | |
355 | */ | |
356 | int is_git_directory(const char *suspect) | |
357 | { | |
358 | struct strbuf path = STRBUF_INIT; | |
359 | int ret = 0; | |
360 | size_t len; | |
361 | ||
362 | /* Check worktree-related signatures */ | |
363 | strbuf_addstr(&path, suspect); | |
364 | strbuf_complete(&path, '/'); | |
365 | strbuf_addstr(&path, "HEAD"); | |
366 | if (validate_headref(path.buf)) | |
367 | goto done; | |
368 | ||
369 | strbuf_reset(&path); | |
370 | get_common_dir(&path, suspect); | |
371 | len = path.len; | |
372 | ||
373 | /* Check non-worktree-related signatures */ | |
374 | if (getenv(DB_ENVIRONMENT)) { | |
375 | if (access(getenv(DB_ENVIRONMENT), X_OK)) | |
376 | goto done; | |
377 | } | |
378 | else { | |
379 | strbuf_setlen(&path, len); | |
380 | strbuf_addstr(&path, "/objects"); | |
381 | if (access(path.buf, X_OK)) | |
382 | goto done; | |
383 | } | |
384 | ||
385 | strbuf_setlen(&path, len); | |
386 | strbuf_addstr(&path, "/refs"); | |
387 | if (access(path.buf, X_OK)) | |
388 | goto done; | |
389 | ||
390 | ret = 1; | |
391 | done: | |
392 | strbuf_release(&path); | |
393 | return ret; | |
394 | } | |
395 | ||
396 | int is_nonbare_repository_dir(struct strbuf *path) | |
397 | { | |
398 | int ret = 0; | |
399 | int gitfile_error; | |
400 | size_t orig_path_len = path->len; | |
401 | assert(orig_path_len != 0); | |
402 | strbuf_complete(path, '/'); | |
403 | strbuf_addstr(path, ".git"); | |
404 | if (read_gitfile_gently(path->buf, &gitfile_error) || is_git_directory(path->buf)) | |
405 | ret = 1; | |
406 | if (gitfile_error == READ_GITFILE_ERR_OPEN_FAILED || | |
407 | gitfile_error == READ_GITFILE_ERR_READ_FAILED) | |
408 | ret = 1; | |
409 | strbuf_setlen(path, orig_path_len); | |
410 | return ret; | |
411 | } | |
412 | ||
413 | int is_inside_git_dir(void) | |
414 | { | |
415 | if (inside_git_dir < 0) | |
416 | inside_git_dir = is_inside_dir(get_git_dir()); | |
417 | return inside_git_dir; | |
418 | } | |
419 | ||
420 | int is_inside_work_tree(void) | |
421 | { | |
422 | if (inside_work_tree < 0) | |
423 | inside_work_tree = is_inside_dir(get_git_work_tree()); | |
424 | return inside_work_tree; | |
425 | } | |
426 | ||
427 | void setup_work_tree(void) | |
428 | { | |
429 | const char *work_tree; | |
430 | static int initialized = 0; | |
431 | ||
432 | if (initialized) | |
433 | return; | |
434 | ||
435 | if (work_tree_config_is_bogus) | |
436 | die(_("unable to set up work tree using invalid config")); | |
437 | ||
438 | work_tree = get_git_work_tree(); | |
439 | if (!work_tree || chdir_notify(work_tree)) | |
440 | die(_("this operation must be run in a work tree")); | |
441 | ||
442 | /* | |
443 | * Make sure subsequent git processes find correct worktree | |
444 | * if $GIT_WORK_TREE is set relative | |
445 | */ | |
446 | if (getenv(GIT_WORK_TREE_ENVIRONMENT)) | |
447 | setenv(GIT_WORK_TREE_ENVIRONMENT, ".", 1); | |
448 | ||
449 | initialized = 1; | |
450 | } | |
451 | ||
452 | static void setup_original_cwd(void) | |
453 | { | |
454 | struct strbuf tmp = STRBUF_INIT; | |
455 | const char *worktree = NULL; | |
456 | int offset = -1; | |
457 | ||
458 | if (!tmp_original_cwd) | |
459 | return; | |
460 | ||
461 | /* | |
462 | * startup_info->original_cwd points to the current working | |
463 | * directory we inherited from our parent process, which is a | |
464 | * directory we want to avoid removing. | |
465 | * | |
466 | * For convience, we would like to have the path relative to the | |
467 | * worktree instead of an absolute path. | |
468 | * | |
469 | * Yes, startup_info->original_cwd is usually the same as 'prefix', | |
470 | * but differs in two ways: | |
471 | * - prefix has a trailing '/' | |
472 | * - if the user passes '-C' to git, that modifies the prefix but | |
473 | * not startup_info->original_cwd. | |
474 | */ | |
475 | ||
476 | /* Normalize the directory */ | |
477 | if (!strbuf_realpath(&tmp, tmp_original_cwd, 0)) { | |
478 | trace2_data_string("setup", the_repository, | |
479 | "realpath-path", tmp_original_cwd); | |
480 | trace2_data_string("setup", the_repository, | |
481 | "realpath-failure", strerror(errno)); | |
482 | free((char*)tmp_original_cwd); | |
483 | tmp_original_cwd = NULL; | |
484 | return; | |
485 | } | |
486 | ||
487 | free((char*)tmp_original_cwd); | |
488 | tmp_original_cwd = NULL; | |
489 | startup_info->original_cwd = strbuf_detach(&tmp, NULL); | |
490 | ||
491 | /* | |
492 | * Get our worktree; we only protect the current working directory | |
493 | * if it's in the worktree. | |
494 | */ | |
495 | worktree = get_git_work_tree(); | |
496 | if (!worktree) | |
497 | goto no_prevention_needed; | |
498 | ||
499 | offset = dir_inside_of(startup_info->original_cwd, worktree); | |
500 | if (offset >= 0) { | |
501 | /* | |
502 | * If startup_info->original_cwd == worktree, that is already | |
503 | * protected and we don't need original_cwd as a secondary | |
504 | * protection measure. | |
505 | */ | |
506 | if (!*(startup_info->original_cwd + offset)) | |
507 | goto no_prevention_needed; | |
508 | ||
509 | /* | |
510 | * original_cwd was inside worktree; precompose it just as | |
511 | * we do prefix so that built up paths will match | |
512 | */ | |
513 | startup_info->original_cwd = \ | |
514 | precompose_string_if_needed(startup_info->original_cwd | |
515 | + offset); | |
516 | return; | |
517 | } | |
518 | ||
519 | no_prevention_needed: | |
520 | free((char*)startup_info->original_cwd); | |
521 | startup_info->original_cwd = NULL; | |
522 | } | |
523 | ||
524 | static int read_worktree_config(const char *var, const char *value, | |
525 | const struct config_context *ctx UNUSED, | |
526 | void *vdata) | |
527 | { | |
528 | struct repository_format *data = vdata; | |
529 | ||
530 | if (strcmp(var, "core.bare") == 0) { | |
531 | data->is_bare = git_config_bool(var, value); | |
532 | } else if (strcmp(var, "core.worktree") == 0) { | |
533 | if (!value) | |
534 | return config_error_nonbool(var); | |
535 | free(data->work_tree); | |
536 | data->work_tree = xstrdup(value); | |
537 | } | |
538 | return 0; | |
539 | } | |
540 | ||
541 | enum extension_result { | |
542 | EXTENSION_ERROR = -1, /* compatible with error(), etc */ | |
543 | EXTENSION_UNKNOWN = 0, | |
544 | EXTENSION_OK = 1 | |
545 | }; | |
546 | ||
547 | /* | |
548 | * Do not add new extensions to this function. It handles extensions which are | |
549 | * respected even in v0-format repositories for historical compatibility. | |
550 | */ | |
551 | static enum extension_result handle_extension_v0(const char *var, | |
552 | const char *value, | |
553 | const char *ext, | |
554 | struct repository_format *data) | |
555 | { | |
556 | if (!strcmp(ext, "noop")) { | |
557 | return EXTENSION_OK; | |
558 | } else if (!strcmp(ext, "preciousobjects")) { | |
559 | data->precious_objects = git_config_bool(var, value); | |
560 | return EXTENSION_OK; | |
561 | } else if (!strcmp(ext, "partialclone")) { | |
562 | if (!value) | |
563 | return config_error_nonbool(var); | |
564 | data->partial_clone = xstrdup(value); | |
565 | return EXTENSION_OK; | |
566 | } else if (!strcmp(ext, "worktreeconfig")) { | |
567 | data->worktree_config = git_config_bool(var, value); | |
568 | return EXTENSION_OK; | |
569 | } | |
570 | ||
571 | return EXTENSION_UNKNOWN; | |
572 | } | |
573 | ||
574 | /* | |
575 | * Record any new extensions in this function. | |
576 | */ | |
577 | static enum extension_result handle_extension(const char *var, | |
578 | const char *value, | |
579 | const char *ext, | |
580 | struct repository_format *data) | |
581 | { | |
582 | if (!strcmp(ext, "noop-v1")) { | |
583 | return EXTENSION_OK; | |
584 | } else if (!strcmp(ext, "objectformat")) { | |
585 | int format; | |
586 | ||
587 | if (!value) | |
588 | return config_error_nonbool(var); | |
589 | format = hash_algo_by_name(value); | |
590 | if (format == GIT_HASH_UNKNOWN) | |
591 | return error(_("invalid value for '%s': '%s'"), | |
592 | "extensions.objectformat", value); | |
593 | data->hash_algo = format; | |
594 | return EXTENSION_OK; | |
595 | } | |
596 | return EXTENSION_UNKNOWN; | |
597 | } | |
598 | ||
599 | static int check_repo_format(const char *var, const char *value, | |
600 | const struct config_context *ctx, void *vdata) | |
601 | { | |
602 | struct repository_format *data = vdata; | |
603 | const char *ext; | |
604 | ||
605 | if (strcmp(var, "core.repositoryformatversion") == 0) | |
606 | data->version = git_config_int(var, value, ctx->kvi); | |
607 | else if (skip_prefix(var, "extensions.", &ext)) { | |
608 | switch (handle_extension_v0(var, value, ext, data)) { | |
609 | case EXTENSION_ERROR: | |
610 | return -1; | |
611 | case EXTENSION_OK: | |
612 | return 0; | |
613 | case EXTENSION_UNKNOWN: | |
614 | break; | |
615 | } | |
616 | ||
617 | switch (handle_extension(var, value, ext, data)) { | |
618 | case EXTENSION_ERROR: | |
619 | return -1; | |
620 | case EXTENSION_OK: | |
621 | string_list_append(&data->v1_only_extensions, ext); | |
622 | return 0; | |
623 | case EXTENSION_UNKNOWN: | |
624 | string_list_append(&data->unknown_extensions, ext); | |
625 | return 0; | |
626 | } | |
627 | } | |
628 | ||
629 | return read_worktree_config(var, value, ctx, vdata); | |
630 | } | |
631 | ||
632 | static int check_repository_format_gently(const char *gitdir, struct repository_format *candidate, int *nongit_ok) | |
633 | { | |
634 | struct strbuf sb = STRBUF_INIT; | |
635 | struct strbuf err = STRBUF_INIT; | |
636 | int has_common; | |
637 | ||
638 | has_common = get_common_dir(&sb, gitdir); | |
639 | strbuf_addstr(&sb, "/config"); | |
640 | read_repository_format(candidate, sb.buf); | |
641 | strbuf_release(&sb); | |
642 | ||
643 | /* | |
644 | * For historical use of check_repository_format() in git-init, | |
645 | * we treat a missing config as a silent "ok", even when nongit_ok | |
646 | * is unset. | |
647 | */ | |
648 | if (candidate->version < 0) | |
649 | return 0; | |
650 | ||
651 | if (verify_repository_format(candidate, &err) < 0) { | |
652 | if (nongit_ok) { | |
653 | warning("%s", err.buf); | |
654 | strbuf_release(&err); | |
655 | *nongit_ok = -1; | |
656 | return -1; | |
657 | } | |
658 | die("%s", err.buf); | |
659 | } | |
660 | ||
661 | repository_format_precious_objects = candidate->precious_objects; | |
662 | string_list_clear(&candidate->unknown_extensions, 0); | |
663 | string_list_clear(&candidate->v1_only_extensions, 0); | |
664 | ||
665 | if (candidate->worktree_config) { | |
666 | /* | |
667 | * pick up core.bare and core.worktree from per-worktree | |
668 | * config if present | |
669 | */ | |
670 | strbuf_addf(&sb, "%s/config.worktree", gitdir); | |
671 | git_config_from_file(read_worktree_config, sb.buf, candidate); | |
672 | strbuf_release(&sb); | |
673 | has_common = 0; | |
674 | } | |
675 | ||
676 | if (!has_common) { | |
677 | if (candidate->is_bare != -1) { | |
678 | is_bare_repository_cfg = candidate->is_bare; | |
679 | if (is_bare_repository_cfg == 1) | |
680 | inside_work_tree = -1; | |
681 | } | |
682 | if (candidate->work_tree) { | |
683 | free(git_work_tree_cfg); | |
684 | git_work_tree_cfg = xstrdup(candidate->work_tree); | |
685 | inside_work_tree = -1; | |
686 | } | |
687 | } | |
688 | ||
689 | return 0; | |
690 | } | |
691 | ||
692 | int upgrade_repository_format(int target_version) | |
693 | { | |
694 | struct strbuf sb = STRBUF_INIT; | |
695 | struct strbuf err = STRBUF_INIT; | |
696 | struct strbuf repo_version = STRBUF_INIT; | |
697 | struct repository_format repo_fmt = REPOSITORY_FORMAT_INIT; | |
698 | int ret; | |
699 | ||
700 | strbuf_git_common_path(&sb, the_repository, "config"); | |
701 | read_repository_format(&repo_fmt, sb.buf); | |
702 | strbuf_release(&sb); | |
703 | ||
704 | if (repo_fmt.version >= target_version) { | |
705 | ret = 0; | |
706 | goto out; | |
707 | } | |
708 | ||
709 | if (verify_repository_format(&repo_fmt, &err) < 0) { | |
710 | ret = error("cannot upgrade repository format from %d to %d: %s", | |
711 | repo_fmt.version, target_version, err.buf); | |
712 | goto out; | |
713 | } | |
714 | if (!repo_fmt.version && repo_fmt.unknown_extensions.nr) { | |
715 | ret = error("cannot upgrade repository format: " | |
716 | "unknown extension %s", | |
717 | repo_fmt.unknown_extensions.items[0].string); | |
718 | goto out; | |
719 | } | |
720 | ||
721 | strbuf_addf(&repo_version, "%d", target_version); | |
722 | git_config_set("core.repositoryformatversion", repo_version.buf); | |
723 | ||
724 | ret = 1; | |
725 | ||
726 | out: | |
727 | clear_repository_format(&repo_fmt); | |
728 | strbuf_release(&repo_version); | |
729 | strbuf_release(&err); | |
730 | return ret; | |
731 | } | |
732 | ||
733 | static void init_repository_format(struct repository_format *format) | |
734 | { | |
735 | const struct repository_format fresh = REPOSITORY_FORMAT_INIT; | |
736 | ||
737 | memcpy(format, &fresh, sizeof(fresh)); | |
738 | } | |
739 | ||
740 | int read_repository_format(struct repository_format *format, const char *path) | |
741 | { | |
742 | clear_repository_format(format); | |
743 | git_config_from_file(check_repo_format, path, format); | |
744 | if (format->version == -1) | |
745 | clear_repository_format(format); | |
746 | return format->version; | |
747 | } | |
748 | ||
749 | void clear_repository_format(struct repository_format *format) | |
750 | { | |
751 | string_list_clear(&format->unknown_extensions, 0); | |
752 | string_list_clear(&format->v1_only_extensions, 0); | |
753 | free(format->work_tree); | |
754 | free(format->partial_clone); | |
755 | init_repository_format(format); | |
756 | } | |
757 | ||
758 | int verify_repository_format(const struct repository_format *format, | |
759 | struct strbuf *err) | |
760 | { | |
761 | if (GIT_REPO_VERSION_READ < format->version) { | |
762 | strbuf_addf(err, _("Expected git repo version <= %d, found %d"), | |
763 | GIT_REPO_VERSION_READ, format->version); | |
764 | return -1; | |
765 | } | |
766 | ||
767 | if (format->version >= 1 && format->unknown_extensions.nr) { | |
768 | int i; | |
769 | ||
770 | strbuf_addstr(err, Q_("unknown repository extension found:", | |
771 | "unknown repository extensions found:", | |
772 | format->unknown_extensions.nr)); | |
773 | ||
774 | for (i = 0; i < format->unknown_extensions.nr; i++) | |
775 | strbuf_addf(err, "\n\t%s", | |
776 | format->unknown_extensions.items[i].string); | |
777 | return -1; | |
778 | } | |
779 | ||
780 | if (format->version == 0 && format->v1_only_extensions.nr) { | |
781 | int i; | |
782 | ||
783 | strbuf_addstr(err, | |
784 | Q_("repo version is 0, but v1-only extension found:", | |
785 | "repo version is 0, but v1-only extensions found:", | |
786 | format->v1_only_extensions.nr)); | |
787 | ||
788 | for (i = 0; i < format->v1_only_extensions.nr; i++) | |
789 | strbuf_addf(err, "\n\t%s", | |
790 | format->v1_only_extensions.items[i].string); | |
791 | return -1; | |
792 | } | |
793 | ||
794 | return 0; | |
795 | } | |
796 | ||
797 | void read_gitfile_error_die(int error_code, const char *path, const char *dir) | |
798 | { | |
799 | switch (error_code) { | |
800 | case READ_GITFILE_ERR_STAT_FAILED: | |
801 | case READ_GITFILE_ERR_NOT_A_FILE: | |
802 | /* non-fatal; follow return path */ | |
803 | break; | |
804 | case READ_GITFILE_ERR_OPEN_FAILED: | |
805 | die_errno(_("error opening '%s'"), path); | |
806 | case READ_GITFILE_ERR_TOO_LARGE: | |
807 | die(_("too large to be a .git file: '%s'"), path); | |
808 | case READ_GITFILE_ERR_READ_FAILED: | |
809 | die(_("error reading %s"), path); | |
810 | case READ_GITFILE_ERR_INVALID_FORMAT: | |
811 | die(_("invalid gitfile format: %s"), path); | |
812 | case READ_GITFILE_ERR_NO_PATH: | |
813 | die(_("no path in gitfile: %s"), path); | |
814 | case READ_GITFILE_ERR_NOT_A_REPO: | |
815 | die(_("not a git repository: %s"), dir); | |
816 | default: | |
817 | BUG("unknown error code"); | |
818 | } | |
819 | } | |
820 | ||
821 | /* | |
822 | * Try to read the location of the git directory from the .git file, | |
823 | * return path to git directory if found. The return value comes from | |
824 | * a shared buffer. | |
825 | * | |
826 | * On failure, if return_error_code is not NULL, return_error_code | |
827 | * will be set to an error code and NULL will be returned. If | |
828 | * return_error_code is NULL the function will die instead (for most | |
829 | * cases). | |
830 | */ | |
831 | const char *read_gitfile_gently(const char *path, int *return_error_code) | |
832 | { | |
833 | const int max_file_size = 1 << 20; /* 1MB */ | |
834 | int error_code = 0; | |
835 | char *buf = NULL; | |
836 | char *dir = NULL; | |
837 | const char *slash; | |
838 | struct stat st; | |
839 | int fd; | |
840 | ssize_t len; | |
841 | static struct strbuf realpath = STRBUF_INIT; | |
842 | ||
843 | if (stat(path, &st)) { | |
844 | /* NEEDSWORK: discern between ENOENT vs other errors */ | |
845 | error_code = READ_GITFILE_ERR_STAT_FAILED; | |
846 | goto cleanup_return; | |
847 | } | |
848 | if (!S_ISREG(st.st_mode)) { | |
849 | error_code = READ_GITFILE_ERR_NOT_A_FILE; | |
850 | goto cleanup_return; | |
851 | } | |
852 | if (st.st_size > max_file_size) { | |
853 | error_code = READ_GITFILE_ERR_TOO_LARGE; | |
854 | goto cleanup_return; | |
855 | } | |
856 | fd = open(path, O_RDONLY); | |
857 | if (fd < 0) { | |
858 | error_code = READ_GITFILE_ERR_OPEN_FAILED; | |
859 | goto cleanup_return; | |
860 | } | |
861 | buf = xmallocz(st.st_size); | |
862 | len = read_in_full(fd, buf, st.st_size); | |
863 | close(fd); | |
864 | if (len != st.st_size) { | |
865 | error_code = READ_GITFILE_ERR_READ_FAILED; | |
866 | goto cleanup_return; | |
867 | } | |
868 | if (!starts_with(buf, "gitdir: ")) { | |
869 | error_code = READ_GITFILE_ERR_INVALID_FORMAT; | |
870 | goto cleanup_return; | |
871 | } | |
872 | while (buf[len - 1] == '\n' || buf[len - 1] == '\r') | |
873 | len--; | |
874 | if (len < 9) { | |
875 | error_code = READ_GITFILE_ERR_NO_PATH; | |
876 | goto cleanup_return; | |
877 | } | |
878 | buf[len] = '\0'; | |
879 | dir = buf + 8; | |
880 | ||
881 | if (!is_absolute_path(dir) && (slash = strrchr(path, '/'))) { | |
882 | size_t pathlen = slash+1 - path; | |
883 | dir = xstrfmt("%.*s%.*s", (int)pathlen, path, | |
884 | (int)(len - 8), buf + 8); | |
885 | free(buf); | |
886 | buf = dir; | |
887 | } | |
888 | if (!is_git_directory(dir)) { | |
889 | error_code = READ_GITFILE_ERR_NOT_A_REPO; | |
890 | goto cleanup_return; | |
891 | } | |
892 | ||
893 | strbuf_realpath(&realpath, dir, 1); | |
894 | path = realpath.buf; | |
895 | ||
896 | cleanup_return: | |
897 | if (return_error_code) | |
898 | *return_error_code = error_code; | |
899 | else if (error_code) | |
900 | read_gitfile_error_die(error_code, path, dir); | |
901 | ||
902 | free(buf); | |
903 | return error_code ? NULL : path; | |
904 | } | |
905 | ||
906 | static const char *setup_explicit_git_dir(const char *gitdirenv, | |
907 | struct strbuf *cwd, | |
908 | struct repository_format *repo_fmt, | |
909 | int *nongit_ok) | |
910 | { | |
911 | const char *work_tree_env = getenv(GIT_WORK_TREE_ENVIRONMENT); | |
912 | const char *worktree; | |
913 | char *gitfile; | |
914 | int offset; | |
915 | ||
916 | if (PATH_MAX - 40 < strlen(gitdirenv)) | |
917 | die(_("'$%s' too big"), GIT_DIR_ENVIRONMENT); | |
918 | ||
919 | gitfile = (char*)read_gitfile(gitdirenv); | |
920 | if (gitfile) { | |
921 | gitfile = xstrdup(gitfile); | |
922 | gitdirenv = gitfile; | |
923 | } | |
924 | ||
925 | if (!is_git_directory(gitdirenv)) { | |
926 | if (nongit_ok) { | |
927 | *nongit_ok = 1; | |
928 | free(gitfile); | |
929 | return NULL; | |
930 | } | |
931 | die(_("not a git repository: '%s'"), gitdirenv); | |
932 | } | |
933 | ||
934 | if (check_repository_format_gently(gitdirenv, repo_fmt, nongit_ok)) { | |
935 | free(gitfile); | |
936 | return NULL; | |
937 | } | |
938 | ||
939 | /* #3, #7, #11, #15, #19, #23, #27, #31 (see t1510) */ | |
940 | if (work_tree_env) | |
941 | set_git_work_tree(work_tree_env); | |
942 | else if (is_bare_repository_cfg > 0) { | |
943 | if (git_work_tree_cfg) { | |
944 | /* #22.2, #30 */ | |
945 | warning("core.bare and core.worktree do not make sense"); | |
946 | work_tree_config_is_bogus = 1; | |
947 | } | |
948 | ||
949 | /* #18, #26 */ | |
950 | set_git_dir(gitdirenv, 0); | |
951 | free(gitfile); | |
952 | return NULL; | |
953 | } | |
954 | else if (git_work_tree_cfg) { /* #6, #14 */ | |
955 | if (is_absolute_path(git_work_tree_cfg)) | |
956 | set_git_work_tree(git_work_tree_cfg); | |
957 | else { | |
958 | char *core_worktree; | |
959 | if (chdir(gitdirenv)) | |
960 | die_errno(_("cannot chdir to '%s'"), gitdirenv); | |
961 | if (chdir(git_work_tree_cfg)) | |
962 | die_errno(_("cannot chdir to '%s'"), git_work_tree_cfg); | |
963 | core_worktree = xgetcwd(); | |
964 | if (chdir(cwd->buf)) | |
965 | die_errno(_("cannot come back to cwd")); | |
966 | set_git_work_tree(core_worktree); | |
967 | free(core_worktree); | |
968 | } | |
969 | } | |
970 | else if (!git_env_bool(GIT_IMPLICIT_WORK_TREE_ENVIRONMENT, 1)) { | |
971 | /* #16d */ | |
972 | set_git_dir(gitdirenv, 0); | |
973 | free(gitfile); | |
974 | return NULL; | |
975 | } | |
976 | else /* #2, #10 */ | |
977 | set_git_work_tree("."); | |
978 | ||
979 | /* set_git_work_tree() must have been called by now */ | |
980 | worktree = get_git_work_tree(); | |
981 | ||
982 | /* both get_git_work_tree() and cwd are already normalized */ | |
983 | if (!strcmp(cwd->buf, worktree)) { /* cwd == worktree */ | |
984 | set_git_dir(gitdirenv, 0); | |
985 | free(gitfile); | |
986 | return NULL; | |
987 | } | |
988 | ||
989 | offset = dir_inside_of(cwd->buf, worktree); | |
990 | if (offset >= 0) { /* cwd inside worktree? */ | |
991 | set_git_dir(gitdirenv, 1); | |
992 | if (chdir(worktree)) | |
993 | die_errno(_("cannot chdir to '%s'"), worktree); | |
994 | strbuf_addch(cwd, '/'); | |
995 | free(gitfile); | |
996 | return cwd->buf + offset; | |
997 | } | |
998 | ||
999 | /* cwd outside worktree */ | |
1000 | set_git_dir(gitdirenv, 0); | |
1001 | free(gitfile); | |
1002 | return NULL; | |
1003 | } | |
1004 | ||
1005 | static const char *setup_discovered_git_dir(const char *gitdir, | |
1006 | struct strbuf *cwd, int offset, | |
1007 | struct repository_format *repo_fmt, | |
1008 | int *nongit_ok) | |
1009 | { | |
1010 | if (check_repository_format_gently(gitdir, repo_fmt, nongit_ok)) | |
1011 | return NULL; | |
1012 | ||
1013 | /* --work-tree is set without --git-dir; use discovered one */ | |
1014 | if (getenv(GIT_WORK_TREE_ENVIRONMENT) || git_work_tree_cfg) { | |
1015 | char *to_free = NULL; | |
1016 | const char *ret; | |
1017 | ||
1018 | if (offset != cwd->len && !is_absolute_path(gitdir)) | |
1019 | gitdir = to_free = real_pathdup(gitdir, 1); | |
1020 | if (chdir(cwd->buf)) | |
1021 | die_errno(_("cannot come back to cwd")); | |
1022 | ret = setup_explicit_git_dir(gitdir, cwd, repo_fmt, nongit_ok); | |
1023 | free(to_free); | |
1024 | return ret; | |
1025 | } | |
1026 | ||
1027 | /* #16.2, #17.2, #20.2, #21.2, #24, #25, #28, #29 (see t1510) */ | |
1028 | if (is_bare_repository_cfg > 0) { | |
1029 | set_git_dir(gitdir, (offset != cwd->len)); | |
1030 | if (chdir(cwd->buf)) | |
1031 | die_errno(_("cannot come back to cwd")); | |
1032 | return NULL; | |
1033 | } | |
1034 | ||
1035 | /* #0, #1, #5, #8, #9, #12, #13 */ | |
1036 | set_git_work_tree("."); | |
1037 | if (strcmp(gitdir, DEFAULT_GIT_DIR_ENVIRONMENT)) | |
1038 | set_git_dir(gitdir, 0); | |
1039 | inside_git_dir = 0; | |
1040 | inside_work_tree = 1; | |
1041 | if (offset >= cwd->len) | |
1042 | return NULL; | |
1043 | ||
1044 | /* Make "offset" point past the '/' (already the case for root dirs) */ | |
1045 | if (offset != offset_1st_component(cwd->buf)) | |
1046 | offset++; | |
1047 | /* Add a '/' at the end */ | |
1048 | strbuf_addch(cwd, '/'); | |
1049 | return cwd->buf + offset; | |
1050 | } | |
1051 | ||
1052 | /* #16.1, #17.1, #20.1, #21.1, #22.1 (see t1510) */ | |
1053 | static const char *setup_bare_git_dir(struct strbuf *cwd, int offset, | |
1054 | struct repository_format *repo_fmt, | |
1055 | int *nongit_ok) | |
1056 | { | |
1057 | int root_len; | |
1058 | ||
1059 | if (check_repository_format_gently(".", repo_fmt, nongit_ok)) | |
1060 | return NULL; | |
1061 | ||
1062 | setenv(GIT_IMPLICIT_WORK_TREE_ENVIRONMENT, "0", 1); | |
1063 | ||
1064 | /* --work-tree is set without --git-dir; use discovered one */ | |
1065 | if (getenv(GIT_WORK_TREE_ENVIRONMENT) || git_work_tree_cfg) { | |
1066 | static const char *gitdir; | |
1067 | ||
1068 | gitdir = offset == cwd->len ? "." : xmemdupz(cwd->buf, offset); | |
1069 | if (chdir(cwd->buf)) | |
1070 | die_errno(_("cannot come back to cwd")); | |
1071 | return setup_explicit_git_dir(gitdir, cwd, repo_fmt, nongit_ok); | |
1072 | } | |
1073 | ||
1074 | inside_git_dir = 1; | |
1075 | inside_work_tree = 0; | |
1076 | if (offset != cwd->len) { | |
1077 | if (chdir(cwd->buf)) | |
1078 | die_errno(_("cannot come back to cwd")); | |
1079 | root_len = offset_1st_component(cwd->buf); | |
1080 | strbuf_setlen(cwd, offset > root_len ? offset : root_len); | |
1081 | set_git_dir(cwd->buf, 0); | |
1082 | } | |
1083 | else | |
1084 | set_git_dir(".", 0); | |
1085 | return NULL; | |
1086 | } | |
1087 | ||
1088 | static dev_t get_device_or_die(const char *path, const char *prefix, int prefix_len) | |
1089 | { | |
1090 | struct stat buf; | |
1091 | if (stat(path, &buf)) { | |
1092 | die_errno(_("failed to stat '%*s%s%s'"), | |
1093 | prefix_len, | |
1094 | prefix ? prefix : "", | |
1095 | prefix ? "/" : "", path); | |
1096 | } | |
1097 | return buf.st_dev; | |
1098 | } | |
1099 | ||
1100 | /* | |
1101 | * A "string_list_each_func_t" function that canonicalizes an entry | |
1102 | * from GIT_CEILING_DIRECTORIES using real_pathdup(), or | |
1103 | * discards it if unusable. The presence of an empty entry in | |
1104 | * GIT_CEILING_DIRECTORIES turns off canonicalization for all | |
1105 | * subsequent entries. | |
1106 | */ | |
1107 | static int canonicalize_ceiling_entry(struct string_list_item *item, | |
1108 | void *cb_data) | |
1109 | { | |
1110 | int *empty_entry_found = cb_data; | |
1111 | char *ceil = item->string; | |
1112 | ||
1113 | if (!*ceil) { | |
1114 | *empty_entry_found = 1; | |
1115 | return 0; | |
1116 | } else if (!is_absolute_path(ceil)) { | |
1117 | return 0; | |
1118 | } else if (*empty_entry_found) { | |
1119 | /* Keep entry but do not canonicalize it */ | |
1120 | return 1; | |
1121 | } else { | |
1122 | char *real_path = real_pathdup(ceil, 0); | |
1123 | if (!real_path) { | |
1124 | return 0; | |
1125 | } | |
1126 | free(item->string); | |
1127 | item->string = real_path; | |
1128 | return 1; | |
1129 | } | |
1130 | } | |
1131 | ||
1132 | struct safe_directory_data { | |
1133 | const char *path; | |
1134 | int is_safe; | |
1135 | }; | |
1136 | ||
1137 | static int safe_directory_cb(const char *key, const char *value, | |
1138 | const struct config_context *ctx UNUSED, void *d) | |
1139 | { | |
1140 | struct safe_directory_data *data = d; | |
1141 | ||
1142 | if (strcmp(key, "safe.directory")) | |
1143 | return 0; | |
1144 | ||
1145 | if (!value || !*value) { | |
1146 | data->is_safe = 0; | |
1147 | } else if (!strcmp(value, "*")) { | |
1148 | data->is_safe = 1; | |
1149 | } else { | |
1150 | const char *interpolated = NULL; | |
1151 | ||
1152 | if (!git_config_pathname(&interpolated, key, value) && | |
1153 | !fspathcmp(data->path, interpolated ? interpolated : value)) | |
1154 | data->is_safe = 1; | |
1155 | ||
1156 | free((char *)interpolated); | |
1157 | } | |
1158 | ||
1159 | return 0; | |
1160 | } | |
1161 | ||
1162 | /* | |
1163 | * Check if a repository is safe, by verifying the ownership of the | |
1164 | * worktree (if any), the git directory, and the gitfile (if any). | |
1165 | * | |
1166 | * Exemptions for known-safe repositories can be added via `safe.directory` | |
1167 | * config settings; for non-bare repositories, their worktree needs to be | |
1168 | * added, for bare ones their git directory. | |
1169 | */ | |
1170 | static int ensure_valid_ownership(const char *gitfile, | |
1171 | const char *worktree, const char *gitdir, | |
1172 | struct strbuf *report) | |
1173 | { | |
1174 | struct safe_directory_data data = { | |
1175 | .path = worktree ? worktree : gitdir | |
1176 | }; | |
1177 | ||
1178 | if (!git_env_bool("GIT_TEST_ASSUME_DIFFERENT_OWNER", 0) && | |
1179 | (!gitfile || is_path_owned_by_current_user(gitfile, report)) && | |
1180 | (!worktree || is_path_owned_by_current_user(worktree, report)) && | |
1181 | (!gitdir || is_path_owned_by_current_user(gitdir, report))) | |
1182 | return 1; | |
1183 | ||
1184 | /* | |
1185 | * data.path is the "path" that identifies the repository and it is | |
1186 | * constant regardless of what failed above. data.is_safe should be | |
1187 | * initialized to false, and might be changed by the callback. | |
1188 | */ | |
1189 | git_protected_config(safe_directory_cb, &data); | |
1190 | ||
1191 | return data.is_safe; | |
1192 | } | |
1193 | ||
1194 | static int allowed_bare_repo_cb(const char *key, const char *value, | |
1195 | const struct config_context *ctx UNUSED, | |
1196 | void *d) | |
1197 | { | |
1198 | enum allowed_bare_repo *allowed_bare_repo = d; | |
1199 | ||
1200 | if (strcasecmp(key, "safe.bareRepository")) | |
1201 | return 0; | |
1202 | ||
1203 | if (!strcmp(value, "explicit")) { | |
1204 | *allowed_bare_repo = ALLOWED_BARE_REPO_EXPLICIT; | |
1205 | return 0; | |
1206 | } | |
1207 | if (!strcmp(value, "all")) { | |
1208 | *allowed_bare_repo = ALLOWED_BARE_REPO_ALL; | |
1209 | return 0; | |
1210 | } | |
1211 | return -1; | |
1212 | } | |
1213 | ||
1214 | static enum allowed_bare_repo get_allowed_bare_repo(void) | |
1215 | { | |
1216 | enum allowed_bare_repo result = ALLOWED_BARE_REPO_ALL; | |
1217 | git_protected_config(allowed_bare_repo_cb, &result); | |
1218 | return result; | |
1219 | } | |
1220 | ||
1221 | static const char *allowed_bare_repo_to_string( | |
1222 | enum allowed_bare_repo allowed_bare_repo) | |
1223 | { | |
1224 | switch (allowed_bare_repo) { | |
1225 | case ALLOWED_BARE_REPO_EXPLICIT: | |
1226 | return "explicit"; | |
1227 | case ALLOWED_BARE_REPO_ALL: | |
1228 | return "all"; | |
1229 | default: | |
1230 | BUG("invalid allowed_bare_repo %d", | |
1231 | allowed_bare_repo); | |
1232 | } | |
1233 | return NULL; | |
1234 | } | |
1235 | ||
1236 | /* | |
1237 | * We cannot decide in this function whether we are in the work tree or | |
1238 | * not, since the config can only be read _after_ this function was called. | |
1239 | * | |
1240 | * Also, we avoid changing any global state (such as the current working | |
1241 | * directory) to allow early callers. | |
1242 | * | |
1243 | * The directory where the search should start needs to be passed in via the | |
1244 | * `dir` parameter; upon return, the `dir` buffer will contain the path of | |
1245 | * the directory where the search ended, and `gitdir` will contain the path of | |
1246 | * the discovered .git/ directory, if any. If `gitdir` is not absolute, it | |
1247 | * is relative to `dir` (i.e. *not* necessarily the cwd). | |
1248 | */ | |
1249 | static enum discovery_result setup_git_directory_gently_1(struct strbuf *dir, | |
1250 | struct strbuf *gitdir, | |
1251 | struct strbuf *report, | |
1252 | int die_on_error) | |
1253 | { | |
1254 | const char *env_ceiling_dirs = getenv(CEILING_DIRECTORIES_ENVIRONMENT); | |
1255 | struct string_list ceiling_dirs = STRING_LIST_INIT_DUP; | |
1256 | const char *gitdirenv; | |
1257 | int ceil_offset = -1, min_offset = offset_1st_component(dir->buf); | |
1258 | dev_t current_device = 0; | |
1259 | int one_filesystem = 1; | |
1260 | ||
1261 | /* | |
1262 | * If GIT_DIR is set explicitly, we're not going | |
1263 | * to do any discovery, but we still do repository | |
1264 | * validation. | |
1265 | */ | |
1266 | gitdirenv = getenv(GIT_DIR_ENVIRONMENT); | |
1267 | if (gitdirenv) { | |
1268 | strbuf_addstr(gitdir, gitdirenv); | |
1269 | return GIT_DIR_EXPLICIT; | |
1270 | } | |
1271 | ||
1272 | if (env_ceiling_dirs) { | |
1273 | int empty_entry_found = 0; | |
1274 | ||
1275 | string_list_split(&ceiling_dirs, env_ceiling_dirs, PATH_SEP, -1); | |
1276 | filter_string_list(&ceiling_dirs, 0, | |
1277 | canonicalize_ceiling_entry, &empty_entry_found); | |
1278 | ceil_offset = longest_ancestor_length(dir->buf, &ceiling_dirs); | |
1279 | string_list_clear(&ceiling_dirs, 0); | |
1280 | } | |
1281 | ||
1282 | if (ceil_offset < 0) | |
1283 | ceil_offset = min_offset - 2; | |
1284 | ||
1285 | if (min_offset && min_offset == dir->len && | |
1286 | !is_dir_sep(dir->buf[min_offset - 1])) { | |
1287 | strbuf_addch(dir, '/'); | |
1288 | min_offset++; | |
1289 | } | |
1290 | ||
1291 | /* | |
1292 | * Test in the following order (relative to the dir): | |
1293 | * - .git (file containing "gitdir: <path>") | |
1294 | * - .git/ | |
1295 | * - ./ (bare) | |
1296 | * - ../.git | |
1297 | * - ../.git/ | |
1298 | * - ../ (bare) | |
1299 | * - ../../.git | |
1300 | * etc. | |
1301 | */ | |
1302 | one_filesystem = !git_env_bool("GIT_DISCOVERY_ACROSS_FILESYSTEM", 0); | |
1303 | if (one_filesystem) | |
1304 | current_device = get_device_or_die(dir->buf, NULL, 0); | |
1305 | for (;;) { | |
1306 | int offset = dir->len, error_code = 0; | |
1307 | char *gitdir_path = NULL; | |
1308 | char *gitfile = NULL; | |
1309 | ||
1310 | if (offset > min_offset) | |
1311 | strbuf_addch(dir, '/'); | |
1312 | strbuf_addstr(dir, DEFAULT_GIT_DIR_ENVIRONMENT); | |
1313 | gitdirenv = read_gitfile_gently(dir->buf, die_on_error ? | |
1314 | NULL : &error_code); | |
1315 | if (!gitdirenv) { | |
1316 | if (die_on_error || | |
1317 | error_code == READ_GITFILE_ERR_NOT_A_FILE) { | |
1318 | /* NEEDSWORK: fail if .git is not file nor dir */ | |
1319 | if (is_git_directory(dir->buf)) { | |
1320 | gitdirenv = DEFAULT_GIT_DIR_ENVIRONMENT; | |
1321 | gitdir_path = xstrdup(dir->buf); | |
1322 | } | |
1323 | } else if (error_code != READ_GITFILE_ERR_STAT_FAILED) | |
1324 | return GIT_DIR_INVALID_GITFILE; | |
1325 | } else | |
1326 | gitfile = xstrdup(dir->buf); | |
1327 | /* | |
1328 | * Earlier, we tentatively added DEFAULT_GIT_DIR_ENVIRONMENT | |
1329 | * to check that directory for a repository. | |
1330 | * Now trim that tentative addition away, because we want to | |
1331 | * focus on the real directory we are in. | |
1332 | */ | |
1333 | strbuf_setlen(dir, offset); | |
1334 | if (gitdirenv) { | |
1335 | enum discovery_result ret; | |
1336 | const char *gitdir_candidate = | |
1337 | gitdir_path ? gitdir_path : gitdirenv; | |
1338 | ||
1339 | if (ensure_valid_ownership(gitfile, dir->buf, | |
1340 | gitdir_candidate, report)) { | |
1341 | strbuf_addstr(gitdir, gitdirenv); | |
1342 | ret = GIT_DIR_DISCOVERED; | |
1343 | } else | |
1344 | ret = GIT_DIR_INVALID_OWNERSHIP; | |
1345 | ||
1346 | /* | |
1347 | * Earlier, during discovery, we might have allocated | |
1348 | * string copies for gitdir_path or gitfile so make | |
1349 | * sure we don't leak by freeing them now, before | |
1350 | * leaving the loop and function. | |
1351 | * | |
1352 | * Note: gitdirenv will be non-NULL whenever these are | |
1353 | * allocated, therefore we need not take care of releasing | |
1354 | * them outside of this conditional block. | |
1355 | */ | |
1356 | free(gitdir_path); | |
1357 | free(gitfile); | |
1358 | ||
1359 | return ret; | |
1360 | } | |
1361 | ||
1362 | if (is_git_directory(dir->buf)) { | |
1363 | trace2_data_string("setup", NULL, "implicit-bare-repository", dir->buf); | |
1364 | if (get_allowed_bare_repo() == ALLOWED_BARE_REPO_EXPLICIT) | |
1365 | return GIT_DIR_DISALLOWED_BARE; | |
1366 | if (!ensure_valid_ownership(NULL, NULL, dir->buf, report)) | |
1367 | return GIT_DIR_INVALID_OWNERSHIP; | |
1368 | strbuf_addstr(gitdir, "."); | |
1369 | return GIT_DIR_BARE; | |
1370 | } | |
1371 | ||
1372 | if (offset <= min_offset) | |
1373 | return GIT_DIR_HIT_CEILING; | |
1374 | ||
1375 | while (--offset > ceil_offset && !is_dir_sep(dir->buf[offset])) | |
1376 | ; /* continue */ | |
1377 | if (offset <= ceil_offset) | |
1378 | return GIT_DIR_HIT_CEILING; | |
1379 | ||
1380 | strbuf_setlen(dir, offset > min_offset ? offset : min_offset); | |
1381 | if (one_filesystem && | |
1382 | current_device != get_device_or_die(dir->buf, NULL, offset)) | |
1383 | return GIT_DIR_HIT_MOUNT_POINT; | |
1384 | } | |
1385 | } | |
1386 | ||
1387 | enum discovery_result discover_git_directory_reason(struct strbuf *commondir, | |
1388 | struct strbuf *gitdir) | |
1389 | { | |
1390 | struct strbuf dir = STRBUF_INIT, err = STRBUF_INIT; | |
1391 | size_t gitdir_offset = gitdir->len, cwd_len; | |
1392 | size_t commondir_offset = commondir->len; | |
1393 | struct repository_format candidate = REPOSITORY_FORMAT_INIT; | |
1394 | enum discovery_result result; | |
1395 | ||
1396 | if (strbuf_getcwd(&dir)) | |
1397 | return GIT_DIR_CWD_FAILURE; | |
1398 | ||
1399 | cwd_len = dir.len; | |
1400 | result = setup_git_directory_gently_1(&dir, gitdir, NULL, 0); | |
1401 | if (result <= 0) { | |
1402 | strbuf_release(&dir); | |
1403 | return result; | |
1404 | } | |
1405 | ||
1406 | /* | |
1407 | * The returned gitdir is relative to dir, and if dir does not reflect | |
1408 | * the current working directory, we simply make the gitdir absolute. | |
1409 | */ | |
1410 | if (dir.len < cwd_len && !is_absolute_path(gitdir->buf + gitdir_offset)) { | |
1411 | /* Avoid a trailing "/." */ | |
1412 | if (!strcmp(".", gitdir->buf + gitdir_offset)) | |
1413 | strbuf_setlen(gitdir, gitdir_offset); | |
1414 | else | |
1415 | strbuf_addch(&dir, '/'); | |
1416 | strbuf_insert(gitdir, gitdir_offset, dir.buf, dir.len); | |
1417 | } | |
1418 | ||
1419 | get_common_dir(commondir, gitdir->buf + gitdir_offset); | |
1420 | ||
1421 | strbuf_reset(&dir); | |
1422 | strbuf_addf(&dir, "%s/config", commondir->buf + commondir_offset); | |
1423 | read_repository_format(&candidate, dir.buf); | |
1424 | strbuf_release(&dir); | |
1425 | ||
1426 | if (verify_repository_format(&candidate, &err) < 0) { | |
1427 | warning("ignoring git dir '%s': %s", | |
1428 | gitdir->buf + gitdir_offset, err.buf); | |
1429 | strbuf_release(&err); | |
1430 | strbuf_setlen(commondir, commondir_offset); | |
1431 | strbuf_setlen(gitdir, gitdir_offset); | |
1432 | clear_repository_format(&candidate); | |
1433 | return GIT_DIR_INVALID_FORMAT; | |
1434 | } | |
1435 | ||
1436 | clear_repository_format(&candidate); | |
1437 | return result; | |
1438 | } | |
1439 | ||
1440 | const char *setup_git_directory_gently(int *nongit_ok) | |
1441 | { | |
1442 | static struct strbuf cwd = STRBUF_INIT; | |
1443 | struct strbuf dir = STRBUF_INIT, gitdir = STRBUF_INIT, report = STRBUF_INIT; | |
1444 | const char *prefix = NULL; | |
1445 | struct repository_format repo_fmt = REPOSITORY_FORMAT_INIT; | |
1446 | ||
1447 | /* | |
1448 | * We may have read an incomplete configuration before | |
1449 | * setting-up the git directory. If so, clear the cache so | |
1450 | * that the next queries to the configuration reload complete | |
1451 | * configuration (including the per-repo config file that we | |
1452 | * ignored previously). | |
1453 | */ | |
1454 | git_config_clear(); | |
1455 | ||
1456 | /* | |
1457 | * Let's assume that we are in a git repository. | |
1458 | * If it turns out later that we are somewhere else, the value will be | |
1459 | * updated accordingly. | |
1460 | */ | |
1461 | if (nongit_ok) | |
1462 | *nongit_ok = 0; | |
1463 | ||
1464 | if (strbuf_getcwd(&cwd)) | |
1465 | die_errno(_("Unable to read current working directory")); | |
1466 | strbuf_addbuf(&dir, &cwd); | |
1467 | ||
1468 | switch (setup_git_directory_gently_1(&dir, &gitdir, &report, 1)) { | |
1469 | case GIT_DIR_EXPLICIT: | |
1470 | prefix = setup_explicit_git_dir(gitdir.buf, &cwd, &repo_fmt, nongit_ok); | |
1471 | break; | |
1472 | case GIT_DIR_DISCOVERED: | |
1473 | if (dir.len < cwd.len && chdir(dir.buf)) | |
1474 | die(_("cannot change to '%s'"), dir.buf); | |
1475 | prefix = setup_discovered_git_dir(gitdir.buf, &cwd, dir.len, | |
1476 | &repo_fmt, nongit_ok); | |
1477 | break; | |
1478 | case GIT_DIR_BARE: | |
1479 | if (dir.len < cwd.len && chdir(dir.buf)) | |
1480 | die(_("cannot change to '%s'"), dir.buf); | |
1481 | prefix = setup_bare_git_dir(&cwd, dir.len, &repo_fmt, nongit_ok); | |
1482 | break; | |
1483 | case GIT_DIR_HIT_CEILING: | |
1484 | if (!nongit_ok) | |
1485 | die(_("not a git repository (or any of the parent directories): %s"), | |
1486 | DEFAULT_GIT_DIR_ENVIRONMENT); | |
1487 | *nongit_ok = 1; | |
1488 | break; | |
1489 | case GIT_DIR_HIT_MOUNT_POINT: | |
1490 | if (!nongit_ok) | |
1491 | die(_("not a git repository (or any parent up to mount point %s)\n" | |
1492 | "Stopping at filesystem boundary (GIT_DISCOVERY_ACROSS_FILESYSTEM not set)."), | |
1493 | dir.buf); | |
1494 | *nongit_ok = 1; | |
1495 | break; | |
1496 | case GIT_DIR_INVALID_OWNERSHIP: | |
1497 | if (!nongit_ok) { | |
1498 | struct strbuf quoted = STRBUF_INIT; | |
1499 | ||
1500 | strbuf_complete(&report, '\n'); | |
1501 | sq_quote_buf_pretty("ed, dir.buf); | |
1502 | die(_("detected dubious ownership in repository at '%s'\n" | |
1503 | "%s" | |
1504 | "To add an exception for this directory, call:\n" | |
1505 | "\n" | |
1506 | "\tgit config --global --add safe.directory %s"), | |
1507 | dir.buf, report.buf, quoted.buf); | |
1508 | } | |
1509 | *nongit_ok = 1; | |
1510 | break; | |
1511 | case GIT_DIR_DISALLOWED_BARE: | |
1512 | if (!nongit_ok) { | |
1513 | die(_("cannot use bare repository '%s' (safe.bareRepository is '%s')"), | |
1514 | dir.buf, | |
1515 | allowed_bare_repo_to_string(get_allowed_bare_repo())); | |
1516 | } | |
1517 | *nongit_ok = 1; | |
1518 | break; | |
1519 | case GIT_DIR_CWD_FAILURE: | |
1520 | case GIT_DIR_INVALID_FORMAT: | |
1521 | /* | |
1522 | * As a safeguard against setup_git_directory_gently_1 returning | |
1523 | * these values, fallthrough to BUG. Otherwise it is possible to | |
1524 | * set startup_info->have_repository to 1 when we did nothing to | |
1525 | * find a repository. | |
1526 | */ | |
1527 | default: | |
1528 | BUG("unhandled setup_git_directory_gently_1() result"); | |
1529 | } | |
1530 | ||
1531 | /* | |
1532 | * At this point, nongit_ok is stable. If it is non-NULL and points | |
1533 | * to a non-zero value, then this means that we haven't found a | |
1534 | * repository and that the caller expects startup_info to reflect | |
1535 | * this. | |
1536 | * | |
1537 | * Regardless of the state of nongit_ok, startup_info->prefix and | |
1538 | * the GIT_PREFIX environment variable must always match. For details | |
1539 | * see Documentation/config/alias.txt. | |
1540 | */ | |
1541 | if (nongit_ok && *nongit_ok) | |
1542 | startup_info->have_repository = 0; | |
1543 | else | |
1544 | startup_info->have_repository = 1; | |
1545 | ||
1546 | /* | |
1547 | * Not all paths through the setup code will call 'set_git_dir()' (which | |
1548 | * directly sets up the environment) so in order to guarantee that the | |
1549 | * environment is in a consistent state after setup, explicitly setup | |
1550 | * the environment if we have a repository. | |
1551 | * | |
1552 | * NEEDSWORK: currently we allow bogus GIT_DIR values to be set in some | |
1553 | * code paths so we also need to explicitly setup the environment if | |
1554 | * the user has set GIT_DIR. It may be beneficial to disallow bogus | |
1555 | * GIT_DIR values at some point in the future. | |
1556 | */ | |
1557 | if (/* GIT_DIR_EXPLICIT, GIT_DIR_DISCOVERED, GIT_DIR_BARE */ | |
1558 | startup_info->have_repository || | |
1559 | /* GIT_DIR_EXPLICIT */ | |
1560 | getenv(GIT_DIR_ENVIRONMENT)) { | |
1561 | if (!the_repository->gitdir) { | |
1562 | const char *gitdir = getenv(GIT_DIR_ENVIRONMENT); | |
1563 | if (!gitdir) | |
1564 | gitdir = DEFAULT_GIT_DIR_ENVIRONMENT; | |
1565 | setup_git_env(gitdir); | |
1566 | } | |
1567 | if (startup_info->have_repository) { | |
1568 | repo_set_hash_algo(the_repository, repo_fmt.hash_algo); | |
1569 | the_repository->repository_format_worktree_config = | |
1570 | repo_fmt.worktree_config; | |
1571 | /* take ownership of repo_fmt.partial_clone */ | |
1572 | the_repository->repository_format_partial_clone = | |
1573 | repo_fmt.partial_clone; | |
1574 | repo_fmt.partial_clone = NULL; | |
1575 | } | |
1576 | } | |
1577 | /* | |
1578 | * Since precompose_string_if_needed() needs to look at | |
1579 | * the core.precomposeunicode configuration, this | |
1580 | * has to happen after the above block that finds | |
1581 | * out where the repository is, i.e. a preparation | |
1582 | * for calling git_config_get_bool(). | |
1583 | */ | |
1584 | if (prefix) { | |
1585 | prefix = precompose_string_if_needed(prefix); | |
1586 | startup_info->prefix = prefix; | |
1587 | setenv(GIT_PREFIX_ENVIRONMENT, prefix, 1); | |
1588 | } else { | |
1589 | startup_info->prefix = NULL; | |
1590 | setenv(GIT_PREFIX_ENVIRONMENT, "", 1); | |
1591 | } | |
1592 | ||
1593 | setup_original_cwd(); | |
1594 | ||
1595 | strbuf_release(&dir); | |
1596 | strbuf_release(&gitdir); | |
1597 | strbuf_release(&report); | |
1598 | clear_repository_format(&repo_fmt); | |
1599 | ||
1600 | return prefix; | |
1601 | } | |
1602 | ||
1603 | int git_config_perm(const char *var, const char *value) | |
1604 | { | |
1605 | int i; | |
1606 | char *endptr; | |
1607 | ||
1608 | if (!value) | |
1609 | return PERM_GROUP; | |
1610 | ||
1611 | if (!strcmp(value, "umask")) | |
1612 | return PERM_UMASK; | |
1613 | if (!strcmp(value, "group")) | |
1614 | return PERM_GROUP; | |
1615 | if (!strcmp(value, "all") || | |
1616 | !strcmp(value, "world") || | |
1617 | !strcmp(value, "everybody")) | |
1618 | return PERM_EVERYBODY; | |
1619 | ||
1620 | /* Parse octal numbers */ | |
1621 | i = strtol(value, &endptr, 8); | |
1622 | ||
1623 | /* If not an octal number, maybe true/false? */ | |
1624 | if (*endptr != 0) | |
1625 | return git_config_bool(var, value) ? PERM_GROUP : PERM_UMASK; | |
1626 | ||
1627 | /* | |
1628 | * Treat values 0, 1 and 2 as compatibility cases, otherwise it is | |
1629 | * a chmod value to restrict to. | |
1630 | */ | |
1631 | switch (i) { | |
1632 | case PERM_UMASK: /* 0 */ | |
1633 | return PERM_UMASK; | |
1634 | case OLD_PERM_GROUP: /* 1 */ | |
1635 | return PERM_GROUP; | |
1636 | case OLD_PERM_EVERYBODY: /* 2 */ | |
1637 | return PERM_EVERYBODY; | |
1638 | } | |
1639 | ||
1640 | /* A filemode value was given: 0xxx */ | |
1641 | ||
1642 | if ((i & 0600) != 0600) | |
1643 | die(_("problem with core.sharedRepository filemode value " | |
1644 | "(0%.3o).\nThe owner of files must always have " | |
1645 | "read and write permissions."), i); | |
1646 | ||
1647 | /* | |
1648 | * Mask filemode value. Others can not get write permission. | |
1649 | * x flags for directories are handled separately. | |
1650 | */ | |
1651 | return -(i & 0666); | |
1652 | } | |
1653 | ||
1654 | void check_repository_format(struct repository_format *fmt) | |
1655 | { | |
1656 | struct repository_format repo_fmt = REPOSITORY_FORMAT_INIT; | |
1657 | if (!fmt) | |
1658 | fmt = &repo_fmt; | |
1659 | check_repository_format_gently(get_git_dir(), fmt, NULL); | |
1660 | startup_info->have_repository = 1; | |
1661 | repo_set_hash_algo(the_repository, fmt->hash_algo); | |
1662 | the_repository->repository_format_worktree_config = | |
1663 | fmt->worktree_config; | |
1664 | the_repository->repository_format_partial_clone = | |
1665 | xstrdup_or_null(fmt->partial_clone); | |
1666 | clear_repository_format(&repo_fmt); | |
1667 | } | |
1668 | ||
1669 | /* | |
1670 | * Returns the "prefix", a path to the current working directory | |
1671 | * relative to the work tree root, or NULL, if the current working | |
1672 | * directory is not a strict subdirectory of the work tree root. The | |
1673 | * prefix always ends with a '/' character. | |
1674 | */ | |
1675 | const char *setup_git_directory(void) | |
1676 | { | |
1677 | return setup_git_directory_gently(NULL); | |
1678 | } | |
1679 | ||
1680 | const char *resolve_gitdir_gently(const char *suspect, int *return_error_code) | |
1681 | { | |
1682 | if (is_git_directory(suspect)) | |
1683 | return suspect; | |
1684 | return read_gitfile_gently(suspect, return_error_code); | |
1685 | } | |
1686 | ||
1687 | /* if any standard file descriptor is missing open it to /dev/null */ | |
1688 | void sanitize_stdfds(void) | |
1689 | { | |
1690 | int fd = xopen("/dev/null", O_RDWR); | |
1691 | while (fd < 2) | |
1692 | fd = xdup(fd); | |
1693 | if (fd > 2) | |
1694 | close(fd); | |
1695 | } | |
1696 | ||
1697 | int daemonize(void) | |
1698 | { | |
1699 | #ifdef NO_POSIX_GOODIES | |
1700 | errno = ENOSYS; | |
1701 | return -1; | |
1702 | #else | |
1703 | switch (fork()) { | |
1704 | case 0: | |
1705 | break; | |
1706 | case -1: | |
1707 | die_errno(_("fork failed")); | |
1708 | default: | |
1709 | exit(0); | |
1710 | } | |
1711 | if (setsid() == -1) | |
1712 | die_errno(_("setsid failed")); | |
1713 | close(0); | |
1714 | close(1); | |
1715 | close(2); | |
1716 | sanitize_stdfds(); | |
1717 | return 0; | |
1718 | #endif | |
1719 | } | |
1720 | ||
1721 | #ifdef NO_TRUSTABLE_FILEMODE | |
1722 | #define TEST_FILEMODE 0 | |
1723 | #else | |
1724 | #define TEST_FILEMODE 1 | |
1725 | #endif | |
1726 | ||
1727 | #define GIT_DEFAULT_HASH_ENVIRONMENT "GIT_DEFAULT_HASH" | |
1728 | ||
1729 | static void copy_templates_1(struct strbuf *path, struct strbuf *template_path, | |
1730 | DIR *dir) | |
1731 | { | |
1732 | size_t path_baselen = path->len; | |
1733 | size_t template_baselen = template_path->len; | |
1734 | struct dirent *de; | |
1735 | ||
1736 | /* Note: if ".git/hooks" file exists in the repository being | |
1737 | * re-initialized, /etc/core-git/templates/hooks/update would | |
1738 | * cause "git init" to fail here. I think this is sane but | |
1739 | * it means that the set of templates we ship by default, along | |
1740 | * with the way the namespace under .git/ is organized, should | |
1741 | * be really carefully chosen. | |
1742 | */ | |
1743 | safe_create_dir(path->buf, 1); | |
1744 | while ((de = readdir(dir)) != NULL) { | |
1745 | struct stat st_git, st_template; | |
1746 | int exists = 0; | |
1747 | ||
1748 | strbuf_setlen(path, path_baselen); | |
1749 | strbuf_setlen(template_path, template_baselen); | |
1750 | ||
1751 | if (de->d_name[0] == '.') | |
1752 | continue; | |
1753 | strbuf_addstr(path, de->d_name); | |
1754 | strbuf_addstr(template_path, de->d_name); | |
1755 | if (lstat(path->buf, &st_git)) { | |
1756 | if (errno != ENOENT) | |
1757 | die_errno(_("cannot stat '%s'"), path->buf); | |
1758 | } | |
1759 | else | |
1760 | exists = 1; | |
1761 | ||
1762 | if (lstat(template_path->buf, &st_template)) | |
1763 | die_errno(_("cannot stat template '%s'"), template_path->buf); | |
1764 | ||
1765 | if (S_ISDIR(st_template.st_mode)) { | |
1766 | DIR *subdir = opendir(template_path->buf); | |
1767 | if (!subdir) | |
1768 | die_errno(_("cannot opendir '%s'"), template_path->buf); | |
1769 | strbuf_addch(path, '/'); | |
1770 | strbuf_addch(template_path, '/'); | |
1771 | copy_templates_1(path, template_path, subdir); | |
1772 | closedir(subdir); | |
1773 | } | |
1774 | else if (exists) | |
1775 | continue; | |
1776 | else if (S_ISLNK(st_template.st_mode)) { | |
1777 | struct strbuf lnk = STRBUF_INIT; | |
1778 | if (strbuf_readlink(&lnk, template_path->buf, | |
1779 | st_template.st_size) < 0) | |
1780 | die_errno(_("cannot readlink '%s'"), template_path->buf); | |
1781 | if (symlink(lnk.buf, path->buf)) | |
1782 | die_errno(_("cannot symlink '%s' '%s'"), | |
1783 | lnk.buf, path->buf); | |
1784 | strbuf_release(&lnk); | |
1785 | } | |
1786 | else if (S_ISREG(st_template.st_mode)) { | |
1787 | if (copy_file(path->buf, template_path->buf, st_template.st_mode)) | |
1788 | die_errno(_("cannot copy '%s' to '%s'"), | |
1789 | template_path->buf, path->buf); | |
1790 | } | |
1791 | else | |
1792 | error(_("ignoring template %s"), template_path->buf); | |
1793 | } | |
1794 | } | |
1795 | ||
1796 | static void copy_templates(const char *template_dir, const char *init_template_dir) | |
1797 | { | |
1798 | struct strbuf path = STRBUF_INIT; | |
1799 | struct strbuf template_path = STRBUF_INIT; | |
1800 | size_t template_len; | |
1801 | struct repository_format template_format = REPOSITORY_FORMAT_INIT; | |
1802 | struct strbuf err = STRBUF_INIT; | |
1803 | DIR *dir; | |
1804 | char *to_free = NULL; | |
1805 | ||
1806 | if (!template_dir) | |
1807 | template_dir = getenv(TEMPLATE_DIR_ENVIRONMENT); | |
1808 | if (!template_dir) | |
1809 | template_dir = init_template_dir; | |
1810 | if (!template_dir) | |
1811 | template_dir = to_free = system_path(DEFAULT_GIT_TEMPLATE_DIR); | |
1812 | if (!template_dir[0]) { | |
1813 | free(to_free); | |
1814 | return; | |
1815 | } | |
1816 | ||
1817 | strbuf_addstr(&template_path, template_dir); | |
1818 | strbuf_complete(&template_path, '/'); | |
1819 | template_len = template_path.len; | |
1820 | ||
1821 | dir = opendir(template_path.buf); | |
1822 | if (!dir) { | |
1823 | warning(_("templates not found in %s"), template_dir); | |
1824 | goto free_return; | |
1825 | } | |
1826 | ||
1827 | /* Make sure that template is from the correct vintage */ | |
1828 | strbuf_addstr(&template_path, "config"); | |
1829 | read_repository_format(&template_format, template_path.buf); | |
1830 | strbuf_setlen(&template_path, template_len); | |
1831 | ||
1832 | /* | |
1833 | * No mention of version at all is OK, but anything else should be | |
1834 | * verified. | |
1835 | */ | |
1836 | if (template_format.version >= 0 && | |
1837 | verify_repository_format(&template_format, &err) < 0) { | |
1838 | warning(_("not copying templates from '%s': %s"), | |
1839 | template_dir, err.buf); | |
1840 | strbuf_release(&err); | |
1841 | goto close_free_return; | |
1842 | } | |
1843 | ||
1844 | strbuf_addstr(&path, get_git_common_dir()); | |
1845 | strbuf_complete(&path, '/'); | |
1846 | copy_templates_1(&path, &template_path, dir); | |
1847 | close_free_return: | |
1848 | closedir(dir); | |
1849 | free_return: | |
1850 | free(to_free); | |
1851 | strbuf_release(&path); | |
1852 | strbuf_release(&template_path); | |
1853 | clear_repository_format(&template_format); | |
1854 | } | |
1855 | ||
1856 | /* | |
1857 | * If the git_dir is not directly inside the working tree, then git will not | |
1858 | * find it by default, and we need to set the worktree explicitly. | |
1859 | */ | |
1860 | static int needs_work_tree_config(const char *git_dir, const char *work_tree) | |
1861 | { | |
1862 | if (!strcmp(work_tree, "/") && !strcmp(git_dir, "/.git")) | |
1863 | return 0; | |
1864 | if (skip_prefix(git_dir, work_tree, &git_dir) && | |
1865 | !strcmp(git_dir, "/.git")) | |
1866 | return 0; | |
1867 | return 1; | |
1868 | } | |
1869 | ||
1870 | void initialize_repository_version(int hash_algo, int reinit) | |
1871 | { | |
1872 | char repo_version_string[10]; | |
1873 | int repo_version = GIT_REPO_VERSION; | |
1874 | ||
1875 | if (hash_algo != GIT_HASH_SHA1) | |
1876 | repo_version = GIT_REPO_VERSION_READ; | |
1877 | ||
1878 | /* This forces creation of new config file */ | |
1879 | xsnprintf(repo_version_string, sizeof(repo_version_string), | |
1880 | "%d", repo_version); | |
1881 | git_config_set("core.repositoryformatversion", repo_version_string); | |
1882 | ||
1883 | if (hash_algo != GIT_HASH_SHA1) | |
1884 | git_config_set("extensions.objectformat", | |
1885 | hash_algos[hash_algo].name); | |
1886 | else if (reinit) | |
1887 | git_config_set_gently("extensions.objectformat", NULL); | |
1888 | } | |
1889 | ||
1890 | static int create_default_files(const char *template_path, | |
1891 | const char *original_git_dir, | |
1892 | const char *initial_branch, | |
1893 | const struct repository_format *fmt, | |
1894 | int prev_bare_repository, | |
1895 | int init_shared_repository, | |
1896 | int quiet) | |
1897 | { | |
1898 | struct stat st1; | |
1899 | struct strbuf buf = STRBUF_INIT; | |
1900 | char *path; | |
1901 | char junk[2]; | |
1902 | int reinit; | |
1903 | int filemode; | |
1904 | struct strbuf err = STRBUF_INIT; | |
1905 | const char *init_template_dir = NULL; | |
1906 | const char *work_tree = get_git_work_tree(); | |
1907 | ||
1908 | /* | |
1909 | * First copy the templates -- we might have the default | |
1910 | * config file there, in which case we would want to read | |
1911 | * from it after installing. | |
1912 | * | |
1913 | * Before reading that config, we also need to clear out any cached | |
1914 | * values (since we've just potentially changed what's available on | |
1915 | * disk). | |
1916 | */ | |
1917 | git_config_get_pathname("init.templatedir", &init_template_dir); | |
1918 | copy_templates(template_path, init_template_dir); | |
1919 | free((char *)init_template_dir); | |
1920 | git_config_clear(); | |
1921 | reset_shared_repository(); | |
1922 | git_config(git_default_config, NULL); | |
1923 | ||
1924 | /* | |
1925 | * We must make sure command-line options continue to override any | |
1926 | * values we might have just re-read from the config. | |
1927 | */ | |
1928 | if (init_shared_repository != -1) | |
1929 | set_shared_repository(init_shared_repository); | |
1930 | /* | |
1931 | * TODO: heed core.bare from config file in templates if no | |
1932 | * command-line override given | |
1933 | */ | |
1934 | is_bare_repository_cfg = prev_bare_repository || !work_tree; | |
1935 | /* TODO (continued): | |
1936 | * | |
1937 | * Unfortunately, the line above is equivalent to | |
1938 | * is_bare_repository_cfg = !work_tree; | |
1939 | * which ignores the config entirely even if no `--[no-]bare` | |
1940 | * command line option was present. | |
1941 | * | |
1942 | * To see why, note that before this function, there was this call: | |
1943 | * prev_bare_repository = is_bare_repository() | |
1944 | * expanding the right hand side: | |
1945 | * = is_bare_repository_cfg && !get_git_work_tree() | |
1946 | * = is_bare_repository_cfg && !work_tree | |
1947 | * note that the last simplification above is valid because nothing | |
1948 | * calls repo_init() or set_git_work_tree() between any of the | |
1949 | * relevant calls in the code, and thus the !get_git_work_tree() | |
1950 | * calls will return the same result each time. So, what we are | |
1951 | * interested in computing is the right hand side of the line of | |
1952 | * code just above this comment: | |
1953 | * prev_bare_repository || !work_tree | |
1954 | * = is_bare_repository_cfg && !work_tree || !work_tree | |
1955 | * = !work_tree | |
1956 | * because "A && !B || !B == !B" for all boolean values of A & B. | |
1957 | */ | |
1958 | ||
1959 | /* | |
1960 | * We would have created the above under user's umask -- under | |
1961 | * shared-repository settings, we would need to fix them up. | |
1962 | */ | |
1963 | if (get_shared_repository()) { | |
1964 | adjust_shared_perm(get_git_dir()); | |
1965 | } | |
1966 | ||
1967 | /* | |
1968 | * We need to create a "refs" dir in any case so that older | |
1969 | * versions of git can tell that this is a repository. | |
1970 | */ | |
1971 | safe_create_dir(git_path("refs"), 1); | |
1972 | adjust_shared_perm(git_path("refs")); | |
1973 | ||
1974 | if (refs_init_db(&err)) | |
1975 | die("failed to set up refs db: %s", err.buf); | |
1976 | ||
1977 | /* | |
1978 | * Point the HEAD symref to the initial branch with if HEAD does | |
1979 | * not yet exist. | |
1980 | */ | |
1981 | path = git_path_buf(&buf, "HEAD"); | |
1982 | reinit = (!access(path, R_OK) | |
1983 | || readlink(path, junk, sizeof(junk)-1) != -1); | |
1984 | if (!reinit) { | |
1985 | char *ref; | |
1986 | ||
1987 | if (!initial_branch) | |
1988 | initial_branch = git_default_branch_name(quiet); | |
1989 | ||
1990 | ref = xstrfmt("refs/heads/%s", initial_branch); | |
1991 | if (check_refname_format(ref, 0) < 0) | |
1992 | die(_("invalid initial branch name: '%s'"), | |
1993 | initial_branch); | |
1994 | ||
1995 | if (create_symref("HEAD", ref, NULL) < 0) | |
1996 | exit(1); | |
1997 | free(ref); | |
1998 | } | |
1999 | ||
2000 | initialize_repository_version(fmt->hash_algo, 0); | |
2001 | ||
2002 | /* Check filemode trustability */ | |
2003 | path = git_path_buf(&buf, "config"); | |
2004 | filemode = TEST_FILEMODE; | |
2005 | if (TEST_FILEMODE && !lstat(path, &st1)) { | |
2006 | struct stat st2; | |
2007 | filemode = (!chmod(path, st1.st_mode ^ S_IXUSR) && | |
2008 | !lstat(path, &st2) && | |
2009 | st1.st_mode != st2.st_mode && | |
2010 | !chmod(path, st1.st_mode)); | |
2011 | if (filemode && !reinit && (st1.st_mode & S_IXUSR)) | |
2012 | filemode = 0; | |
2013 | } | |
2014 | git_config_set("core.filemode", filemode ? "true" : "false"); | |
2015 | ||
2016 | if (is_bare_repository()) | |
2017 | git_config_set("core.bare", "true"); | |
2018 | else { | |
2019 | git_config_set("core.bare", "false"); | |
2020 | /* allow template config file to override the default */ | |
2021 | if (log_all_ref_updates == LOG_REFS_UNSET) | |
2022 | git_config_set("core.logallrefupdates", "true"); | |
2023 | if (needs_work_tree_config(original_git_dir, work_tree)) | |
2024 | git_config_set("core.worktree", work_tree); | |
2025 | } | |
2026 | ||
2027 | if (!reinit) { | |
2028 | /* Check if symlink is supported in the work tree */ | |
2029 | path = git_path_buf(&buf, "tXXXXXX"); | |
2030 | if (!close(xmkstemp(path)) && | |
2031 | !unlink(path) && | |
2032 | !symlink("testing", path) && | |
2033 | !lstat(path, &st1) && | |
2034 | S_ISLNK(st1.st_mode)) | |
2035 | unlink(path); /* good */ | |
2036 | else | |
2037 | git_config_set("core.symlinks", "false"); | |
2038 | ||
2039 | /* Check if the filesystem is case-insensitive */ | |
2040 | path = git_path_buf(&buf, "CoNfIg"); | |
2041 | if (!access(path, F_OK)) | |
2042 | git_config_set("core.ignorecase", "true"); | |
2043 | probe_utf8_pathname_composition(); | |
2044 | } | |
2045 | ||
2046 | strbuf_release(&buf); | |
2047 | return reinit; | |
2048 | } | |
2049 | ||
2050 | static void create_object_directory(void) | |
2051 | { | |
2052 | struct strbuf path = STRBUF_INIT; | |
2053 | size_t baselen; | |
2054 | ||
2055 | strbuf_addstr(&path, get_object_directory()); | |
2056 | baselen = path.len; | |
2057 | ||
2058 | safe_create_dir(path.buf, 1); | |
2059 | ||
2060 | strbuf_setlen(&path, baselen); | |
2061 | strbuf_addstr(&path, "/pack"); | |
2062 | safe_create_dir(path.buf, 1); | |
2063 | ||
2064 | strbuf_setlen(&path, baselen); | |
2065 | strbuf_addstr(&path, "/info"); | |
2066 | safe_create_dir(path.buf, 1); | |
2067 | ||
2068 | strbuf_release(&path); | |
2069 | } | |
2070 | ||
2071 | static void separate_git_dir(const char *git_dir, const char *git_link) | |
2072 | { | |
2073 | struct stat st; | |
2074 | ||
2075 | if (!stat(git_link, &st)) { | |
2076 | const char *src; | |
2077 | ||
2078 | if (S_ISREG(st.st_mode)) | |
2079 | src = read_gitfile(git_link); | |
2080 | else if (S_ISDIR(st.st_mode)) | |
2081 | src = git_link; | |
2082 | else | |
2083 | die(_("unable to handle file type %d"), (int)st.st_mode); | |
2084 | ||
2085 | if (rename(src, git_dir)) | |
2086 | die_errno(_("unable to move %s to %s"), src, git_dir); | |
2087 | repair_worktrees(NULL, NULL); | |
2088 | } | |
2089 | ||
2090 | write_file(git_link, "gitdir: %s", git_dir); | |
2091 | } | |
2092 | ||
2093 | static void validate_hash_algorithm(struct repository_format *repo_fmt, int hash) | |
2094 | { | |
2095 | const char *env = getenv(GIT_DEFAULT_HASH_ENVIRONMENT); | |
2096 | /* | |
2097 | * If we already have an initialized repo, don't allow the user to | |
2098 | * specify a different algorithm, as that could cause corruption. | |
2099 | * Otherwise, if the user has specified one on the command line, use it. | |
2100 | */ | |
2101 | if (repo_fmt->version >= 0 && hash != GIT_HASH_UNKNOWN && hash != repo_fmt->hash_algo) | |
2102 | die(_("attempt to reinitialize repository with different hash")); | |
2103 | else if (hash != GIT_HASH_UNKNOWN) | |
2104 | repo_fmt->hash_algo = hash; | |
2105 | else if (env) { | |
2106 | int env_algo = hash_algo_by_name(env); | |
2107 | if (env_algo == GIT_HASH_UNKNOWN) | |
2108 | die(_("unknown hash algorithm '%s'"), env); | |
2109 | repo_fmt->hash_algo = env_algo; | |
2110 | } | |
2111 | } | |
2112 | ||
2113 | int init_db(const char *git_dir, const char *real_git_dir, | |
2114 | const char *template_dir, int hash, const char *initial_branch, | |
2115 | int init_shared_repository, unsigned int flags) | |
2116 | { | |
2117 | int reinit; | |
2118 | int exist_ok = flags & INIT_DB_EXIST_OK; | |
2119 | char *original_git_dir = real_pathdup(git_dir, 1); | |
2120 | struct repository_format repo_fmt = REPOSITORY_FORMAT_INIT; | |
2121 | int prev_bare_repository; | |
2122 | ||
2123 | if (real_git_dir) { | |
2124 | struct stat st; | |
2125 | ||
2126 | if (!exist_ok && !stat(git_dir, &st)) | |
2127 | die(_("%s already exists"), git_dir); | |
2128 | ||
2129 | if (!exist_ok && !stat(real_git_dir, &st)) | |
2130 | die(_("%s already exists"), real_git_dir); | |
2131 | ||
2132 | set_git_dir(real_git_dir, 1); | |
2133 | git_dir = get_git_dir(); | |
2134 | separate_git_dir(git_dir, original_git_dir); | |
2135 | } | |
2136 | else { | |
2137 | set_git_dir(git_dir, 1); | |
2138 | git_dir = get_git_dir(); | |
2139 | } | |
2140 | startup_info->have_repository = 1; | |
2141 | ||
2142 | /* Ensure `core.hidedotfiles` is processed */ | |
2143 | git_config(platform_core_config, NULL); | |
2144 | ||
2145 | safe_create_dir(git_dir, 0); | |
2146 | ||
2147 | prev_bare_repository = is_bare_repository(); | |
2148 | ||
2149 | /* Check to see if the repository version is right. | |
2150 | * Note that a newly created repository does not have | |
2151 | * config file, so this will not fail. What we are catching | |
2152 | * is an attempt to reinitialize new repository with an old tool. | |
2153 | */ | |
2154 | check_repository_format(&repo_fmt); | |
2155 | ||
2156 | validate_hash_algorithm(&repo_fmt, hash); | |
2157 | ||
2158 | reinit = create_default_files(template_dir, original_git_dir, | |
2159 | initial_branch, &repo_fmt, | |
2160 | prev_bare_repository, | |
2161 | init_shared_repository, | |
2162 | flags & INIT_DB_QUIET); | |
2163 | if (reinit && initial_branch) | |
2164 | warning(_("re-init: ignored --initial-branch=%s"), | |
2165 | initial_branch); | |
2166 | ||
2167 | create_object_directory(); | |
2168 | ||
2169 | if (get_shared_repository()) { | |
2170 | char buf[10]; | |
2171 | /* We do not spell "group" and such, so that | |
2172 | * the configuration can be read by older version | |
2173 | * of git. Note, we use octal numbers for new share modes, | |
2174 | * and compatibility values for PERM_GROUP and | |
2175 | * PERM_EVERYBODY. | |
2176 | */ | |
2177 | if (get_shared_repository() < 0) | |
2178 | /* force to the mode value */ | |
2179 | xsnprintf(buf, sizeof(buf), "0%o", -get_shared_repository()); | |
2180 | else if (get_shared_repository() == PERM_GROUP) | |
2181 | xsnprintf(buf, sizeof(buf), "%d", OLD_PERM_GROUP); | |
2182 | else if (get_shared_repository() == PERM_EVERYBODY) | |
2183 | xsnprintf(buf, sizeof(buf), "%d", OLD_PERM_EVERYBODY); | |
2184 | else | |
2185 | BUG("invalid value for shared_repository"); | |
2186 | git_config_set("core.sharedrepository", buf); | |
2187 | git_config_set("receive.denyNonFastforwards", "true"); | |
2188 | } | |
2189 | ||
2190 | if (!(flags & INIT_DB_QUIET)) { | |
2191 | int len = strlen(git_dir); | |
2192 | ||
2193 | if (reinit) | |
2194 | printf(get_shared_repository() | |
2195 | ? _("Reinitialized existing shared Git repository in %s%s\n") | |
2196 | : _("Reinitialized existing Git repository in %s%s\n"), | |
2197 | git_dir, len && git_dir[len-1] != '/' ? "/" : ""); | |
2198 | else | |
2199 | printf(get_shared_repository() | |
2200 | ? _("Initialized empty shared Git repository in %s%s\n") | |
2201 | : _("Initialized empty Git repository in %s%s\n"), | |
2202 | git_dir, len && git_dir[len-1] != '/' ? "/" : ""); | |
2203 | } | |
2204 | ||
2205 | clear_repository_format(&repo_fmt); | |
2206 | free(original_git_dir); | |
2207 | return 0; | |
2208 | } |