setup.c: introduce `die_upon_dubious_ownership()`

Introduce a new function `die_upon_dubious_ownership()` that uses
`ensure_valid_ownership()` to verify whether a repositroy is safe for
use, and causes Git to die in case it is not.

This function will be used in a subsequent commit.

Helped-by: Johannes Schindelin <Johannes.Schindelin@gmx.de>
Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>

diff --git a/cache.h b/cache.h
index fcf49706ad56ad407774405e94058685c59009ef..a46a3e4b6b1ebc48fe42489edf77701a2a1ac738 100644 (file)
--- a/cache.h
+++ b/cache.h
@@ -606,6 +606,18 @@ void set_git_work_tree(const char *tree);
 
 #define ALTERNATE_DB_ENVIRONMENT "GIT_ALTERNATE_OBJECT_DIRECTORIES"
 
+/*
+ * Check if a repository is safe and die if it is not, by verifying the
+ * ownership of the worktree (if any), the git directory, and the gitfile (if
+ * any).
+ *
+ * Exemptions for known-safe repositories can be added via `safe.directory`
+ * config settings; for non-bare repositories, their worktree needs to be
+ * added, for bare ones their git directory.
+ */
+void die_upon_dubious_ownership(const char *gitfile, const char *worktree,
+                               const char *gitdir);
+
 void setup_work_tree(void);
 /*
  * Find the commondir and gitdir of the repository that contains the current

diff --git a/setup.c b/setup.c
index cefd5f63c4680f7f656084ef72f74784f86e4562..9d401ae4c8f1cb2c0139ffe0bcbcf13c0fe5382b 100644 (file)
--- a/setup.c
+++ b/setup.c
@@ -1165,6 +1165,27 @@ static int ensure_valid_ownership(const char *gitfile,
        return data.is_safe;
 }
 
+void die_upon_dubious_ownership(const char *gitfile, const char *worktree,
+                               const char *gitdir)
+{
+       struct strbuf report = STRBUF_INIT, quoted = STRBUF_INIT;
+       const char *path;
+
+       if (ensure_valid_ownership(gitfile, worktree, gitdir, &report))
+               return;
+
+       strbuf_complete(&report, '\n');
+       path = gitfile ? gitfile : gitdir;
+       sq_quote_buf_pretty(&quoted, path);
+
+       die(_("detected dubious ownership in repository at '%s'\n"
+             "%s"
+             "To add an exception for this directory, call:\n"
+             "\n"
+             "\tgit config --global --add safe.directory %s"),
+           path, report.buf, quoted.buf);
+}
+
 static int allowed_bare_repo_cb(const char *key, const char *value, void *d)
 {
        enum allowed_bare_repo *allowed_bare_repo = d;