]> git.ipfire.org Git - thirdparty/git.git/blame - setup.c
projects / thirdparty / git.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
safe.directory: use git_protected_config()
[thirdparty/git.git] / setup.c
CommitLineData
d288a700 1#include "cache.h"
c14c234f 2#include "repository.h"
b2141fc1 3#include "config.h"
e90fdc39 4#include "dir.h"
31171d9e 5#include "string-list.h"
8500e0de 6#include "chdir-notify.h"
60b7a92d 7#include "promisor-remote.h"
8959555c 8#include "quote.h"
e90fdc39
JS		 9
10static int inside_git_dir = -1;
11static int inside_work_tree = -1;
fada7674 12static int work_tree_config_is_bogus;
d288a700 13
46c3cd44
JK		 14static struct startup_info the_startup_info;
15struct startup_info *startup_info = &the_startup_info;
e6f8861b 16const char *tmp_original_cwd;
46c3cd44 17
ddc2a628
MEW		 18/*
19 * The input parameter must contain an absolute path, and it must already be
20 * normalized.
21 *
22 * Find the part of an absolute path that lies inside the work tree by
23 * dereferencing symlinks outside the work tree, for example:
24 * /dir1/repo/dir2/file (work tree is /dir1/repo) -> dir2/file
25 * /dir/file (work tree is /) -> dir/file
26 * /dir/symlink1/symlink2 (symlink1 points to work tree) -> symlink2
27 * /dir/repolink/file (repolink points to /dir/repo) -> file
28 * /dir/repo (exactly equal to work tree) -> (empty string)
29 */
30static int abspath_part_inside_repo(char *path)
31{
32 size_t len;
33 size_t wtlen;
34 char *path0;
35 int off;
36 const char *work_tree = get_git_work_tree();
3d7747e3 37 struct strbuf realpath = STRBUF_INIT;
ddc2a628
MEW		 38
39 if (!work_tree)
40 return -1;
41 wtlen = strlen(work_tree);
42 len = strlen(path);
6127ff63 43 off = offset_1st_component(path);
ddc2a628
MEW		 44
45 /* check if work tree is already the prefix */
d8727b36 46 if (wtlen <= len && !fspathncmp(path, work_tree, wtlen)) {
ddc2a628
MEW		 47 if (path[wtlen] == '/') {
48 memmove(path, path + wtlen + 1, len - wtlen);
49 return 0;
50 } else if (path[wtlen - 1] == '/' || path[wtlen] == '\0') {
51 /* work tree is the root, or the whole path */
52 memmove(path, path + wtlen, len - wtlen + 1);
53 return 0;
54 }
55 /* work tree might match beginning of a symlink to work tree */
56 off = wtlen;
57 }
58 path0 = path;
6127ff63 59 path += off;
ddc2a628
MEW		 60
61 /* check each '/'-terminated level */
62 while (*path) {
63 path++;
64 if (*path == '/') {
65 *path = '\0';
3d7747e3
AM		 66 strbuf_realpath(&realpath, path0, 1);
67 if (fspathcmp(realpath.buf, work_tree) == 0) {
ddc2a628 68 memmove(path0, path + 1, len - (path - path0));
3d7747e3 69 strbuf_release(&realpath);
ddc2a628
MEW		 70 return 0;
71 }
72 *path = '/';
73 }
74 }
75
76 /* check whole path */
3d7747e3
AM		 77 strbuf_realpath(&realpath, path0, 1);
78 if (fspathcmp(realpath.buf, work_tree) == 0) {
ddc2a628 79 *path0 = '\0';
3d7747e3 80 strbuf_release(&realpath);
ddc2a628
MEW		 81 return 0;
82 }
83
3d7747e3 84 strbuf_release(&realpath);
ddc2a628
MEW		 85 return -1;
86}
87
645a29c4
NTND		 88/*
89 * Normalize "path", prepending the "prefix" for relative paths. If
90 * remaining_prefix is not NULL, return the actual prefix still
91 * remains in the path. For example, prefix = sub1/sub2/ and path is
92 *
93 * foo -> sub1/sub2/foo (full prefix)
94 * ../foo -> sub1/foo (remaining prefix is sub1/)
95 * ../../bar -> bar (no remaining prefix)
96 * ../../sub1/sub2/foo -> sub1/sub2/foo (but no remaining prefix)
97 * `pwd`/../bar -> sub1/bar (no remaining prefix)
98 */
99char *prefix_path_gently(const char *prefix, int len,
100 int *remaining_prefix, const char *path)
d089ebaa
JH		 101{
102 const char *orig = path;
18e051a3
CMAB		 103 char *sanitized;
104 if (is_absolute_path(orig)) {
3733e694 105 sanitized = xmallocz(strlen(path));
645a29c4
NTND		 106 if (remaining_prefix)
107 *remaining_prefix = 0;
655ee9ea
MEW		 108 if (normalize_path_copy_len(sanitized, path, remaining_prefix)) {
109 free(sanitized);
110 return NULL;
111 }
112 if (abspath_part_inside_repo(sanitized)) {
113 free(sanitized);
114 return NULL;
115 }
18e051a3 116 } else {
24041d6b 117 sanitized = xstrfmt("%.*s%s", len, len ? prefix : "", path);
645a29c4
NTND		 118 if (remaining_prefix)
119 *remaining_prefix = len;
655ee9ea 120 if (normalize_path_copy_len(sanitized, sanitized, remaining_prefix)) {
546e0fd9
JK		 121 free(sanitized);
122 return NULL;
d089ebaa 123 }
d089ebaa
JH		 124 }
125 return sanitized;
f332726e
LT		 126}
127
546e0fd9
JK		 128char *prefix_path(const char *prefix, int len, const char *path)
129{
645a29c4 130 char *r = prefix_path_gently(prefix, len, NULL, path);
5c203986
ES		 131 if (!r) {
132 const char *hint_path = get_git_work_tree();
133 if (!hint_path)
134 hint_path = get_git_dir();
e0020b2f 135 die(_("'%s' is outside repository at '%s'"), path,
5c203986
ES		 136 absolute_path(hint_path));
137 }
546e0fd9
JK		 138 return r;
139}
140
141int path_inside_repo(const char *prefix, const char *path)
142{
143 int len = prefix ? strlen(prefix) : 0;
645a29c4 144 char *r = prefix_path_gently(prefix, len, NULL, path);
546e0fd9
JK		 145 if (r) {
146 free(r);
147 return 1;
148 }
149 return 0;
150}
151
c6e8c800
JH		 152int check_filename(const char *prefix, const char *arg)
153{
e4da43b1 154 char *to_free = NULL;
c6e8c800
JH		 155 struct stat st;
156
d51c6ee0
JK		 157 if (skip_prefix(arg, ":/", &arg)) {
158 if (!*arg) /* ":/" is root dir, always exists */
4db86e8b 159 return 1;
a08cbcda 160 prefix = NULL;
42471bce
JK		 161 } else if (skip_prefix(arg, ":!", &arg) ||
162 skip_prefix(arg, ":^", &arg)) {
163 if (!*arg) /* excluding everything is silly, but allowed */
164 return 1;
a08cbcda
JK		 165 }
166
167 if (prefix)
168 arg = to_free = prefix_filename(prefix, arg);
169
170 if (!lstat(arg, &st)) {
e4da43b1 171 free(to_free);
c6e8c800 172 return 1; /* file exists */
e4da43b1 173 }
93dd544f 174 if (is_missing_file_error(errno)) {
e4da43b1 175 free(to_free);
c6e8c800 176 return 0; /* file does not exist */
e4da43b1 177 }
fc045fe7 178 die_errno(_("failed to stat '%s'"), arg);
c6e8c800
JH		 179}
180
e270f42c
NTND		 181static void NORETURN die_verify_filename(struct repository *r,
182 const char *prefix,
023e37c3
MM		 183 const char *arg,
184 int diagnose_misspelt_rev)
009fee47 185{
023e37c3 186 if (!diagnose_misspelt_rev)
ab33a76e
VA		 187 die(_("%s: no such path in the working tree.\n"
188 "Use 'git <command> -- <path>...' to specify paths that do not exist locally."),
023e37c3 189 arg);
0e539dca
JH		 190 /*
191 * Saying "'(icase)foo' does not exist in the index" when the
192 * user gave us ":(icase)foo" is just stupid. A magic pathspec
193 * begins with a colon and is followed by a non-alnum; do not
8c135ea2 194 * let maybe_die_on_misspelt_object_name() even trigger.
0e539dca
JH		 195 */
196 if (!(arg[0] == ':' && !isalnum(arg[1])))
e270f42c 197 maybe_die_on_misspelt_object_name(r, arg, prefix);
0e539dca 198
009fee47 199 /* ... or fall back the most general message. */
ab33a76e
VA		 200 die(_("ambiguous argument '%s': unknown revision or path not in the working tree.\n"
201 "Use '--' to separate paths from revisions, like this:\n"
202 "'git <command> [<revision>...] -- [<file>...]'"), arg);
009fee47
MM		 203
204}
205
c99eddd8
JK		 206/*
207 * Check for arguments that don't resolve as actual files,
208 * but which look sufficiently like pathspecs that we'll consider
209 * them such for the purposes of rev/pathspec DWIM parsing.
210 */
211static int looks_like_pathspec(const char *arg)
212{
39e21c6e
JK		 213 const char *p;
214 int escaped = 0;
215
216 /*
217 * Wildcard characters imply the user is looking to match pathspecs
218 * that aren't in the filesystem. Note that this doesn't include
219 * backslash even though it's a glob special; by itself it doesn't
220 * cause any increase in the match. Likewise ignore backslash-escaped
221 * wildcard characters.
222 */
223 for (p = arg; *p; p++) {
224 if (escaped) {
225 escaped = 0;
226 } else if (is_glob_special(*p)) {
227 if (*p == '\\')
228 escaped = 1;
229 else
230 return 1;
231 }
232 }
c99eddd8
JK		 233
234 /* long-form pathspec magic */
235 if (starts_with(arg, ":("))
236 return 1;
237
238 return 0;
239}
240
e23d0b4a
LT		 241/*
242 * Verify a filename that we got as an argument for a pathspec
243 * entry. Note that a filename that begins with "-" never verifies
244 * as true, because even if such a filename were to exist, we want
245 * it to be preceded by the "--" marker (or we want the user to
246 * use a format like "./-filename")
023e37c3
MM		 247 *
248 * The "diagnose_misspelt_rev" is used to provide a user-friendly
249 * diagnosis when dying upon finding that "name" is not a pathname.
250 * If set to 1, the diagnosis will try to diagnose "name" as an
251 * invalid object name (e.g. HEAD:foo). If set to 0, the diagnosis
252 * will only complain about an inexisting file.
253 *
254 * This function is typically called to check that a "file or rev"
255 * argument is unambiguous. In this case, the caller will want
256 * diagnose_misspelt_rev == 1 when verifying the first non-rev
257 * argument (which could have been a revision), and
258 * diagnose_misspelt_rev == 0 for the next ones (because we already
259 * saw a filename, there's not ambiguity anymore).
e23d0b4a 260 */
023e37c3
MM		 261void verify_filename(const char *prefix,
262 const char *arg,
263 int diagnose_misspelt_rev)
e23d0b4a 264{
e23d0b4a 265 if (*arg == '-')
fc045fe7 266 die(_("option '%s' must come before non-option arguments"), arg);
2cb47ab6 267 if (looks_like_pathspec(arg) || check_filename(prefix, arg))
e23d0b4a 268 return;
e270f42c 269 die_verify_filename(the_repository, prefix, arg, diagnose_misspelt_rev);
e23d0b4a
LT		 270}
271
ea92f41f
JH		 272/*
273 * Opposite of the above: the command line did not have -- marker
274 * and we parsed the arg as a refname. It should not be interpretable
275 * as a filename.
276 */
277void verify_non_filename(const char *prefix, const char *arg)
278{
7ae3df8c 279 if (!is_inside_work_tree() || is_inside_git_dir())
68025633 280 return;
ea92f41f
JH		 281 if (*arg == '-')
282 return; /* flag */
c6e8c800
JH		 283 if (!check_filename(prefix, arg))
284 return;
ab33a76e
VA		 285 die(_("ambiguous argument '%s': both revision and filename\n"
286 "Use '--' to separate paths from revisions, like this:\n"
287 "'git <command> [<revision>...] -- [<file>...]'"), arg);
ea92f41f
JH		 288}
289
31e26ebc 290int get_common_dir(struct strbuf *sb, const char *gitdir)
11f9dd71
MK		 291{
292 const char *git_env_common_dir = getenv(GIT_COMMON_DIR_ENVIRONMENT);
293 if (git_env_common_dir) {
294 strbuf_addstr(sb, git_env_common_dir);
295 return 1;
296 } else {
297 return get_common_dir_noenv(sb, gitdir);
298 }
299}
300
301int get_common_dir_noenv(struct strbuf *sb, const char *gitdir)
4dc4e145
NTND		 302{
303 struct strbuf data = STRBUF_INIT;
304 struct strbuf path = STRBUF_INIT;
31e26ebc 305 int ret = 0;
11f9dd71 306
4dc4e145
NTND		 307 strbuf_addf(&path, "%s/commondir", gitdir);
308 if (file_exists(path.buf)) {
309 if (strbuf_read_file(&data, path.buf, 0) <= 0)
310 die_errno(_("failed to read %s"), path.buf);
311 while (data.len && (data.buf[data.len - 1] == '\n' ||
312 data.buf[data.len - 1] == '\r'))
313 data.len--;
314 data.buf[data.len] = '\0';
315 strbuf_reset(&path);
316 if (!is_absolute_path(data.buf))
317 strbuf_addf(&path, "%s/", gitdir);
318 strbuf_addbuf(&path, &data);
33ad9ddd 319 strbuf_add_real_path(sb, path.buf);
31e26ebc 320 ret = 1;
4ac9006f 321 } else {
4dc4e145 322 strbuf_addstr(sb, gitdir);
4ac9006f
BW		 323 }
324
4dc4e145
NTND		 325 strbuf_release(&data);
326 strbuf_release(&path);
31e26ebc 327 return ret;
4dc4e145 328}
d288a700 329
5f5608bc 330/*
ad1a382f 331 * Test if it looks like we're at a git directory.
5e7bfe25 332 * We want to see:
5f5608bc 333 *
790296fd 334 * - either an objects/ directory _or_ the proper
5f5608bc 335 * GIT_OBJECT_DIRECTORY environment variable
ad1a382f 336 * - a refs/ directory
8098a178 337 * - either a HEAD symlink or a HEAD file that is formatted as
c847f537
JH		 338 * a proper "ref:", or a regular file HEAD that has a properly
339 * formatted sha1 object name.
5f5608bc 340 */
b3256eb8 341int is_git_directory(const char *suspect)
5f5608bc 342{
1d186b6f
NTND		 343 struct strbuf path = STRBUF_INIT;
344 int ret = 0;
345 size_t len;
ad1a382f 346
4dc4e145 347 /* Check worktree-related signatures */
fa4d8c78
JK		 348 strbuf_addstr(&path, suspect);
349 strbuf_complete(&path, '/');
350 strbuf_addstr(&path, "HEAD");
4dc4e145
NTND		 351 if (validate_headref(path.buf))
352 goto done;
353
354 strbuf_reset(&path);
355 get_common_dir(&path, suspect);
1d186b6f 356 len = path.len;
4dc4e145
NTND		 357
358 /* Check non-worktree-related signatures */
ad1a382f
SP		 359 if (getenv(DB_ENVIRONMENT)) {
360 if (access(getenv(DB_ENVIRONMENT), X_OK))
1d186b6f 361 goto done;
ad1a382f
SP		 362 }
363 else {
4dc4e145 364 strbuf_setlen(&path, len);
1d186b6f
NTND		 365 strbuf_addstr(&path, "/objects");
366 if (access(path.buf, X_OK))
367 goto done;
ad1a382f
SP		 368 }
369
1d186b6f
NTND		 370 strbuf_setlen(&path, len);
371 strbuf_addstr(&path, "/refs");
372 if (access(path.buf, X_OK))
373 goto done;
ad1a382f 374
1d186b6f
NTND		 375 ret = 1;
376done:
377 strbuf_release(&path);
378 return ret;
5f5608bc
LT		 379}
380
ffd036b1
JK		 381int is_nonbare_repository_dir(struct strbuf *path)
382{
383 int ret = 0;
384 int gitfile_error;
385 size_t orig_path_len = path->len;
386 assert(orig_path_len != 0);
387 strbuf_complete(path, '/');
388 strbuf_addstr(path, ".git");
389 if (read_gitfile_gently(path->buf, &gitfile_error) || is_git_directory(path->buf))
390 ret = 1;
391 if (gitfile_error == READ_GITFILE_ERR_OPEN_FAILED ||
392 gitfile_error == READ_GITFILE_ERR_READ_FAILED)
393 ret = 1;
394 strbuf_setlen(path, orig_path_len);
395 return ret;
396}
397
68025633
JS		 398int is_inside_git_dir(void)
399{
e90fdc39
JS		 400 if (inside_git_dir < 0)
401 inside_git_dir = is_inside_dir(get_git_dir());
402 return inside_git_dir;
892c41b9
ML		 403}
404
892c41b9
ML		 405int is_inside_work_tree(void)
406{
e90fdc39
JS		 407 if (inside_work_tree < 0)
408 inside_work_tree = is_inside_dir(get_git_work_tree());
409 return inside_work_tree;
892c41b9
ML		 410}
411
f3fa1838
JH		 412void setup_work_tree(void)
413{
8500e0de 414 const char *work_tree;
354e6534
JS		 415 static int initialized = 0;
416
417 if (initialized)
418 return;
fada7674
JK		 419
420 if (work_tree_config_is_bogus)
fc045fe7 421 die(_("unable to set up work tree using invalid config"));
fada7674 422
354e6534 423 work_tree = get_git_work_tree();
8500e0de 424 if (!work_tree || chdir_notify(work_tree))
fc045fe7 425 die(_("this operation must be run in a work tree"));
0ed74813
NTND		 426
427 /*
428 * Make sure subsequent git processes find correct worktree
429 * if $GIT_WORK_TREE is set relative
430 */
431 if (getenv(GIT_WORK_TREE_ENVIRONMENT))
432 setenv(GIT_WORK_TREE_ENVIRONMENT, ".", 1);
433
354e6534 434 initialized = 1;
59f0f2f3
MH		 435}
436
e6f8861b
EN		 437static void setup_original_cwd(void)
438{
439 struct strbuf tmp = STRBUF_INIT;
440 const char *worktree = NULL;
441 int offset = -1;
442
443 if (!tmp_original_cwd)
444 return;
445
446 /*
447 * startup_info->original_cwd points to the current working
448 * directory we inherited from our parent process, which is a
449 * directory we want to avoid removing.
450 *
451 * For convience, we would like to have the path relative to the
452 * worktree instead of an absolute path.
453 *
454 * Yes, startup_info->original_cwd is usually the same as 'prefix',
455 * but differs in two ways:
456 * - prefix has a trailing '/'
457 * - if the user passes '-C' to git, that modifies the prefix but
458 * not startup_info->original_cwd.
459 */
460
461 /* Normalize the directory */
c37c6dc6
KL		 462 if (!strbuf_realpath(&tmp, tmp_original_cwd, 0)) {
463 trace2_data_string("setup", the_repository,
464 "realpath-path", tmp_original_cwd);
465 trace2_data_string("setup", the_repository,
466 "realpath-failure", strerror(errno));
467 free((char*)tmp_original_cwd);
468 tmp_original_cwd = NULL;
469 return;
470 }
471
e6f8861b
EN		 472 free((char*)tmp_original_cwd);
473 tmp_original_cwd = NULL;
474 startup_info->original_cwd = strbuf_detach(&tmp, NULL);
475
476 /*
477 * Get our worktree; we only protect the current working directory
478 * if it's in the worktree.
479 */
480 worktree = get_git_work_tree();
481 if (!worktree)
482 goto no_prevention_needed;
483
484 offset = dir_inside_of(startup_info->original_cwd, worktree);
485 if (offset >= 0) {
486 /*
487 * If startup_info->original_cwd == worktree, that is already
488 * protected and we don't need original_cwd as a secondary
489 * protection measure.
490 */
491 if (!*(startup_info->original_cwd + offset))
492 goto no_prevention_needed;
493
494 /*
495 * original_cwd was inside worktree; precompose it just as
496 * we do prefix so that built up paths will match
497 */
498 startup_info->original_cwd = \
499 precompose_string_if_needed(startup_info->original_cwd
500 + offset);
501 return;
502 }
503
504no_prevention_needed:
505 free((char*)startup_info->original_cwd);
506 startup_info->original_cwd = NULL;
507}
508
58b284a2
NTND		 509static int read_worktree_config(const char *var, const char *value, void *vdata)
510{
511 struct repository_format *data = vdata;
512
513 if (strcmp(var, "core.bare") == 0) {
514 data->is_bare = git_config_bool(var, value);
515 } else if (strcmp(var, "core.worktree") == 0) {
516 if (!value)
517 return config_error_nonbool(var);
13019979 518 free(data->work_tree);
58b284a2
NTND		 519 data->work_tree = xstrdup(value);
520 }
521 return 0;
522}
523
ec91ffca
JK		 524enum extension_result {
525 EXTENSION_ERROR = -1, /* compatible with error(), etc */
526 EXTENSION_UNKNOWN = 0,
527 EXTENSION_OK = 1
528};
529
530/*
531 * Do not add new extensions to this function. It handles extensions which are
532 * respected even in v0-format repositories for historical compatibility.
533 */
534static enum extension_result handle_extension_v0(const char *var,
535 const char *value,
536 const char *ext,
537 struct repository_format *data)
538{
539 if (!strcmp(ext, "noop")) {
540 return EXTENSION_OK;
541 } else if (!strcmp(ext, "preciousobjects")) {
542 data->precious_objects = git_config_bool(var, value);
543 return EXTENSION_OK;
544 } else if (!strcmp(ext, "partialclone")) {
ec91ffca
JK		 545 data->partial_clone = xstrdup(value);
546 return EXTENSION_OK;
547 } else if (!strcmp(ext, "worktreeconfig")) {
548 data->worktree_config = git_config_bool(var, value);
549 return EXTENSION_OK;
550 }
551
552 return EXTENSION_UNKNOWN;
553}
554
555/*
556 * Record any new extensions in this function.
557 */
558static enum extension_result handle_extension(const char *var,
559 const char *value,
560 const char *ext,
561 struct repository_format *data)
562{
563 if (!strcmp(ext, "noop-v1")) {
564 return EXTENSION_OK;
e0ad9574
JH		 565 } else if (!strcmp(ext, "objectformat")) {
566 int format;
ec91ffca 567
e0ad9574
JH		 568 if (!value)
569 return config_error_nonbool(var);
570 format = hash_algo_by_name(value);
571 if (format == GIT_HASH_UNKNOWN)
1a8aea85
JNA		 572 return error(_("invalid value for '%s': '%s'"),
573 "extensions.objectformat", value);
e0ad9574
JH		 574 data->hash_algo = format;
575 return EXTENSION_OK;
576 }
ec91ffca
JK		 577 return EXTENSION_UNKNOWN;
578}
579
2cc7c2c7 580static int check_repo_format(const char *var, const char *value, void *vdata)
31e26ebc 581{
2cc7c2c7 582 struct repository_format *data = vdata;
00a09d57
JK		 583 const char *ext;
584
31e26ebc 585 if (strcmp(var, "core.repositoryformatversion") == 0)
2cc7c2c7 586 data->version = git_config_int(var, value);
00a09d57 587 else if (skip_prefix(var, "extensions.", &ext)) {
ec91ffca
JK		 588 switch (handle_extension_v0(var, value, ext, data)) {
589 case EXTENSION_ERROR:
590 return -1;
591 case EXTENSION_OK:
592 return 0;
593 case EXTENSION_UNKNOWN:
594 break;
595 }
596
597 switch (handle_extension(var, value, ext, data)) {
598 case EXTENSION_ERROR:
599 return -1;
600 case EXTENSION_OK:
601 string_list_append(&data->v1_only_extensions, ext);
602 return 0;
603 case EXTENSION_UNKNOWN:
2cc7c2c7 604 string_list_append(&data->unknown_extensions, ext);
ec91ffca
JK		 605 return 0;
606 }
00a09d57 607 }
58b284a2
NTND		 608
609 return read_worktree_config(var, value, vdata);
31e26ebc
NTND		 610}
611
abade65b 612static int check_repository_format_gently(const char *gitdir, struct repository_format *candidate, int *nongit_ok)
9459aa77 613{
7d0fb0da 614 struct strbuf sb = STRBUF_INIT;
2cc7c2c7 615 struct strbuf err = STRBUF_INIT;
652f18ee 616 int has_common;
00a09d57 617
652f18ee 618 has_common = get_common_dir(&sb, gitdir);
e61a509a 619 strbuf_addstr(&sb, "/config");
abade65b 620 read_repository_format(candidate, sb.buf);
2cc7c2c7 621 strbuf_release(&sb);
e61a509a 622
337e51ce 623 /*
2cc7c2c7
JK		 624 * For historical use of check_repository_format() in git-init,
625 * we treat a missing config as a silent "ok", even when nongit_ok
626 * is unset.
337e51ce 627 */
abade65b 628 if (candidate->version < 0)
2cc7c2c7
JK		 629 return 0;
630
abade65b 631 if (verify_repository_format(candidate, &err) < 0) {
2cc7c2c7
JK		 632 if (nongit_ok) {
633 warning("%s", err.buf);
634 strbuf_release(&err);
635 *nongit_ok = -1;
636 return -1;
637 }
638 die("%s", err.buf);
639 }
640
11664196 641 repository_format_precious_objects = candidate->precious_objects;
11664196 642 repository_format_worktree_config = candidate->worktree_config;
abade65b 643 string_list_clear(&candidate->unknown_extensions, 0);
ec91ffca 644 string_list_clear(&candidate->v1_only_extensions, 0);
58b284a2
NTND		 645
646 if (repository_format_worktree_config) {
647 /*
648 * pick up core.bare and core.worktree from per-worktree
649 * config if present
650 */
651 strbuf_addf(&sb, "%s/config.worktree", gitdir);
652 git_config_from_file(read_worktree_config, sb.buf, candidate);
653 strbuf_release(&sb);
654 has_common = 0;
655 }
656
652f18ee 657 if (!has_common) {
abade65b 658 if (candidate->is_bare != -1) {
659 is_bare_repository_cfg = candidate->is_bare;
652f18ee
JK		 660 if (is_bare_repository_cfg == 1)
661 inside_work_tree = -1;
662 }
abade65b 663 if (candidate->work_tree) {
652f18ee 664 free(git_work_tree_cfg);
e8805af1 665 git_work_tree_cfg = xstrdup(candidate->work_tree);
2cc7c2c7 666 inside_work_tree = -1;
652f18ee 667 }
2cc7c2c7
JK		 668 }
669
670 return 0;
671}
672
16af5f1a
XL		 673int upgrade_repository_format(int target_version)
674{
675 struct strbuf sb = STRBUF_INIT;
676 struct strbuf err = STRBUF_INIT;
677 struct strbuf repo_version = STRBUF_INIT;
678 struct repository_format repo_fmt = REPOSITORY_FORMAT_INIT;
679
680 strbuf_git_common_path(&sb, the_repository, "config");
681 read_repository_format(&repo_fmt, sb.buf);
682 strbuf_release(&sb);
683
684 if (repo_fmt.version >= target_version)
685 return 0;
686
62f2eca6
JN		 687 if (verify_repository_format(&repo_fmt, &err) < 0) {
688 error("cannot upgrade repository format from %d to %d: %s",
689 repo_fmt.version, target_version, err.buf);
16af5f1a
XL		 690 strbuf_release(&err);
691 return -1;
692 }
62f2eca6
JN		 693 if (!repo_fmt.version && repo_fmt.unknown_extensions.nr)
694 return error("cannot upgrade repository format: "
695 "unknown extension %s",
696 repo_fmt.unknown_extensions.items[0].string);
16af5f1a
XL		 697
698 strbuf_addf(&repo_version, "%d", target_version);
699 git_config_set("core.repositoryformatversion", repo_version.buf);
700 strbuf_release(&repo_version);
701 return 1;
702}
703
e8805af1
 704static void init_repository_format(struct repository_format *format)
705{
706 const struct repository_format fresh = REPOSITORY_FORMAT_INIT;
707
708 memcpy(format, &fresh, sizeof(fresh));
709}
710
652f18ee 711int read_repository_format(struct repository_format *format, const char *path)
2cc7c2c7 712{
e8805af1 713 clear_repository_format(format);
652f18ee 714 git_config_from_file(check_repo_format, path, format);
e8805af1
 715 if (format->version == -1)
716 clear_repository_format(format);
2cc7c2c7
JK		 717 return format->version;
718}
719
e8805af1
 720void clear_repository_format(struct repository_format *format)
721{
722 string_list_clear(&format->unknown_extensions, 0);
ec91ffca 723 string_list_clear(&format->v1_only_extensions, 0);
e8805af1
 724 free(format->work_tree);
725 free(format->partial_clone);
726 init_repository_format(format);
727}
728
2cc7c2c7
JK		 729int verify_repository_format(const struct repository_format *format,
730 struct strbuf *err)
731{
732 if (GIT_REPO_VERSION_READ < format->version) {
274db840 733 strbuf_addf(err, _("Expected git repo version <= %d, found %d"),
2cc7c2c7
JK		 734 GIT_REPO_VERSION_READ, format->version);
735 return -1;
736 }
737
738 if (format->version >= 1 && format->unknown_extensions.nr) {
00a09d57
JK		 739 int i;
740
8013d7d9
AH		 741 strbuf_addstr(err, Q_("unknown repository extension found:",
742 "unknown repository extensions found:",
743 format->unknown_extensions.nr));
00a09d57 744
2cc7c2c7
JK		 745 for (i = 0; i < format->unknown_extensions.nr; i++)
746 strbuf_addf(err, "\n\t%s",
747 format->unknown_extensions.items[i].string);
748 return -1;
00a09d57
JK		 749 }
750
ec91ffca
JK		 751 if (format->version == 0 && format->v1_only_extensions.nr) {
752 int i;
753
754 strbuf_addstr(err,
8013d7d9
AH		 755 Q_("repo version is 0, but v1-only extension found:",
756 "repo version is 0, but v1-only extensions found:",
757 format->v1_only_extensions.nr));
ec91ffca
JK		 758
759 for (i = 0; i < format->v1_only_extensions.nr; i++)
760 strbuf_addf(err, "\n\t%s",
761 format->v1_only_extensions.items[i].string);
762 return -1;
763 }
764
2cc7c2c7 765 return 0;
9459aa77
NTND		 766}
767
5f29433f
SB		 768void read_gitfile_error_die(int error_code, const char *path, const char *dir)
769{
770 switch (error_code) {
771 case READ_GITFILE_ERR_STAT_FAILED:
772 case READ_GITFILE_ERR_NOT_A_FILE:
773 /* non-fatal; follow return path */
774 break;
775 case READ_GITFILE_ERR_OPEN_FAILED:
fc045fe7 776 die_errno(_("error opening '%s'"), path);
5f29433f 777 case READ_GITFILE_ERR_TOO_LARGE:
fc045fe7 778 die(_("too large to be a .git file: '%s'"), path);
5f29433f 779 case READ_GITFILE_ERR_READ_FAILED:
fc045fe7 780 die(_("error reading %s"), path);
5f29433f 781 case READ_GITFILE_ERR_INVALID_FORMAT:
fc045fe7 782 die(_("invalid gitfile format: %s"), path);
5f29433f 783 case READ_GITFILE_ERR_NO_PATH:
fc045fe7 784 die(_("no path in gitfile: %s"), path);
5f29433f 785 case READ_GITFILE_ERR_NOT_A_REPO:
fc045fe7 786 die(_("not a git repository: %s"), dir);
5f29433f 787 default:
033abf97 788 BUG("unknown error code");
5f29433f
SB		 789 }
790}
791
b44ebb19
LH		 792/*
793 * Try to read the location of the git directory from the .git file,
ea1d8756
HWN		 794 * return path to git directory if found. The return value comes from
795 * a shared buffer.
a93bedad
EE		 796 *
797 * On failure, if return_error_code is not NULL, return_error_code
798 * will be set to an error code and NULL will be returned. If
799 * return_error_code is NULL the function will die instead (for most
800 * cases).
b44ebb19 801 */
a93bedad 802const char *read_gitfile_gently(const char *path, int *return_error_code)
b44ebb19 803{
921bdd96 804 const int max_file_size = 1 << 20; /* 1MB */
a93bedad
EE		 805 int error_code = 0;
806 char *buf = NULL;
807 char *dir = NULL;
40c813e0 808 const char *slash;
b44ebb19
LH		 809 struct stat st;
810 int fd;
b1905aea 811 ssize_t len;
3d7747e3 812 static struct strbuf realpath = STRBUF_INIT;
b44ebb19 813
a93bedad 814 if (stat(path, &st)) {
5c4003ca 815 /* NEEDSWORK: discern between ENOENT vs other errors */
a93bedad
EE		 816 error_code = READ_GITFILE_ERR_STAT_FAILED;
817 goto cleanup_return;
818 }
819 if (!S_ISREG(st.st_mode)) {
820 error_code = READ_GITFILE_ERR_NOT_A_FILE;
821 goto cleanup_return;
822 }
921bdd96
EE		 823 if (st.st_size > max_file_size) {
824 error_code = READ_GITFILE_ERR_TOO_LARGE;
825 goto cleanup_return;
826 }
b44ebb19 827 fd = open(path, O_RDONLY);
a93bedad
EE		 828 if (fd < 0) {
829 error_code = READ_GITFILE_ERR_OPEN_FAILED;
830 goto cleanup_return;
831 }
3733e694 832 buf = xmallocz(st.st_size);
b44ebb19
LH		 833 len = read_in_full(fd, buf, st.st_size);
834 close(fd);
a93bedad
EE		 835 if (len != st.st_size) {
836 error_code = READ_GITFILE_ERR_READ_FAILED;
837 goto cleanup_return;
838 }
a93bedad
EE		 839 if (!starts_with(buf, "gitdir: ")) {
840 error_code = READ_GITFILE_ERR_INVALID_FORMAT;
841 goto cleanup_return;
842 }
b44ebb19
LH		 843 while (buf[len - 1] == '\n' || buf[len - 1] == '\r')
844 len--;
a93bedad
EE		 845 if (len < 9) {
846 error_code = READ_GITFILE_ERR_NO_PATH;
847 goto cleanup_return;
848 }
b44ebb19 849 buf[len] = '\0';
40c813e0
BK		 850 dir = buf + 8;
851
852 if (!is_absolute_path(dir) && (slash = strrchr(path, '/'))) {
853 size_t pathlen = slash+1 - path;
75faa45a
JK		 854 dir = xstrfmt("%.*s%.*s", (int)pathlen, path,
855 (int)(len - 8), buf + 8);
40c813e0
BK		 856 free(buf);
857 buf = dir;
858 }
a93bedad
EE		 859 if (!is_git_directory(dir)) {
860 error_code = READ_GITFILE_ERR_NOT_A_REPO;
861 goto cleanup_return;
862 }
3d7747e3
AM		 863
864 strbuf_realpath(&realpath, dir, 1);
865 path = realpath.buf;
40c813e0 866
a93bedad 867cleanup_return:
a93bedad
EE		 868 if (return_error_code)
869 *return_error_code = error_code;
5f29433f
SB		 870 else if (error_code)
871 read_gitfile_error_die(error_code, path, dir);
a93bedad 872
b44ebb19 873 free(buf);
38ae8784 874 return error_code ? NULL : path;
b44ebb19
LH		 875}
876
e4e30347 877static const char *setup_explicit_git_dir(const char *gitdirenv,
7333ed17 878 struct strbuf *cwd,
abade65b 879 struct repository_format *repo_fmt,
b3f66fd3 880 int *nongit_ok)
e4e30347 881{
b3f66fd3
NTND		 882 const char *work_tree_env = getenv(GIT_WORK_TREE_ENVIRONMENT);
883 const char *worktree;
884 char *gitfile;
9b125da4 885 int offset;
e4e30347
JN		 886
887 if (PATH_MAX - 40 < strlen(gitdirenv))
fc045fe7 888 die(_("'$%s' too big"), GIT_DIR_ENVIRONMENT);
b3f66fd3 889
13d6ec91 890 gitfile = (char*)read_gitfile(gitdirenv);
b3f66fd3
NTND		 891 if (gitfile) {
892 gitfile = xstrdup(gitfile);
893 gitdirenv = gitfile;
894 }
895
e4e30347
JN		 896 if (!is_git_directory(gitdirenv)) {
897 if (nongit_ok) {
898 *nongit_ok = 1;
b3f66fd3 899 free(gitfile);
e4e30347
JN		 900 return NULL;
901 }
fc045fe7 902 die(_("not a git repository: '%s'"), gitdirenv);
e4e30347 903 }
b3f66fd3 904
abade65b 905 if (check_repository_format_gently(gitdirenv, repo_fmt, nongit_ok)) {
b3f66fd3
NTND		 906 free(gitfile);
907 return NULL;
e4e30347 908 }
b3f66fd3
NTND		 909
910 /* #3, #7, #11, #15, #19, #23, #27, #31 (see t1510) */
911 if (work_tree_env)
912 set_git_work_tree(work_tree_env);
913 else if (is_bare_repository_cfg > 0) {
fada7674
JK		 914 if (git_work_tree_cfg) {
915 /* #22.2, #30 */
916 warning("core.bare and core.worktree do not make sense");
917 work_tree_config_is_bogus = 1;
918 }
b3f66fd3
NTND		 919
920 /* #18, #26 */
0915a5b4 921 set_git_dir(gitdirenv, 0);
b3f66fd3 922 free(gitfile);
e4e30347 923 return NULL;
b3f66fd3
NTND		 924 }
925 else if (git_work_tree_cfg) { /* #6, #14 */
926 if (is_absolute_path(git_work_tree_cfg))
927 set_git_work_tree(git_work_tree_cfg);
928 else {
56b9f6e7 929 char *core_worktree;
b3f66fd3 930 if (chdir(gitdirenv))
fc045fe7 931 die_errno(_("cannot chdir to '%s'"), gitdirenv);
b3f66fd3 932 if (chdir(git_work_tree_cfg))
fc045fe7 933 die_errno(_("cannot chdir to '%s'"), git_work_tree_cfg);
56b9f6e7 934 core_worktree = xgetcwd();
7333ed17 935 if (chdir(cwd->buf))
fc045fe7 936 die_errno(_("cannot come back to cwd"));
b3f66fd3 937 set_git_work_tree(core_worktree);
56b9f6e7 938 free(core_worktree);
b3f66fd3
NTND		 939 }
940 }
2cd83d10
JK		 941 else if (!git_env_bool(GIT_IMPLICIT_WORK_TREE_ENVIRONMENT, 1)) {
942 /* #16d */
0915a5b4 943 set_git_dir(gitdirenv, 0);
2cd83d10
JK		 944 free(gitfile);
945 return NULL;
946 }
b3f66fd3
NTND		 947 else /* #2, #10 */
948 set_git_work_tree(".");
949
950 /* set_git_work_tree() must have been called by now */
951 worktree = get_git_work_tree();
952
953 /* both get_git_work_tree() and cwd are already normalized */
7333ed17 954 if (!strcmp(cwd->buf, worktree)) { /* cwd == worktree */
0915a5b4 955 set_git_dir(gitdirenv, 0);
b3f66fd3 956 free(gitfile);
e4e30347 957 return NULL;
b3f66fd3 958 }
e4e30347 959
7333ed17 960 offset = dir_inside_of(cwd->buf, worktree);
9b125da4 961 if (offset >= 0) { /* cwd inside worktree? */
0915a5b4 962 set_git_dir(gitdirenv, 1);
b3f66fd3 963 if (chdir(worktree))
fc045fe7 964 die_errno(_("cannot chdir to '%s'"), worktree);
7333ed17 965 strbuf_addch(cwd, '/');
b3f66fd3 966 free(gitfile);
7333ed17 967 return cwd->buf + offset;
93a00542 968 }
b3f66fd3
NTND		 969
970 /* cwd outside worktree */
0915a5b4 971 set_git_dir(gitdirenv, 0);
b3f66fd3
NTND		 972 free(gitfile);
973 return NULL;
93a00542
JN		 974}
975
9951d3b3 976static const char *setup_discovered_git_dir(const char *gitdir,
7333ed17 977 struct strbuf *cwd, int offset,
abade65b 978 struct repository_format *repo_fmt,
9951d3b3 979 int *nongit_ok)
98937bef 980{
abade65b 981 if (check_repository_format_gently(gitdir, repo_fmt, nongit_ok))
9951d3b3 982 return NULL;
98937bef 983
4868b2ea
JN		 984 /* --work-tree is set without --git-dir; use discovered one */
985 if (getenv(GIT_WORK_TREE_ENVIRONMENT) || git_work_tree_cfg) {
2d4dcf21
JS		 986 char *to_free = NULL;
987 const char *ret;
988
7333ed17 989 if (offset != cwd->len && !is_absolute_path(gitdir))
2d4dcf21 990 gitdir = to_free = real_pathdup(gitdir, 1);
7333ed17 991 if (chdir(cwd->buf))
fc045fe7 992 die_errno(_("cannot come back to cwd"));
abade65b 993 ret = setup_explicit_git_dir(gitdir, cwd, repo_fmt, nongit_ok);
2d4dcf21
JS		 994 free(to_free);
995 return ret;
4868b2ea
JN		 996 }
997
9951d3b3
NTND		 998 /* #16.2, #17.2, #20.2, #21.2, #24, #25, #28, #29 (see t1510) */
999 if (is_bare_repository_cfg > 0) {
0915a5b4 1000 set_git_dir(gitdir, (offset != cwd->len));
7333ed17 1001 if (chdir(cwd->buf))
fc045fe7 1002 die_errno(_("cannot come back to cwd"));
98937bef 1003 return NULL;
9951d3b3 1004 }
98937bef 1005
9951d3b3
NTND		 1006 /* #0, #1, #5, #8, #9, #12, #13 */
1007 set_git_work_tree(".");
1008 if (strcmp(gitdir, DEFAULT_GIT_DIR_ENVIRONMENT))
0915a5b4 1009 set_git_dir(gitdir, 0);
98937bef 1010 inside_git_dir = 0;
9951d3b3 1011 inside_work_tree = 1;
5cf7b3b1 1012 if (offset >= cwd->len)
98937bef
NTND		 1013 return NULL;
1014
df380d58
JS		 1015 /* Make "offset" point past the '/' (already the case for root dirs) */
1016 if (offset != offset_1st_component(cwd->buf))
1017 offset++;
1018 /* Add a '/' at the end */
7333ed17
RS		 1019 strbuf_addch(cwd, '/');
1020 return cwd->buf + offset;
98937bef
NTND		 1021}
1022
1cd8031b 1023/* #16.1, #17.1, #20.1, #21.1, #22.1 (see t1510) */
7333ed17 1024static const char *setup_bare_git_dir(struct strbuf *cwd, int offset,
abade65b 1025 struct repository_format *repo_fmt,
7333ed17 1026 int *nongit_ok)
68698da5
JN		 1027{
1028 int root_len;
1029
abade65b 1030 if (check_repository_format_gently(".", repo_fmt, nongit_ok))
1cd8031b
NTND		 1031 return NULL;
1032
2cd83d10
JK		 1033 setenv(GIT_IMPLICIT_WORK_TREE_ENVIRONMENT, "0", 1);
1034
4868b2ea
JN		 1035 /* --work-tree is set without --git-dir; use discovered one */
1036 if (getenv(GIT_WORK_TREE_ENVIRONMENT) || git_work_tree_cfg) {
da6f8475 1037 static const char *gitdir;
4868b2ea 1038
7333ed17
RS		 1039 gitdir = offset == cwd->len ? "." : xmemdupz(cwd->buf, offset);
1040 if (chdir(cwd->buf))
fc045fe7 1041 die_errno(_("cannot come back to cwd"));
abade65b 1042 return setup_explicit_git_dir(gitdir, cwd, repo_fmt, nongit_ok);
4868b2ea
JN		 1043 }
1044
68698da5 1045 inside_git_dir = 1;
1cd8031b 1046 inside_work_tree = 0;
7333ed17
RS		 1047 if (offset != cwd->len) {
1048 if (chdir(cwd->buf))
fc045fe7 1049 die_errno(_("cannot come back to cwd"));
7333ed17
RS		 1050 root_len = offset_1st_component(cwd->buf);
1051 strbuf_setlen(cwd, offset > root_len ? offset : root_len);
0915a5b4 1052 set_git_dir(cwd->buf, 0);
337e51ce 1053 }
1cd8031b 1054 else
0915a5b4 1055 set_git_dir(".", 0);
68698da5
JN		 1056 return NULL;
1057}
1058
2565b43b 1059static dev_t get_device_or_die(const char *path, const char *prefix, int prefix_len)
60c98d1e
JN		 1060{
1061 struct stat buf;
2565b43b 1062 if (stat(path, &buf)) {
fc045fe7 1063 die_errno(_("failed to stat '%*s%s%s'"),
2565b43b 1064 prefix_len,
60c98d1e
JN		 1065 prefix ? prefix : "",
1066 prefix ? "/" : "", path);
2565b43b 1067 }
60c98d1e
JN		 1068 return buf.st_dev;
1069}
1070
9e2326c7 1071/*
1b77d83c 1072 * A "string_list_each_func_t" function that canonicalizes an entry
4530a85b 1073 * from GIT_CEILING_DIRECTORIES using real_pathdup(), or
7ec30aaa
MH		 1074 * discards it if unusable. The presence of an empty entry in
1075 * GIT_CEILING_DIRECTORIES turns off canonicalization for all
1076 * subsequent entries.
9e2326c7 1077 */
1b77d83c 1078static int canonicalize_ceiling_entry(struct string_list_item *item,
7ec30aaa 1079 void *cb_data)
9e2326c7 1080{
7ec30aaa 1081 int *empty_entry_found = cb_data;
1b77d83c 1082 char *ceil = item->string;
9e2326c7 1083
7ec30aaa
MH		 1084 if (!*ceil) {
1085 *empty_entry_found = 1;
9e2326c7 1086 return 0;
7ec30aaa 1087 } else if (!is_absolute_path(ceil)) {
9e2326c7 1088 return 0;
7ec30aaa
MH		 1089 } else if (*empty_entry_found) {
1090 /* Keep entry but do not canonicalize it */
1091 return 1;
1092 } else {
ce83eadd 1093 char *real_path = real_pathdup(ceil, 0);
4ac9006f 1094 if (!real_path) {
7ec30aaa 1095 return 0;
4ac9006f 1096 }
7ec30aaa 1097 free(item->string);
4ac9006f 1098 item->string = real_path;
7ec30aaa
MH		 1099 return 1;
1100 }
9e2326c7
MH		 1101}
1102
8959555c
JS		 1103struct safe_directory_data {
1104 const char *path;
1105 int is_safe;
1106};
1107
1108static int safe_directory_cb(const char *key, const char *value, void *d)
1109{
1110 struct safe_directory_data *data = d;
1111
bb50ec3c
MV		 1112 if (strcmp(key, "safe.directory"))
1113 return 0;
1114
0f85c4a3 1115 if (!value || !*value) {
8959555c 1116 data->is_safe = 0;
0f85c4a3
DS		 1117 } else if (!strcmp(value, "*")) {
1118 data->is_safe = 1;
1119 } else {
8959555c
JS		 1120 const char *interpolated = NULL;
1121
1122 if (!git_config_pathname(&interpolated, key, value) &&
1123 !fspathcmp(data->path, interpolated ? interpolated : value))
1124 data->is_safe = 1;
1125
1126 free((char *)interpolated);
1127 }
1128
1129 return 0;
1130}
1131
3b0bf270
CMAB		 1132/*
1133 * Check if a repository is safe, by verifying the ownership of the
1134 * worktree (if any), the git directory, and the gitfile (if any).
1135 *
1136 * Exemptions for known-safe repositories can be added via `safe.directory`
1137 * config settings; for non-bare repositories, their worktree needs to be
1138 * added, for bare ones their git directory.
1139 */
1140static int ensure_valid_ownership(const char *gitfile,
1141 const char *worktree, const char *gitdir)
8959555c 1142{
3b0bf270
CMAB		 1143 struct safe_directory_data data = {
1144 .path = worktree ? worktree : gitdir
1145 };
8959555c 1146
e47363e5 1147 if (!git_env_bool("GIT_TEST_ASSUME_DIFFERENT_OWNER", 0) &&
3b0bf270
CMAB		 1148 (!gitfile || is_path_owned_by_current_user(gitfile)) &&
1149 (!worktree || is_path_owned_by_current_user(worktree)) &&
1150 (!gitdir || is_path_owned_by_current_user(gitdir)))
8959555c
JS		 1151 return 1;
1152
3b0bf270
CMAB		 1153 /*
1154 * data.path is the "path" that identifies the repository and it is
1155 * constant regardless of what failed above. data.is_safe should be
1156 * initialized to false, and might be changed by the callback.
1157 */
6061601d 1158 git_protected_config(safe_directory_cb, &data);
8959555c
JS		 1159
1160 return data.is_safe;
1161}
1162
ce9b8aab
JS		 1163enum discovery_result {
1164 GIT_DIR_NONE = 0,
1165 GIT_DIR_EXPLICIT,
1166 GIT_DIR_DISCOVERED,
1167 GIT_DIR_BARE,
1168 /* these are errors */
1169 GIT_DIR_HIT_CEILING = -1,
01017dce 1170 GIT_DIR_HIT_MOUNT_POINT = -2,
8959555c
JS		 1171 GIT_DIR_INVALID_GITFILE = -3,
1172 GIT_DIR_INVALID_OWNERSHIP = -4
ce9b8aab
JS		 1173};
1174
e90fdc39
JS		 1175/*
1176 * We cannot decide in this function whether we are in the work tree or
1177 * not, since the config can only be read _after_ this function was called.
ce9b8aab
JS		 1178 *
1179 * Also, we avoid changing any global state (such as the current working
1180 * directory) to allow early callers.
1181 *
1182 * The directory where the search should start needs to be passed in via the
1183 * `dir` parameter; upon return, the `dir` buffer will contain the path of
1184 * the directory where the search ended, and `gitdir` will contain the path of
1185 * the discovered .git/ directory, if any. If `gitdir` is not absolute, it
1186 * is relative to `dir` (i.e. *not* necessarily the cwd).
e90fdc39 1187 */
ce9b8aab 1188static enum discovery_result setup_git_directory_gently_1(struct strbuf *dir,
01017dce
JS		 1189 struct strbuf *gitdir,
1190 int die_on_error)
d288a700 1191{
0454dd93 1192 const char *env_ceiling_dirs = getenv(CEILING_DIRECTORIES_ENVIRONMENT);
31171d9e 1193 struct string_list ceiling_dirs = STRING_LIST_INIT_DUP;
ce9b8aab 1194 const char *gitdirenv;
d17f2124 1195 int ceil_offset = -1, min_offset = offset_1st_component(dir->buf);
c7d1d1b1
RH		 1196 dev_t current_device = 0;
1197 int one_filesystem = 1;
d288a700 1198
e90fdc39
JS		 1199 /*
1200 * If GIT_DIR is set explicitly, we're not going
1201 * to do any discovery, but we still do repository
1202 * validation.
1203 */
ad1a382f 1204 gitdirenv = getenv(GIT_DIR_ENVIRONMENT);
ce9b8aab
JS		 1205 if (gitdirenv) {
1206 strbuf_addstr(gitdir, gitdirenv);
1207 return GIT_DIR_EXPLICIT;
1208 }
d288a700 1209
31171d9e 1210 if (env_ceiling_dirs) {
7ec30aaa
MH		 1211 int empty_entry_found = 0;
1212
31171d9e 1213 string_list_split(&ceiling_dirs, env_ceiling_dirs, PATH_SEP, -1);
1b77d83c 1214 filter_string_list(&ceiling_dirs, 0,
7ec30aaa 1215 canonicalize_ceiling_entry, &empty_entry_found);
ce9b8aab 1216 ceil_offset = longest_ancestor_length(dir->buf, &ceiling_dirs);
31171d9e
MH		 1217 string_list_clear(&ceiling_dirs, 0);
1218 }
1219
ce9b8aab
JS		 1220 if (ceil_offset < 0)
1221 ceil_offset = min_offset - 2;
d288a700 1222
e2683d51
JS		 1223 if (min_offset && min_offset == dir->len &&
1224 !is_dir_sep(dir->buf[min_offset - 1])) {
1225 strbuf_addch(dir, '/');
1226 min_offset++;
1227 }
1228
892c41b9 1229 /*
ce9b8aab 1230 * Test in the following order (relative to the dir):
b44ebb19 1231 * - .git (file containing "gitdir: <path>")
e90fdc39
JS		 1232 * - .git/
1233 * - ./ (bare)
b44ebb19 1234 * - ../.git
e90fdc39
JS		 1235 * - ../.git/
1236 * - ../ (bare)
176b2d32 1237 * - ../../.git
e90fdc39 1238 * etc.
892c41b9 1239 */
cf87463e 1240 one_filesystem = !git_env_bool("GIT_DISCOVERY_ACROSS_FILESYSTEM", 0);
60c98d1e 1241 if (one_filesystem)
ce9b8aab 1242 current_device = get_device_or_die(dir->buf, NULL, 0);
e90fdc39 1243 for (;;) {
01017dce 1244 int offset = dir->len, error_code = 0;
3b0bf270
CMAB		 1245 char *gitdir_path = NULL;
1246 char *gitfile = NULL;
ce9b8aab
JS		 1247
1248 if (offset > min_offset)
1249 strbuf_addch(dir, '/');
1250 strbuf_addstr(dir, DEFAULT_GIT_DIR_ENVIRONMENT);
01017dce
JS		 1251 gitdirenv = read_gitfile_gently(dir->buf, die_on_error ?
1252 NULL : &error_code);
1253 if (!gitdirenv) {
1254 if (die_on_error ||
1255 error_code == READ_GITFILE_ERR_NOT_A_FILE) {
5c4003ca 1256 /* NEEDSWORK: fail if .git is not file nor dir */
3b0bf270 1257 if (is_git_directory(dir->buf)) {
01017dce 1258 gitdirenv = DEFAULT_GIT_DIR_ENVIRONMENT;
3b0bf270
CMAB		 1259 gitdir_path = xstrdup(dir->buf);
1260 }
01017dce
JS		 1261 } else if (error_code != READ_GITFILE_ERR_STAT_FAILED)
1262 return GIT_DIR_INVALID_GITFILE;
3b0bf270
CMAB		 1263 } else
1264 gitfile = xstrdup(dir->buf);
1265 /*
1266 * Earlier, we tentatively added DEFAULT_GIT_DIR_ENVIRONMENT
1267 * to check that directory for a repository.
1268 * Now trim that tentative addition away, because we want to
1269 * focus on the real directory we are in.
1270 */
ce9b8aab 1271 strbuf_setlen(dir, offset);
9951d3b3 1272 if (gitdirenv) {
3b0bf270
CMAB		 1273 enum discovery_result ret;
1274
1275 if (ensure_valid_ownership(gitfile,
1276 dir->buf,
1277 (gitdir_path ? gitdir_path : gitdirenv))) {
1278 strbuf_addstr(gitdir, gitdirenv);
1279 ret = GIT_DIR_DISCOVERED;
1280 } else
1281 ret = GIT_DIR_INVALID_OWNERSHIP;
1282
1283 /*
1284 * Earlier, during discovery, we might have allocated
1285 * string copies for gitdir_path or gitfile so make
1286 * sure we don't leak by freeing them now, before
1287 * leaving the loop and function.
1288 *
1289 * Note: gitdirenv will be non-NULL whenever these are
1290 * allocated, therefore we need not take care of releasing
1291 * them outside of this conditional block.
1292 */
1293 free(gitdir_path);
1294 free(gitfile);
1295
1296 return ret;
9951d3b3 1297 }
9951d3b3 1298
ce9b8aab 1299 if (is_git_directory(dir->buf)) {
3b0bf270 1300 if (!ensure_valid_ownership(NULL, NULL, dir->buf))
8959555c 1301 return GIT_DIR_INVALID_OWNERSHIP;
ce9b8aab
JS		 1302 strbuf_addstr(gitdir, ".");
1303 return GIT_DIR_BARE;
502ffe34 1304 }
9951d3b3 1305
ce9b8aab
JS		 1306 if (offset <= min_offset)
1307 return GIT_DIR_HIT_CEILING;
1cd8031b 1308
ce9b8aab 1309 while (--offset > ceil_offset && !is_dir_sep(dir->buf[offset]))
6c1e6544 1310 ; /* continue */
ce9b8aab
JS		 1311 if (offset <= ceil_offset)
1312 return GIT_DIR_HIT_CEILING;
1313
1314 strbuf_setlen(dir, offset > min_offset ? offset : min_offset);
1315 if (one_filesystem &&
1316 current_device != get_device_or_die(dir->buf, NULL, offset))
1317 return GIT_DIR_HIT_MOUNT_POINT;
892c41b9 1318 }
d288a700 1319}
5e7bfe25 1320
d3fb71b3
BW		 1321int discover_git_directory(struct strbuf *commondir,
1322 struct strbuf *gitdir)
16ac8b8d
JS		 1323{
1324 struct strbuf dir = STRBUF_INIT, err = STRBUF_INIT;
1325 size_t gitdir_offset = gitdir->len, cwd_len;
d3fb71b3 1326 size_t commondir_offset = commondir->len;
e8805af1 1327 struct repository_format candidate = REPOSITORY_FORMAT_INIT;
16ac8b8d
JS		 1328
1329 if (strbuf_getcwd(&dir))
d3fb71b3 1330 return -1;
16ac8b8d
JS		 1331
1332 cwd_len = dir.len;
01017dce 1333 if (setup_git_directory_gently_1(&dir, gitdir, 0) <= 0) {
16ac8b8d 1334 strbuf_release(&dir);
d3fb71b3 1335 return -1;
16ac8b8d
JS		 1336 }
1337
1338 /*
1339 * The returned gitdir is relative to dir, and if dir does not reflect
1340 * the current working directory, we simply make the gitdir absolute.
1341 */
1342 if (dir.len < cwd_len && !is_absolute_path(gitdir->buf + gitdir_offset)) {
1343 /* Avoid a trailing "/." */
1344 if (!strcmp(".", gitdir->buf + gitdir_offset))
1345 strbuf_setlen(gitdir, gitdir_offset);
1346 else
1347 strbuf_addch(&dir, '/');
1348 strbuf_insert(gitdir, gitdir_offset, dir.buf, dir.len);
1349 }
1350
d3fb71b3
BW		 1351 get_common_dir(commondir, gitdir->buf + gitdir_offset);
1352
16ac8b8d 1353 strbuf_reset(&dir);
d3fb71b3 1354 strbuf_addf(&dir, "%s/config", commondir->buf + commondir_offset);
16ac8b8d
JS		 1355 read_repository_format(&candidate, dir.buf);
1356 strbuf_release(&dir);
1357
1358 if (verify_repository_format(&candidate, &err) < 0) {
1359 warning("ignoring git dir '%s': %s",
1360 gitdir->buf + gitdir_offset, err.buf);
1361 strbuf_release(&err);
d3fb71b3 1362 strbuf_setlen(commondir, commondir_offset);
69743f9b 1363 strbuf_setlen(gitdir, gitdir_offset);
e8805af1 1364 clear_repository_format(&candidate);
d3fb71b3 1365 return -1;
16ac8b8d
JS		 1366 }
1367
ebaf3bcf
JT		 1368 /* take ownership of candidate.partial_clone */
1369 the_repository->repository_format_partial_clone =
1370 candidate.partial_clone;
1371 candidate.partial_clone = NULL;
1372
e8805af1 1373 clear_repository_format(&candidate);
d3fb71b3 1374 return 0;
16ac8b8d
JS		 1375}
1376
a60645f9
NTND		 1377const char *setup_git_directory_gently(int *nongit_ok)
1378{
ce9b8aab
JS		 1379 static struct strbuf cwd = STRBUF_INIT;
1380 struct strbuf dir = STRBUF_INIT, gitdir = STRBUF_INIT;
07098b81 1381 const char *prefix = NULL;
e8805af1 1382 struct repository_format repo_fmt = REPOSITORY_FORMAT_INIT;
a60645f9 1383
ce9b8aab
JS		 1384 /*
1385 * We may have read an incomplete configuration before
1386 * setting-up the git directory. If so, clear the cache so
1387 * that the next queries to the configuration reload complete
1388 * configuration (including the per-repo config file that we
1389 * ignored previously).
1390 */
1391 git_config_clear();
1392
1393 /*
1394 * Let's assume that we are in a git repository.
1395 * If it turns out later that we are somewhere else, the value will be
1396 * updated accordingly.
1397 */
1398 if (nongit_ok)
1399 *nongit_ok = 0;
1400
1401 if (strbuf_getcwd(&cwd))
1402 die_errno(_("Unable to read current working directory"));
1403 strbuf_addbuf(&dir, &cwd);
1404
01017dce 1405 switch (setup_git_directory_gently_1(&dir, &gitdir, 1)) {
ce9b8aab 1406 case GIT_DIR_EXPLICIT:
abade65b 1407 prefix = setup_explicit_git_dir(gitdir.buf, &cwd, &repo_fmt, nongit_ok);
ce9b8aab
JS		 1408 break;
1409 case GIT_DIR_DISCOVERED:
1410 if (dir.len < cwd.len && chdir(dir.buf))
fc045fe7 1411 die(_("cannot change to '%s'"), dir.buf);
ce9b8aab 1412 prefix = setup_discovered_git_dir(gitdir.buf, &cwd, dir.len,
abade65b 1413 &repo_fmt, nongit_ok);
ce9b8aab
JS		 1414 break;
1415 case GIT_DIR_BARE:
1416 if (dir.len < cwd.len && chdir(dir.buf))
fc045fe7 1417 die(_("cannot change to '%s'"), dir.buf);
abade65b 1418 prefix = setup_bare_git_dir(&cwd, dir.len, &repo_fmt, nongit_ok);
ce9b8aab
JS		 1419 break;
1420 case GIT_DIR_HIT_CEILING:
07098b81
ED		 1421 if (!nongit_ok)
1422 die(_("not a git repository (or any of the parent directories): %s"),
1423 DEFAULT_GIT_DIR_ENVIRONMENT);
1424 *nongit_ok = 1;
ce9b8aab
JS		 1425 break;
1426 case GIT_DIR_HIT_MOUNT_POINT:
07098b81
ED		 1427 if (!nongit_ok)
1428 die(_("not a git repository (or any parent up to mount point %s)\n"
1429 "Stopping at filesystem boundary (GIT_DISCOVERY_ACROSS_FILESYSTEM not set)."),
1430 dir.buf);
1431 *nongit_ok = 1;
1432 break;
8959555c
JS		 1433 case GIT_DIR_INVALID_OWNERSHIP:
1434 if (!nongit_ok) {
1435 struct strbuf quoted = STRBUF_INIT;
1436
1437 sq_quote_buf_pretty(&quoted, dir.buf);
3b0bf270 1438 die(_("detected dubious ownership in repository at '%s'\n"
8959555c
JS		 1439 "To add an exception for this directory, call:\n"
1440 "\n"
1441 "\tgit config --global --add safe.directory %s"),
1442 dir.buf, quoted.buf);
1443 }
1444 *nongit_ok = 1;
1445 break;
07098b81
ED		 1446 case GIT_DIR_NONE:
1447 /*
1448 * As a safeguard against setup_git_directory_gently_1 returning
1449 * this value, fallthrough to BUG. Otherwise it is possible to
1450 * set startup_info->have_repository to 1 when we did nothing to
1451 * find a repository.
1452 */
ce9b8aab 1453 default:
a3ba4fa7 1454 BUG("unhandled setup_git_directory_gently_1() result");
ce9b8aab
JS		 1455 }
1456
07098b81
ED		 1457 /*
1458 * At this point, nongit_ok is stable. If it is non-NULL and points
1459 * to a non-zero value, then this means that we haven't found a
1460 * repository and that the caller expects startup_info to reflect
1461 * this.
1462 *
1463 * Regardless of the state of nongit_ok, startup_info->prefix and
1464 * the GIT_PREFIX environment variable must always match. For details
1465 * see Documentation/config/alias.txt.
1466 */
c7d0e610 1467 if (nongit_ok && *nongit_ok)
07098b81 1468 startup_info->have_repository = 0;
c7d0e610 1469 else
07098b81 1470 startup_info->have_repository = 1;
46c3cd44 1471
73f192c9
BW		 1472 /*
1473 * Not all paths through the setup code will call 'set_git_dir()' (which
1474 * directly sets up the environment) so in order to guarantee that the
1475 * environment is in a consistent state after setup, explicitly setup
1476 * the environment if we have a repository.
1477 *
1478 * NEEDSWORK: currently we allow bogus GIT_DIR values to be set in some
1479 * code paths so we also need to explicitly setup the environment if
1480 * the user has set GIT_DIR. It may be beneficial to disallow bogus
1481 * GIT_DIR values at some point in the future.
1482 */
07098b81
ED		 1483 if (/* GIT_DIR_EXPLICIT, GIT_DIR_DISCOVERED, GIT_DIR_BARE */
1484 startup_info->have_repository ||
1485 /* GIT_DIR_EXPLICIT */
1486 getenv(GIT_DIR_ENVIRONMENT)) {
c14c234f
BW		 1487 if (!the_repository->gitdir) {
1488 const char *gitdir = getenv(GIT_DIR_ENVIRONMENT);
1489 if (!gitdir)
1490 gitdir = DEFAULT_GIT_DIR_ENVIRONMENT;
357a03eb 1491 setup_git_env(gitdir);
c14c234f 1492 }
ebaf3bcf 1493 if (startup_info->have_repository) {
78a67668 1494 repo_set_hash_algo(the_repository, repo_fmt.hash_algo);
ebaf3bcf
JT		 1495 /* take ownership of repo_fmt.partial_clone */
1496 the_repository->repository_format_partial_clone =
1497 repo_fmt.partial_clone;
1498 repo_fmt.partial_clone = NULL;
1499 }
c14c234f 1500 }
c7d0e610
TB		 1501 /*
1502 * Since precompose_string_if_needed() needs to look at
1503 * the core.precomposeunicode configuration, this
1504 * has to happen after the above block that finds
1505 * out where the repository is, i.e. a preparation
1506 * for calling git_config_get_bool().
1507 */
1508 if (prefix) {
1509 prefix = precompose_string_if_needed(prefix);
1510 startup_info->prefix = prefix;
1511 setenv(GIT_PREFIX_ENVIRONMENT, prefix, 1);
1512 } else {
1513 startup_info->prefix = NULL;
1514 setenv(GIT_PREFIX_ENVIRONMENT, "", 1);
1515 }
1516
e6f8861b 1517 setup_original_cwd();
73f192c9 1518
ce9b8aab
JS		 1519 strbuf_release(&dir);
1520 strbuf_release(&gitdir);
e8805af1 1521 clear_repository_format(&repo_fmt);
ce9b8aab 1522
a60645f9
NTND		 1523 return prefix;
1524}
1525
94df2506
JH		 1526int git_config_perm(const char *var, const char *value)
1527{
06cbe855
HO		 1528 int i;
1529 char *endptr;
1530
afe8a907 1531 if (!value)
06cbe855
HO		 1532 return PERM_GROUP;
1533
1534 if (!strcmp(value, "umask"))
1535 return PERM_UMASK;
1536 if (!strcmp(value, "group"))
1537 return PERM_GROUP;
1538 if (!strcmp(value, "all") ||
1539 !strcmp(value, "world") ||
1540 !strcmp(value, "everybody"))
1541 return PERM_EVERYBODY;
1542
1543 /* Parse octal numbers */
1544 i = strtol(value, &endptr, 8);
1545
1546 /* If not an octal number, maybe true/false? */
1547 if (*endptr != 0)
1548 return git_config_bool(var, value) ? PERM_GROUP : PERM_UMASK;
1549
1550 /*
1551 * Treat values 0, 1 and 2 as compatibility cases, otherwise it is
5a688fe4 1552 * a chmod value to restrict to.
06cbe855
HO		 1553 */
1554 switch (i) {
1555 case PERM_UMASK: /* 0 */
1556 return PERM_UMASK;
1557 case OLD_PERM_GROUP: /* 1 */
1558 return PERM_GROUP;
1559 case OLD_PERM_EVERYBODY: /* 2 */
1560 return PERM_EVERYBODY;
94df2506 1561 }
06cbe855
HO		 1562
1563 /* A filemode value was given: 0xxx */
1564
1565 if ((i & 0600) != 0600)
fc045fe7 1566 die(_("problem with core.sharedRepository filemode value "
06cbe855 1567 "(0%.3o).\nThe owner of files must always have "
2ff30e67 1568 "read and write permissions."), i);
06cbe855
HO		 1569
1570 /*
1571 * Mask filemode value. Others can not get write permission.
1572 * x flags for directories are handled separately.
1573 */
5a688fe4 1574 return -(i & 0666);
94df2506
JH		 1575}
1576
cfe3917c 1577void check_repository_format(struct repository_format *fmt)
ab9cb76f 1578{
e8805af1 1579 struct repository_format repo_fmt = REPOSITORY_FORMAT_INIT;
cfe3917c 1580 if (!fmt)
1581 fmt = &repo_fmt;
1582 check_repository_format_gently(get_git_dir(), fmt, NULL);
f1c126bd 1583 startup_info->have_repository = 1;
d553aceb 1584 repo_set_hash_algo(the_repository, fmt->hash_algo);
ebaf3bcf
JT		 1585 the_repository->repository_format_partial_clone =
1586 xstrdup_or_null(fmt->partial_clone);
e8805af1 1587 clear_repository_format(&repo_fmt);
ab9cb76f
JH		 1588}
1589
e1e5ec86
CB		 1590/*
1591 * Returns the "prefix", a path to the current working directory
1592 * relative to the work tree root, or NULL, if the current working
1593 * directory is not a strict subdirectory of the work tree root. The
1594 * prefix always ends with a '/' character.
1595 */
5e7bfe25
JH		 1596const char *setup_git_directory(void)
1597{
b3f66fd3 1598 return setup_git_directory_gently(NULL);
5e7bfe25 1599}
abc06822 1600
40d96325 1601const char *resolve_gitdir_gently(const char *suspect, int *return_error_code)
abc06822
FG		 1602{
1603 if (is_git_directory(suspect))
1604 return suspect;
40d96325 1605 return read_gitfile_gently(suspect, return_error_code);
abc06822 1606}
1d999ddd
TR		 1607
1608/* if any standard file descriptor is missing open it to /dev/null */
1609void sanitize_stdfds(void)
1610{
d9a65b6c
RS		 1611 int fd = xopen("/dev/null", O_RDWR);
1612 while (fd < 2)
1613 fd = xdup(fd);
1d999ddd
TR		 1614 if (fd > 2)
1615 close(fd);
1616}
de0957ce
NTND		 1617
1618int daemonize(void)
1619{
1620#ifdef NO_POSIX_GOODIES
1621 errno = ENOSYS;
1622 return -1;
1623#else
1624 switch (fork()) {
1625 case 0:
1626 break;
1627 case -1:
fc045fe7 1628 die_errno(_("fork failed"));
de0957ce
NTND		 1629 default:
1630 exit(0);
1631 }
1632 if (setsid() == -1)
fc045fe7 1633 die_errno(_("setsid failed"));
de0957ce
NTND		 1634 close(0);
1635 close(1);
1636 close(2);
1637 sanitize_stdfds();
1638 return 0;
1639#endif
1640}
Unnamed repository; edit this file 'description' to name the repository.