]> git.ipfire.org Git - thirdparty/git.git/blob - setup.c
projects / thirdparty / git.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'la/trailer-api'
[thirdparty/git.git] / setup.c
1 #include "git-compat-util.h"
2 #include "abspath.h"
3 #include "copy.h"
4 #include "environment.h"
5 #include "exec-cmd.h"
6 #include "gettext.h"
7 #include "object-name.h"
8 #include "refs.h"
9 #include "repository.h"
10 #include "config.h"
11 #include "dir.h"
12 #include "setup.h"
13 #include "string-list.h"
14 #include "chdir-notify.h"
15 #include "path.h"
16 #include "quote.h"
17 #include "trace2.h"
18 #include "worktree.h"
19
20 static int inside_git_dir = -1;
21 static int inside_work_tree = -1;
22 static int work_tree_config_is_bogus;
23 enum allowed_bare_repo {
24 ALLOWED_BARE_REPO_EXPLICIT = 0,
25 ALLOWED_BARE_REPO_ALL,
26 };
27
28 static struct startup_info the_startup_info;
29 struct startup_info *startup_info = &the_startup_info;
30 const char *tmp_original_cwd;
31
32 /*
33 * The input parameter must contain an absolute path, and it must already be
34 * normalized.
35 *
36 * Find the part of an absolute path that lies inside the work tree by
37 * dereferencing symlinks outside the work tree, for example:
38 * /dir1/repo/dir2/file (work tree is /dir1/repo) -> dir2/file
39 * /dir/file (work tree is /) -> dir/file
40 * /dir/symlink1/symlink2 (symlink1 points to work tree) -> symlink2
41 * /dir/repolink/file (repolink points to /dir/repo) -> file
42 * /dir/repo (exactly equal to work tree) -> (empty string)
43 */
44 static int abspath_part_inside_repo(char *path)
45 {
46 size_t len;
47 size_t wtlen;
48 char *path0;
49 int off;
50 const char *work_tree = get_git_work_tree();
51 struct strbuf realpath = STRBUF_INIT;
52
53 if (!work_tree)
54 return -1;
55 wtlen = strlen(work_tree);
56 len = strlen(path);
57 off = offset_1st_component(path);
58
59 /* check if work tree is already the prefix */
60 if (wtlen <= len && !fspathncmp(path, work_tree, wtlen)) {
61 if (path[wtlen] == '/') {
62 memmove(path, path + wtlen + 1, len - wtlen);
63 return 0;
64 } else if (path[wtlen - 1] == '/' || path[wtlen] == '\0') {
65 /* work tree is the root, or the whole path */
66 memmove(path, path + wtlen, len - wtlen + 1);
67 return 0;
68 }
69 /* work tree might match beginning of a symlink to work tree */
70 off = wtlen;
71 }
72 path0 = path;
73 path += off;
74
75 /* check each '/'-terminated level */
76 while (*path) {
77 path++;
78 if (*path == '/') {
79 *path = '\0';
80 strbuf_realpath(&realpath, path0, 1);
81 if (fspathcmp(realpath.buf, work_tree) == 0) {
82 memmove(path0, path + 1, len - (path - path0));
83 strbuf_release(&realpath);
84 return 0;
85 }
86 *path = '/';
87 }
88 }
89
90 /* check whole path */
91 strbuf_realpath(&realpath, path0, 1);
92 if (fspathcmp(realpath.buf, work_tree) == 0) {
93 *path0 = '\0';
94 strbuf_release(&realpath);
95 return 0;
96 }
97
98 strbuf_release(&realpath);
99 return -1;
100 }
101
102 /*
103 * Normalize "path", prepending the "prefix" for relative paths. If
104 * remaining_prefix is not NULL, return the actual prefix still
105 * remains in the path. For example, prefix = sub1/sub2/ and path is
106 *
107 * foo -> sub1/sub2/foo (full prefix)
108 * ../foo -> sub1/foo (remaining prefix is sub1/)
109 * ../../bar -> bar (no remaining prefix)
110 * ../../sub1/sub2/foo -> sub1/sub2/foo (but no remaining prefix)
111 * `pwd`/../bar -> sub1/bar (no remaining prefix)
112 */
113 char *prefix_path_gently(const char *prefix, int len,
114 int *remaining_prefix, const char *path)
115 {
116 const char *orig = path;
117 char *sanitized;
118 if (is_absolute_path(orig)) {
119 sanitized = xmallocz(strlen(path));
120 if (remaining_prefix)
121 *remaining_prefix = 0;
122 if (normalize_path_copy_len(sanitized, path, remaining_prefix)) {
123 free(sanitized);
124 return NULL;
125 }
126 if (abspath_part_inside_repo(sanitized)) {
127 free(sanitized);
128 return NULL;
129 }
130 } else {
131 sanitized = xstrfmt("%.*s%s", len, len ? prefix : "", path);
132 if (remaining_prefix)
133 *remaining_prefix = len;
134 if (normalize_path_copy_len(sanitized, sanitized, remaining_prefix)) {
135 free(sanitized);
136 return NULL;
137 }
138 }
139 return sanitized;
140 }
141
142 char *prefix_path(const char *prefix, int len, const char *path)
143 {
144 char *r = prefix_path_gently(prefix, len, NULL, path);
145 if (!r) {
146 const char *hint_path = get_git_work_tree();
147 if (!hint_path)
148 hint_path = get_git_dir();
149 die(_("'%s' is outside repository at '%s'"), path,
150 absolute_path(hint_path));
151 }
152 return r;
153 }
154
155 int path_inside_repo(const char *prefix, const char *path)
156 {
157 int len = prefix ? strlen(prefix) : 0;
158 char *r = prefix_path_gently(prefix, len, NULL, path);
159 if (r) {
160 free(r);
161 return 1;
162 }
163 return 0;
164 }
165
166 int check_filename(const char *prefix, const char *arg)
167 {
168 char *to_free = NULL;
169 struct stat st;
170
171 if (skip_prefix(arg, ":/", &arg)) {
172 if (!*arg) /* ":/" is root dir, always exists */
173 return 1;
174 prefix = NULL;
175 } else if (skip_prefix(arg, ":!", &arg) ||
176 skip_prefix(arg, ":^", &arg)) {
177 if (!*arg) /* excluding everything is silly, but allowed */
178 return 1;
179 }
180
181 if (prefix)
182 arg = to_free = prefix_filename(prefix, arg);
183
184 if (!lstat(arg, &st)) {
185 free(to_free);
186 return 1; /* file exists */
187 }
188 if (is_missing_file_error(errno)) {
189 free(to_free);
190 return 0; /* file does not exist */
191 }
192 die_errno(_("failed to stat '%s'"), arg);
193 }
194
195 static void NORETURN die_verify_filename(struct repository *r,
196 const char *prefix,
197 const char *arg,
198 int diagnose_misspelt_rev)
199 {
200 if (!diagnose_misspelt_rev)
201 die(_("%s: no such path in the working tree.\n"
202 "Use 'git <command> -- <path>...' to specify paths that do not exist locally."),
203 arg);
204 /*
205 * Saying "'(icase)foo' does not exist in the index" when the
206 * user gave us ":(icase)foo" is just stupid. A magic pathspec
207 * begins with a colon and is followed by a non-alnum; do not
208 * let maybe_die_on_misspelt_object_name() even trigger.
209 */
210 if (!(arg[0] == ':' && !isalnum(arg[1])))
211 maybe_die_on_misspelt_object_name(r, arg, prefix);
212
213 /* ... or fall back the most general message. */
214 die(_("ambiguous argument '%s': unknown revision or path not in the working tree.\n"
215 "Use '--' to separate paths from revisions, like this:\n"
216 "'git <command> [<revision>...] -- [<file>...]'"), arg);
217
218 }
219
220 /*
221 * Check for arguments that don't resolve as actual files,
222 * but which look sufficiently like pathspecs that we'll consider
223 * them such for the purposes of rev/pathspec DWIM parsing.
224 */
225 static int looks_like_pathspec(const char *arg)
226 {
227 const char *p;
228 int escaped = 0;
229
230 /*
231 * Wildcard characters imply the user is looking to match pathspecs
232 * that aren't in the filesystem. Note that this doesn't include
233 * backslash even though it's a glob special; by itself it doesn't
234 * cause any increase in the match. Likewise ignore backslash-escaped
235 * wildcard characters.
236 */
237 for (p = arg; *p; p++) {
238 if (escaped) {
239 escaped = 0;
240 } else if (is_glob_special(*p)) {
241 if (*p == '\\')
242 escaped = 1;
243 else
244 return 1;
245 }
246 }
247
248 /* long-form pathspec magic */
249 if (starts_with(arg, ":("))
250 return 1;
251
252 return 0;
253 }
254
255 /*
256 * Verify a filename that we got as an argument for a pathspec
257 * entry. Note that a filename that begins with "-" never verifies
258 * as true, because even if such a filename were to exist, we want
259 * it to be preceded by the "--" marker (or we want the user to
260 * use a format like "./-filename")
261 *
262 * The "diagnose_misspelt_rev" is used to provide a user-friendly
263 * diagnosis when dying upon finding that "name" is not a pathname.
264 * If set to 1, the diagnosis will try to diagnose "name" as an
265 * invalid object name (e.g. HEAD:foo). If set to 0, the diagnosis
266 * will only complain about an inexisting file.
267 *
268 * This function is typically called to check that a "file or rev"
269 * argument is unambiguous. In this case, the caller will want
270 * diagnose_misspelt_rev == 1 when verifying the first non-rev
271 * argument (which could have been a revision), and
272 * diagnose_misspelt_rev == 0 for the next ones (because we already
273 * saw a filename, there's not ambiguity anymore).
274 */
275 void verify_filename(const char *prefix,
276 const char *arg,
277 int diagnose_misspelt_rev)
278 {
279 if (*arg == '-')
280 die(_("option '%s' must come before non-option arguments"), arg);
281 if (looks_like_pathspec(arg) || check_filename(prefix, arg))
282 return;
283 die_verify_filename(the_repository, prefix, arg, diagnose_misspelt_rev);
284 }
285
286 /*
287 * Opposite of the above: the command line did not have -- marker
288 * and we parsed the arg as a refname. It should not be interpretable
289 * as a filename.
290 */
291 void verify_non_filename(const char *prefix, const char *arg)
292 {
293 if (!is_inside_work_tree() || is_inside_git_dir())
294 return;
295 if (*arg == '-')
296 return; /* flag */
297 if (!check_filename(prefix, arg))
298 return;
299 die(_("ambiguous argument '%s': both revision and filename\n"
300 "Use '--' to separate paths from revisions, like this:\n"
301 "'git <command> [<revision>...] -- [<file>...]'"), arg);
302 }
303
304 int get_common_dir(struct strbuf *sb, const char *gitdir)
305 {
306 const char *git_env_common_dir = getenv(GIT_COMMON_DIR_ENVIRONMENT);
307 if (git_env_common_dir) {
308 strbuf_addstr(sb, git_env_common_dir);
309 return 1;
310 } else {
311 return get_common_dir_noenv(sb, gitdir);
312 }
313 }
314
315 int get_common_dir_noenv(struct strbuf *sb, const char *gitdir)
316 {
317 struct strbuf data = STRBUF_INIT;
318 struct strbuf path = STRBUF_INIT;
319 int ret = 0;
320
321 strbuf_addf(&path, "%s/commondir", gitdir);
322 if (file_exists(path.buf)) {
323 if (strbuf_read_file(&data, path.buf, 0) <= 0)
324 die_errno(_("failed to read %s"), path.buf);
325 while (data.len && (data.buf[data.len - 1] == '\n' ||
326 data.buf[data.len - 1] == '\r'))
327 data.len--;
328 data.buf[data.len] = '\0';
329 strbuf_reset(&path);
330 if (!is_absolute_path(data.buf))
331 strbuf_addf(&path, "%s/", gitdir);
332 strbuf_addbuf(&path, &data);
333 strbuf_add_real_path(sb, path.buf);
334 ret = 1;
335 } else {
336 strbuf_addstr(sb, gitdir);
337 }
338
339 strbuf_release(&data);
340 strbuf_release(&path);
341 return ret;
342 }
343
344 /*
345 * Test if it looks like we're at a git directory.
346 * We want to see:
347 *
348 * - either an objects/ directory _or_ the proper
349 * GIT_OBJECT_DIRECTORY environment variable
350 * - a refs/ directory
351 * - either a HEAD symlink or a HEAD file that is formatted as
352 * a proper "ref:", or a regular file HEAD that has a properly
353 * formatted sha1 object name.
354 */
355 int is_git_directory(const char *suspect)
356 {
357 struct strbuf path = STRBUF_INIT;
358 int ret = 0;
359 size_t len;
360
361 /* Check worktree-related signatures */
362 strbuf_addstr(&path, suspect);
363 strbuf_complete(&path, '/');
364 strbuf_addstr(&path, "HEAD");
365 if (validate_headref(path.buf))
366 goto done;
367
368 strbuf_reset(&path);
369 get_common_dir(&path, suspect);
370 len = path.len;
371
372 /* Check non-worktree-related signatures */
373 if (getenv(DB_ENVIRONMENT)) {
374 if (access(getenv(DB_ENVIRONMENT), X_OK))
375 goto done;
376 }
377 else {
378 strbuf_setlen(&path, len);
379 strbuf_addstr(&path, "/objects");
380 if (access(path.buf, X_OK))
381 goto done;
382 }
383
384 strbuf_setlen(&path, len);
385 strbuf_addstr(&path, "/refs");
386 if (access(path.buf, X_OK))
387 goto done;
388
389 ret = 1;
390 done:
391 strbuf_release(&path);
392 return ret;
393 }
394
395 int is_nonbare_repository_dir(struct strbuf *path)
396 {
397 int ret = 0;
398 int gitfile_error;
399 size_t orig_path_len = path->len;
400 assert(orig_path_len != 0);
401 strbuf_complete(path, '/');
402 strbuf_addstr(path, ".git");
403 if (read_gitfile_gently(path->buf, &gitfile_error) || is_git_directory(path->buf))
404 ret = 1;
405 if (gitfile_error == READ_GITFILE_ERR_OPEN_FAILED ||
406 gitfile_error == READ_GITFILE_ERR_READ_FAILED)
407 ret = 1;
408 strbuf_setlen(path, orig_path_len);
409 return ret;
410 }
411
412 int is_inside_git_dir(void)
413 {
414 if (inside_git_dir < 0)
415 inside_git_dir = is_inside_dir(get_git_dir());
416 return inside_git_dir;
417 }
418
419 int is_inside_work_tree(void)
420 {
421 if (inside_work_tree < 0)
422 inside_work_tree = is_inside_dir(get_git_work_tree());
423 return inside_work_tree;
424 }
425
426 void setup_work_tree(void)
427 {
428 const char *work_tree;
429 static int initialized = 0;
430
431 if (initialized)
432 return;
433
434 if (work_tree_config_is_bogus)
435 die(_("unable to set up work tree using invalid config"));
436
437 work_tree = get_git_work_tree();
438 if (!work_tree || chdir_notify(work_tree))
439 die(_("this operation must be run in a work tree"));
440
441 /*
442 * Make sure subsequent git processes find correct worktree
443 * if $GIT_WORK_TREE is set relative
444 */
445 if (getenv(GIT_WORK_TREE_ENVIRONMENT))
446 setenv(GIT_WORK_TREE_ENVIRONMENT, ".", 1);
447
448 initialized = 1;
449 }
450
451 static void setup_original_cwd(void)
452 {
453 struct strbuf tmp = STRBUF_INIT;
454 const char *worktree = NULL;
455 int offset = -1;
456
457 if (!tmp_original_cwd)
458 return;
459
460 /*
461 * startup_info->original_cwd points to the current working
462 * directory we inherited from our parent process, which is a
463 * directory we want to avoid removing.
464 *
465 * For convience, we would like to have the path relative to the
466 * worktree instead of an absolute path.
467 *
468 * Yes, startup_info->original_cwd is usually the same as 'prefix',
469 * but differs in two ways:
470 * - prefix has a trailing '/'
471 * - if the user passes '-C' to git, that modifies the prefix but
472 * not startup_info->original_cwd.
473 */
474
475 /* Normalize the directory */
476 if (!strbuf_realpath(&tmp, tmp_original_cwd, 0)) {
477 trace2_data_string("setup", the_repository,
478 "realpath-path", tmp_original_cwd);
479 trace2_data_string("setup", the_repository,
480 "realpath-failure", strerror(errno));
481 free((char*)tmp_original_cwd);
482 tmp_original_cwd = NULL;
483 return;
484 }
485
486 free((char*)tmp_original_cwd);
487 tmp_original_cwd = NULL;
488 startup_info->original_cwd = strbuf_detach(&tmp, NULL);
489
490 /*
491 * Get our worktree; we only protect the current working directory
492 * if it's in the worktree.
493 */
494 worktree = get_git_work_tree();
495 if (!worktree)
496 goto no_prevention_needed;
497
498 offset = dir_inside_of(startup_info->original_cwd, worktree);
499 if (offset >= 0) {
500 /*
501 * If startup_info->original_cwd == worktree, that is already
502 * protected and we don't need original_cwd as a secondary
503 * protection measure.
504 */
505 if (!*(startup_info->original_cwd + offset))
506 goto no_prevention_needed;
507
508 /*
509 * original_cwd was inside worktree; precompose it just as
510 * we do prefix so that built up paths will match
511 */
512 startup_info->original_cwd = \
513 precompose_string_if_needed(startup_info->original_cwd
514 + offset);
515 return;
516 }
517
518 no_prevention_needed:
519 free((char*)startup_info->original_cwd);
520 startup_info->original_cwd = NULL;
521 }
522
523 static int read_worktree_config(const char *var, const char *value,
524 const struct config_context *ctx UNUSED,
525 void *vdata)
526 {
527 struct repository_format *data = vdata;
528
529 if (strcmp(var, "core.bare") == 0) {
530 data->is_bare = git_config_bool(var, value);
531 } else if (strcmp(var, "core.worktree") == 0) {
532 if (!value)
533 return config_error_nonbool(var);
534 free(data->work_tree);
535 data->work_tree = xstrdup(value);
536 }
537 return 0;
538 }
539
540 enum extension_result {
541 EXTENSION_ERROR = -1, /* compatible with error(), etc */
542 EXTENSION_UNKNOWN = 0,
543 EXTENSION_OK = 1
544 };
545
546 /*
547 * Do not add new extensions to this function. It handles extensions which are
548 * respected even in v0-format repositories for historical compatibility.
549 */
550 static enum extension_result handle_extension_v0(const char *var,
551 const char *value,
552 const char *ext,
553 struct repository_format *data)
554 {
555 if (!strcmp(ext, "noop")) {
556 return EXTENSION_OK;
557 } else if (!strcmp(ext, "preciousobjects")) {
558 data->precious_objects = git_config_bool(var, value);
559 return EXTENSION_OK;
560 } else if (!strcmp(ext, "partialclone")) {
561 if (!value)
562 return config_error_nonbool(var);
563 data->partial_clone = xstrdup(value);
564 return EXTENSION_OK;
565 } else if (!strcmp(ext, "worktreeconfig")) {
566 data->worktree_config = git_config_bool(var, value);
567 return EXTENSION_OK;
568 }
569
570 return EXTENSION_UNKNOWN;
571 }
572
573 /*
574 * Record any new extensions in this function.
575 */
576 static enum extension_result handle_extension(const char *var,
577 const char *value,
578 const char *ext,
579 struct repository_format *data)
580 {
581 if (!strcmp(ext, "noop-v1")) {
582 return EXTENSION_OK;
583 } else if (!strcmp(ext, "objectformat")) {
584 int format;
585
586 if (!value)
587 return config_error_nonbool(var);
588 format = hash_algo_by_name(value);
589 if (format == GIT_HASH_UNKNOWN)
590 return error(_("invalid value for '%s': '%s'"),
591 "extensions.objectformat", value);
592 data->hash_algo = format;
593 return EXTENSION_OK;
594 } else if (!strcmp(ext, "refstorage")) {
595 unsigned int format;
596
597 if (!value)
598 return config_error_nonbool(var);
599 format = ref_storage_format_by_name(value);
600 if (format == REF_STORAGE_FORMAT_UNKNOWN)
601 return error(_("invalid value for '%s': '%s'"),
602 "extensions.refstorage", value);
603 data->ref_storage_format = format;
604 return EXTENSION_OK;
605 }
606 return EXTENSION_UNKNOWN;
607 }
608
609 static int check_repo_format(const char *var, const char *value,
610 const struct config_context *ctx, void *vdata)
611 {
612 struct repository_format *data = vdata;
613 const char *ext;
614
615 if (strcmp(var, "core.repositoryformatversion") == 0)
616 data->version = git_config_int(var, value, ctx->kvi);
617 else if (skip_prefix(var, "extensions.", &ext)) {
618 switch (handle_extension_v0(var, value, ext, data)) {
619 case EXTENSION_ERROR:
620 return -1;
621 case EXTENSION_OK:
622 return 0;
623 case EXTENSION_UNKNOWN:
624 break;
625 }
626
627 switch (handle_extension(var, value, ext, data)) {
628 case EXTENSION_ERROR:
629 return -1;
630 case EXTENSION_OK:
631 string_list_append(&data->v1_only_extensions, ext);
632 return 0;
633 case EXTENSION_UNKNOWN:
634 string_list_append(&data->unknown_extensions, ext);
635 return 0;
636 }
637 }
638
639 return read_worktree_config(var, value, ctx, vdata);
640 }
641
642 static int check_repository_format_gently(const char *gitdir, struct repository_format *candidate, int *nongit_ok)
643 {
644 struct strbuf sb = STRBUF_INIT;
645 struct strbuf err = STRBUF_INIT;
646 int has_common;
647
648 has_common = get_common_dir(&sb, gitdir);
649 strbuf_addstr(&sb, "/config");
650 read_repository_format(candidate, sb.buf);
651 strbuf_release(&sb);
652
653 /*
654 * For historical use of check_repository_format() in git-init,
655 * we treat a missing config as a silent "ok", even when nongit_ok
656 * is unset.
657 */
658 if (candidate->version < 0)
659 return 0;
660
661 if (verify_repository_format(candidate, &err) < 0) {
662 if (nongit_ok) {
663 warning("%s", err.buf);
664 strbuf_release(&err);
665 *nongit_ok = -1;
666 return -1;
667 }
668 die("%s", err.buf);
669 }
670
671 repository_format_precious_objects = candidate->precious_objects;
672 string_list_clear(&candidate->unknown_extensions, 0);
673 string_list_clear(&candidate->v1_only_extensions, 0);
674
675 if (candidate->worktree_config) {
676 /*
677 * pick up core.bare and core.worktree from per-worktree
678 * config if present
679 */
680 strbuf_addf(&sb, "%s/config.worktree", gitdir);
681 git_config_from_file(read_worktree_config, sb.buf, candidate);
682 strbuf_release(&sb);
683 has_common = 0;
684 }
685
686 if (!has_common) {
687 if (candidate->is_bare != -1) {
688 is_bare_repository_cfg = candidate->is_bare;
689 if (is_bare_repository_cfg == 1)
690 inside_work_tree = -1;
691 }
692 if (candidate->work_tree) {
693 free(git_work_tree_cfg);
694 git_work_tree_cfg = xstrdup(candidate->work_tree);
695 inside_work_tree = -1;
696 }
697 }
698
699 return 0;
700 }
701
702 int upgrade_repository_format(int target_version)
703 {
704 struct strbuf sb = STRBUF_INIT;
705 struct strbuf err = STRBUF_INIT;
706 struct strbuf repo_version = STRBUF_INIT;
707 struct repository_format repo_fmt = REPOSITORY_FORMAT_INIT;
708 int ret;
709
710 strbuf_git_common_path(&sb, the_repository, "config");
711 read_repository_format(&repo_fmt, sb.buf);
712 strbuf_release(&sb);
713
714 if (repo_fmt.version >= target_version) {
715 ret = 0;
716 goto out;
717 }
718
719 if (verify_repository_format(&repo_fmt, &err) < 0) {
720 ret = error("cannot upgrade repository format from %d to %d: %s",
721 repo_fmt.version, target_version, err.buf);
722 goto out;
723 }
724 if (!repo_fmt.version && repo_fmt.unknown_extensions.nr) {
725 ret = error("cannot upgrade repository format: "
726 "unknown extension %s",
727 repo_fmt.unknown_extensions.items[0].string);
728 goto out;
729 }
730
731 strbuf_addf(&repo_version, "%d", target_version);
732 git_config_set("core.repositoryformatversion", repo_version.buf);
733
734 ret = 1;
735
736 out:
737 clear_repository_format(&repo_fmt);
738 strbuf_release(&repo_version);
739 strbuf_release(&err);
740 return ret;
741 }
742
743 static void init_repository_format(struct repository_format *format)
744 {
745 const struct repository_format fresh = REPOSITORY_FORMAT_INIT;
746
747 memcpy(format, &fresh, sizeof(fresh));
748 }
749
750 int read_repository_format(struct repository_format *format, const char *path)
751 {
752 clear_repository_format(format);
753 git_config_from_file(check_repo_format, path, format);
754 if (format->version == -1)
755 clear_repository_format(format);
756 return format->version;
757 }
758
759 void clear_repository_format(struct repository_format *format)
760 {
761 string_list_clear(&format->unknown_extensions, 0);
762 string_list_clear(&format->v1_only_extensions, 0);
763 free(format->work_tree);
764 free(format->partial_clone);
765 init_repository_format(format);
766 }
767
768 int verify_repository_format(const struct repository_format *format,
769 struct strbuf *err)
770 {
771 if (GIT_REPO_VERSION_READ < format->version) {
772 strbuf_addf(err, _("Expected git repo version <= %d, found %d"),
773 GIT_REPO_VERSION_READ, format->version);
774 return -1;
775 }
776
777 if (format->version >= 1 && format->unknown_extensions.nr) {
778 int i;
779
780 strbuf_addstr(err, Q_("unknown repository extension found:",
781 "unknown repository extensions found:",
782 format->unknown_extensions.nr));
783
784 for (i = 0; i < format->unknown_extensions.nr; i++)
785 strbuf_addf(err, "\n\t%s",
786 format->unknown_extensions.items[i].string);
787 return -1;
788 }
789
790 if (format->version == 0 && format->v1_only_extensions.nr) {
791 int i;
792
793 strbuf_addstr(err,
794 Q_("repo version is 0, but v1-only extension found:",
795 "repo version is 0, but v1-only extensions found:",
796 format->v1_only_extensions.nr));
797
798 for (i = 0; i < format->v1_only_extensions.nr; i++)
799 strbuf_addf(err, "\n\t%s",
800 format->v1_only_extensions.items[i].string);
801 return -1;
802 }
803
804 return 0;
805 }
806
807 void read_gitfile_error_die(int error_code, const char *path, const char *dir)
808 {
809 switch (error_code) {
810 case READ_GITFILE_ERR_STAT_FAILED:
811 case READ_GITFILE_ERR_NOT_A_FILE:
812 /* non-fatal; follow return path */
813 break;
814 case READ_GITFILE_ERR_OPEN_FAILED:
815 die_errno(_("error opening '%s'"), path);
816 case READ_GITFILE_ERR_TOO_LARGE:
817 die(_("too large to be a .git file: '%s'"), path);
818 case READ_GITFILE_ERR_READ_FAILED:
819 die(_("error reading %s"), path);
820 case READ_GITFILE_ERR_INVALID_FORMAT:
821 die(_("invalid gitfile format: %s"), path);
822 case READ_GITFILE_ERR_NO_PATH:
823 die(_("no path in gitfile: %s"), path);
824 case READ_GITFILE_ERR_NOT_A_REPO:
825 die(_("not a git repository: %s"), dir);
826 default:
827 BUG("unknown error code");
828 }
829 }
830
831 /*
832 * Try to read the location of the git directory from the .git file,
833 * return path to git directory if found. The return value comes from
834 * a shared buffer.
835 *
836 * On failure, if return_error_code is not NULL, return_error_code
837 * will be set to an error code and NULL will be returned. If
838 * return_error_code is NULL the function will die instead (for most
839 * cases).
840 */
841 const char *read_gitfile_gently(const char *path, int *return_error_code)
842 {
843 const int max_file_size = 1 << 20; /* 1MB */
844 int error_code = 0;
845 char *buf = NULL;
846 char *dir = NULL;
847 const char *slash;
848 struct stat st;
849 int fd;
850 ssize_t len;
851 static struct strbuf realpath = STRBUF_INIT;
852
853 if (stat(path, &st)) {
854 /* NEEDSWORK: discern between ENOENT vs other errors */
855 error_code = READ_GITFILE_ERR_STAT_FAILED;
856 goto cleanup_return;
857 }
858 if (!S_ISREG(st.st_mode)) {
859 error_code = READ_GITFILE_ERR_NOT_A_FILE;
860 goto cleanup_return;
861 }
862 if (st.st_size > max_file_size) {
863 error_code = READ_GITFILE_ERR_TOO_LARGE;
864 goto cleanup_return;
865 }
866 fd = open(path, O_RDONLY);
867 if (fd < 0) {
868 error_code = READ_GITFILE_ERR_OPEN_FAILED;
869 goto cleanup_return;
870 }
871 buf = xmallocz(st.st_size);
872 len = read_in_full(fd, buf, st.st_size);
873 close(fd);
874 if (len != st.st_size) {
875 error_code = READ_GITFILE_ERR_READ_FAILED;
876 goto cleanup_return;
877 }
878 if (!starts_with(buf, "gitdir: ")) {
879 error_code = READ_GITFILE_ERR_INVALID_FORMAT;
880 goto cleanup_return;
881 }
882 while (buf[len - 1] == '\n' || buf[len - 1] == '\r')
883 len--;
884 if (len < 9) {
885 error_code = READ_GITFILE_ERR_NO_PATH;
886 goto cleanup_return;
887 }
888 buf[len] = '\0';
889 dir = buf + 8;
890
891 if (!is_absolute_path(dir) && (slash = strrchr(path, '/'))) {
892 size_t pathlen = slash+1 - path;
893 dir = xstrfmt("%.*s%.*s", (int)pathlen, path,
894 (int)(len - 8), buf + 8);
895 free(buf);
896 buf = dir;
897 }
898 if (!is_git_directory(dir)) {
899 error_code = READ_GITFILE_ERR_NOT_A_REPO;
900 goto cleanup_return;
901 }
902
903 strbuf_realpath(&realpath, dir, 1);
904 path = realpath.buf;
905
906 cleanup_return:
907 if (return_error_code)
908 *return_error_code = error_code;
909 else if (error_code)
910 read_gitfile_error_die(error_code, path, dir);
911
912 free(buf);
913 return error_code ? NULL : path;
914 }
915
916 static const char *setup_explicit_git_dir(const char *gitdirenv,
917 struct strbuf *cwd,
918 struct repository_format *repo_fmt,
919 int *nongit_ok)
920 {
921 const char *work_tree_env = getenv(GIT_WORK_TREE_ENVIRONMENT);
922 const char *worktree;
923 char *gitfile;
924 int offset;
925
926 if (PATH_MAX - 40 < strlen(gitdirenv))
927 die(_("'$%s' too big"), GIT_DIR_ENVIRONMENT);
928
929 gitfile = (char*)read_gitfile(gitdirenv);
930 if (gitfile) {
931 gitfile = xstrdup(gitfile);
932 gitdirenv = gitfile;
933 }
934
935 if (!is_git_directory(gitdirenv)) {
936 if (nongit_ok) {
937 *nongit_ok = 1;
938 free(gitfile);
939 return NULL;
940 }
941 die(_("not a git repository: '%s'"), gitdirenv);
942 }
943
944 if (check_repository_format_gently(gitdirenv, repo_fmt, nongit_ok)) {
945 free(gitfile);
946 return NULL;
947 }
948
949 /* #3, #7, #11, #15, #19, #23, #27, #31 (see t1510) */
950 if (work_tree_env)
951 set_git_work_tree(work_tree_env);
952 else if (is_bare_repository_cfg > 0) {
953 if (git_work_tree_cfg) {
954 /* #22.2, #30 */
955 warning("core.bare and core.worktree do not make sense");
956 work_tree_config_is_bogus = 1;
957 }
958
959 /* #18, #26 */
960 set_git_dir(gitdirenv, 0);
961 free(gitfile);
962 return NULL;
963 }
964 else if (git_work_tree_cfg) { /* #6, #14 */
965 if (is_absolute_path(git_work_tree_cfg))
966 set_git_work_tree(git_work_tree_cfg);
967 else {
968 char *core_worktree;
969 if (chdir(gitdirenv))
970 die_errno(_("cannot chdir to '%s'"), gitdirenv);
971 if (chdir(git_work_tree_cfg))
972 die_errno(_("cannot chdir to '%s'"), git_work_tree_cfg);
973 core_worktree = xgetcwd();
974 if (chdir(cwd->buf))
975 die_errno(_("cannot come back to cwd"));
976 set_git_work_tree(core_worktree);
977 free(core_worktree);
978 }
979 }
980 else if (!git_env_bool(GIT_IMPLICIT_WORK_TREE_ENVIRONMENT, 1)) {
981 /* #16d */
982 set_git_dir(gitdirenv, 0);
983 free(gitfile);
984 return NULL;
985 }
986 else /* #2, #10 */
987 set_git_work_tree(".");
988
989 /* set_git_work_tree() must have been called by now */
990 worktree = get_git_work_tree();
991
992 /* both get_git_work_tree() and cwd are already normalized */
993 if (!strcmp(cwd->buf, worktree)) { /* cwd == worktree */
994 set_git_dir(gitdirenv, 0);
995 free(gitfile);
996 return NULL;
997 }
998
999 offset = dir_inside_of(cwd->buf, worktree);
1000 if (offset >= 0) { /* cwd inside worktree? */
1001 set_git_dir(gitdirenv, 1);
1002 if (chdir(worktree))
1003 die_errno(_("cannot chdir to '%s'"), worktree);
1004 strbuf_addch(cwd, '/');
1005 free(gitfile);
1006 return cwd->buf + offset;
1007 }
1008
1009 /* cwd outside worktree */
1010 set_git_dir(gitdirenv, 0);
1011 free(gitfile);
1012 return NULL;
1013 }
1014
1015 static const char *setup_discovered_git_dir(const char *gitdir,
1016 struct strbuf *cwd, int offset,
1017 struct repository_format *repo_fmt,
1018 int *nongit_ok)
1019 {
1020 if (check_repository_format_gently(gitdir, repo_fmt, nongit_ok))
1021 return NULL;
1022
1023 /* --work-tree is set without --git-dir; use discovered one */
1024 if (getenv(GIT_WORK_TREE_ENVIRONMENT) || git_work_tree_cfg) {
1025 char *to_free = NULL;
1026 const char *ret;
1027
1028 if (offset != cwd->len && !is_absolute_path(gitdir))
1029 gitdir = to_free = real_pathdup(gitdir, 1);
1030 if (chdir(cwd->buf))
1031 die_errno(_("cannot come back to cwd"));
1032 ret = setup_explicit_git_dir(gitdir, cwd, repo_fmt, nongit_ok);
1033 free(to_free);
1034 return ret;
1035 }
1036
1037 /* #16.2, #17.2, #20.2, #21.2, #24, #25, #28, #29 (see t1510) */
1038 if (is_bare_repository_cfg > 0) {
1039 set_git_dir(gitdir, (offset != cwd->len));
1040 if (chdir(cwd->buf))
1041 die_errno(_("cannot come back to cwd"));
1042 return NULL;
1043 }
1044
1045 /* #0, #1, #5, #8, #9, #12, #13 */
1046 set_git_work_tree(".");
1047 if (strcmp(gitdir, DEFAULT_GIT_DIR_ENVIRONMENT))
1048 set_git_dir(gitdir, 0);
1049 inside_git_dir = 0;
1050 inside_work_tree = 1;
1051 if (offset >= cwd->len)
1052 return NULL;
1053
1054 /* Make "offset" point past the '/' (already the case for root dirs) */
1055 if (offset != offset_1st_component(cwd->buf))
1056 offset++;
1057 /* Add a '/' at the end */
1058 strbuf_addch(cwd, '/');
1059 return cwd->buf + offset;
1060 }
1061
1062 /* #16.1, #17.1, #20.1, #21.1, #22.1 (see t1510) */
1063 static const char *setup_bare_git_dir(struct strbuf *cwd, int offset,
1064 struct repository_format *repo_fmt,
1065 int *nongit_ok)
1066 {
1067 int root_len;
1068
1069 if (check_repository_format_gently(".", repo_fmt, nongit_ok))
1070 return NULL;
1071
1072 setenv(GIT_IMPLICIT_WORK_TREE_ENVIRONMENT, "0", 1);
1073
1074 /* --work-tree is set without --git-dir; use discovered one */
1075 if (getenv(GIT_WORK_TREE_ENVIRONMENT) || git_work_tree_cfg) {
1076 static const char *gitdir;
1077
1078 gitdir = offset == cwd->len ? "." : xmemdupz(cwd->buf, offset);
1079 if (chdir(cwd->buf))
1080 die_errno(_("cannot come back to cwd"));
1081 return setup_explicit_git_dir(gitdir, cwd, repo_fmt, nongit_ok);
1082 }
1083
1084 inside_git_dir = 1;
1085 inside_work_tree = 0;
1086 if (offset != cwd->len) {
1087 if (chdir(cwd->buf))
1088 die_errno(_("cannot come back to cwd"));
1089 root_len = offset_1st_component(cwd->buf);
1090 strbuf_setlen(cwd, offset > root_len ? offset : root_len);
1091 set_git_dir(cwd->buf, 0);
1092 }
1093 else
1094 set_git_dir(".", 0);
1095 return NULL;
1096 }
1097
1098 static dev_t get_device_or_die(const char *path, const char *prefix, int prefix_len)
1099 {
1100 struct stat buf;
1101 if (stat(path, &buf)) {
1102 die_errno(_("failed to stat '%*s%s%s'"),
1103 prefix_len,
1104 prefix ? prefix : "",
1105 prefix ? "/" : "", path);
1106 }
1107 return buf.st_dev;
1108 }
1109
1110 /*
1111 * A "string_list_each_func_t" function that canonicalizes an entry
1112 * from GIT_CEILING_DIRECTORIES using real_pathdup(), or
1113 * discards it if unusable. The presence of an empty entry in
1114 * GIT_CEILING_DIRECTORIES turns off canonicalization for all
1115 * subsequent entries.
1116 */
1117 static int canonicalize_ceiling_entry(struct string_list_item *item,
1118 void *cb_data)
1119 {
1120 int *empty_entry_found = cb_data;
1121 char *ceil = item->string;
1122
1123 if (!*ceil) {
1124 *empty_entry_found = 1;
1125 return 0;
1126 } else if (!is_absolute_path(ceil)) {
1127 return 0;
1128 } else if (*empty_entry_found) {
1129 /* Keep entry but do not canonicalize it */
1130 return 1;
1131 } else {
1132 char *real_path = real_pathdup(ceil, 0);
1133 if (!real_path) {
1134 return 0;
1135 }
1136 free(item->string);
1137 item->string = real_path;
1138 return 1;
1139 }
1140 }
1141
1142 struct safe_directory_data {
1143 const char *path;
1144 int is_safe;
1145 };
1146
1147 static int safe_directory_cb(const char *key, const char *value,
1148 const struct config_context *ctx UNUSED, void *d)
1149 {
1150 struct safe_directory_data *data = d;
1151
1152 if (strcmp(key, "safe.directory"))
1153 return 0;
1154
1155 if (!value || !*value) {
1156 data->is_safe = 0;
1157 } else if (!strcmp(value, "*")) {
1158 data->is_safe = 1;
1159 } else {
1160 const char *interpolated = NULL;
1161
1162 if (!git_config_pathname(&interpolated, key, value) &&
1163 !fspathcmp(data->path, interpolated ? interpolated : value))
1164 data->is_safe = 1;
1165
1166 free((char *)interpolated);
1167 }
1168
1169 return 0;
1170 }
1171
1172 /*
1173 * Check if a repository is safe, by verifying the ownership of the
1174 * worktree (if any), the git directory, and the gitfile (if any).
1175 *
1176 * Exemptions for known-safe repositories can be added via `safe.directory`
1177 * config settings; for non-bare repositories, their worktree needs to be
1178 * added, for bare ones their git directory.
1179 */
1180 static int ensure_valid_ownership(const char *gitfile,
1181 const char *worktree, const char *gitdir,
1182 struct strbuf *report)
1183 {
1184 struct safe_directory_data data = {
1185 .path = worktree ? worktree : gitdir
1186 };
1187
1188 if (!git_env_bool("GIT_TEST_ASSUME_DIFFERENT_OWNER", 0) &&
1189 (!gitfile || is_path_owned_by_current_user(gitfile, report)) &&
1190 (!worktree || is_path_owned_by_current_user(worktree, report)) &&
1191 (!gitdir || is_path_owned_by_current_user(gitdir, report)))
1192 return 1;
1193
1194 /*
1195 * data.path is the "path" that identifies the repository and it is
1196 * constant regardless of what failed above. data.is_safe should be
1197 * initialized to false, and might be changed by the callback.
1198 */
1199 git_protected_config(safe_directory_cb, &data);
1200
1201 return data.is_safe;
1202 }
1203
1204 static int allowed_bare_repo_cb(const char *key, const char *value,
1205 const struct config_context *ctx UNUSED,
1206 void *d)
1207 {
1208 enum allowed_bare_repo *allowed_bare_repo = d;
1209
1210 if (strcasecmp(key, "safe.bareRepository"))
1211 return 0;
1212
1213 if (!strcmp(value, "explicit")) {
1214 *allowed_bare_repo = ALLOWED_BARE_REPO_EXPLICIT;
1215 return 0;
1216 }
1217 if (!strcmp(value, "all")) {
1218 *allowed_bare_repo = ALLOWED_BARE_REPO_ALL;
1219 return 0;
1220 }
1221 return -1;
1222 }
1223
1224 static enum allowed_bare_repo get_allowed_bare_repo(void)
1225 {
1226 enum allowed_bare_repo result = ALLOWED_BARE_REPO_ALL;
1227 git_protected_config(allowed_bare_repo_cb, &result);
1228 return result;
1229 }
1230
1231 static const char *allowed_bare_repo_to_string(
1232 enum allowed_bare_repo allowed_bare_repo)
1233 {
1234 switch (allowed_bare_repo) {
1235 case ALLOWED_BARE_REPO_EXPLICIT:
1236 return "explicit";
1237 case ALLOWED_BARE_REPO_ALL:
1238 return "all";
1239 default:
1240 BUG("invalid allowed_bare_repo %d",
1241 allowed_bare_repo);
1242 }
1243 return NULL;
1244 }
1245
1246 /*
1247 * We cannot decide in this function whether we are in the work tree or
1248 * not, since the config can only be read _after_ this function was called.
1249 *
1250 * Also, we avoid changing any global state (such as the current working
1251 * directory) to allow early callers.
1252 *
1253 * The directory where the search should start needs to be passed in via the
1254 * `dir` parameter; upon return, the `dir` buffer will contain the path of
1255 * the directory where the search ended, and `gitdir` will contain the path of
1256 * the discovered .git/ directory, if any. If `gitdir` is not absolute, it
1257 * is relative to `dir` (i.e. *not* necessarily the cwd).
1258 */
1259 static enum discovery_result setup_git_directory_gently_1(struct strbuf *dir,
1260 struct strbuf *gitdir,
1261 struct strbuf *report,
1262 int die_on_error)
1263 {
1264 const char *env_ceiling_dirs = getenv(CEILING_DIRECTORIES_ENVIRONMENT);
1265 struct string_list ceiling_dirs = STRING_LIST_INIT_DUP;
1266 const char *gitdirenv;
1267 int ceil_offset = -1, min_offset = offset_1st_component(dir->buf);
1268 dev_t current_device = 0;
1269 int one_filesystem = 1;
1270
1271 /*
1272 * If GIT_DIR is set explicitly, we're not going
1273 * to do any discovery, but we still do repository
1274 * validation.
1275 */
1276 gitdirenv = getenv(GIT_DIR_ENVIRONMENT);
1277 if (gitdirenv) {
1278 strbuf_addstr(gitdir, gitdirenv);
1279 return GIT_DIR_EXPLICIT;
1280 }
1281
1282 if (env_ceiling_dirs) {
1283 int empty_entry_found = 0;
1284
1285 string_list_split(&ceiling_dirs, env_ceiling_dirs, PATH_SEP, -1);
1286 filter_string_list(&ceiling_dirs, 0,
1287 canonicalize_ceiling_entry, &empty_entry_found);
1288 ceil_offset = longest_ancestor_length(dir->buf, &ceiling_dirs);
1289 string_list_clear(&ceiling_dirs, 0);
1290 }
1291
1292 if (ceil_offset < 0)
1293 ceil_offset = min_offset - 2;
1294
1295 if (min_offset && min_offset == dir->len &&
1296 !is_dir_sep(dir->buf[min_offset - 1])) {
1297 strbuf_addch(dir, '/');
1298 min_offset++;
1299 }
1300
1301 /*
1302 * Test in the following order (relative to the dir):
1303 * - .git (file containing "gitdir: <path>")
1304 * - .git/
1305 * - ./ (bare)
1306 * - ../.git
1307 * - ../.git/
1308 * - ../ (bare)
1309 * - ../../.git
1310 * etc.
1311 */
1312 one_filesystem = !git_env_bool("GIT_DISCOVERY_ACROSS_FILESYSTEM", 0);
1313 if (one_filesystem)
1314 current_device = get_device_or_die(dir->buf, NULL, 0);
1315 for (;;) {
1316 int offset = dir->len, error_code = 0;
1317 char *gitdir_path = NULL;
1318 char *gitfile = NULL;
1319
1320 if (offset > min_offset)
1321 strbuf_addch(dir, '/');
1322 strbuf_addstr(dir, DEFAULT_GIT_DIR_ENVIRONMENT);
1323 gitdirenv = read_gitfile_gently(dir->buf, die_on_error ?
1324 NULL : &error_code);
1325 if (!gitdirenv) {
1326 if (die_on_error ||
1327 error_code == READ_GITFILE_ERR_NOT_A_FILE) {
1328 /* NEEDSWORK: fail if .git is not file nor dir */
1329 if (is_git_directory(dir->buf)) {
1330 gitdirenv = DEFAULT_GIT_DIR_ENVIRONMENT;
1331 gitdir_path = xstrdup(dir->buf);
1332 }
1333 } else if (error_code != READ_GITFILE_ERR_STAT_FAILED)
1334 return GIT_DIR_INVALID_GITFILE;
1335 } else
1336 gitfile = xstrdup(dir->buf);
1337 /*
1338 * Earlier, we tentatively added DEFAULT_GIT_DIR_ENVIRONMENT
1339 * to check that directory for a repository.
1340 * Now trim that tentative addition away, because we want to
1341 * focus on the real directory we are in.
1342 */
1343 strbuf_setlen(dir, offset);
1344 if (gitdirenv) {
1345 enum discovery_result ret;
1346 const char *gitdir_candidate =
1347 gitdir_path ? gitdir_path : gitdirenv;
1348
1349 if (ensure_valid_ownership(gitfile, dir->buf,
1350 gitdir_candidate, report)) {
1351 strbuf_addstr(gitdir, gitdirenv);
1352 ret = GIT_DIR_DISCOVERED;
1353 } else
1354 ret = GIT_DIR_INVALID_OWNERSHIP;
1355
1356 /*
1357 * Earlier, during discovery, we might have allocated
1358 * string copies for gitdir_path or gitfile so make
1359 * sure we don't leak by freeing them now, before
1360 * leaving the loop and function.
1361 *
1362 * Note: gitdirenv will be non-NULL whenever these are
1363 * allocated, therefore we need not take care of releasing
1364 * them outside of this conditional block.
1365 */
1366 free(gitdir_path);
1367 free(gitfile);
1368
1369 return ret;
1370 }
1371
1372 if (is_git_directory(dir->buf)) {
1373 trace2_data_string("setup", NULL, "implicit-bare-repository", dir->buf);
1374 if (get_allowed_bare_repo() == ALLOWED_BARE_REPO_EXPLICIT &&
1375 !ends_with_path_components(dir->buf, ".git"))
1376 return GIT_DIR_DISALLOWED_BARE;
1377 if (!ensure_valid_ownership(NULL, NULL, dir->buf, report))
1378 return GIT_DIR_INVALID_OWNERSHIP;
1379 strbuf_addstr(gitdir, ".");
1380 return GIT_DIR_BARE;
1381 }
1382
1383 if (offset <= min_offset)
1384 return GIT_DIR_HIT_CEILING;
1385
1386 while (--offset > ceil_offset && !is_dir_sep(dir->buf[offset]))
1387 ; /* continue */
1388 if (offset <= ceil_offset)
1389 return GIT_DIR_HIT_CEILING;
1390
1391 strbuf_setlen(dir, offset > min_offset ? offset : min_offset);
1392 if (one_filesystem &&
1393 current_device != get_device_or_die(dir->buf, NULL, offset))
1394 return GIT_DIR_HIT_MOUNT_POINT;
1395 }
1396 }
1397
1398 enum discovery_result discover_git_directory_reason(struct strbuf *commondir,
1399 struct strbuf *gitdir)
1400 {
1401 struct strbuf dir = STRBUF_INIT, err = STRBUF_INIT;
1402 size_t gitdir_offset = gitdir->len, cwd_len;
1403 size_t commondir_offset = commondir->len;
1404 struct repository_format candidate = REPOSITORY_FORMAT_INIT;
1405 enum discovery_result result;
1406
1407 if (strbuf_getcwd(&dir))
1408 return GIT_DIR_CWD_FAILURE;
1409
1410 cwd_len = dir.len;
1411 result = setup_git_directory_gently_1(&dir, gitdir, NULL, 0);
1412 if (result <= 0) {
1413 strbuf_release(&dir);
1414 return result;
1415 }
1416
1417 /*
1418 * The returned gitdir is relative to dir, and if dir does not reflect
1419 * the current working directory, we simply make the gitdir absolute.
1420 */
1421 if (dir.len < cwd_len && !is_absolute_path(gitdir->buf + gitdir_offset)) {
1422 /* Avoid a trailing "/." */
1423 if (!strcmp(".", gitdir->buf + gitdir_offset))
1424 strbuf_setlen(gitdir, gitdir_offset);
1425 else
1426 strbuf_addch(&dir, '/');
1427 strbuf_insert(gitdir, gitdir_offset, dir.buf, dir.len);
1428 }
1429
1430 get_common_dir(commondir, gitdir->buf + gitdir_offset);
1431
1432 strbuf_reset(&dir);
1433 strbuf_addf(&dir, "%s/config", commondir->buf + commondir_offset);
1434 read_repository_format(&candidate, dir.buf);
1435 strbuf_release(&dir);
1436
1437 if (verify_repository_format(&candidate, &err) < 0) {
1438 warning("ignoring git dir '%s': %s",
1439 gitdir->buf + gitdir_offset, err.buf);
1440 strbuf_release(&err);
1441 strbuf_setlen(commondir, commondir_offset);
1442 strbuf_setlen(gitdir, gitdir_offset);
1443 clear_repository_format(&candidate);
1444 return GIT_DIR_INVALID_FORMAT;
1445 }
1446
1447 clear_repository_format(&candidate);
1448 return result;
1449 }
1450
1451 const char *setup_git_directory_gently(int *nongit_ok)
1452 {
1453 static struct strbuf cwd = STRBUF_INIT;
1454 struct strbuf dir = STRBUF_INIT, gitdir = STRBUF_INIT, report = STRBUF_INIT;
1455 const char *prefix = NULL;
1456 struct repository_format repo_fmt = REPOSITORY_FORMAT_INIT;
1457
1458 /*
1459 * We may have read an incomplete configuration before
1460 * setting-up the git directory. If so, clear the cache so
1461 * that the next queries to the configuration reload complete
1462 * configuration (including the per-repo config file that we
1463 * ignored previously).
1464 */
1465 git_config_clear();
1466
1467 /*
1468 * Let's assume that we are in a git repository.
1469 * If it turns out later that we are somewhere else, the value will be
1470 * updated accordingly.
1471 */
1472 if (nongit_ok)
1473 *nongit_ok = 0;
1474
1475 if (strbuf_getcwd(&cwd))
1476 die_errno(_("Unable to read current working directory"));
1477 strbuf_addbuf(&dir, &cwd);
1478
1479 switch (setup_git_directory_gently_1(&dir, &gitdir, &report, 1)) {
1480 case GIT_DIR_EXPLICIT:
1481 prefix = setup_explicit_git_dir(gitdir.buf, &cwd, &repo_fmt, nongit_ok);
1482 break;
1483 case GIT_DIR_DISCOVERED:
1484 if (dir.len < cwd.len && chdir(dir.buf))
1485 die(_("cannot change to '%s'"), dir.buf);
1486 prefix = setup_discovered_git_dir(gitdir.buf, &cwd, dir.len,
1487 &repo_fmt, nongit_ok);
1488 break;
1489 case GIT_DIR_BARE:
1490 if (dir.len < cwd.len && chdir(dir.buf))
1491 die(_("cannot change to '%s'"), dir.buf);
1492 prefix = setup_bare_git_dir(&cwd, dir.len, &repo_fmt, nongit_ok);
1493 break;
1494 case GIT_DIR_HIT_CEILING:
1495 if (!nongit_ok)
1496 die(_("not a git repository (or any of the parent directories): %s"),
1497 DEFAULT_GIT_DIR_ENVIRONMENT);
1498 *nongit_ok = 1;
1499 break;
1500 case GIT_DIR_HIT_MOUNT_POINT:
1501 if (!nongit_ok)
1502 die(_("not a git repository (or any parent up to mount point %s)\n"
1503 "Stopping at filesystem boundary (GIT_DISCOVERY_ACROSS_FILESYSTEM not set)."),
1504 dir.buf);
1505 *nongit_ok = 1;
1506 break;
1507 case GIT_DIR_INVALID_OWNERSHIP:
1508 if (!nongit_ok) {
1509 struct strbuf quoted = STRBUF_INIT;
1510
1511 strbuf_complete(&report, '\n');
1512 sq_quote_buf_pretty(&quoted, dir.buf);
1513 die(_("detected dubious ownership in repository at '%s'\n"
1514 "%s"
1515 "To add an exception for this directory, call:\n"
1516 "\n"
1517 "\tgit config --global --add safe.directory %s"),
1518 dir.buf, report.buf, quoted.buf);
1519 }
1520 *nongit_ok = 1;
1521 break;
1522 case GIT_DIR_DISALLOWED_BARE:
1523 if (!nongit_ok) {
1524 die(_("cannot use bare repository '%s' (safe.bareRepository is '%s')"),
1525 dir.buf,
1526 allowed_bare_repo_to_string(get_allowed_bare_repo()));
1527 }
1528 *nongit_ok = 1;
1529 break;
1530 case GIT_DIR_CWD_FAILURE:
1531 case GIT_DIR_INVALID_FORMAT:
1532 /*
1533 * As a safeguard against setup_git_directory_gently_1 returning
1534 * these values, fallthrough to BUG. Otherwise it is possible to
1535 * set startup_info->have_repository to 1 when we did nothing to
1536 * find a repository.
1537 */
1538 default:
1539 BUG("unhandled setup_git_directory_gently_1() result");
1540 }
1541
1542 /*
1543 * At this point, nongit_ok is stable. If it is non-NULL and points
1544 * to a non-zero value, then this means that we haven't found a
1545 * repository and that the caller expects startup_info to reflect
1546 * this.
1547 *
1548 * Regardless of the state of nongit_ok, startup_info->prefix and
1549 * the GIT_PREFIX environment variable must always match. For details
1550 * see Documentation/config/alias.txt.
1551 */
1552 if (nongit_ok && *nongit_ok)
1553 startup_info->have_repository = 0;
1554 else
1555 startup_info->have_repository = 1;
1556
1557 /*
1558 * Not all paths through the setup code will call 'set_git_dir()' (which
1559 * directly sets up the environment) so in order to guarantee that the
1560 * environment is in a consistent state after setup, explicitly setup
1561 * the environment if we have a repository.
1562 *
1563 * NEEDSWORK: currently we allow bogus GIT_DIR values to be set in some
1564 * code paths so we also need to explicitly setup the environment if
1565 * the user has set GIT_DIR. It may be beneficial to disallow bogus
1566 * GIT_DIR values at some point in the future.
1567 */
1568 if (/* GIT_DIR_EXPLICIT, GIT_DIR_DISCOVERED, GIT_DIR_BARE */
1569 startup_info->have_repository ||
1570 /* GIT_DIR_EXPLICIT */
1571 getenv(GIT_DIR_ENVIRONMENT)) {
1572 if (!the_repository->gitdir) {
1573 const char *gitdir = getenv(GIT_DIR_ENVIRONMENT);
1574 if (!gitdir)
1575 gitdir = DEFAULT_GIT_DIR_ENVIRONMENT;
1576 setup_git_env(gitdir);
1577 }
1578 if (startup_info->have_repository) {
1579 repo_set_hash_algo(the_repository, repo_fmt.hash_algo);
1580 repo_set_ref_storage_format(the_repository,
1581 repo_fmt.ref_storage_format);
1582 the_repository->repository_format_worktree_config =
1583 repo_fmt.worktree_config;
1584 /* take ownership of repo_fmt.partial_clone */
1585 the_repository->repository_format_partial_clone =
1586 repo_fmt.partial_clone;
1587 repo_fmt.partial_clone = NULL;
1588 }
1589 }
1590 /*
1591 * Since precompose_string_if_needed() needs to look at
1592 * the core.precomposeunicode configuration, this
1593 * has to happen after the above block that finds
1594 * out where the repository is, i.e. a preparation
1595 * for calling git_config_get_bool().
1596 */
1597 if (prefix) {
1598 prefix = precompose_string_if_needed(prefix);
1599 startup_info->prefix = prefix;
1600 setenv(GIT_PREFIX_ENVIRONMENT, prefix, 1);
1601 } else {
1602 startup_info->prefix = NULL;
1603 setenv(GIT_PREFIX_ENVIRONMENT, "", 1);
1604 }
1605
1606 setup_original_cwd();
1607
1608 strbuf_release(&dir);
1609 strbuf_release(&gitdir);
1610 strbuf_release(&report);
1611 clear_repository_format(&repo_fmt);
1612
1613 return prefix;
1614 }
1615
1616 int git_config_perm(const char *var, const char *value)
1617 {
1618 int i;
1619 char *endptr;
1620
1621 if (!value)
1622 return PERM_GROUP;
1623
1624 if (!strcmp(value, "umask"))
1625 return PERM_UMASK;
1626 if (!strcmp(value, "group"))
1627 return PERM_GROUP;
1628 if (!strcmp(value, "all") ||
1629 !strcmp(value, "world") ||
1630 !strcmp(value, "everybody"))
1631 return PERM_EVERYBODY;
1632
1633 /* Parse octal numbers */
1634 i = strtol(value, &endptr, 8);
1635
1636 /* If not an octal number, maybe true/false? */
1637 if (*endptr != 0)
1638 return git_config_bool(var, value) ? PERM_GROUP : PERM_UMASK;
1639
1640 /*
1641 * Treat values 0, 1 and 2 as compatibility cases, otherwise it is
1642 * a chmod value to restrict to.
1643 */
1644 switch (i) {
1645 case PERM_UMASK: /* 0 */
1646 return PERM_UMASK;
1647 case OLD_PERM_GROUP: /* 1 */
1648 return PERM_GROUP;
1649 case OLD_PERM_EVERYBODY: /* 2 */
1650 return PERM_EVERYBODY;
1651 }
1652
1653 /* A filemode value was given: 0xxx */
1654
1655 if ((i & 0600) != 0600)
1656 die(_("problem with core.sharedRepository filemode value "
1657 "(0%.3o).\nThe owner of files must always have "
1658 "read and write permissions."), i);
1659
1660 /*
1661 * Mask filemode value. Others can not get write permission.
1662 * x flags for directories are handled separately.
1663 */
1664 return -(i & 0666);
1665 }
1666
1667 void check_repository_format(struct repository_format *fmt)
1668 {
1669 struct repository_format repo_fmt = REPOSITORY_FORMAT_INIT;
1670 if (!fmt)
1671 fmt = &repo_fmt;
1672 check_repository_format_gently(get_git_dir(), fmt, NULL);
1673 startup_info->have_repository = 1;
1674 repo_set_hash_algo(the_repository, fmt->hash_algo);
1675 repo_set_ref_storage_format(the_repository,
1676 fmt->ref_storage_format);
1677 the_repository->repository_format_worktree_config =
1678 fmt->worktree_config;
1679 the_repository->repository_format_partial_clone =
1680 xstrdup_or_null(fmt->partial_clone);
1681 clear_repository_format(&repo_fmt);
1682 }
1683
1684 /*
1685 * Returns the "prefix", a path to the current working directory
1686 * relative to the work tree root, or NULL, if the current working
1687 * directory is not a strict subdirectory of the work tree root. The
1688 * prefix always ends with a '/' character.
1689 */
1690 const char *setup_git_directory(void)
1691 {
1692 return setup_git_directory_gently(NULL);
1693 }
1694
1695 const char *resolve_gitdir_gently(const char *suspect, int *return_error_code)
1696 {
1697 if (is_git_directory(suspect))
1698 return suspect;
1699 return read_gitfile_gently(suspect, return_error_code);
1700 }
1701
1702 /* if any standard file descriptor is missing open it to /dev/null */
1703 void sanitize_stdfds(void)
1704 {
1705 int fd = xopen("/dev/null", O_RDWR);
1706 while (fd < 2)
1707 fd = xdup(fd);
1708 if (fd > 2)
1709 close(fd);
1710 }
1711
1712 int daemonize(void)
1713 {
1714 #ifdef NO_POSIX_GOODIES
1715 errno = ENOSYS;
1716 return -1;
1717 #else
1718 switch (fork()) {
1719 case 0:
1720 break;
1721 case -1:
1722 die_errno(_("fork failed"));
1723 default:
1724 exit(0);
1725 }
1726 if (setsid() == -1)
1727 die_errno(_("setsid failed"));
1728 close(0);
1729 close(1);
1730 close(2);
1731 sanitize_stdfds();
1732 return 0;
1733 #endif
1734 }
1735
1736 #ifdef NO_TRUSTABLE_FILEMODE
1737 #define TEST_FILEMODE 0
1738 #else
1739 #define TEST_FILEMODE 1
1740 #endif
1741
1742 #define GIT_DEFAULT_HASH_ENVIRONMENT "GIT_DEFAULT_HASH"
1743
1744 static void copy_templates_1(struct strbuf *path, struct strbuf *template_path,
1745 DIR *dir)
1746 {
1747 size_t path_baselen = path->len;
1748 size_t template_baselen = template_path->len;
1749 struct dirent *de;
1750
1751 /* Note: if ".git/hooks" file exists in the repository being
1752 * re-initialized, /etc/core-git/templates/hooks/update would
1753 * cause "git init" to fail here. I think this is sane but
1754 * it means that the set of templates we ship by default, along
1755 * with the way the namespace under .git/ is organized, should
1756 * be really carefully chosen.
1757 */
1758 safe_create_dir(path->buf, 1);
1759 while ((de = readdir(dir)) != NULL) {
1760 struct stat st_git, st_template;
1761 int exists = 0;
1762
1763 strbuf_setlen(path, path_baselen);
1764 strbuf_setlen(template_path, template_baselen);
1765
1766 if (de->d_name[0] == '.')
1767 continue;
1768 strbuf_addstr(path, de->d_name);
1769 strbuf_addstr(template_path, de->d_name);
1770 if (lstat(path->buf, &st_git)) {
1771 if (errno != ENOENT)
1772 die_errno(_("cannot stat '%s'"), path->buf);
1773 }
1774 else
1775 exists = 1;
1776
1777 if (lstat(template_path->buf, &st_template))
1778 die_errno(_("cannot stat template '%s'"), template_path->buf);
1779
1780 if (S_ISDIR(st_template.st_mode)) {
1781 DIR *subdir = opendir(template_path->buf);
1782 if (!subdir)
1783 die_errno(_("cannot opendir '%s'"), template_path->buf);
1784 strbuf_addch(path, '/');
1785 strbuf_addch(template_path, '/');
1786 copy_templates_1(path, template_path, subdir);
1787 closedir(subdir);
1788 }
1789 else if (exists)
1790 continue;
1791 else if (S_ISLNK(st_template.st_mode)) {
1792 struct strbuf lnk = STRBUF_INIT;
1793 if (strbuf_readlink(&lnk, template_path->buf,
1794 st_template.st_size) < 0)
1795 die_errno(_("cannot readlink '%s'"), template_path->buf);
1796 if (symlink(lnk.buf, path->buf))
1797 die_errno(_("cannot symlink '%s' '%s'"),
1798 lnk.buf, path->buf);
1799 strbuf_release(&lnk);
1800 }
1801 else if (S_ISREG(st_template.st_mode)) {
1802 if (copy_file(path->buf, template_path->buf, st_template.st_mode))
1803 die_errno(_("cannot copy '%s' to '%s'"),
1804 template_path->buf, path->buf);
1805 }
1806 else
1807 error(_("ignoring template %s"), template_path->buf);
1808 }
1809 }
1810
1811 static void copy_templates(const char *template_dir, const char *init_template_dir)
1812 {
1813 struct strbuf path = STRBUF_INIT;
1814 struct strbuf template_path = STRBUF_INIT;
1815 size_t template_len;
1816 struct repository_format template_format = REPOSITORY_FORMAT_INIT;
1817 struct strbuf err = STRBUF_INIT;
1818 DIR *dir;
1819 char *to_free = NULL;
1820
1821 if (!template_dir)
1822 template_dir = getenv(TEMPLATE_DIR_ENVIRONMENT);
1823 if (!template_dir)
1824 template_dir = init_template_dir;
1825 if (!template_dir)
1826 template_dir = to_free = system_path(DEFAULT_GIT_TEMPLATE_DIR);
1827 if (!template_dir[0]) {
1828 free(to_free);
1829 return;
1830 }
1831
1832 strbuf_addstr(&template_path, template_dir);
1833 strbuf_complete(&template_path, '/');
1834 template_len = template_path.len;
1835
1836 dir = opendir(template_path.buf);
1837 if (!dir) {
1838 warning(_("templates not found in %s"), template_dir);
1839 goto free_return;
1840 }
1841
1842 /* Make sure that template is from the correct vintage */
1843 strbuf_addstr(&template_path, "config");
1844 read_repository_format(&template_format, template_path.buf);
1845 strbuf_setlen(&template_path, template_len);
1846
1847 /*
1848 * No mention of version at all is OK, but anything else should be
1849 * verified.
1850 */
1851 if (template_format.version >= 0 &&
1852 verify_repository_format(&template_format, &err) < 0) {
1853 warning(_("not copying templates from '%s': %s"),
1854 template_dir, err.buf);
1855 strbuf_release(&err);
1856 goto close_free_return;
1857 }
1858
1859 strbuf_addstr(&path, get_git_common_dir());
1860 strbuf_complete(&path, '/');
1861 copy_templates_1(&path, &template_path, dir);
1862 close_free_return:
1863 closedir(dir);
1864 free_return:
1865 free(to_free);
1866 strbuf_release(&path);
1867 strbuf_release(&template_path);
1868 clear_repository_format(&template_format);
1869 }
1870
1871 /*
1872 * If the git_dir is not directly inside the working tree, then git will not
1873 * find it by default, and we need to set the worktree explicitly.
1874 */
1875 static int needs_work_tree_config(const char *git_dir, const char *work_tree)
1876 {
1877 if (!strcmp(work_tree, "/") && !strcmp(git_dir, "/.git"))
1878 return 0;
1879 if (skip_prefix(git_dir, work_tree, &git_dir) &&
1880 !strcmp(git_dir, "/.git"))
1881 return 0;
1882 return 1;
1883 }
1884
1885 void initialize_repository_version(int hash_algo,
1886 unsigned int ref_storage_format,
1887 int reinit)
1888 {
1889 char repo_version_string[10];
1890 int repo_version = GIT_REPO_VERSION;
1891
1892 /*
1893 * Note that we initialize the repository version to 1 when the ref
1894 * storage format is unknown. This is on purpose so that we can add the
1895 * correct object format to the config during git-clone(1). The format
1896 * version will get adjusted by git-clone(1) once it has learned about
1897 * the remote repository's format.
1898 */
1899 if (hash_algo != GIT_HASH_SHA1 ||
1900 ref_storage_format != REF_STORAGE_FORMAT_FILES)
1901 repo_version = GIT_REPO_VERSION_READ;
1902
1903 /* This forces creation of new config file */
1904 xsnprintf(repo_version_string, sizeof(repo_version_string),
1905 "%d", repo_version);
1906 git_config_set("core.repositoryformatversion", repo_version_string);
1907
1908 if (hash_algo != GIT_HASH_SHA1 && hash_algo != GIT_HASH_UNKNOWN)
1909 git_config_set("extensions.objectformat",
1910 hash_algos[hash_algo].name);
1911 else if (reinit)
1912 git_config_set_gently("extensions.objectformat", NULL);
1913
1914 if (ref_storage_format != REF_STORAGE_FORMAT_FILES)
1915 git_config_set("extensions.refstorage",
1916 ref_storage_format_to_name(ref_storage_format));
1917 }
1918
1919 static int is_reinit(void)
1920 {
1921 struct strbuf buf = STRBUF_INIT;
1922 char junk[2];
1923 int ret;
1924
1925 git_path_buf(&buf, "HEAD");
1926 ret = !access(buf.buf, R_OK) || readlink(buf.buf, junk, sizeof(junk) - 1) != -1;
1927 strbuf_release(&buf);
1928 return ret;
1929 }
1930
1931 void create_reference_database(unsigned int ref_storage_format,
1932 const char *initial_branch, int quiet)
1933 {
1934 struct strbuf err = STRBUF_INIT;
1935 int reinit = is_reinit();
1936
1937 repo_set_ref_storage_format(the_repository, ref_storage_format);
1938 if (refs_init_db(get_main_ref_store(the_repository), 0, &err))
1939 die("failed to set up refs db: %s", err.buf);
1940
1941 /*
1942 * Point the HEAD symref to the initial branch with if HEAD does
1943 * not yet exist.
1944 */
1945 if (!reinit) {
1946 char *ref;
1947
1948 if (!initial_branch)
1949 initial_branch = git_default_branch_name(quiet);
1950
1951 ref = xstrfmt("refs/heads/%s", initial_branch);
1952 if (check_refname_format(ref, 0) < 0)
1953 die(_("invalid initial branch name: '%s'"),
1954 initial_branch);
1955
1956 if (create_symref("HEAD", ref, NULL) < 0)
1957 exit(1);
1958 free(ref);
1959 }
1960
1961 if (reinit && initial_branch)
1962 warning(_("re-init: ignored --initial-branch=%s"),
1963 initial_branch);
1964
1965 strbuf_release(&err);
1966 }
1967
1968 static int create_default_files(const char *template_path,
1969 const char *original_git_dir,
1970 const struct repository_format *fmt,
1971 int prev_bare_repository,
1972 int init_shared_repository)
1973 {
1974 struct stat st1;
1975 struct strbuf buf = STRBUF_INIT;
1976 char *path;
1977 int reinit;
1978 int filemode;
1979 const char *init_template_dir = NULL;
1980 const char *work_tree = get_git_work_tree();
1981
1982 /*
1983 * First copy the templates -- we might have the default
1984 * config file there, in which case we would want to read
1985 * from it after installing.
1986 *
1987 * Before reading that config, we also need to clear out any cached
1988 * values (since we've just potentially changed what's available on
1989 * disk).
1990 */
1991 git_config_get_pathname("init.templatedir", &init_template_dir);
1992 copy_templates(template_path, init_template_dir);
1993 free((char *)init_template_dir);
1994 git_config_clear();
1995 reset_shared_repository();
1996 git_config(git_default_config, NULL);
1997
1998 reinit = is_reinit();
1999
2000 /*
2001 * We must make sure command-line options continue to override any
2002 * values we might have just re-read from the config.
2003 */
2004 if (init_shared_repository != -1)
2005 set_shared_repository(init_shared_repository);
2006 /*
2007 * TODO: heed core.bare from config file in templates if no
2008 * command-line override given
2009 */
2010 is_bare_repository_cfg = prev_bare_repository || !work_tree;
2011 /* TODO (continued):
2012 *
2013 * Unfortunately, the line above is equivalent to
2014 * is_bare_repository_cfg = !work_tree;
2015 * which ignores the config entirely even if no `--[no-]bare`
2016 * command line option was present.
2017 *
2018 * To see why, note that before this function, there was this call:
2019 * prev_bare_repository = is_bare_repository()
2020 * expanding the right hand side:
2021 * = is_bare_repository_cfg && !get_git_work_tree()
2022 * = is_bare_repository_cfg && !work_tree
2023 * note that the last simplification above is valid because nothing
2024 * calls repo_init() or set_git_work_tree() between any of the
2025 * relevant calls in the code, and thus the !get_git_work_tree()
2026 * calls will return the same result each time. So, what we are
2027 * interested in computing is the right hand side of the line of
2028 * code just above this comment:
2029 * prev_bare_repository || !work_tree
2030 * = is_bare_repository_cfg && !work_tree || !work_tree
2031 * = !work_tree
2032 * because "A && !B || !B == !B" for all boolean values of A & B.
2033 */
2034
2035 /*
2036 * We would have created the above under user's umask -- under
2037 * shared-repository settings, we would need to fix them up.
2038 */
2039 if (get_shared_repository()) {
2040 adjust_shared_perm(get_git_dir());
2041 }
2042
2043 initialize_repository_version(fmt->hash_algo, fmt->ref_storage_format, 0);
2044
2045 /* Check filemode trustability */
2046 path = git_path_buf(&buf, "config");
2047 filemode = TEST_FILEMODE;
2048 if (TEST_FILEMODE && !lstat(path, &st1)) {
2049 struct stat st2;
2050 filemode = (!chmod(path, st1.st_mode ^ S_IXUSR) &&
2051 !lstat(path, &st2) &&
2052 st1.st_mode != st2.st_mode &&
2053 !chmod(path, st1.st_mode));
2054 if (filemode && !reinit && (st1.st_mode & S_IXUSR))
2055 filemode = 0;
2056 }
2057 git_config_set("core.filemode", filemode ? "true" : "false");
2058
2059 if (is_bare_repository())
2060 git_config_set("core.bare", "true");
2061 else {
2062 git_config_set("core.bare", "false");
2063 /* allow template config file to override the default */
2064 if (log_all_ref_updates == LOG_REFS_UNSET)
2065 git_config_set("core.logallrefupdates", "true");
2066 if (needs_work_tree_config(original_git_dir, work_tree))
2067 git_config_set("core.worktree", work_tree);
2068 }
2069
2070 if (!reinit) {
2071 /* Check if symlink is supported in the work tree */
2072 path = git_path_buf(&buf, "tXXXXXX");
2073 if (!close(xmkstemp(path)) &&
2074 !unlink(path) &&
2075 !symlink("testing", path) &&
2076 !lstat(path, &st1) &&
2077 S_ISLNK(st1.st_mode))
2078 unlink(path); /* good */
2079 else
2080 git_config_set("core.symlinks", "false");
2081
2082 /* Check if the filesystem is case-insensitive */
2083 path = git_path_buf(&buf, "CoNfIg");
2084 if (!access(path, F_OK))
2085 git_config_set("core.ignorecase", "true");
2086 probe_utf8_pathname_composition();
2087 }
2088
2089 strbuf_release(&buf);
2090 return reinit;
2091 }
2092
2093 static void create_object_directory(void)
2094 {
2095 struct strbuf path = STRBUF_INIT;
2096 size_t baselen;
2097
2098 strbuf_addstr(&path, get_object_directory());
2099 baselen = path.len;
2100
2101 safe_create_dir(path.buf, 1);
2102
2103 strbuf_setlen(&path, baselen);
2104 strbuf_addstr(&path, "/pack");
2105 safe_create_dir(path.buf, 1);
2106
2107 strbuf_setlen(&path, baselen);
2108 strbuf_addstr(&path, "/info");
2109 safe_create_dir(path.buf, 1);
2110
2111 strbuf_release(&path);
2112 }
2113
2114 static void separate_git_dir(const char *git_dir, const char *git_link)
2115 {
2116 struct stat st;
2117
2118 if (!stat(git_link, &st)) {
2119 const char *src;
2120
2121 if (S_ISREG(st.st_mode))
2122 src = read_gitfile(git_link);
2123 else if (S_ISDIR(st.st_mode))
2124 src = git_link;
2125 else
2126 die(_("unable to handle file type %d"), (int)st.st_mode);
2127
2128 if (rename(src, git_dir))
2129 die_errno(_("unable to move %s to %s"), src, git_dir);
2130 repair_worktrees(NULL, NULL);
2131 }
2132
2133 write_file(git_link, "gitdir: %s", git_dir);
2134 }
2135
2136 static void validate_hash_algorithm(struct repository_format *repo_fmt, int hash)
2137 {
2138 const char *env = getenv(GIT_DEFAULT_HASH_ENVIRONMENT);
2139 /*
2140 * If we already have an initialized repo, don't allow the user to
2141 * specify a different algorithm, as that could cause corruption.
2142 * Otherwise, if the user has specified one on the command line, use it.
2143 */
2144 if (repo_fmt->version >= 0 && hash != GIT_HASH_UNKNOWN && hash != repo_fmt->hash_algo)
2145 die(_("attempt to reinitialize repository with different hash"));
2146 else if (hash != GIT_HASH_UNKNOWN)
2147 repo_fmt->hash_algo = hash;
2148 else if (env) {
2149 int env_algo = hash_algo_by_name(env);
2150 if (env_algo == GIT_HASH_UNKNOWN)
2151 die(_("unknown hash algorithm '%s'"), env);
2152 repo_fmt->hash_algo = env_algo;
2153 }
2154 }
2155
2156 static void validate_ref_storage_format(struct repository_format *repo_fmt,
2157 unsigned int format)
2158 {
2159 const char *name = getenv("GIT_DEFAULT_REF_FORMAT");
2160
2161 if (repo_fmt->version >= 0 &&
2162 format != REF_STORAGE_FORMAT_UNKNOWN &&
2163 format != repo_fmt->ref_storage_format) {
2164 die(_("attempt to reinitialize repository with different reference storage format"));
2165 } else if (format != REF_STORAGE_FORMAT_UNKNOWN) {
2166 repo_fmt->ref_storage_format = format;
2167 } else if (name) {
2168 format = ref_storage_format_by_name(name);
2169 if (format == REF_STORAGE_FORMAT_UNKNOWN)
2170 die(_("unknown ref storage format '%s'"), name);
2171 repo_fmt->ref_storage_format = format;
2172 }
2173 }
2174
2175 int init_db(const char *git_dir, const char *real_git_dir,
2176 const char *template_dir, int hash,
2177 unsigned int ref_storage_format,
2178 const char *initial_branch,
2179 int init_shared_repository, unsigned int flags)
2180 {
2181 int reinit;
2182 int exist_ok = flags & INIT_DB_EXIST_OK;
2183 char *original_git_dir = real_pathdup(git_dir, 1);
2184 struct repository_format repo_fmt = REPOSITORY_FORMAT_INIT;
2185 int prev_bare_repository;
2186
2187 if (real_git_dir) {
2188 struct stat st;
2189
2190 if (!exist_ok && !stat(git_dir, &st))
2191 die(_("%s already exists"), git_dir);
2192
2193 if (!exist_ok && !stat(real_git_dir, &st))
2194 die(_("%s already exists"), real_git_dir);
2195
2196 set_git_dir(real_git_dir, 1);
2197 git_dir = get_git_dir();
2198 separate_git_dir(git_dir, original_git_dir);
2199 }
2200 else {
2201 set_git_dir(git_dir, 1);
2202 git_dir = get_git_dir();
2203 }
2204 startup_info->have_repository = 1;
2205
2206 /* Ensure `core.hidedotfiles` is processed */
2207 git_config(platform_core_config, NULL);
2208
2209 safe_create_dir(git_dir, 0);
2210
2211 prev_bare_repository = is_bare_repository();
2212
2213 /* Check to see if the repository version is right.
2214 * Note that a newly created repository does not have
2215 * config file, so this will not fail. What we are catching
2216 * is an attempt to reinitialize new repository with an old tool.
2217 */
2218 check_repository_format(&repo_fmt);
2219
2220 validate_hash_algorithm(&repo_fmt, hash);
2221 validate_ref_storage_format(&repo_fmt, ref_storage_format);
2222
2223 reinit = create_default_files(template_dir, original_git_dir,
2224 &repo_fmt, prev_bare_repository,
2225 init_shared_repository);
2226
2227 /*
2228 * Now that we have set up both the hash algorithm and the ref storage
2229 * format we can update the repository's settings accordingly.
2230 */
2231 repo_set_hash_algo(the_repository, repo_fmt.hash_algo);
2232 repo_set_ref_storage_format(the_repository, repo_fmt.ref_storage_format);
2233
2234 if (!(flags & INIT_DB_SKIP_REFDB))
2235 create_reference_database(repo_fmt.ref_storage_format,
2236 initial_branch, flags & INIT_DB_QUIET);
2237 create_object_directory();
2238
2239 if (get_shared_repository()) {
2240 char buf[10];
2241 /* We do not spell "group" and such, so that
2242 * the configuration can be read by older version
2243 * of git. Note, we use octal numbers for new share modes,
2244 * and compatibility values for PERM_GROUP and
2245 * PERM_EVERYBODY.
2246 */
2247 if (get_shared_repository() < 0)
2248 /* force to the mode value */
2249 xsnprintf(buf, sizeof(buf), "0%o", -get_shared_repository());
2250 else if (get_shared_repository() == PERM_GROUP)
2251 xsnprintf(buf, sizeof(buf), "%d", OLD_PERM_GROUP);
2252 else if (get_shared_repository() == PERM_EVERYBODY)
2253 xsnprintf(buf, sizeof(buf), "%d", OLD_PERM_EVERYBODY);
2254 else
2255 BUG("invalid value for shared_repository");
2256 git_config_set("core.sharedrepository", buf);
2257 git_config_set("receive.denyNonFastforwards", "true");
2258 }
2259
2260 if (!(flags & INIT_DB_QUIET)) {
2261 int len = strlen(git_dir);
2262
2263 if (reinit)
2264 printf(get_shared_repository()
2265 ? _("Reinitialized existing shared Git repository in %s%s\n")
2266 : _("Reinitialized existing Git repository in %s%s\n"),
2267 git_dir, len && git_dir[len-1] != '/' ? "/" : "");
2268 else
2269 printf(get_shared_repository()
2270 ? _("Initialized empty shared Git repository in %s%s\n")
2271 : _("Initialized empty Git repository in %s%s\n"),
2272 git_dir, len && git_dir[len-1] != '/' ? "/" : "");
2273 }
2274
2275 clear_repository_format(&repo_fmt);
2276 free(original_git_dir);
2277 return 0;
2278 }
Unnamed repository; edit this file 'description' to name the repository.