git.ipfire.org Git - thirdparty/git.git/commit

author	Koji Nakamaru <koji.nakamaru@gree.net>
	Wed, 15 May 2024 19:21:06 +0000 (19:21 +0000)
committer	Junio C Hamano <gitster@pobox.com>
	Wed, 15 May 2024 21:02:44 +0000 (14:02 -0700)
commit	fcf5b74e59c1c0d18a8e8e939475007b3b5f83ad
tree	b23483534b6c26704fd63afd41e4e7f50e8ff697	tree
parent	786a3e4b8d754d2b14b1208b98eeb0a554ef19a8	commit \| diff

osxkeychain: exclusive lock to serialize execution of operations

git passes a credential that has been used successfully to the helpers
to record. If "git-credential-osxkeychain store" commands run in
parallel (with fetch.parallel configuration and/or by running multiple
git commands simultaneously), some of them may exit with the error
"failed to store: -25299". This is because SecItemUpdate() in
add_internet_password() may return errSecDuplicateItem (-25299) in this
situation. Apple's documentation [1] also states as below:

  In macOS, some of the functions of this API block while waiting for
  input from the user (for example, when the user is asked to unlock a
  keychain or give permission to change trust settings). In general, it
  is safe to use this API in threads other than your main thread, but
  avoid calling the functions from multiple operations, work queues, or
  threads concurrently. Instead, serialize function calls or confine
  them to a single thread.

The error has not been noticed before, because the former implementation
ignored the error.

Introduce an exclusive lock to serialize execution of operations.

[1] https://developer.apple.com/documentation/security/certificate_key_and_trust_services/working_with_concurrency

Signed-off-by: Koji Nakamaru <koji.nakamaru@gree.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>