#define USE_THE_REPOSITORY_VARIABLE #include "git-compat-util.h" #include "abspath.h" #include "copy.h" #include "environment.h" #include "exec-cmd.h" #include "gettext.h" #include "hex.h" #include "object-name.h" #include "refs.h" #include "repository.h" #include "config.h" #include "dir.h" #include "setup.h" #include "string-list.h" #include "chdir-notify.h" #include "path.h" #include "quote.h" #include "trace2.h" #include "worktree.h" #include "exec-cmd.h" static int inside_git_dir = -1; static int inside_work_tree = -1; static int work_tree_config_is_bogus; enum allowed_bare_repo { ALLOWED_BARE_REPO_EXPLICIT = 0, ALLOWED_BARE_REPO_ALL, }; static struct startup_info the_startup_info; struct startup_info *startup_info = &the_startup_info; const char *tmp_original_cwd; /* * The input parameter must contain an absolute path, and it must already be * normalized. * * Find the part of an absolute path that lies inside the work tree by * dereferencing symlinks outside the work tree, for example: * /dir1/repo/dir2/file (work tree is /dir1/repo) -> dir2/file * /dir/file (work tree is /) -> dir/file * /dir/symlink1/symlink2 (symlink1 points to work tree) -> symlink2 * /dir/repolink/file (repolink points to /dir/repo) -> file * /dir/repo (exactly equal to work tree) -> (empty string) */ static int abspath_part_inside_repo(char *path) { size_t len; size_t wtlen; char *path0; int off; const char *work_tree = precompose_string_if_needed(get_git_work_tree()); struct strbuf realpath = STRBUF_INIT; if (!work_tree) return -1; wtlen = strlen(work_tree); len = strlen(path); off = offset_1st_component(path); /* check if work tree is already the prefix */ if (wtlen <= len && !fspathncmp(path, work_tree, wtlen)) { if (path[wtlen] == '/') { memmove(path, path + wtlen + 1, len - wtlen); return 0; } else if (path[wtlen - 1] == '/' || path[wtlen] == '\0') { /* work tree is the root, or the whole path */ memmove(path, path + wtlen, len - wtlen + 1); return 0; } /* work tree might match beginning of a symlink to work tree */ off = wtlen; } path0 = path; path += off; /* check each '/'-terminated level */ while (*path) { path++; if (*path == '/') { *path = '\0'; strbuf_realpath(&realpath, path0, 1); if (fspathcmp(realpath.buf, work_tree) == 0) { memmove(path0, path + 1, len - (path - path0)); strbuf_release(&realpath); return 0; } *path = '/'; } } /* check whole path */ strbuf_realpath(&realpath, path0, 1); if (fspathcmp(realpath.buf, work_tree) == 0) { *path0 = '\0'; strbuf_release(&realpath); return 0; } strbuf_release(&realpath); return -1; } /* * Normalize "path", prepending the "prefix" for relative paths. If * remaining_prefix is not NULL, return the actual prefix still * remains in the path. For example, prefix = sub1/sub2/ and path is * * foo -> sub1/sub2/foo (full prefix) * ../foo -> sub1/foo (remaining prefix is sub1/) * ../../bar -> bar (no remaining prefix) * ../../sub1/sub2/foo -> sub1/sub2/foo (but no remaining prefix) * `pwd`/../bar -> sub1/bar (no remaining prefix) */ char *prefix_path_gently(const char *prefix, int len, int *remaining_prefix, const char *path) { const char *orig = path; char *sanitized; if (is_absolute_path(orig)) { sanitized = xmallocz(strlen(path)); if (remaining_prefix) *remaining_prefix = 0; if (normalize_path_copy_len(sanitized, path, remaining_prefix)) { free(sanitized); return NULL; } if (abspath_part_inside_repo(sanitized)) { free(sanitized); return NULL; } } else { sanitized = xstrfmt("%.*s%s", len, len ? prefix : "", path); if (remaining_prefix) *remaining_prefix = len; if (normalize_path_copy_len(sanitized, sanitized, remaining_prefix)) { free(sanitized); return NULL; } } return sanitized; } char *prefix_path(const char *prefix, int len, const char *path) { char *r = prefix_path_gently(prefix, len, NULL, path); if (!r) { const char *hint_path = get_git_work_tree(); if (!hint_path) hint_path = get_git_dir(); die(_("'%s' is outside repository at '%s'"), path, absolute_path(hint_path)); } return r; } int path_inside_repo(const char *prefix, const char *path) { int len = prefix ? strlen(prefix) : 0; char *r = prefix_path_gently(prefix, len, NULL, path); if (r) { free(r); return 1; } return 0; } int check_filename(const char *prefix, const char *arg) { char *to_free = NULL; struct stat st; if (skip_prefix(arg, ":/", &arg)) { if (!*arg) /* ":/" is root dir, always exists */ return 1; prefix = NULL; } else if (skip_prefix(arg, ":!", &arg) || skip_prefix(arg, ":^", &arg)) { if (!*arg) /* excluding everything is silly, but allowed */ return 1; } if (prefix) arg = to_free = prefix_filename(prefix, arg); if (!lstat(arg, &st)) { free(to_free); return 1; /* file exists */ } if (is_missing_file_error(errno)) { free(to_free); return 0; /* file does not exist */ } die_errno(_("failed to stat '%s'"), arg); } static void NORETURN die_verify_filename(struct repository *r, const char *prefix, const char *arg, int diagnose_misspelt_rev) { if (!diagnose_misspelt_rev) die(_("%s: no such path in the working tree.\n" "Use 'git -- ...' to specify paths that do not exist locally."), arg); /* * Saying "'(icase)foo' does not exist in the index" when the * user gave us ":(icase)foo" is just stupid. A magic pathspec * begins with a colon and is followed by a non-alnum; do not * let maybe_die_on_misspelt_object_name() even trigger. */ if (!(arg[0] == ':' && !isalnum(arg[1]))) maybe_die_on_misspelt_object_name(r, arg, prefix); /* ... or fall back the most general message. */ die(_("ambiguous argument '%s': unknown revision or path not in the working tree.\n" "Use '--' to separate paths from revisions, like this:\n" "'git [...] -- [...]'"), arg); } /* * Check for arguments that don't resolve as actual files, * but which look sufficiently like pathspecs that we'll consider * them such for the purposes of rev/pathspec DWIM parsing. */ static int looks_like_pathspec(const char *arg) { const char *p; int escaped = 0; /* * Wildcard characters imply the user is looking to match pathspecs * that aren't in the filesystem. Note that this doesn't include * backslash even though it's a glob special; by itself it doesn't * cause any increase in the match. Likewise ignore backslash-escaped * wildcard characters. */ for (p = arg; *p; p++) { if (escaped) { escaped = 0; } else if (is_glob_special(*p)) { if (*p == '\\') escaped = 1; else return 1; } } /* long-form pathspec magic */ if (starts_with(arg, ":(")) return 1; return 0; } /* * Verify a filename that we got as an argument for a pathspec * entry. Note that a filename that begins with "-" never verifies * as true, because even if such a filename were to exist, we want * it to be preceded by the "--" marker (or we want the user to * use a format like "./-filename") * * The "diagnose_misspelt_rev" is used to provide a user-friendly * diagnosis when dying upon finding that "name" is not a pathname. * If set to 1, the diagnosis will try to diagnose "name" as an * invalid object name (e.g. HEAD:foo). If set to 0, the diagnosis * will only complain about an inexisting file. * * This function is typically called to check that a "file or rev" * argument is unambiguous. In this case, the caller will want * diagnose_misspelt_rev == 1 when verifying the first non-rev * argument (which could have been a revision), and * diagnose_misspelt_rev == 0 for the next ones (because we already * saw a filename, there's not ambiguity anymore). */ void verify_filename(const char *prefix, const char *arg, int diagnose_misspelt_rev) { if (*arg == '-') die(_("option '%s' must come before non-option arguments"), arg); if (looks_like_pathspec(arg) || check_filename(prefix, arg)) return; die_verify_filename(the_repository, prefix, arg, diagnose_misspelt_rev); } /* * Opposite of the above: the command line did not have -- marker * and we parsed the arg as a refname. It should not be interpretable * as a filename. */ void verify_non_filename(const char *prefix, const char *arg) { if (!is_inside_work_tree() || is_inside_git_dir()) return; if (*arg == '-') return; /* flag */ if (!check_filename(prefix, arg)) return; die(_("ambiguous argument '%s': both revision and filename\n" "Use '--' to separate paths from revisions, like this:\n" "'git [...] -- [...]'"), arg); } int get_common_dir(struct strbuf *sb, const char *gitdir) { const char *git_env_common_dir = getenv(GIT_COMMON_DIR_ENVIRONMENT); if (git_env_common_dir) { strbuf_addstr(sb, git_env_common_dir); return 1; } else { return get_common_dir_noenv(sb, gitdir); } } int get_common_dir_noenv(struct strbuf *sb, const char *gitdir) { struct strbuf data = STRBUF_INIT; struct strbuf path = STRBUF_INIT; int ret = 0; strbuf_addf(&path, "%s/commondir", gitdir); if (file_exists(path.buf)) { if (strbuf_read_file(&data, path.buf, 0) <= 0) die_errno(_("failed to read %s"), path.buf); while (data.len && (data.buf[data.len - 1] == '\n' || data.buf[data.len - 1] == '\r')) data.len--; data.buf[data.len] = '\0'; strbuf_reset(&path); if (!is_absolute_path(data.buf)) strbuf_addf(&path, "%s/", gitdir); strbuf_addbuf(&path, &data); strbuf_add_real_path(sb, path.buf); ret = 1; } else { strbuf_addstr(sb, gitdir); } strbuf_release(&data); strbuf_release(&path); return ret; } static int validate_headref(const char *path) { struct stat st; char buffer[256]; const char *refname; struct object_id oid; int fd; ssize_t len; if (lstat(path, &st) < 0) return -1; /* Make sure it is a "refs/.." symlink */ if (S_ISLNK(st.st_mode)) { len = readlink(path, buffer, sizeof(buffer)-1); if (len >= 5 && !memcmp("refs/", buffer, 5)) return 0; return -1; } /* * Anything else, just open it and try to see if it is a symbolic ref. */ fd = open(path, O_RDONLY); if (fd < 0) return -1; len = read_in_full(fd, buffer, sizeof(buffer)-1); close(fd); if (len < 0) return -1; buffer[len] = '\0'; /* * Is it a symbolic ref? */ if (skip_prefix(buffer, "ref:", &refname)) { while (isspace(*refname)) refname++; if (starts_with(refname, "refs/")) return 0; } /* * Is this a detached HEAD? */ if (get_oid_hex_any(buffer, &oid) != GIT_HASH_UNKNOWN) return 0; return -1; } /* * Test if it looks like we're at a git directory. * We want to see: * * - either an objects/ directory _or_ the proper * GIT_OBJECT_DIRECTORY environment variable * - a refs/ directory * - either a HEAD symlink or a HEAD file that is formatted as * a proper "ref:", or a regular file HEAD that has a properly * formatted sha1 object name. */ int is_git_directory(const char *suspect) { struct strbuf path = STRBUF_INIT; int ret = 0; size_t len; /* Check worktree-related signatures */ strbuf_addstr(&path, suspect); strbuf_complete(&path, '/'); strbuf_addstr(&path, "HEAD"); if (validate_headref(path.buf)) goto done; strbuf_reset(&path); get_common_dir(&path, suspect); len = path.len; /* Check non-worktree-related signatures */ if (getenv(DB_ENVIRONMENT)) { if (access(getenv(DB_ENVIRONMENT), X_OK)) goto done; } else { strbuf_setlen(&path, len); strbuf_addstr(&path, "/objects"); if (access(path.buf, X_OK)) goto done; } strbuf_setlen(&path, len); strbuf_addstr(&path, "/refs"); if (access(path.buf, X_OK)) goto done; ret = 1; done: strbuf_release(&path); return ret; } int is_nonbare_repository_dir(struct strbuf *path) { int ret = 0; int gitfile_error; size_t orig_path_len = path->len; assert(orig_path_len != 0); strbuf_complete(path, '/'); strbuf_addstr(path, ".git"); if (read_gitfile_gently(path->buf, &gitfile_error) || is_git_directory(path->buf)) ret = 1; if (gitfile_error == READ_GITFILE_ERR_OPEN_FAILED || gitfile_error == READ_GITFILE_ERR_READ_FAILED) ret = 1; strbuf_setlen(path, orig_path_len); return ret; } int is_inside_git_dir(void) { if (inside_git_dir < 0) inside_git_dir = is_inside_dir(get_git_dir()); return inside_git_dir; } int is_inside_work_tree(void) { if (inside_work_tree < 0) inside_work_tree = is_inside_dir(get_git_work_tree()); return inside_work_tree; } void setup_work_tree(void) { const char *work_tree; static int initialized = 0; if (initialized) return; if (work_tree_config_is_bogus) die(_("unable to set up work tree using invalid config")); work_tree = get_git_work_tree(); if (!work_tree || chdir_notify(work_tree)) die(_("this operation must be run in a work tree")); /* * Make sure subsequent git processes find correct worktree * if $GIT_WORK_TREE is set relative */ if (getenv(GIT_WORK_TREE_ENVIRONMENT)) setenv(GIT_WORK_TREE_ENVIRONMENT, ".", 1); initialized = 1; } static void setup_original_cwd(void) { struct strbuf tmp = STRBUF_INIT; const char *worktree = NULL; int offset = -1; if (!tmp_original_cwd) return; /* * startup_info->original_cwd points to the current working * directory we inherited from our parent process, which is a * directory we want to avoid removing. * * For convience, we would like to have the path relative to the * worktree instead of an absolute path. * * Yes, startup_info->original_cwd is usually the same as 'prefix', * but differs in two ways: * - prefix has a trailing '/' * - if the user passes '-C' to git, that modifies the prefix but * not startup_info->original_cwd. */ /* Normalize the directory */ if (!strbuf_realpath(&tmp, tmp_original_cwd, 0)) { trace2_data_string("setup", the_repository, "realpath-path", tmp_original_cwd); trace2_data_string("setup", the_repository, "realpath-failure", strerror(errno)); free((char*)tmp_original_cwd); tmp_original_cwd = NULL; return; } free((char*)tmp_original_cwd); tmp_original_cwd = NULL; startup_info->original_cwd = strbuf_detach(&tmp, NULL); /* * Get our worktree; we only protect the current working directory * if it's in the worktree. */ worktree = get_git_work_tree(); if (!worktree) goto no_prevention_needed; offset = dir_inside_of(startup_info->original_cwd, worktree); if (offset >= 0) { /* * If startup_info->original_cwd == worktree, that is already * protected and we don't need original_cwd as a secondary * protection measure. */ if (!*(startup_info->original_cwd + offset)) goto no_prevention_needed; /* * original_cwd was inside worktree; precompose it just as * we do prefix so that built up paths will match */ startup_info->original_cwd = \ precompose_string_if_needed(startup_info->original_cwd + offset); return; } no_prevention_needed: free((char*)startup_info->original_cwd); startup_info->original_cwd = NULL; } static int read_worktree_config(const char *var, const char *value, const struct config_context *ctx UNUSED, void *vdata) { struct repository_format *data = vdata; if (strcmp(var, "core.bare") == 0) { data->is_bare = git_config_bool(var, value); } else if (strcmp(var, "core.worktree") == 0) { if (!value) return config_error_nonbool(var); free(data->work_tree); data->work_tree = xstrdup(value); } return 0; } enum extension_result { EXTENSION_ERROR = -1, /* compatible with error(), etc */ EXTENSION_UNKNOWN = 0, EXTENSION_OK = 1 }; /* * Do not add new extensions to this function. It handles extensions which are * respected even in v0-format repositories for historical compatibility. */ static enum extension_result handle_extension_v0(const char *var, const char *value, const char *ext, struct repository_format *data) { if (!strcmp(ext, "noop")) { return EXTENSION_OK; } else if (!strcmp(ext, "preciousobjects")) { data->precious_objects = git_config_bool(var, value); return EXTENSION_OK; } else if (!strcmp(ext, "partialclone")) { if (!value) return config_error_nonbool(var); data->partial_clone = xstrdup(value); return EXTENSION_OK; } else if (!strcmp(ext, "worktreeconfig")) { data->worktree_config = git_config_bool(var, value); return EXTENSION_OK; } return EXTENSION_UNKNOWN; } /* * Record any new extensions in this function. */ static enum extension_result handle_extension(const char *var, const char *value, const char *ext, struct repository_format *data) { if (!strcmp(ext, "noop-v1")) { return EXTENSION_OK; } else if (!strcmp(ext, "objectformat")) { int format; if (!value) return config_error_nonbool(var); format = hash_algo_by_name(value); if (format == GIT_HASH_UNKNOWN) return error(_("invalid value for '%s': '%s'"), "extensions.objectformat", value); data->hash_algo = format; return EXTENSION_OK; } else if (!strcmp(ext, "compatobjectformat")) { struct string_list_item *item; int format; if (!value) return config_error_nonbool(var); format = hash_algo_by_name(value); if (format == GIT_HASH_UNKNOWN) return error(_("invalid value for '%s': '%s'"), "extensions.compatobjectformat", value); /* For now only support compatObjectFormat being specified once. */ for_each_string_list_item(item, &data->v1_only_extensions) { if (!strcmp(item->string, "compatobjectformat")) return error(_("'%s' already specified as '%s'"), "extensions.compatobjectformat", hash_algos[data->compat_hash_algo].name); } data->compat_hash_algo = format; return EXTENSION_OK; } else if (!strcmp(ext, "refstorage")) { unsigned int format; if (!value) return config_error_nonbool(var); format = ref_storage_format_by_name(value); if (format == REF_STORAGE_FORMAT_UNKNOWN) return error(_("invalid value for '%s': '%s'"), "extensions.refstorage", value); data->ref_storage_format = format; return EXTENSION_OK; } return EXTENSION_UNKNOWN; } static int check_repo_format(const char *var, const char *value, const struct config_context *ctx, void *vdata) { struct repository_format *data = vdata; const char *ext; if (strcmp(var, "core.repositoryformatversion") == 0) data->version = git_config_int(var, value, ctx->kvi); else if (skip_prefix(var, "extensions.", &ext)) { switch (handle_extension_v0(var, value, ext, data)) { case EXTENSION_ERROR: return -1; case EXTENSION_OK: return 0; case EXTENSION_UNKNOWN: break; } switch (handle_extension(var, value, ext, data)) { case EXTENSION_ERROR: return -1; case EXTENSION_OK: string_list_append(&data->v1_only_extensions, ext); return 0; case EXTENSION_UNKNOWN: string_list_append(&data->unknown_extensions, ext); return 0; } } return read_worktree_config(var, value, ctx, vdata); } static int check_repository_format_gently(const char *gitdir, struct repository_format *candidate, int *nongit_ok) { struct strbuf sb = STRBUF_INIT; struct strbuf err = STRBUF_INIT; int has_common; has_common = get_common_dir(&sb, gitdir); strbuf_addstr(&sb, "/config"); read_repository_format(candidate, sb.buf); strbuf_release(&sb); /* * For historical use of check_repository_format() in git-init, * we treat a missing config as a silent "ok", even when nongit_ok * is unset. */ if (candidate->version < 0) return 0; if (verify_repository_format(candidate, &err) < 0) { if (nongit_ok) { warning("%s", err.buf); strbuf_release(&err); *nongit_ok = -1; return -1; } die("%s", err.buf); } repository_format_precious_objects = candidate->precious_objects; string_list_clear(&candidate->unknown_extensions, 0); string_list_clear(&candidate->v1_only_extensions, 0); if (candidate->worktree_config) { /* * pick up core.bare and core.worktree from per-worktree * config if present */ strbuf_addf(&sb, "%s/config.worktree", gitdir); git_config_from_file(read_worktree_config, sb.buf, candidate); strbuf_release(&sb); has_common = 0; } if (!has_common) { if (candidate->is_bare != -1) { is_bare_repository_cfg = candidate->is_bare; if (is_bare_repository_cfg == 1) inside_work_tree = -1; } if (candidate->work_tree) { free(git_work_tree_cfg); git_work_tree_cfg = xstrdup(candidate->work_tree); inside_work_tree = -1; } } return 0; } int upgrade_repository_format(int target_version) { struct strbuf sb = STRBUF_INIT; struct strbuf err = STRBUF_INIT; struct strbuf repo_version = STRBUF_INIT; struct repository_format repo_fmt = REPOSITORY_FORMAT_INIT; int ret; strbuf_git_common_path(&sb, the_repository, "config"); read_repository_format(&repo_fmt, sb.buf); strbuf_release(&sb); if (repo_fmt.version >= target_version) { ret = 0; goto out; } if (verify_repository_format(&repo_fmt, &err) < 0) { ret = error("cannot upgrade repository format from %d to %d: %s", repo_fmt.version, target_version, err.buf); goto out; } if (!repo_fmt.version && repo_fmt.unknown_extensions.nr) { ret = error("cannot upgrade repository format: " "unknown extension %s", repo_fmt.unknown_extensions.items[0].string); goto out; } strbuf_addf(&repo_version, "%d", target_version); git_config_set("core.repositoryformatversion", repo_version.buf); ret = 1; out: clear_repository_format(&repo_fmt); strbuf_release(&repo_version); strbuf_release(&err); return ret; } static void init_repository_format(struct repository_format *format) { const struct repository_format fresh = REPOSITORY_FORMAT_INIT; memcpy(format, &fresh, sizeof(fresh)); } int read_repository_format(struct repository_format *format, const char *path) { clear_repository_format(format); git_config_from_file(check_repo_format, path, format); if (format->version == -1) clear_repository_format(format); return format->version; } void clear_repository_format(struct repository_format *format) { string_list_clear(&format->unknown_extensions, 0); string_list_clear(&format->v1_only_extensions, 0); free(format->work_tree); free(format->partial_clone); init_repository_format(format); } int verify_repository_format(const struct repository_format *format, struct strbuf *err) { if (GIT_REPO_VERSION_READ < format->version) { strbuf_addf(err, _("Expected git repo version <= %d, found %d"), GIT_REPO_VERSION_READ, format->version); return -1; } if (format->version >= 1 && format->unknown_extensions.nr) { int i; strbuf_addstr(err, Q_("unknown repository extension found:", "unknown repository extensions found:", format->unknown_extensions.nr)); for (i = 0; i < format->unknown_extensions.nr; i++) strbuf_addf(err, "\n\t%s", format->unknown_extensions.items[i].string); return -1; } if (format->version == 0 && format->v1_only_extensions.nr) { int i; strbuf_addstr(err, Q_("repo version is 0, but v1-only extension found:", "repo version is 0, but v1-only extensions found:", format->v1_only_extensions.nr)); for (i = 0; i < format->v1_only_extensions.nr; i++) strbuf_addf(err, "\n\t%s", format->v1_only_extensions.items[i].string); return -1; } return 0; } void read_gitfile_error_die(int error_code, const char *path, const char *dir) { switch (error_code) { case READ_GITFILE_ERR_STAT_FAILED: case READ_GITFILE_ERR_NOT_A_FILE: /* non-fatal; follow return path */ break; case READ_GITFILE_ERR_OPEN_FAILED: die_errno(_("error opening '%s'"), path); case READ_GITFILE_ERR_TOO_LARGE: die(_("too large to be a .git file: '%s'"), path); case READ_GITFILE_ERR_READ_FAILED: die(_("error reading %s"), path); case READ_GITFILE_ERR_INVALID_FORMAT: die(_("invalid gitfile format: %s"), path); case READ_GITFILE_ERR_NO_PATH: die(_("no path in gitfile: %s"), path); case READ_GITFILE_ERR_NOT_A_REPO: die(_("not a git repository: %s"), dir); default: BUG("unknown error code"); } } /* * Try to read the location of the git directory from the .git file, * return path to git directory if found. The return value comes from * a shared buffer. * * On failure, if return_error_code is not NULL, return_error_code * will be set to an error code and NULL will be returned. If * return_error_code is NULL the function will die instead (for most * cases). */ const char *read_gitfile_gently(const char *path, int *return_error_code) { const int max_file_size = 1 << 20; /* 1MB */ int error_code = 0; char *buf = NULL; char *dir = NULL; const char *slash; struct stat st; int fd; ssize_t len; static struct strbuf realpath = STRBUF_INIT; if (stat(path, &st)) { /* NEEDSWORK: discern between ENOENT vs other errors */ error_code = READ_GITFILE_ERR_STAT_FAILED; goto cleanup_return; } if (!S_ISREG(st.st_mode)) { error_code = READ_GITFILE_ERR_NOT_A_FILE; goto cleanup_return; } if (st.st_size > max_file_size) { error_code = READ_GITFILE_ERR_TOO_LARGE; goto cleanup_return; } fd = open(path, O_RDONLY); if (fd < 0) { error_code = READ_GITFILE_ERR_OPEN_FAILED; goto cleanup_return; } buf = xmallocz(st.st_size); len = read_in_full(fd, buf, st.st_size); close(fd); if (len != st.st_size) { error_code = READ_GITFILE_ERR_READ_FAILED; goto cleanup_return; } if (!starts_with(buf, "gitdir: ")) { error_code = READ_GITFILE_ERR_INVALID_FORMAT; goto cleanup_return; } while (buf[len - 1] == '\n' || buf[len - 1] == '\r') len--; if (len < 9) { error_code = READ_GITFILE_ERR_NO_PATH; goto cleanup_return; } buf[len] = '\0'; dir = buf + 8; if (!is_absolute_path(dir) && (slash = strrchr(path, '/'))) { size_t pathlen = slash+1 - path; dir = xstrfmt("%.*s%.*s", (int)pathlen, path, (int)(len - 8), buf + 8); free(buf); buf = dir; } if (!is_git_directory(dir)) { error_code = READ_GITFILE_ERR_NOT_A_REPO; goto cleanup_return; } strbuf_realpath(&realpath, dir, 1); path = realpath.buf; cleanup_return: if (return_error_code) *return_error_code = error_code; else if (error_code) read_gitfile_error_die(error_code, path, dir); free(buf); return error_code ? NULL : path; } static const char *setup_explicit_git_dir(const char *gitdirenv, struct strbuf *cwd, struct repository_format *repo_fmt, int *nongit_ok) { const char *work_tree_env = getenv(GIT_WORK_TREE_ENVIRONMENT); const char *worktree; char *gitfile; int offset; if (PATH_MAX - 40 < strlen(gitdirenv)) die(_("'$%s' too big"), GIT_DIR_ENVIRONMENT); gitfile = (char*)read_gitfile(gitdirenv); if (gitfile) { gitfile = xstrdup(gitfile); gitdirenv = gitfile; } if (!is_git_directory(gitdirenv)) { if (nongit_ok) { *nongit_ok = 1; free(gitfile); return NULL; } die(_("not a git repository: '%s'"), gitdirenv); } if (check_repository_format_gently(gitdirenv, repo_fmt, nongit_ok)) { free(gitfile); return NULL; } /* #3, #7, #11, #15, #19, #23, #27, #31 (see t1510) */ if (work_tree_env) set_git_work_tree(work_tree_env); else if (is_bare_repository_cfg > 0) { if (git_work_tree_cfg) { /* #22.2, #30 */ warning("core.bare and core.worktree do not make sense"); work_tree_config_is_bogus = 1; } /* #18, #26 */ set_git_dir(gitdirenv, 0); free(gitfile); return NULL; } else if (git_work_tree_cfg) { /* #6, #14 */ if (is_absolute_path(git_work_tree_cfg)) set_git_work_tree(git_work_tree_cfg); else { char *core_worktree; if (chdir(gitdirenv)) die_errno(_("cannot chdir to '%s'"), gitdirenv); if (chdir(git_work_tree_cfg)) die_errno(_("cannot chdir to '%s'"), git_work_tree_cfg); core_worktree = xgetcwd(); if (chdir(cwd->buf)) die_errno(_("cannot come back to cwd")); set_git_work_tree(core_worktree); free(core_worktree); } } else if (!git_env_bool(GIT_IMPLICIT_WORK_TREE_ENVIRONMENT, 1)) { /* #16d */ set_git_dir(gitdirenv, 0); free(gitfile); return NULL; } else /* #2, #10 */ set_git_work_tree("."); /* set_git_work_tree() must have been called by now */ worktree = get_git_work_tree(); /* both get_git_work_tree() and cwd are already normalized */ if (!strcmp(cwd->buf, worktree)) { /* cwd == worktree */ set_git_dir(gitdirenv, 0); free(gitfile); return NULL; } offset = dir_inside_of(cwd->buf, worktree); if (offset >= 0) { /* cwd inside worktree? */ set_git_dir(gitdirenv, 1); if (chdir(worktree)) die_errno(_("cannot chdir to '%s'"), worktree); strbuf_addch(cwd, '/'); free(gitfile); return cwd->buf + offset; } /* cwd outside worktree */ set_git_dir(gitdirenv, 0); free(gitfile); return NULL; } static const char *setup_discovered_git_dir(const char *gitdir, struct strbuf *cwd, int offset, struct repository_format *repo_fmt, int *nongit_ok) { if (check_repository_format_gently(gitdir, repo_fmt, nongit_ok)) return NULL; /* --work-tree is set without --git-dir; use discovered one */ if (getenv(GIT_WORK_TREE_ENVIRONMENT) || git_work_tree_cfg) { char *to_free = NULL; const char *ret; if (offset != cwd->len && !is_absolute_path(gitdir)) gitdir = to_free = real_pathdup(gitdir, 1); if (chdir(cwd->buf)) die_errno(_("cannot come back to cwd")); ret = setup_explicit_git_dir(gitdir, cwd, repo_fmt, nongit_ok); free(to_free); return ret; } /* #16.2, #17.2, #20.2, #21.2, #24, #25, #28, #29 (see t1510) */ if (is_bare_repository_cfg > 0) { set_git_dir(gitdir, (offset != cwd->len)); if (chdir(cwd->buf)) die_errno(_("cannot come back to cwd")); return NULL; } /* #0, #1, #5, #8, #9, #12, #13 */ set_git_work_tree("."); if (strcmp(gitdir, DEFAULT_GIT_DIR_ENVIRONMENT)) set_git_dir(gitdir, 0); inside_git_dir = 0; inside_work_tree = 1; if (offset >= cwd->len) return NULL; /* Make "offset" point past the '/' (already the case for root dirs) */ if (offset != offset_1st_component(cwd->buf)) offset++; /* Add a '/' at the end */ strbuf_addch(cwd, '/'); return cwd->buf + offset; } /* #16.1, #17.1, #20.1, #21.1, #22.1 (see t1510) */ static const char *setup_bare_git_dir(struct strbuf *cwd, int offset, struct repository_format *repo_fmt, int *nongit_ok) { int root_len; if (check_repository_format_gently(".", repo_fmt, nongit_ok)) return NULL; setenv(GIT_IMPLICIT_WORK_TREE_ENVIRONMENT, "0", 1); /* --work-tree is set without --git-dir; use discovered one */ if (getenv(GIT_WORK_TREE_ENVIRONMENT) || git_work_tree_cfg) { static const char *gitdir; gitdir = offset == cwd->len ? "." : xmemdupz(cwd->buf, offset); if (chdir(cwd->buf)) die_errno(_("cannot come back to cwd")); return setup_explicit_git_dir(gitdir, cwd, repo_fmt, nongit_ok); } inside_git_dir = 1; inside_work_tree = 0; if (offset != cwd->len) { if (chdir(cwd->buf)) die_errno(_("cannot come back to cwd")); root_len = offset_1st_component(cwd->buf); strbuf_setlen(cwd, offset > root_len ? offset : root_len); set_git_dir(cwd->buf, 0); } else set_git_dir(".", 0); return NULL; } static dev_t get_device_or_die(const char *path, const char *prefix, int prefix_len) { struct stat buf; if (stat(path, &buf)) { die_errno(_("failed to stat '%*s%s%s'"), prefix_len, prefix ? prefix : "", prefix ? "/" : "", path); } return buf.st_dev; } /* * A "string_list_each_func_t" function that canonicalizes an entry * from GIT_CEILING_DIRECTORIES using real_pathdup(), or * discards it if unusable. The presence of an empty entry in * GIT_CEILING_DIRECTORIES turns off canonicalization for all * subsequent entries. */ static int canonicalize_ceiling_entry(struct string_list_item *item, void *cb_data) { int *empty_entry_found = cb_data; char *ceil = item->string; if (!*ceil) { *empty_entry_found = 1; return 0; } else if (!is_absolute_path(ceil)) { return 0; } else if (*empty_entry_found) { /* Keep entry but do not canonicalize it */ return 1; } else { char *real_path = real_pathdup(ceil, 0); if (!real_path) { return 0; } free(item->string); item->string = real_path; return 1; } } struct safe_directory_data { char *path; int is_safe; }; static int safe_directory_cb(const char *key, const char *value, const struct config_context *ctx UNUSED, void *d) { struct safe_directory_data *data = d; if (strcmp(key, "safe.directory")) return 0; if (!value || !*value) { data->is_safe = 0; } else if (!strcmp(value, "*")) { data->is_safe = 1; } else { char *allowed = NULL; if (!git_config_pathname(&allowed, key, value)) { char *normalized = NULL; /* * Setting safe.directory to a non-absolute path * makes little sense---it won't be relative to * the configuration file the item is defined in. * Except for ".", which means "if we are at the top * level of a repository, then it is OK", which is * slightly tighter than "*" that allows discovery. */ if (!is_absolute_path(allowed) && strcmp(allowed, ".")) { warning(_("safe.directory '%s' not absolute"), allowed); goto next; } /* * A .gitconfig in $HOME may be shared across * different machines and safe.directory entries * may or may not exist as paths on all of these * machines. In other words, it is not a warning * worthy event when there is no such path on this * machine---the entry may be useful elsewhere. */ normalized = real_pathdup(allowed, 0); if (!normalized) goto next; if (ends_with(normalized, "/*")) { size_t len = strlen(normalized); if (!fspathncmp(normalized, data->path, len - 1)) data->is_safe = 1; } else if (!fspathcmp(data->path, normalized)) { data->is_safe = 1; } next: free(normalized); free(allowed); } } return 0; } /* * Check if a repository is safe, by verifying the ownership of the * worktree (if any), the git directory, and the gitfile (if any). * * Exemptions for known-safe repositories can be added via `safe.directory` * config settings; for non-bare repositories, their worktree needs to be * added, for bare ones their git directory. */ static int ensure_valid_ownership(const char *gitfile, const char *worktree, const char *gitdir, struct strbuf *report) { struct safe_directory_data data = { 0 }; if (!git_env_bool("GIT_TEST_ASSUME_DIFFERENT_OWNER", 0) && (!gitfile || is_path_owned_by_current_user(gitfile, report)) && (!worktree || is_path_owned_by_current_user(worktree, report)) && (!gitdir || is_path_owned_by_current_user(gitdir, report))) return 1; /* * normalize the data.path for comparison with normalized paths * that come from the configuration file. The path is unsafe * if it cannot be normalized. */ data.path = real_pathdup(worktree ? worktree : gitdir, 0); if (!data.path) return 0; /* * data.path is the "path" that identifies the repository and it is * constant regardless of what failed above. data.is_safe should be * initialized to false, and might be changed by the callback. */ git_protected_config(safe_directory_cb, &data); free(data.path); return data.is_safe; } void die_upon_dubious_ownership(const char *gitfile, const char *worktree, const char *gitdir) { struct strbuf report = STRBUF_INIT, quoted = STRBUF_INIT; const char *path; if (ensure_valid_ownership(gitfile, worktree, gitdir, &report)) return; strbuf_complete(&report, '\n'); path = gitfile ? gitfile : gitdir; sq_quote_buf_pretty("ed, path); die(_("detected dubious ownership in repository at '%s'\n" "%s" "To add an exception for this directory, call:\n" "\n" "\tgit config --global --add safe.directory %s"), path, report.buf, quoted.buf); } static int allowed_bare_repo_cb(const char *key, const char *value, const struct config_context *ctx UNUSED, void *d) { enum allowed_bare_repo *allowed_bare_repo = d; if (strcasecmp(key, "safe.bareRepository")) return 0; if (!strcmp(value, "explicit")) { *allowed_bare_repo = ALLOWED_BARE_REPO_EXPLICIT; return 0; } if (!strcmp(value, "all")) { *allowed_bare_repo = ALLOWED_BARE_REPO_ALL; return 0; } return -1; } static enum allowed_bare_repo get_allowed_bare_repo(void) { enum allowed_bare_repo result = ALLOWED_BARE_REPO_ALL; git_protected_config(allowed_bare_repo_cb, &result); return result; } static const char *allowed_bare_repo_to_string( enum allowed_bare_repo allowed_bare_repo) { switch (allowed_bare_repo) { case ALLOWED_BARE_REPO_EXPLICIT: return "explicit"; case ALLOWED_BARE_REPO_ALL: return "all"; default: BUG("invalid allowed_bare_repo %d", allowed_bare_repo); } return NULL; } static int is_implicit_bare_repo(const char *path) { /* * what we found is a ".git" directory at the root of * the working tree. */ if (ends_with_path_components(path, ".git")) return 1; /* * we are inside $GIT_DIR of a secondary worktree of a * non-bare repository. */ if (strstr(path, "/.git/worktrees/")) return 1; /* * we are inside $GIT_DIR of a worktree of a non-embedded * submodule, whose superproject is not a bare repository. */ if (strstr(path, "/.git/modules/")) return 1; return 0; } /* * We cannot decide in this function whether we are in the work tree or * not, since the config can only be read _after_ this function was called. * * Also, we avoid changing any global state (such as the current working * directory) to allow early callers. * * The directory where the search should start needs to be passed in via the * `dir` parameter; upon return, the `dir` buffer will contain the path of * the directory where the search ended, and `gitdir` will contain the path of * the discovered .git/ directory, if any. If `gitdir` is not absolute, it * is relative to `dir` (i.e. *not* necessarily the cwd). */ static enum discovery_result setup_git_directory_gently_1(struct strbuf *dir, struct strbuf *gitdir, struct strbuf *report, int die_on_error) { const char *env_ceiling_dirs = getenv(CEILING_DIRECTORIES_ENVIRONMENT); struct string_list ceiling_dirs = STRING_LIST_INIT_DUP; const char *gitdirenv; int ceil_offset = -1, min_offset = offset_1st_component(dir->buf); dev_t current_device = 0; int one_filesystem = 1; /* * If GIT_DIR is set explicitly, we're not going * to do any discovery, but we still do repository * validation. */ gitdirenv = getenv(GIT_DIR_ENVIRONMENT); if (gitdirenv) { strbuf_addstr(gitdir, gitdirenv); return GIT_DIR_EXPLICIT; } if (env_ceiling_dirs) { int empty_entry_found = 0; string_list_split(&ceiling_dirs, env_ceiling_dirs, PATH_SEP, -1); filter_string_list(&ceiling_dirs, 0, canonicalize_ceiling_entry, &empty_entry_found); ceil_offset = longest_ancestor_length(dir->buf, &ceiling_dirs); string_list_clear(&ceiling_dirs, 0); } if (ceil_offset < 0) ceil_offset = min_offset - 2; if (min_offset && min_offset == dir->len && !is_dir_sep(dir->buf[min_offset - 1])) { strbuf_addch(dir, '/'); min_offset++; } /* * Test in the following order (relative to the dir): * - .git (file containing "gitdir: ") * - .git/ * - ./ (bare) * - ../.git * - ../.git/ * - ../ (bare) * - ../../.git * etc. */ one_filesystem = !git_env_bool("GIT_DISCOVERY_ACROSS_FILESYSTEM", 0); if (one_filesystem) current_device = get_device_or_die(dir->buf, NULL, 0); for (;;) { int offset = dir->len, error_code = 0; char *gitdir_path = NULL; char *gitfile = NULL; if (offset > min_offset) strbuf_addch(dir, '/'); strbuf_addstr(dir, DEFAULT_GIT_DIR_ENVIRONMENT); gitdirenv = read_gitfile_gently(dir->buf, die_on_error ? NULL : &error_code); if (!gitdirenv) { if (die_on_error || error_code == READ_GITFILE_ERR_NOT_A_FILE) { /* NEEDSWORK: fail if .git is not file nor dir */ if (is_git_directory(dir->buf)) { gitdirenv = DEFAULT_GIT_DIR_ENVIRONMENT; gitdir_path = xstrdup(dir->buf); } } else if (error_code != READ_GITFILE_ERR_STAT_FAILED) return GIT_DIR_INVALID_GITFILE; } else gitfile = xstrdup(dir->buf); /* * Earlier, we tentatively added DEFAULT_GIT_DIR_ENVIRONMENT * to check that directory for a repository. * Now trim that tentative addition away, because we want to * focus on the real directory we are in. */ strbuf_setlen(dir, offset); if (gitdirenv) { enum discovery_result ret; const char *gitdir_candidate = gitdir_path ? gitdir_path : gitdirenv; if (ensure_valid_ownership(gitfile, dir->buf, gitdir_candidate, report)) { strbuf_addstr(gitdir, gitdirenv); ret = GIT_DIR_DISCOVERED; } else ret = GIT_DIR_INVALID_OWNERSHIP; /* * Earlier, during discovery, we might have allocated * string copies for gitdir_path or gitfile so make * sure we don't leak by freeing them now, before * leaving the loop and function. * * Note: gitdirenv will be non-NULL whenever these are * allocated, therefore we need not take care of releasing * them outside of this conditional block. */ free(gitdir_path); free(gitfile); return ret; } if (is_git_directory(dir->buf)) { trace2_data_string("setup", NULL, "implicit-bare-repository", dir->buf); if (get_allowed_bare_repo() == ALLOWED_BARE_REPO_EXPLICIT && !is_implicit_bare_repo(dir->buf)) return GIT_DIR_DISALLOWED_BARE; if (!ensure_valid_ownership(NULL, NULL, dir->buf, report)) return GIT_DIR_INVALID_OWNERSHIP; strbuf_addstr(gitdir, "."); return GIT_DIR_BARE; } if (offset <= min_offset) return GIT_DIR_HIT_CEILING; while (--offset > ceil_offset && !is_dir_sep(dir->buf[offset])) ; /* continue */ if (offset <= ceil_offset) return GIT_DIR_HIT_CEILING; strbuf_setlen(dir, offset > min_offset ? offset : min_offset); if (one_filesystem && current_device != get_device_or_die(dir->buf, NULL, offset)) return GIT_DIR_HIT_MOUNT_POINT; } } enum discovery_result discover_git_directory_reason(struct strbuf *commondir, struct strbuf *gitdir) { struct strbuf dir = STRBUF_INIT, err = STRBUF_INIT; size_t gitdir_offset = gitdir->len, cwd_len; size_t commondir_offset = commondir->len; struct repository_format candidate = REPOSITORY_FORMAT_INIT; enum discovery_result result; if (strbuf_getcwd(&dir)) return GIT_DIR_CWD_FAILURE; cwd_len = dir.len; result = setup_git_directory_gently_1(&dir, gitdir, NULL, 0); if (result <= 0) { strbuf_release(&dir); return result; } /* * The returned gitdir is relative to dir, and if dir does not reflect * the current working directory, we simply make the gitdir absolute. */ if (dir.len < cwd_len && !is_absolute_path(gitdir->buf + gitdir_offset)) { /* Avoid a trailing "/." */ if (!strcmp(".", gitdir->buf + gitdir_offset)) strbuf_setlen(gitdir, gitdir_offset); else strbuf_addch(&dir, '/'); strbuf_insert(gitdir, gitdir_offset, dir.buf, dir.len); } get_common_dir(commondir, gitdir->buf + gitdir_offset); strbuf_reset(&dir); strbuf_addf(&dir, "%s/config", commondir->buf + commondir_offset); read_repository_format(&candidate, dir.buf); strbuf_release(&dir); if (verify_repository_format(&candidate, &err) < 0) { warning("ignoring git dir '%s': %s", gitdir->buf + gitdir_offset, err.buf); strbuf_release(&err); strbuf_setlen(commondir, commondir_offset); strbuf_setlen(gitdir, gitdir_offset); clear_repository_format(&candidate); return GIT_DIR_INVALID_FORMAT; } clear_repository_format(&candidate); return result; } const char *setup_git_directory_gently(int *nongit_ok) { static struct strbuf cwd = STRBUF_INIT; struct strbuf dir = STRBUF_INIT, gitdir = STRBUF_INIT, report = STRBUF_INIT; const char *prefix = NULL; struct repository_format repo_fmt = REPOSITORY_FORMAT_INIT; /* * We may have read an incomplete configuration before * setting-up the git directory. If so, clear the cache so * that the next queries to the configuration reload complete * configuration (including the per-repo config file that we * ignored previously). */ git_config_clear(); /* * Let's assume that we are in a git repository. * If it turns out later that we are somewhere else, the value will be * updated accordingly. */ if (nongit_ok) *nongit_ok = 0; if (strbuf_getcwd(&cwd)) die_errno(_("Unable to read current working directory")); strbuf_addbuf(&dir, &cwd); switch (setup_git_directory_gently_1(&dir, &gitdir, &report, 1)) { case GIT_DIR_EXPLICIT: prefix = setup_explicit_git_dir(gitdir.buf, &cwd, &repo_fmt, nongit_ok); break; case GIT_DIR_DISCOVERED: if (dir.len < cwd.len && chdir(dir.buf)) die(_("cannot change to '%s'"), dir.buf); prefix = setup_discovered_git_dir(gitdir.buf, &cwd, dir.len, &repo_fmt, nongit_ok); break; case GIT_DIR_BARE: if (dir.len < cwd.len && chdir(dir.buf)) die(_("cannot change to '%s'"), dir.buf); prefix = setup_bare_git_dir(&cwd, dir.len, &repo_fmt, nongit_ok); break; case GIT_DIR_HIT_CEILING: if (!nongit_ok) die(_("not a git repository (or any of the parent directories): %s"), DEFAULT_GIT_DIR_ENVIRONMENT); *nongit_ok = 1; break; case GIT_DIR_HIT_MOUNT_POINT: if (!nongit_ok) die(_("not a git repository (or any parent up to mount point %s)\n" "Stopping at filesystem boundary (GIT_DISCOVERY_ACROSS_FILESYSTEM not set)."), dir.buf); *nongit_ok = 1; break; case GIT_DIR_INVALID_OWNERSHIP: if (!nongit_ok) { struct strbuf prequoted = STRBUF_INIT; struct strbuf quoted = STRBUF_INIT; strbuf_complete(&report, '\n'); #ifdef __MINGW32__ if (dir.buf[0] == '/') strbuf_addstr(&prequoted, "%(prefix)/"); #endif strbuf_add(&prequoted, dir.buf, dir.len); sq_quote_buf_pretty("ed, prequoted.buf); die(_("detected dubious ownership in repository at '%s'\n" "%s" "To add an exception for this directory, call:\n" "\n" "\tgit config --global --add safe.directory %s"), dir.buf, report.buf, quoted.buf); } *nongit_ok = 1; break; case GIT_DIR_DISALLOWED_BARE: if (!nongit_ok) { die(_("cannot use bare repository '%s' (safe.bareRepository is '%s')"), dir.buf, allowed_bare_repo_to_string(get_allowed_bare_repo())); } *nongit_ok = 1; break; case GIT_DIR_CWD_FAILURE: case GIT_DIR_INVALID_FORMAT: /* * As a safeguard against setup_git_directory_gently_1 returning * these values, fallthrough to BUG. Otherwise it is possible to * set startup_info->have_repository to 1 when we did nothing to * find a repository. */ default: BUG("unhandled setup_git_directory_gently_1() result"); } /* * At this point, nongit_ok is stable. If it is non-NULL and points * to a non-zero value, then this means that we haven't found a * repository and that the caller expects startup_info to reflect * this. * * Regardless of the state of nongit_ok, startup_info->prefix and * the GIT_PREFIX environment variable must always match. For details * see Documentation/config/alias.txt. */ if (nongit_ok && *nongit_ok) startup_info->have_repository = 0; else startup_info->have_repository = 1; /* * Not all paths through the setup code will call 'set_git_dir()' (which * directly sets up the environment) so in order to guarantee that the * environment is in a consistent state after setup, explicitly setup * the environment if we have a repository. * * NEEDSWORK: currently we allow bogus GIT_DIR values to be set in some * code paths so we also need to explicitly setup the environment if * the user has set GIT_DIR. It may be beneficial to disallow bogus * GIT_DIR values at some point in the future. */ if (/* GIT_DIR_EXPLICIT, GIT_DIR_DISCOVERED, GIT_DIR_BARE */ startup_info->have_repository || /* GIT_DIR_EXPLICIT */ getenv(GIT_DIR_ENVIRONMENT)) { if (!the_repository->gitdir) { const char *gitdir = getenv(GIT_DIR_ENVIRONMENT); if (!gitdir) gitdir = DEFAULT_GIT_DIR_ENVIRONMENT; setup_git_env(gitdir); } if (startup_info->have_repository) { repo_set_hash_algo(the_repository, repo_fmt.hash_algo); repo_set_compat_hash_algo(the_repository, repo_fmt.compat_hash_algo); repo_set_ref_storage_format(the_repository, repo_fmt.ref_storage_format); the_repository->repository_format_worktree_config = repo_fmt.worktree_config; /* take ownership of repo_fmt.partial_clone */ the_repository->repository_format_partial_clone = repo_fmt.partial_clone; repo_fmt.partial_clone = NULL; } } /* * Since precompose_string_if_needed() needs to look at * the core.precomposeunicode configuration, this * has to happen after the above block that finds * out where the repository is, i.e. a preparation * for calling git_config_get_bool(). */ if (prefix) { prefix = precompose_string_if_needed(prefix); startup_info->prefix = prefix; setenv(GIT_PREFIX_ENVIRONMENT, prefix, 1); } else { startup_info->prefix = NULL; setenv(GIT_PREFIX_ENVIRONMENT, "", 1); } setup_original_cwd(); strbuf_release(&dir); strbuf_release(&gitdir); strbuf_release(&report); clear_repository_format(&repo_fmt); return prefix; } int git_config_perm(const char *var, const char *value) { int i; char *endptr; if (!value) return PERM_GROUP; if (!strcmp(value, "umask")) return PERM_UMASK; if (!strcmp(value, "group")) return PERM_GROUP; if (!strcmp(value, "all") || !strcmp(value, "world") || !strcmp(value, "everybody")) return PERM_EVERYBODY; /* Parse octal numbers */ i = strtol(value, &endptr, 8); /* If not an octal number, maybe true/false? */ if (*endptr != 0) return git_config_bool(var, value) ? PERM_GROUP : PERM_UMASK; /* * Treat values 0, 1 and 2 as compatibility cases, otherwise it is * a chmod value to restrict to. */ switch (i) { case PERM_UMASK: /* 0 */ return PERM_UMASK; case OLD_PERM_GROUP: /* 1 */ return PERM_GROUP; case OLD_PERM_EVERYBODY: /* 2 */ return PERM_EVERYBODY; } /* A filemode value was given: 0xxx */ if ((i & 0600) != 0600) die(_("problem with core.sharedRepository filemode value " "(0%.3o).\nThe owner of files must always have " "read and write permissions."), i); /* * Mask filemode value. Others can not get write permission. * x flags for directories are handled separately. */ return -(i & 0666); } void check_repository_format(struct repository_format *fmt) { struct repository_format repo_fmt = REPOSITORY_FORMAT_INIT; if (!fmt) fmt = &repo_fmt; check_repository_format_gently(get_git_dir(), fmt, NULL); startup_info->have_repository = 1; repo_set_hash_algo(the_repository, fmt->hash_algo); repo_set_compat_hash_algo(the_repository, fmt->compat_hash_algo); repo_set_ref_storage_format(the_repository, fmt->ref_storage_format); the_repository->repository_format_worktree_config = fmt->worktree_config; the_repository->repository_format_partial_clone = xstrdup_or_null(fmt->partial_clone); clear_repository_format(&repo_fmt); } /* * Returns the "prefix", a path to the current working directory * relative to the work tree root, or NULL, if the current working * directory is not a strict subdirectory of the work tree root. The * prefix always ends with a '/' character. */ const char *setup_git_directory(void) { return setup_git_directory_gently(NULL); } const char *resolve_gitdir_gently(const char *suspect, int *return_error_code) { if (is_git_directory(suspect)) return suspect; return read_gitfile_gently(suspect, return_error_code); } /* if any standard file descriptor is missing open it to /dev/null */ void sanitize_stdfds(void) { int fd = xopen("/dev/null", O_RDWR); while (fd < 2) fd = xdup(fd); if (fd > 2) close(fd); } int daemonize(void) { #ifdef NO_POSIX_GOODIES errno = ENOSYS; return -1; #else switch (fork()) { case 0: break; case -1: die_errno(_("fork failed")); default: exit(0); } if (setsid() == -1) die_errno(_("setsid failed")); close(0); close(1); close(2); sanitize_stdfds(); return 0; #endif } struct template_dir_cb_data { char *path; int initialized; }; static int template_dir_cb(const char *key, const char *value, const struct config_context *ctx, void *d) { struct template_dir_cb_data *data = d; if (strcmp(key, "init.templatedir")) return 0; if (!value) { data->path = NULL; } else { char *path = NULL; FREE_AND_NULL(data->path); if (!git_config_pathname(&path, key, value)) data->path = path ? path : xstrdup(value); } return 0; } const char *get_template_dir(const char *option_template) { const char *template_dir = option_template; if (!template_dir) template_dir = getenv(TEMPLATE_DIR_ENVIRONMENT); if (!template_dir) { static struct template_dir_cb_data data; if (!data.initialized) { git_protected_config(template_dir_cb, &data); data.initialized = 1; } template_dir = data.path; } if (!template_dir) { static char *dir; if (!dir) dir = system_path(DEFAULT_GIT_TEMPLATE_DIR); template_dir = dir; } return template_dir; } #ifdef NO_TRUSTABLE_FILEMODE #define TEST_FILEMODE 0 #else #define TEST_FILEMODE 1 #endif #define GIT_DEFAULT_HASH_ENVIRONMENT "GIT_DEFAULT_HASH" static void copy_templates_1(struct strbuf *path, struct strbuf *template_path, DIR *dir) { size_t path_baselen = path->len; size_t template_baselen = template_path->len; struct dirent *de; /* Note: if ".git/hooks" file exists in the repository being * re-initialized, /etc/core-git/templates/hooks/update would * cause "git init" to fail here. I think this is sane but * it means that the set of templates we ship by default, along * with the way the namespace under .git/ is organized, should * be really carefully chosen. */ safe_create_dir(path->buf, 1); while ((de = readdir(dir)) != NULL) { struct stat st_git, st_template; int exists = 0; strbuf_setlen(path, path_baselen); strbuf_setlen(template_path, template_baselen); if (de->d_name[0] == '.') continue; strbuf_addstr(path, de->d_name); strbuf_addstr(template_path, de->d_name); if (lstat(path->buf, &st_git)) { if (errno != ENOENT) die_errno(_("cannot stat '%s'"), path->buf); } else exists = 1; if (lstat(template_path->buf, &st_template)) die_errno(_("cannot stat template '%s'"), template_path->buf); if (S_ISDIR(st_template.st_mode)) { DIR *subdir = opendir(template_path->buf); if (!subdir) die_errno(_("cannot opendir '%s'"), template_path->buf); strbuf_addch(path, '/'); strbuf_addch(template_path, '/'); copy_templates_1(path, template_path, subdir); closedir(subdir); } else if (exists) continue; else if (S_ISLNK(st_template.st_mode)) { struct strbuf lnk = STRBUF_INIT; if (strbuf_readlink(&lnk, template_path->buf, st_template.st_size) < 0) die_errno(_("cannot readlink '%s'"), template_path->buf); if (create_symlink(NULL, lnk.buf, path->buf)) die_errno(_("cannot symlink '%s' '%s'"), lnk.buf, path->buf); strbuf_release(&lnk); } else if (S_ISREG(st_template.st_mode)) { if (copy_file(path->buf, template_path->buf, st_template.st_mode)) die_errno(_("cannot copy '%s' to '%s'"), template_path->buf, path->buf); } else error(_("ignoring template %s"), template_path->buf); } } static void copy_templates(const char *option_template) { const char *template_dir = get_template_dir(option_template); struct strbuf path = STRBUF_INIT; struct strbuf template_path = STRBUF_INIT; size_t template_len; struct repository_format template_format = REPOSITORY_FORMAT_INIT; struct strbuf err = STRBUF_INIT; DIR *dir; char *to_free = NULL; if (!template_dir || !*template_dir) return; strbuf_addstr(&template_path, template_dir); strbuf_complete(&template_path, '/'); template_len = template_path.len; dir = opendir(template_path.buf); if (!dir) { warning(_("templates not found in %s"), template_dir); goto free_return; } /* Make sure that template is from the correct vintage */ strbuf_addstr(&template_path, "config"); read_repository_format(&template_format, template_path.buf); strbuf_setlen(&template_path, template_len); /* * No mention of version at all is OK, but anything else should be * verified. */ if (template_format.version >= 0 && verify_repository_format(&template_format, &err) < 0) { warning(_("not copying templates from '%s': %s"), template_dir, err.buf); strbuf_release(&err); goto close_free_return; } strbuf_addstr(&path, get_git_common_dir()); strbuf_complete(&path, '/'); copy_templates_1(&path, &template_path, dir); close_free_return: closedir(dir); free_return: free(to_free); strbuf_release(&path); strbuf_release(&template_path); clear_repository_format(&template_format); } /* * If the git_dir is not directly inside the working tree, then git will not * find it by default, and we need to set the worktree explicitly. */ static int needs_work_tree_config(const char *git_dir, const char *work_tree) { if (!strcmp(work_tree, "/") && !strcmp(git_dir, "/.git")) return 0; if (skip_prefix(git_dir, work_tree, &git_dir) && !strcmp(git_dir, "/.git")) return 0; return 1; } void initialize_repository_version(int hash_algo, enum ref_storage_format ref_storage_format, int reinit) { char repo_version_string[10]; int repo_version = GIT_REPO_VERSION; /* * Note that we initialize the repository version to 1 when the ref * storage format is unknown. This is on purpose so that we can add the * correct object format to the config during git-clone(1). The format * version will get adjusted by git-clone(1) once it has learned about * the remote repository's format. */ if (hash_algo != GIT_HASH_SHA1 || ref_storage_format != REF_STORAGE_FORMAT_FILES) repo_version = GIT_REPO_VERSION_READ; /* This forces creation of new config file */ xsnprintf(repo_version_string, sizeof(repo_version_string), "%d", repo_version); git_config_set("core.repositoryformatversion", repo_version_string); if (hash_algo != GIT_HASH_SHA1 && hash_algo != GIT_HASH_UNKNOWN) git_config_set("extensions.objectformat", hash_algos[hash_algo].name); else if (reinit) git_config_set_gently("extensions.objectformat", NULL); if (ref_storage_format != REF_STORAGE_FORMAT_FILES) git_config_set("extensions.refstorage", ref_storage_format_to_name(ref_storage_format)); else if (reinit) git_config_set_gently("extensions.refstorage", NULL); } static int is_reinit(void) { struct strbuf buf = STRBUF_INIT; char junk[2]; int ret; git_path_buf(&buf, "HEAD"); ret = !access(buf.buf, R_OK) || readlink(buf.buf, junk, sizeof(junk) - 1) != -1; strbuf_release(&buf); return ret; } void create_reference_database(enum ref_storage_format ref_storage_format, const char *initial_branch, int quiet) { struct strbuf err = STRBUF_INIT; char *to_free = NULL; int reinit = is_reinit(); repo_set_ref_storage_format(the_repository, ref_storage_format); if (ref_store_create_on_disk(get_main_ref_store(the_repository), 0, &err)) die("failed to set up refs db: %s", err.buf); /* * Point the HEAD symref to the initial branch with if HEAD does * not yet exist. */ if (!reinit) { char *ref; if (!initial_branch) initial_branch = to_free = repo_default_branch_name(the_repository, quiet); ref = xstrfmt("refs/heads/%s", initial_branch); if (check_refname_format(ref, 0) < 0) die(_("invalid initial branch name: '%s'"), initial_branch); if (refs_update_symref(get_main_ref_store(the_repository), "HEAD", ref, NULL) < 0) exit(1); free(ref); } if (reinit && initial_branch) warning(_("re-init: ignored --initial-branch=%s"), initial_branch); strbuf_release(&err); free(to_free); } static int create_default_files(const char *template_path, const char *original_git_dir, const struct repository_format *fmt, int init_shared_repository) { struct stat st1; struct strbuf buf = STRBUF_INIT; char *path; int reinit; int filemode; const char *work_tree = get_git_work_tree(); /* * First copy the templates -- we might have the default * config file there, in which case we would want to read * from it after installing. * * Before reading that config, we also need to clear out any cached * values (since we've just potentially changed what's available on * disk). */ copy_templates(template_path); git_config_clear(); reset_shared_repository(); git_config(git_default_config, NULL); reinit = is_reinit(); /* * We must make sure command-line options continue to override any * values we might have just re-read from the config. */ if (init_shared_repository != -1) set_shared_repository(init_shared_repository); is_bare_repository_cfg = !work_tree; /* * We would have created the above under user's umask -- under * shared-repository settings, we would need to fix them up. */ if (get_shared_repository()) { adjust_shared_perm(get_git_dir()); } initialize_repository_version(fmt->hash_algo, fmt->ref_storage_format, 0); /* Check filemode trustability */ path = git_path_buf(&buf, "config"); filemode = TEST_FILEMODE; if (TEST_FILEMODE && !lstat(path, &st1)) { struct stat st2; filemode = (!chmod(path, st1.st_mode ^ S_IXUSR) && !lstat(path, &st2) && st1.st_mode != st2.st_mode && !chmod(path, st1.st_mode)); if (filemode && !reinit && (st1.st_mode & S_IXUSR)) filemode = 0; } git_config_set("core.filemode", filemode ? "true" : "false"); if (is_bare_repository()) git_config_set("core.bare", "true"); else { git_config_set("core.bare", "false"); /* allow template config file to override the default */ if (log_all_ref_updates == LOG_REFS_UNSET) git_config_set("core.logallrefupdates", "true"); if (needs_work_tree_config(original_git_dir, work_tree)) git_config_set("core.worktree", work_tree); } if (!reinit) { /* Check if symlink is supported in the work tree */ path = git_path_buf(&buf, "tXXXXXX"); if (!close(xmkstemp(path)) && !unlink(path) && !create_symlink(NULL, "testing", path) && !lstat(path, &st1) && S_ISLNK(st1.st_mode)) unlink(path); /* good */ else git_config_set("core.symlinks", "false"); /* Check if the filesystem is case-insensitive */ path = git_path_buf(&buf, "CoNfIg"); if (!access(path, F_OK)) git_config_set("core.ignorecase", "true"); probe_utf8_pathname_composition(); } strbuf_release(&buf); return reinit; } static void create_object_directory(void) { struct strbuf path = STRBUF_INIT; size_t baselen; strbuf_addstr(&path, get_object_directory()); baselen = path.len; safe_create_dir(path.buf, 1); strbuf_setlen(&path, baselen); strbuf_addstr(&path, "/pack"); safe_create_dir(path.buf, 1); strbuf_setlen(&path, baselen); strbuf_addstr(&path, "/info"); safe_create_dir(path.buf, 1); strbuf_release(&path); } static void separate_git_dir(const char *git_dir, const char *git_link) { struct stat st; if (!stat(git_link, &st)) { const char *src; if (S_ISREG(st.st_mode)) src = read_gitfile(git_link); else if (S_ISDIR(st.st_mode)) src = git_link; else die(_("unable to handle file type %d"), (int)st.st_mode); if (rename(src, git_dir)) die_errno(_("unable to move %s to %s"), src, git_dir); repair_worktrees(NULL, NULL); } write_file(git_link, "gitdir: %s", git_dir); } static void validate_hash_algorithm(struct repository_format *repo_fmt, int hash) { const char *env = getenv(GIT_DEFAULT_HASH_ENVIRONMENT); /* * If we already have an initialized repo, don't allow the user to * specify a different algorithm, as that could cause corruption. * Otherwise, if the user has specified one on the command line, use it. */ if (repo_fmt->version >= 0 && hash != GIT_HASH_UNKNOWN && hash != repo_fmt->hash_algo) die(_("attempt to reinitialize repository with different hash")); else if (hash != GIT_HASH_UNKNOWN) repo_fmt->hash_algo = hash; else if (env) { int env_algo = hash_algo_by_name(env); if (env_algo == GIT_HASH_UNKNOWN) die(_("unknown hash algorithm '%s'"), env); repo_fmt->hash_algo = env_algo; } } static void validate_ref_storage_format(struct repository_format *repo_fmt, enum ref_storage_format format) { const char *name = getenv("GIT_DEFAULT_REF_FORMAT"); if (repo_fmt->version >= 0 && format != REF_STORAGE_FORMAT_UNKNOWN && format != repo_fmt->ref_storage_format) { die(_("attempt to reinitialize repository with different reference storage format")); } else if (format != REF_STORAGE_FORMAT_UNKNOWN) { repo_fmt->ref_storage_format = format; } else if (name) { format = ref_storage_format_by_name(name); if (format == REF_STORAGE_FORMAT_UNKNOWN) die(_("unknown ref storage format '%s'"), name); repo_fmt->ref_storage_format = format; } } int init_db(const char *git_dir, const char *real_git_dir, const char *template_dir, int hash, enum ref_storage_format ref_storage_format, const char *initial_branch, int init_shared_repository, unsigned int flags) { int reinit; int exist_ok = flags & INIT_DB_EXIST_OK; char *original_git_dir = real_pathdup(git_dir, 1); struct repository_format repo_fmt = REPOSITORY_FORMAT_INIT; if (real_git_dir) { struct stat st; if (!exist_ok && !stat(git_dir, &st)) die(_("%s already exists"), git_dir); if (!exist_ok && !stat(real_git_dir, &st)) die(_("%s already exists"), real_git_dir); set_git_dir(real_git_dir, 1); git_dir = get_git_dir(); separate_git_dir(git_dir, original_git_dir); } else { set_git_dir(git_dir, 1); git_dir = get_git_dir(); } startup_info->have_repository = 1; /* Check to see if the repository version is right. * Note that a newly created repository does not have * config file, so this will not fail. What we are catching * is an attempt to reinitialize new repository with an old tool. */ check_repository_format(&repo_fmt); validate_hash_algorithm(&repo_fmt, hash); validate_ref_storage_format(&repo_fmt, ref_storage_format); /* * Now that we have set up both the hash algorithm and the ref storage * format we can update the repository's settings accordingly. */ repo_set_hash_algo(the_repository, repo_fmt.hash_algo); repo_set_ref_storage_format(the_repository, repo_fmt.ref_storage_format); /* * Ensure `core.hidedotfiles` is processed. This must happen after we * have set up the repository format such that we can evaluate * includeIf conditions correctly in the case of re-initialization. */ git_config(git_default_core_config, NULL); safe_create_dir(git_dir, 0); reinit = create_default_files(template_dir, original_git_dir, &repo_fmt, init_shared_repository); if (!(flags & INIT_DB_SKIP_REFDB)) create_reference_database(repo_fmt.ref_storage_format, initial_branch, flags & INIT_DB_QUIET); create_object_directory(); if (get_shared_repository()) { char buf[10]; /* We do not spell "group" and such, so that * the configuration can be read by older version * of git. Note, we use octal numbers for new share modes, * and compatibility values for PERM_GROUP and * PERM_EVERYBODY. */ if (get_shared_repository() < 0) /* force to the mode value */ xsnprintf(buf, sizeof(buf), "0%o", -get_shared_repository()); else if (get_shared_repository() == PERM_GROUP) xsnprintf(buf, sizeof(buf), "%d", OLD_PERM_GROUP); else if (get_shared_repository() == PERM_EVERYBODY) xsnprintf(buf, sizeof(buf), "%d", OLD_PERM_EVERYBODY); else BUG("invalid value for shared_repository"); git_config_set("core.sharedrepository", buf); git_config_set("receive.denyNonFastforwards", "true"); } if (!(flags & INIT_DB_QUIET)) { int len = strlen(git_dir); if (reinit) printf(get_shared_repository() ? _("Reinitialized existing shared Git repository in %s%s\n") : _("Reinitialized existing Git repository in %s%s\n"), git_dir, len && git_dir[len-1] != '/' ? "/" : ""); else printf(get_shared_repository() ? _("Initialized empty shared Git repository in %s%s\n") : _("Initialized empty Git repository in %s%s\n"), git_dir, len && git_dir[len-1] != '/' ? "/" : ""); } clear_repository_format(&repo_fmt); free(original_git_dir); return 0; }