setup.con commit git_setup_gettext: plug memory leak (0210231)
   1#include "cache.h"
   2#include "repository.h"
   3#include "config.h"
   4#include "dir.h"
   5#include "string-list.h"
   6
   7static int inside_git_dir = -1;
   8static int inside_work_tree = -1;
   9static int work_tree_config_is_bogus;
  10
  11static struct startup_info the_startup_info;
  12struct startup_info *startup_info = &the_startup_info;
  13
  14/*
  15 * The input parameter must contain an absolute path, and it must already be
  16 * normalized.
  17 *
  18 * Find the part of an absolute path that lies inside the work tree by
  19 * dereferencing symlinks outside the work tree, for example:
  20 * /dir1/repo/dir2/file   (work tree is /dir1/repo)      -> dir2/file
  21 * /dir/file              (work tree is /)               -> dir/file
  22 * /dir/symlink1/symlink2 (symlink1 points to work tree) -> symlink2
  23 * /dir/repolink/file     (repolink points to /dir/repo) -> file
  24 * /dir/repo              (exactly equal to work tree)   -> (empty string)
  25 */
  26static int abspath_part_inside_repo(char *path)
  27{
  28        size_t len;
  29        size_t wtlen;
  30        char *path0;
  31        int off;
  32        const char *work_tree = get_git_work_tree();
  33
  34        if (!work_tree)
  35                return -1;
  36        wtlen = strlen(work_tree);
  37        len = strlen(path);
  38        off = offset_1st_component(path);
  39
  40        /* check if work tree is already the prefix */
  41        if (wtlen <= len && !strncmp(path, work_tree, wtlen)) {
  42                if (path[wtlen] == '/') {
  43                        memmove(path, path + wtlen + 1, len - wtlen);
  44                        return 0;
  45                } else if (path[wtlen - 1] == '/' || path[wtlen] == '\0') {
  46                        /* work tree is the root, or the whole path */
  47                        memmove(path, path + wtlen, len - wtlen + 1);
  48                        return 0;
  49                }
  50                /* work tree might match beginning of a symlink to work tree */
  51                off = wtlen;
  52        }
  53        path0 = path;
  54        path += off;
  55
  56        /* check each '/'-terminated level */
  57        while (*path) {
  58                path++;
  59                if (*path == '/') {
  60                        *path = '\0';
  61                        if (strcmp(real_path(path0), work_tree) == 0) {
  62                                memmove(path0, path + 1, len - (path - path0));
  63                                return 0;
  64                        }
  65                        *path = '/';
  66                }
  67        }
  68
  69        /* check whole path */
  70        if (strcmp(real_path(path0), work_tree) == 0) {
  71                *path0 = '\0';
  72                return 0;
  73        }
  74
  75        return -1;
  76}
  77
  78/*
  79 * Normalize "path", prepending the "prefix" for relative paths. If
  80 * remaining_prefix is not NULL, return the actual prefix still
  81 * remains in the path. For example, prefix = sub1/sub2/ and path is
  82 *
  83 *  foo          -> sub1/sub2/foo  (full prefix)
  84 *  ../foo       -> sub1/foo       (remaining prefix is sub1/)
  85 *  ../../bar    -> bar            (no remaining prefix)
  86 *  ../../sub1/sub2/foo -> sub1/sub2/foo (but no remaining prefix)
  87 *  `pwd`/../bar -> sub1/bar       (no remaining prefix)
  88 */
  89char *prefix_path_gently(const char *prefix, int len,
  90                         int *remaining_prefix, const char *path)
  91{
  92        const char *orig = path;
  93        char *sanitized;
  94        if (is_absolute_path(orig)) {
  95                sanitized = xmallocz(strlen(path));
  96                if (remaining_prefix)
  97                        *remaining_prefix = 0;
  98                if (normalize_path_copy_len(sanitized, path, remaining_prefix)) {
  99                        free(sanitized);
 100                        return NULL;
 101                }
 102                if (abspath_part_inside_repo(sanitized)) {
 103                        free(sanitized);
 104                        return NULL;
 105                }
 106        } else {
 107                sanitized = xstrfmt("%.*s%s", len, len ? prefix : "", path);
 108                if (remaining_prefix)
 109                        *remaining_prefix = len;
 110                if (normalize_path_copy_len(sanitized, sanitized, remaining_prefix)) {
 111                        free(sanitized);
 112                        return NULL;
 113                }
 114        }
 115        return sanitized;
 116}
 117
 118char *prefix_path(const char *prefix, int len, const char *path)
 119{
 120        char *r = prefix_path_gently(prefix, len, NULL, path);
 121        if (!r)
 122                die(_("'%s' is outside repository"), path);
 123        return r;
 124}
 125
 126int path_inside_repo(const char *prefix, const char *path)
 127{
 128        int len = prefix ? strlen(prefix) : 0;
 129        char *r = prefix_path_gently(prefix, len, NULL, path);
 130        if (r) {
 131                free(r);
 132                return 1;
 133        }
 134        return 0;
 135}
 136
 137int check_filename(const char *prefix, const char *arg)
 138{
 139        char *to_free = NULL;
 140        struct stat st;
 141
 142        if (skip_prefix(arg, ":/", &arg)) {
 143                if (!*arg) /* ":/" is root dir, always exists */
 144                        return 1;
 145                prefix = NULL;
 146        } else if (skip_prefix(arg, ":!", &arg) ||
 147                   skip_prefix(arg, ":^", &arg)) {
 148                if (!*arg) /* excluding everything is silly, but allowed */
 149                        return 1;
 150        }
 151
 152        if (prefix)
 153                arg = to_free = prefix_filename(prefix, arg);
 154
 155        if (!lstat(arg, &st)) {
 156                free(to_free);
 157                return 1; /* file exists */
 158        }
 159        if (is_missing_file_error(errno)) {
 160                free(to_free);
 161                return 0; /* file does not exist */
 162        }
 163        die_errno(_("failed to stat '%s'"), arg);
 164}
 165
 166static void NORETURN die_verify_filename(const char *prefix,
 167                                         const char *arg,
 168                                         int diagnose_misspelt_rev)
 169{
 170        if (!diagnose_misspelt_rev)
 171                die(_("%s: no such path in the working tree.\n"
 172                      "Use 'git <command> -- <path>...' to specify paths that do not exist locally."),
 173                    arg);
 174        /*
 175         * Saying "'(icase)foo' does not exist in the index" when the
 176         * user gave us ":(icase)foo" is just stupid.  A magic pathspec
 177         * begins with a colon and is followed by a non-alnum; do not
 178         * let maybe_die_on_misspelt_object_name() even trigger.
 179         */
 180        if (!(arg[0] == ':' && !isalnum(arg[1])))
 181                maybe_die_on_misspelt_object_name(arg, prefix);
 182
 183        /* ... or fall back the most general message. */
 184        die(_("ambiguous argument '%s': unknown revision or path not in the working tree.\n"
 185              "Use '--' to separate paths from revisions, like this:\n"
 186              "'git <command> [<revision>...] -- [<file>...]'"), arg);
 187
 188}
 189
 190/*
 191 * Check for arguments that don't resolve as actual files,
 192 * but which look sufficiently like pathspecs that we'll consider
 193 * them such for the purposes of rev/pathspec DWIM parsing.
 194 */
 195static int looks_like_pathspec(const char *arg)
 196{
 197        /* anything with a wildcard character */
 198        if (!no_wildcard(arg))
 199                return 1;
 200
 201        /* long-form pathspec magic */
 202        if (starts_with(arg, ":("))
 203                return 1;
 204
 205        return 0;
 206}
 207
 208/*
 209 * Verify a filename that we got as an argument for a pathspec
 210 * entry. Note that a filename that begins with "-" never verifies
 211 * as true, because even if such a filename were to exist, we want
 212 * it to be preceded by the "--" marker (or we want the user to
 213 * use a format like "./-filename")
 214 *
 215 * The "diagnose_misspelt_rev" is used to provide a user-friendly
 216 * diagnosis when dying upon finding that "name" is not a pathname.
 217 * If set to 1, the diagnosis will try to diagnose "name" as an
 218 * invalid object name (e.g. HEAD:foo). If set to 0, the diagnosis
 219 * will only complain about an inexisting file.
 220 *
 221 * This function is typically called to check that a "file or rev"
 222 * argument is unambiguous. In this case, the caller will want
 223 * diagnose_misspelt_rev == 1 when verifying the first non-rev
 224 * argument (which could have been a revision), and
 225 * diagnose_misspelt_rev == 0 for the next ones (because we already
 226 * saw a filename, there's not ambiguity anymore).
 227 */
 228void verify_filename(const char *prefix,
 229                     const char *arg,
 230                     int diagnose_misspelt_rev)
 231{
 232        if (*arg == '-')
 233                die(_("option '%s' must come before non-option arguments"), arg);
 234        if (looks_like_pathspec(arg) || check_filename(prefix, arg))
 235                return;
 236        die_verify_filename(prefix, arg, diagnose_misspelt_rev);
 237}
 238
 239/*
 240 * Opposite of the above: the command line did not have -- marker
 241 * and we parsed the arg as a refname.  It should not be interpretable
 242 * as a filename.
 243 */
 244void verify_non_filename(const char *prefix, const char *arg)
 245{
 246        if (!is_inside_work_tree() || is_inside_git_dir())
 247                return;
 248        if (*arg == '-')
 249                return; /* flag */
 250        if (!check_filename(prefix, arg))
 251                return;
 252        die(_("ambiguous argument '%s': both revision and filename\n"
 253              "Use '--' to separate paths from revisions, like this:\n"
 254              "'git <command> [<revision>...] -- [<file>...]'"), arg);
 255}
 256
 257int get_common_dir(struct strbuf *sb, const char *gitdir)
 258{
 259        const char *git_env_common_dir = getenv(GIT_COMMON_DIR_ENVIRONMENT);
 260        if (git_env_common_dir) {
 261                strbuf_addstr(sb, git_env_common_dir);
 262                return 1;
 263        } else {
 264                return get_common_dir_noenv(sb, gitdir);
 265        }
 266}
 267
 268int get_common_dir_noenv(struct strbuf *sb, const char *gitdir)
 269{
 270        struct strbuf data = STRBUF_INIT;
 271        struct strbuf path = STRBUF_INIT;
 272        int ret = 0;
 273
 274        strbuf_addf(&path, "%s/commondir", gitdir);
 275        if (file_exists(path.buf)) {
 276                if (strbuf_read_file(&data, path.buf, 0) <= 0)
 277                        die_errno(_("failed to read %s"), path.buf);
 278                while (data.len && (data.buf[data.len - 1] == '\n' ||
 279                                    data.buf[data.len - 1] == '\r'))
 280                        data.len--;
 281                data.buf[data.len] = '\0';
 282                strbuf_reset(&path);
 283                if (!is_absolute_path(data.buf))
 284                        strbuf_addf(&path, "%s/", gitdir);
 285                strbuf_addbuf(&path, &data);
 286                strbuf_add_real_path(sb, path.buf);
 287                ret = 1;
 288        } else {
 289                strbuf_addstr(sb, gitdir);
 290        }
 291
 292        strbuf_release(&data);
 293        strbuf_release(&path);
 294        return ret;
 295}
 296
 297/*
 298 * Test if it looks like we're at a git directory.
 299 * We want to see:
 300 *
 301 *  - either an objects/ directory _or_ the proper
 302 *    GIT_OBJECT_DIRECTORY environment variable
 303 *  - a refs/ directory
 304 *  - either a HEAD symlink or a HEAD file that is formatted as
 305 *    a proper "ref:", or a regular file HEAD that has a properly
 306 *    formatted sha1 object name.
 307 */
 308int is_git_directory(const char *suspect)
 309{
 310        struct strbuf path = STRBUF_INIT;
 311        int ret = 0;
 312        size_t len;
 313
 314        /* Check worktree-related signatures */
 315        strbuf_addstr(&path, suspect);
 316        strbuf_complete(&path, '/');
 317        strbuf_addstr(&path, "HEAD");
 318        if (validate_headref(path.buf))
 319                goto done;
 320
 321        strbuf_reset(&path);
 322        get_common_dir(&path, suspect);
 323        len = path.len;
 324
 325        /* Check non-worktree-related signatures */
 326        if (getenv(DB_ENVIRONMENT)) {
 327                if (access(getenv(DB_ENVIRONMENT), X_OK))
 328                        goto done;
 329        }
 330        else {
 331                strbuf_setlen(&path, len);
 332                strbuf_addstr(&path, "/objects");
 333                if (access(path.buf, X_OK))
 334                        goto done;
 335        }
 336
 337        strbuf_setlen(&path, len);
 338        strbuf_addstr(&path, "/refs");
 339        if (access(path.buf, X_OK))
 340                goto done;
 341
 342        ret = 1;
 343done:
 344        strbuf_release(&path);
 345        return ret;
 346}
 347
 348int is_nonbare_repository_dir(struct strbuf *path)
 349{
 350        int ret = 0;
 351        int gitfile_error;
 352        size_t orig_path_len = path->len;
 353        assert(orig_path_len != 0);
 354        strbuf_complete(path, '/');
 355        strbuf_addstr(path, ".git");
 356        if (read_gitfile_gently(path->buf, &gitfile_error) || is_git_directory(path->buf))
 357                ret = 1;
 358        if (gitfile_error == READ_GITFILE_ERR_OPEN_FAILED ||
 359            gitfile_error == READ_GITFILE_ERR_READ_FAILED)
 360                ret = 1;
 361        strbuf_setlen(path, orig_path_len);
 362        return ret;
 363}
 364
 365int is_inside_git_dir(void)
 366{
 367        if (inside_git_dir < 0)
 368                inside_git_dir = is_inside_dir(get_git_dir());
 369        return inside_git_dir;
 370}
 371
 372int is_inside_work_tree(void)
 373{
 374        if (inside_work_tree < 0)
 375                inside_work_tree = is_inside_dir(get_git_work_tree());
 376        return inside_work_tree;
 377}
 378
 379void setup_work_tree(void)
 380{
 381        const char *work_tree, *git_dir;
 382        static int initialized = 0;
 383
 384        if (initialized)
 385                return;
 386
 387        if (work_tree_config_is_bogus)
 388                die(_("unable to set up work tree using invalid config"));
 389
 390        work_tree = get_git_work_tree();
 391        git_dir = get_git_dir();
 392        if (!is_absolute_path(git_dir))
 393                git_dir = real_path(get_git_dir());
 394        if (!work_tree || chdir(work_tree))
 395                die(_("this operation must be run in a work tree"));
 396
 397        /*
 398         * Make sure subsequent git processes find correct worktree
 399         * if $GIT_WORK_TREE is set relative
 400         */
 401        if (getenv(GIT_WORK_TREE_ENVIRONMENT))
 402                setenv(GIT_WORK_TREE_ENVIRONMENT, ".", 1);
 403
 404        set_git_dir(remove_leading_path(git_dir, work_tree));
 405        initialized = 1;
 406}
 407
 408static int check_repo_format(const char *var, const char *value, void *vdata)
 409{
 410        struct repository_format *data = vdata;
 411        const char *ext;
 412
 413        if (strcmp(var, "core.repositoryformatversion") == 0)
 414                data->version = git_config_int(var, value);
 415        else if (skip_prefix(var, "extensions.", &ext)) {
 416                /*
 417                 * record any known extensions here; otherwise,
 418                 * we fall through to recording it as unknown, and
 419                 * check_repository_format will complain
 420                 */
 421                if (!strcmp(ext, "noop"))
 422                        ;
 423                else if (!strcmp(ext, "preciousobjects"))
 424                        data->precious_objects = git_config_bool(var, value);
 425                else if (!strcmp(ext, "partialclone")) {
 426                        if (!value)
 427                                return config_error_nonbool(var);
 428                        data->partial_clone = xstrdup(value);
 429                } else
 430                        string_list_append(&data->unknown_extensions, ext);
 431        } else if (strcmp(var, "core.bare") == 0) {
 432                data->is_bare = git_config_bool(var, value);
 433        } else if (strcmp(var, "core.worktree") == 0) {
 434                if (!value)
 435                        return config_error_nonbool(var);
 436                data->work_tree = xstrdup(value);
 437        }
 438        return 0;
 439}
 440
 441static int check_repository_format_gently(const char *gitdir, struct repository_format *candidate, int *nongit_ok)
 442{
 443        struct strbuf sb = STRBUF_INIT;
 444        struct strbuf err = STRBUF_INIT;
 445        int has_common;
 446
 447        has_common = get_common_dir(&sb, gitdir);
 448        strbuf_addstr(&sb, "/config");
 449        read_repository_format(candidate, sb.buf);
 450        strbuf_release(&sb);
 451
 452        /*
 453         * For historical use of check_repository_format() in git-init,
 454         * we treat a missing config as a silent "ok", even when nongit_ok
 455         * is unset.
 456         */
 457        if (candidate->version < 0)
 458                return 0;
 459
 460        if (verify_repository_format(candidate, &err) < 0) {
 461                if (nongit_ok) {
 462                        warning("%s", err.buf);
 463                        strbuf_release(&err);
 464                        *nongit_ok = -1;
 465                        return -1;
 466                }
 467                die("%s", err.buf);
 468        }
 469
 470        repository_format_precious_objects = candidate->precious_objects;
 471        repository_format_partial_clone = candidate->partial_clone;
 472        string_list_clear(&candidate->unknown_extensions, 0);
 473        if (!has_common) {
 474                if (candidate->is_bare != -1) {
 475                        is_bare_repository_cfg = candidate->is_bare;
 476                        if (is_bare_repository_cfg == 1)
 477                                inside_work_tree = -1;
 478                }
 479                if (candidate->work_tree) {
 480                        free(git_work_tree_cfg);
 481                        git_work_tree_cfg = candidate->work_tree;
 482                        inside_work_tree = -1;
 483                }
 484        } else {
 485                free(candidate->work_tree);
 486        }
 487
 488        return 0;
 489}
 490
 491int read_repository_format(struct repository_format *format, const char *path)
 492{
 493        memset(format, 0, sizeof(*format));
 494        format->version = -1;
 495        format->is_bare = -1;
 496        format->hash_algo = GIT_HASH_SHA1;
 497        string_list_init(&format->unknown_extensions, 1);
 498        git_config_from_file(check_repo_format, path, format);
 499        return format->version;
 500}
 501
 502int verify_repository_format(const struct repository_format *format,
 503                             struct strbuf *err)
 504{
 505        if (GIT_REPO_VERSION_READ < format->version) {
 506                strbuf_addf(err, _("Expected git repo version <= %d, found %d"),
 507                            GIT_REPO_VERSION_READ, format->version);
 508                return -1;
 509        }
 510
 511        if (format->version >= 1 && format->unknown_extensions.nr) {
 512                int i;
 513
 514                strbuf_addstr(err, _("unknown repository extensions found:"));
 515
 516                for (i = 0; i < format->unknown_extensions.nr; i++)
 517                        strbuf_addf(err, "\n\t%s",
 518                                    format->unknown_extensions.items[i].string);
 519                return -1;
 520        }
 521
 522        return 0;
 523}
 524
 525void read_gitfile_error_die(int error_code, const char *path, const char *dir)
 526{
 527        switch (error_code) {
 528        case READ_GITFILE_ERR_STAT_FAILED:
 529        case READ_GITFILE_ERR_NOT_A_FILE:
 530                /* non-fatal; follow return path */
 531                break;
 532        case READ_GITFILE_ERR_OPEN_FAILED:
 533                die_errno(_("error opening '%s'"), path);
 534        case READ_GITFILE_ERR_TOO_LARGE:
 535                die(_("too large to be a .git file: '%s'"), path);
 536        case READ_GITFILE_ERR_READ_FAILED:
 537                die(_("error reading %s"), path);
 538        case READ_GITFILE_ERR_INVALID_FORMAT:
 539                die(_("invalid gitfile format: %s"), path);
 540        case READ_GITFILE_ERR_NO_PATH:
 541                die(_("no path in gitfile: %s"), path);
 542        case READ_GITFILE_ERR_NOT_A_REPO:
 543                die(_("not a git repository: %s"), dir);
 544        default:
 545                die("BUG: unknown error code");
 546        }
 547}
 548
 549/*
 550 * Try to read the location of the git directory from the .git file,
 551 * return path to git directory if found. The return value comes from
 552 * a shared buffer.
 553 *
 554 * On failure, if return_error_code is not NULL, return_error_code
 555 * will be set to an error code and NULL will be returned. If
 556 * return_error_code is NULL the function will die instead (for most
 557 * cases).
 558 */
 559const char *read_gitfile_gently(const char *path, int *return_error_code)
 560{
 561        const int max_file_size = 1 << 20;  /* 1MB */
 562        int error_code = 0;
 563        char *buf = NULL;
 564        char *dir = NULL;
 565        const char *slash;
 566        struct stat st;
 567        int fd;
 568        ssize_t len;
 569
 570        if (stat(path, &st)) {
 571                /* NEEDSWORK: discern between ENOENT vs other errors */
 572                error_code = READ_GITFILE_ERR_STAT_FAILED;
 573                goto cleanup_return;
 574        }
 575        if (!S_ISREG(st.st_mode)) {
 576                error_code = READ_GITFILE_ERR_NOT_A_FILE;
 577                goto cleanup_return;
 578        }
 579        if (st.st_size > max_file_size) {
 580                error_code = READ_GITFILE_ERR_TOO_LARGE;
 581                goto cleanup_return;
 582        }
 583        fd = open(path, O_RDONLY);
 584        if (fd < 0) {
 585                error_code = READ_GITFILE_ERR_OPEN_FAILED;
 586                goto cleanup_return;
 587        }
 588        buf = xmallocz(st.st_size);
 589        len = read_in_full(fd, buf, st.st_size);
 590        close(fd);
 591        if (len != st.st_size) {
 592                error_code = READ_GITFILE_ERR_READ_FAILED;
 593                goto cleanup_return;
 594        }
 595        if (!starts_with(buf, "gitdir: ")) {
 596                error_code = READ_GITFILE_ERR_INVALID_FORMAT;
 597                goto cleanup_return;
 598        }
 599        while (buf[len - 1] == '\n' || buf[len - 1] == '\r')
 600                len--;
 601        if (len < 9) {
 602                error_code = READ_GITFILE_ERR_NO_PATH;
 603                goto cleanup_return;
 604        }
 605        buf[len] = '\0';
 606        dir = buf + 8;
 607
 608        if (!is_absolute_path(dir) && (slash = strrchr(path, '/'))) {
 609                size_t pathlen = slash+1 - path;
 610                dir = xstrfmt("%.*s%.*s", (int)pathlen, path,
 611                              (int)(len - 8), buf + 8);
 612                free(buf);
 613                buf = dir;
 614        }
 615        if (!is_git_directory(dir)) {
 616                error_code = READ_GITFILE_ERR_NOT_A_REPO;
 617                goto cleanup_return;
 618        }
 619        path = real_path(dir);
 620
 621cleanup_return:
 622        if (return_error_code)
 623                *return_error_code = error_code;
 624        else if (error_code)
 625                read_gitfile_error_die(error_code, path, dir);
 626
 627        free(buf);
 628        return error_code ? NULL : path;
 629}
 630
 631static const char *setup_explicit_git_dir(const char *gitdirenv,
 632                                          struct strbuf *cwd,
 633                                          struct repository_format *repo_fmt,
 634                                          int *nongit_ok)
 635{
 636        const char *work_tree_env = getenv(GIT_WORK_TREE_ENVIRONMENT);
 637        const char *worktree;
 638        char *gitfile;
 639        int offset;
 640
 641        if (PATH_MAX - 40 < strlen(gitdirenv))
 642                die(_("'$%s' too big"), GIT_DIR_ENVIRONMENT);
 643
 644        gitfile = (char*)read_gitfile(gitdirenv);
 645        if (gitfile) {
 646                gitfile = xstrdup(gitfile);
 647                gitdirenv = gitfile;
 648        }
 649
 650        if (!is_git_directory(gitdirenv)) {
 651                if (nongit_ok) {
 652                        *nongit_ok = 1;
 653                        free(gitfile);
 654                        return NULL;
 655                }
 656                die(_("not a git repository: '%s'"), gitdirenv);
 657        }
 658
 659        if (check_repository_format_gently(gitdirenv, repo_fmt, nongit_ok)) {
 660                free(gitfile);
 661                return NULL;
 662        }
 663
 664        /* #3, #7, #11, #15, #19, #23, #27, #31 (see t1510) */
 665        if (work_tree_env)
 666                set_git_work_tree(work_tree_env);
 667        else if (is_bare_repository_cfg > 0) {
 668                if (git_work_tree_cfg) {
 669                        /* #22.2, #30 */
 670                        warning("core.bare and core.worktree do not make sense");
 671                        work_tree_config_is_bogus = 1;
 672                }
 673
 674                /* #18, #26 */
 675                set_git_dir(gitdirenv);
 676                free(gitfile);
 677                return NULL;
 678        }
 679        else if (git_work_tree_cfg) { /* #6, #14 */
 680                if (is_absolute_path(git_work_tree_cfg))
 681                        set_git_work_tree(git_work_tree_cfg);
 682                else {
 683                        char *core_worktree;
 684                        if (chdir(gitdirenv))
 685                                die_errno(_("cannot chdir to '%s'"), gitdirenv);
 686                        if (chdir(git_work_tree_cfg))
 687                                die_errno(_("cannot chdir to '%s'"), git_work_tree_cfg);
 688                        core_worktree = xgetcwd();
 689                        if (chdir(cwd->buf))
 690                                die_errno(_("cannot come back to cwd"));
 691                        set_git_work_tree(core_worktree);
 692                        free(core_worktree);
 693                }
 694        }
 695        else if (!git_env_bool(GIT_IMPLICIT_WORK_TREE_ENVIRONMENT, 1)) {
 696                /* #16d */
 697                set_git_dir(gitdirenv);
 698                free(gitfile);
 699                return NULL;
 700        }
 701        else /* #2, #10 */
 702                set_git_work_tree(".");
 703
 704        /* set_git_work_tree() must have been called by now */
 705        worktree = get_git_work_tree();
 706
 707        /* both get_git_work_tree() and cwd are already normalized */
 708        if (!strcmp(cwd->buf, worktree)) { /* cwd == worktree */
 709                set_git_dir(gitdirenv);
 710                free(gitfile);
 711                return NULL;
 712        }
 713
 714        offset = dir_inside_of(cwd->buf, worktree);
 715        if (offset >= 0) {      /* cwd inside worktree? */
 716                set_git_dir(real_path(gitdirenv));
 717                if (chdir(worktree))
 718                        die_errno(_("cannot chdir to '%s'"), worktree);
 719                strbuf_addch(cwd, '/');
 720                free(gitfile);
 721                return cwd->buf + offset;
 722        }
 723
 724        /* cwd outside worktree */
 725        set_git_dir(gitdirenv);
 726        free(gitfile);
 727        return NULL;
 728}
 729
 730static const char *setup_discovered_git_dir(const char *gitdir,
 731                                            struct strbuf *cwd, int offset,
 732                                            struct repository_format *repo_fmt,
 733                                            int *nongit_ok)
 734{
 735        if (check_repository_format_gently(gitdir, repo_fmt, nongit_ok))
 736                return NULL;
 737
 738        /* --work-tree is set without --git-dir; use discovered one */
 739        if (getenv(GIT_WORK_TREE_ENVIRONMENT) || git_work_tree_cfg) {
 740                char *to_free = NULL;
 741                const char *ret;
 742
 743                if (offset != cwd->len && !is_absolute_path(gitdir))
 744                        gitdir = to_free = real_pathdup(gitdir, 1);
 745                if (chdir(cwd->buf))
 746                        die_errno(_("cannot come back to cwd"));
 747                ret = setup_explicit_git_dir(gitdir, cwd, repo_fmt, nongit_ok);
 748                free(to_free);
 749                return ret;
 750        }
 751
 752        /* #16.2, #17.2, #20.2, #21.2, #24, #25, #28, #29 (see t1510) */
 753        if (is_bare_repository_cfg > 0) {
 754                set_git_dir(offset == cwd->len ? gitdir : real_path(gitdir));
 755                if (chdir(cwd->buf))
 756                        die_errno(_("cannot come back to cwd"));
 757                return NULL;
 758        }
 759
 760        /* #0, #1, #5, #8, #9, #12, #13 */
 761        set_git_work_tree(".");
 762        if (strcmp(gitdir, DEFAULT_GIT_DIR_ENVIRONMENT))
 763                set_git_dir(gitdir);
 764        inside_git_dir = 0;
 765        inside_work_tree = 1;
 766        if (offset == cwd->len)
 767                return NULL;
 768
 769        /* Make "offset" point past the '/' (already the case for root dirs) */
 770        if (offset != offset_1st_component(cwd->buf))
 771                offset++;
 772        /* Add a '/' at the end */
 773        strbuf_addch(cwd, '/');
 774        return cwd->buf + offset;
 775}
 776
 777/* #16.1, #17.1, #20.1, #21.1, #22.1 (see t1510) */
 778static const char *setup_bare_git_dir(struct strbuf *cwd, int offset,
 779                                      struct repository_format *repo_fmt,
 780                                      int *nongit_ok)
 781{
 782        int root_len;
 783
 784        if (check_repository_format_gently(".", repo_fmt, nongit_ok))
 785                return NULL;
 786
 787        setenv(GIT_IMPLICIT_WORK_TREE_ENVIRONMENT, "0", 1);
 788
 789        /* --work-tree is set without --git-dir; use discovered one */
 790        if (getenv(GIT_WORK_TREE_ENVIRONMENT) || git_work_tree_cfg) {
 791                static const char *gitdir;
 792
 793                gitdir = offset == cwd->len ? "." : xmemdupz(cwd->buf, offset);
 794                if (chdir(cwd->buf))
 795                        die_errno(_("cannot come back to cwd"));
 796                return setup_explicit_git_dir(gitdir, cwd, repo_fmt, nongit_ok);
 797        }
 798
 799        inside_git_dir = 1;
 800        inside_work_tree = 0;
 801        if (offset != cwd->len) {
 802                if (chdir(cwd->buf))
 803                        die_errno(_("cannot come back to cwd"));
 804                root_len = offset_1st_component(cwd->buf);
 805                strbuf_setlen(cwd, offset > root_len ? offset : root_len);
 806                set_git_dir(cwd->buf);
 807        }
 808        else
 809                set_git_dir(".");
 810        return NULL;
 811}
 812
 813static const char *setup_nongit(const char *cwd, int *nongit_ok)
 814{
 815        if (!nongit_ok)
 816                die(_("not a git repository (or any of the parent directories): %s"), DEFAULT_GIT_DIR_ENVIRONMENT);
 817        if (chdir(cwd))
 818                die_errno(_("cannot come back to cwd"));
 819        *nongit_ok = 1;
 820        return NULL;
 821}
 822
 823static dev_t get_device_or_die(const char *path, const char *prefix, int prefix_len)
 824{
 825        struct stat buf;
 826        if (stat(path, &buf)) {
 827                die_errno(_("failed to stat '%*s%s%s'"),
 828                                prefix_len,
 829                                prefix ? prefix : "",
 830                                prefix ? "/" : "", path);
 831        }
 832        return buf.st_dev;
 833}
 834
 835/*
 836 * A "string_list_each_func_t" function that canonicalizes an entry
 837 * from GIT_CEILING_DIRECTORIES using real_path_if_valid(), or
 838 * discards it if unusable.  The presence of an empty entry in
 839 * GIT_CEILING_DIRECTORIES turns off canonicalization for all
 840 * subsequent entries.
 841 */
 842static int canonicalize_ceiling_entry(struct string_list_item *item,
 843                                      void *cb_data)
 844{
 845        int *empty_entry_found = cb_data;
 846        char *ceil = item->string;
 847
 848        if (!*ceil) {
 849                *empty_entry_found = 1;
 850                return 0;
 851        } else if (!is_absolute_path(ceil)) {
 852                return 0;
 853        } else if (*empty_entry_found) {
 854                /* Keep entry but do not canonicalize it */
 855                return 1;
 856        } else {
 857                char *real_path = real_pathdup(ceil, 0);
 858                if (!real_path) {
 859                        return 0;
 860                }
 861                free(item->string);
 862                item->string = real_path;
 863                return 1;
 864        }
 865}
 866
 867enum discovery_result {
 868        GIT_DIR_NONE = 0,
 869        GIT_DIR_EXPLICIT,
 870        GIT_DIR_DISCOVERED,
 871        GIT_DIR_BARE,
 872        /* these are errors */
 873        GIT_DIR_HIT_CEILING = -1,
 874        GIT_DIR_HIT_MOUNT_POINT = -2,
 875        GIT_DIR_INVALID_GITFILE = -3
 876};
 877
 878/*
 879 * We cannot decide in this function whether we are in the work tree or
 880 * not, since the config can only be read _after_ this function was called.
 881 *
 882 * Also, we avoid changing any global state (such as the current working
 883 * directory) to allow early callers.
 884 *
 885 * The directory where the search should start needs to be passed in via the
 886 * `dir` parameter; upon return, the `dir` buffer will contain the path of
 887 * the directory where the search ended, and `gitdir` will contain the path of
 888 * the discovered .git/ directory, if any. If `gitdir` is not absolute, it
 889 * is relative to `dir` (i.e. *not* necessarily the cwd).
 890 */
 891static enum discovery_result setup_git_directory_gently_1(struct strbuf *dir,
 892                                                          struct strbuf *gitdir,
 893                                                          int die_on_error)
 894{
 895        const char *env_ceiling_dirs = getenv(CEILING_DIRECTORIES_ENVIRONMENT);
 896        struct string_list ceiling_dirs = STRING_LIST_INIT_DUP;
 897        const char *gitdirenv;
 898        int ceil_offset = -1, min_offset = has_dos_drive_prefix(dir->buf) ? 3 : 1;
 899        dev_t current_device = 0;
 900        int one_filesystem = 1;
 901
 902        /*
 903         * If GIT_DIR is set explicitly, we're not going
 904         * to do any discovery, but we still do repository
 905         * validation.
 906         */
 907        gitdirenv = getenv(GIT_DIR_ENVIRONMENT);
 908        if (gitdirenv) {
 909                strbuf_addstr(gitdir, gitdirenv);
 910                return GIT_DIR_EXPLICIT;
 911        }
 912
 913        if (env_ceiling_dirs) {
 914                int empty_entry_found = 0;
 915
 916                string_list_split(&ceiling_dirs, env_ceiling_dirs, PATH_SEP, -1);
 917                filter_string_list(&ceiling_dirs, 0,
 918                                   canonicalize_ceiling_entry, &empty_entry_found);
 919                ceil_offset = longest_ancestor_length(dir->buf, &ceiling_dirs);
 920                string_list_clear(&ceiling_dirs, 0);
 921        }
 922
 923        if (ceil_offset < 0)
 924                ceil_offset = min_offset - 2;
 925
 926        /*
 927         * Test in the following order (relative to the dir):
 928         * - .git (file containing "gitdir: <path>")
 929         * - .git/
 930         * - ./ (bare)
 931         * - ../.git
 932         * - ../.git/
 933         * - ../ (bare)
 934         * - ../../.git
 935         *   etc.
 936         */
 937        one_filesystem = !git_env_bool("GIT_DISCOVERY_ACROSS_FILESYSTEM", 0);
 938        if (one_filesystem)
 939                current_device = get_device_or_die(dir->buf, NULL, 0);
 940        for (;;) {
 941                int offset = dir->len, error_code = 0;
 942
 943                if (offset > min_offset)
 944                        strbuf_addch(dir, '/');
 945                strbuf_addstr(dir, DEFAULT_GIT_DIR_ENVIRONMENT);
 946                gitdirenv = read_gitfile_gently(dir->buf, die_on_error ?
 947                                                NULL : &error_code);
 948                if (!gitdirenv) {
 949                        if (die_on_error ||
 950                            error_code == READ_GITFILE_ERR_NOT_A_FILE) {
 951                                /* NEEDSWORK: fail if .git is not file nor dir */
 952                                if (is_git_directory(dir->buf))
 953                                        gitdirenv = DEFAULT_GIT_DIR_ENVIRONMENT;
 954                        } else if (error_code != READ_GITFILE_ERR_STAT_FAILED)
 955                                return GIT_DIR_INVALID_GITFILE;
 956                }
 957                strbuf_setlen(dir, offset);
 958                if (gitdirenv) {
 959                        strbuf_addstr(gitdir, gitdirenv);
 960                        return GIT_DIR_DISCOVERED;
 961                }
 962
 963                if (is_git_directory(dir->buf)) {
 964                        strbuf_addstr(gitdir, ".");
 965                        return GIT_DIR_BARE;
 966                }
 967
 968                if (offset <= min_offset)
 969                        return GIT_DIR_HIT_CEILING;
 970
 971                while (--offset > ceil_offset && !is_dir_sep(dir->buf[offset]))
 972                        ; /* continue */
 973                if (offset <= ceil_offset)
 974                        return GIT_DIR_HIT_CEILING;
 975
 976                strbuf_setlen(dir, offset > min_offset ?  offset : min_offset);
 977                if (one_filesystem &&
 978                    current_device != get_device_or_die(dir->buf, NULL, offset))
 979                        return GIT_DIR_HIT_MOUNT_POINT;
 980        }
 981}
 982
 983int discover_git_directory(struct strbuf *commondir,
 984                           struct strbuf *gitdir)
 985{
 986        struct strbuf dir = STRBUF_INIT, err = STRBUF_INIT;
 987        size_t gitdir_offset = gitdir->len, cwd_len;
 988        size_t commondir_offset = commondir->len;
 989        struct repository_format candidate;
 990
 991        if (strbuf_getcwd(&dir))
 992                return -1;
 993
 994        cwd_len = dir.len;
 995        if (setup_git_directory_gently_1(&dir, gitdir, 0) <= 0) {
 996                strbuf_release(&dir);
 997                return -1;
 998        }
 999
1000        /*
1001         * The returned gitdir is relative to dir, and if dir does not reflect
1002         * the current working directory, we simply make the gitdir absolute.
1003         */
1004        if (dir.len < cwd_len && !is_absolute_path(gitdir->buf + gitdir_offset)) {
1005                /* Avoid a trailing "/." */
1006                if (!strcmp(".", gitdir->buf + gitdir_offset))
1007                        strbuf_setlen(gitdir, gitdir_offset);
1008                else
1009                        strbuf_addch(&dir, '/');
1010                strbuf_insert(gitdir, gitdir_offset, dir.buf, dir.len);
1011        }
1012
1013        get_common_dir(commondir, gitdir->buf + gitdir_offset);
1014
1015        strbuf_reset(&dir);
1016        strbuf_addf(&dir, "%s/config", commondir->buf + commondir_offset);
1017        read_repository_format(&candidate, dir.buf);
1018        strbuf_release(&dir);
1019
1020        if (verify_repository_format(&candidate, &err) < 0) {
1021                warning("ignoring git dir '%s': %s",
1022                        gitdir->buf + gitdir_offset, err.buf);
1023                strbuf_release(&err);
1024                strbuf_setlen(commondir, commondir_offset);
1025                strbuf_setlen(gitdir, gitdir_offset);
1026                return -1;
1027        }
1028
1029        return 0;
1030}
1031
1032const char *setup_git_directory_gently(int *nongit_ok)
1033{
1034        static struct strbuf cwd = STRBUF_INIT;
1035        struct strbuf dir = STRBUF_INIT, gitdir = STRBUF_INIT;
1036        const char *prefix;
1037        struct repository_format repo_fmt;
1038
1039        /*
1040         * We may have read an incomplete configuration before
1041         * setting-up the git directory. If so, clear the cache so
1042         * that the next queries to the configuration reload complete
1043         * configuration (including the per-repo config file that we
1044         * ignored previously).
1045         */
1046        git_config_clear();
1047
1048        /*
1049         * Let's assume that we are in a git repository.
1050         * If it turns out later that we are somewhere else, the value will be
1051         * updated accordingly.
1052         */
1053        if (nongit_ok)
1054                *nongit_ok = 0;
1055
1056        if (strbuf_getcwd(&cwd))
1057                die_errno(_("Unable to read current working directory"));
1058        strbuf_addbuf(&dir, &cwd);
1059
1060        switch (setup_git_directory_gently_1(&dir, &gitdir, 1)) {
1061        case GIT_DIR_NONE:
1062                prefix = NULL;
1063                break;
1064        case GIT_DIR_EXPLICIT:
1065                prefix = setup_explicit_git_dir(gitdir.buf, &cwd, &repo_fmt, nongit_ok);
1066                break;
1067        case GIT_DIR_DISCOVERED:
1068                if (dir.len < cwd.len && chdir(dir.buf))
1069                        die(_("cannot change to '%s'"), dir.buf);
1070                prefix = setup_discovered_git_dir(gitdir.buf, &cwd, dir.len,
1071                                                  &repo_fmt, nongit_ok);
1072                break;
1073        case GIT_DIR_BARE:
1074                if (dir.len < cwd.len && chdir(dir.buf))
1075                        die(_("cannot change to '%s'"), dir.buf);
1076                prefix = setup_bare_git_dir(&cwd, dir.len, &repo_fmt, nongit_ok);
1077                break;
1078        case GIT_DIR_HIT_CEILING:
1079                prefix = setup_nongit(cwd.buf, nongit_ok);
1080                break;
1081        case GIT_DIR_HIT_MOUNT_POINT:
1082                if (nongit_ok) {
1083                        *nongit_ok = 1;
1084                        strbuf_release(&cwd);
1085                        strbuf_release(&dir);
1086                        return NULL;
1087                }
1088                die(_("not a git repository (or any parent up to mount point %s)\n"
1089                      "Stopping at filesystem boundary (GIT_DISCOVERY_ACROSS_FILESYSTEM not set)."),
1090                    dir.buf);
1091        default:
1092                die("BUG: unhandled setup_git_directory_1() result");
1093        }
1094
1095        if (prefix)
1096                setenv(GIT_PREFIX_ENVIRONMENT, prefix, 1);
1097        else
1098                setenv(GIT_PREFIX_ENVIRONMENT, "", 1);
1099
1100        startup_info->have_repository = !nongit_ok || !*nongit_ok;
1101        startup_info->prefix = prefix;
1102
1103        /*
1104         * Not all paths through the setup code will call 'set_git_dir()' (which
1105         * directly sets up the environment) so in order to guarantee that the
1106         * environment is in a consistent state after setup, explicitly setup
1107         * the environment if we have a repository.
1108         *
1109         * NEEDSWORK: currently we allow bogus GIT_DIR values to be set in some
1110         * code paths so we also need to explicitly setup the environment if
1111         * the user has set GIT_DIR.  It may be beneficial to disallow bogus
1112         * GIT_DIR values at some point in the future.
1113         */
1114        if (startup_info->have_repository || getenv(GIT_DIR_ENVIRONMENT)) {
1115                if (!the_repository->gitdir) {
1116                        const char *gitdir = getenv(GIT_DIR_ENVIRONMENT);
1117                        if (!gitdir)
1118                                gitdir = DEFAULT_GIT_DIR_ENVIRONMENT;
1119                        setup_git_env(gitdir);
1120                }
1121                if (startup_info->have_repository)
1122                        repo_set_hash_algo(the_repository, repo_fmt.hash_algo);
1123        }
1124
1125        strbuf_release(&dir);
1126        strbuf_release(&gitdir);
1127
1128        return prefix;
1129}
1130
1131int git_config_perm(const char *var, const char *value)
1132{
1133        int i;
1134        char *endptr;
1135
1136        if (value == NULL)
1137                return PERM_GROUP;
1138
1139        if (!strcmp(value, "umask"))
1140                return PERM_UMASK;
1141        if (!strcmp(value, "group"))
1142                return PERM_GROUP;
1143        if (!strcmp(value, "all") ||
1144            !strcmp(value, "world") ||
1145            !strcmp(value, "everybody"))
1146                return PERM_EVERYBODY;
1147
1148        /* Parse octal numbers */
1149        i = strtol(value, &endptr, 8);
1150
1151        /* If not an octal number, maybe true/false? */
1152        if (*endptr != 0)
1153                return git_config_bool(var, value) ? PERM_GROUP : PERM_UMASK;
1154
1155        /*
1156         * Treat values 0, 1 and 2 as compatibility cases, otherwise it is
1157         * a chmod value to restrict to.
1158         */
1159        switch (i) {
1160        case PERM_UMASK:               /* 0 */
1161                return PERM_UMASK;
1162        case OLD_PERM_GROUP:           /* 1 */
1163                return PERM_GROUP;
1164        case OLD_PERM_EVERYBODY:       /* 2 */
1165                return PERM_EVERYBODY;
1166        }
1167
1168        /* A filemode value was given: 0xxx */
1169
1170        if ((i & 0600) != 0600)
1171                die(_("problem with core.sharedRepository filemode value "
1172                    "(0%.3o).\nThe owner of files must always have "
1173                    "read and write permissions."), i);
1174
1175        /*
1176         * Mask filemode value. Others can not get write permission.
1177         * x flags for directories are handled separately.
1178         */
1179        return -(i & 0666);
1180}
1181
1182void check_repository_format(void)
1183{
1184        struct repository_format repo_fmt;
1185        check_repository_format_gently(get_git_dir(), &repo_fmt, NULL);
1186        startup_info->have_repository = 1;
1187}
1188
1189/*
1190 * Returns the "prefix", a path to the current working directory
1191 * relative to the work tree root, or NULL, if the current working
1192 * directory is not a strict subdirectory of the work tree root. The
1193 * prefix always ends with a '/' character.
1194 */
1195const char *setup_git_directory(void)
1196{
1197        return setup_git_directory_gently(NULL);
1198}
1199
1200const char *resolve_gitdir_gently(const char *suspect, int *return_error_code)
1201{
1202        if (is_git_directory(suspect))
1203                return suspect;
1204        return read_gitfile_gently(suspect, return_error_code);
1205}
1206
1207/* if any standard file descriptor is missing open it to /dev/null */
1208void sanitize_stdfds(void)
1209{
1210        int fd = open("/dev/null", O_RDWR, 0);
1211        while (fd != -1 && fd < 2)
1212                fd = dup(fd);
1213        if (fd == -1)
1214                die_errno(_("open /dev/null or dup failed"));
1215        if (fd > 2)
1216                close(fd);
1217}
1218
1219int daemonize(void)
1220{
1221#ifdef NO_POSIX_GOODIES
1222        errno = ENOSYS;
1223        return -1;
1224#else
1225        switch (fork()) {
1226                case 0:
1227                        break;
1228                case -1:
1229                        die_errno(_("fork failed"));
1230                default:
1231                        exit(0);
1232        }
1233        if (setsid() == -1)
1234                die_errno(_("setsid failed"));
1235        close(0);
1236        close(1);
1237        close(2);
1238        sanitize_stdfds();
1239        return 0;
1240#endif
1241}