setup.con commit worktree add: be tolerant of corrupt worktrees (105df73)
   1#include "cache.h"
   2#include "repository.h"
   3#include "config.h"
   4#include "dir.h"
   5#include "string-list.h"
   6#include "chdir-notify.h"
   7
   8static int inside_git_dir = -1;
   9static int inside_work_tree = -1;
  10static int work_tree_config_is_bogus;
  11
  12static struct startup_info the_startup_info;
  13struct startup_info *startup_info = &the_startup_info;
  14
  15/*
  16 * The input parameter must contain an absolute path, and it must already be
  17 * normalized.
  18 *
  19 * Find the part of an absolute path that lies inside the work tree by
  20 * dereferencing symlinks outside the work tree, for example:
  21 * /dir1/repo/dir2/file   (work tree is /dir1/repo)      -> dir2/file
  22 * /dir/file              (work tree is /)               -> dir/file
  23 * /dir/symlink1/symlink2 (symlink1 points to work tree) -> symlink2
  24 * /dir/repolink/file     (repolink points to /dir/repo) -> file
  25 * /dir/repo              (exactly equal to work tree)   -> (empty string)
  26 */
  27static int abspath_part_inside_repo(char *path)
  28{
  29        size_t len;
  30        size_t wtlen;
  31        char *path0;
  32        int off;
  33        const char *work_tree = get_git_work_tree();
  34
  35        if (!work_tree)
  36                return -1;
  37        wtlen = strlen(work_tree);
  38        len = strlen(path);
  39        off = offset_1st_component(path);
  40
  41        /* check if work tree is already the prefix */
  42        if (wtlen <= len && !fspathncmp(path, work_tree, wtlen)) {
  43                if (path[wtlen] == '/') {
  44                        memmove(path, path + wtlen + 1, len - wtlen);
  45                        return 0;
  46                } else if (path[wtlen - 1] == '/' || path[wtlen] == '\0') {
  47                        /* work tree is the root, or the whole path */
  48                        memmove(path, path + wtlen, len - wtlen + 1);
  49                        return 0;
  50                }
  51                /* work tree might match beginning of a symlink to work tree */
  52                off = wtlen;
  53        }
  54        path0 = path;
  55        path += off;
  56
  57        /* check each '/'-terminated level */
  58        while (*path) {
  59                path++;
  60                if (*path == '/') {
  61                        *path = '\0';
  62                        if (fspathcmp(real_path(path0), work_tree) == 0) {
  63                                memmove(path0, path + 1, len - (path - path0));
  64                                return 0;
  65                        }
  66                        *path = '/';
  67                }
  68        }
  69
  70        /* check whole path */
  71        if (fspathcmp(real_path(path0), work_tree) == 0) {
  72                *path0 = '\0';
  73                return 0;
  74        }
  75
  76        return -1;
  77}
  78
  79/*
  80 * Normalize "path", prepending the "prefix" for relative paths. If
  81 * remaining_prefix is not NULL, return the actual prefix still
  82 * remains in the path. For example, prefix = sub1/sub2/ and path is
  83 *
  84 *  foo          -> sub1/sub2/foo  (full prefix)
  85 *  ../foo       -> sub1/foo       (remaining prefix is sub1/)
  86 *  ../../bar    -> bar            (no remaining prefix)
  87 *  ../../sub1/sub2/foo -> sub1/sub2/foo (but no remaining prefix)
  88 *  `pwd`/../bar -> sub1/bar       (no remaining prefix)
  89 */
  90char *prefix_path_gently(const char *prefix, int len,
  91                         int *remaining_prefix, const char *path)
  92{
  93        const char *orig = path;
  94        char *sanitized;
  95        if (is_absolute_path(orig)) {
  96                sanitized = xmallocz(strlen(path));
  97                if (remaining_prefix)
  98                        *remaining_prefix = 0;
  99                if (normalize_path_copy_len(sanitized, path, remaining_prefix)) {
 100                        free(sanitized);
 101                        return NULL;
 102                }
 103                if (abspath_part_inside_repo(sanitized)) {
 104                        free(sanitized);
 105                        return NULL;
 106                }
 107        } else {
 108                sanitized = xstrfmt("%.*s%s", len, len ? prefix : "", path);
 109                if (remaining_prefix)
 110                        *remaining_prefix = len;
 111                if (normalize_path_copy_len(sanitized, sanitized, remaining_prefix)) {
 112                        free(sanitized);
 113                        return NULL;
 114                }
 115        }
 116        return sanitized;
 117}
 118
 119char *prefix_path(const char *prefix, int len, const char *path)
 120{
 121        char *r = prefix_path_gently(prefix, len, NULL, path);
 122        if (!r)
 123                die(_("'%s' is outside repository"), path);
 124        return r;
 125}
 126
 127int path_inside_repo(const char *prefix, const char *path)
 128{
 129        int len = prefix ? strlen(prefix) : 0;
 130        char *r = prefix_path_gently(prefix, len, NULL, path);
 131        if (r) {
 132                free(r);
 133                return 1;
 134        }
 135        return 0;
 136}
 137
 138int check_filename(const char *prefix, const char *arg)
 139{
 140        char *to_free = NULL;
 141        struct stat st;
 142
 143        if (skip_prefix(arg, ":/", &arg)) {
 144                if (!*arg) /* ":/" is root dir, always exists */
 145                        return 1;
 146                prefix = NULL;
 147        } else if (skip_prefix(arg, ":!", &arg) ||
 148                   skip_prefix(arg, ":^", &arg)) {
 149                if (!*arg) /* excluding everything is silly, but allowed */
 150                        return 1;
 151        }
 152
 153        if (prefix)
 154                arg = to_free = prefix_filename(prefix, arg);
 155
 156        if (!lstat(arg, &st)) {
 157                free(to_free);
 158                return 1; /* file exists */
 159        }
 160        if (is_missing_file_error(errno)) {
 161                free(to_free);
 162                return 0; /* file does not exist */
 163        }
 164        die_errno(_("failed to stat '%s'"), arg);
 165}
 166
 167static void NORETURN die_verify_filename(const char *prefix,
 168                                         const char *arg,
 169                                         int diagnose_misspelt_rev)
 170{
 171        if (!diagnose_misspelt_rev)
 172                die(_("%s: no such path in the working tree.\n"
 173                      "Use 'git <command> -- <path>...' to specify paths that do not exist locally."),
 174                    arg);
 175        /*
 176         * Saying "'(icase)foo' does not exist in the index" when the
 177         * user gave us ":(icase)foo" is just stupid.  A magic pathspec
 178         * begins with a colon and is followed by a non-alnum; do not
 179         * let maybe_die_on_misspelt_object_name() even trigger.
 180         */
 181        if (!(arg[0] == ':' && !isalnum(arg[1])))
 182                maybe_die_on_misspelt_object_name(arg, prefix);
 183
 184        /* ... or fall back the most general message. */
 185        die(_("ambiguous argument '%s': unknown revision or path not in the working tree.\n"
 186              "Use '--' to separate paths from revisions, like this:\n"
 187              "'git <command> [<revision>...] -- [<file>...]'"), arg);
 188
 189}
 190
 191/*
 192 * Check for arguments that don't resolve as actual files,
 193 * but which look sufficiently like pathspecs that we'll consider
 194 * them such for the purposes of rev/pathspec DWIM parsing.
 195 */
 196static int looks_like_pathspec(const char *arg)
 197{
 198        /* anything with a wildcard character */
 199        if (!no_wildcard(arg))
 200                return 1;
 201
 202        /* long-form pathspec magic */
 203        if (starts_with(arg, ":("))
 204                return 1;
 205
 206        return 0;
 207}
 208
 209/*
 210 * Verify a filename that we got as an argument for a pathspec
 211 * entry. Note that a filename that begins with "-" never verifies
 212 * as true, because even if such a filename were to exist, we want
 213 * it to be preceded by the "--" marker (or we want the user to
 214 * use a format like "./-filename")
 215 *
 216 * The "diagnose_misspelt_rev" is used to provide a user-friendly
 217 * diagnosis when dying upon finding that "name" is not a pathname.
 218 * If set to 1, the diagnosis will try to diagnose "name" as an
 219 * invalid object name (e.g. HEAD:foo). If set to 0, the diagnosis
 220 * will only complain about an inexisting file.
 221 *
 222 * This function is typically called to check that a "file or rev"
 223 * argument is unambiguous. In this case, the caller will want
 224 * diagnose_misspelt_rev == 1 when verifying the first non-rev
 225 * argument (which could have been a revision), and
 226 * diagnose_misspelt_rev == 0 for the next ones (because we already
 227 * saw a filename, there's not ambiguity anymore).
 228 */
 229void verify_filename(const char *prefix,
 230                     const char *arg,
 231                     int diagnose_misspelt_rev)
 232{
 233        if (*arg == '-')
 234                die(_("option '%s' must come before non-option arguments"), arg);
 235        if (looks_like_pathspec(arg) || check_filename(prefix, arg))
 236                return;
 237        die_verify_filename(prefix, arg, diagnose_misspelt_rev);
 238}
 239
 240/*
 241 * Opposite of the above: the command line did not have -- marker
 242 * and we parsed the arg as a refname.  It should not be interpretable
 243 * as a filename.
 244 */
 245void verify_non_filename(const char *prefix, const char *arg)
 246{
 247        if (!is_inside_work_tree() || is_inside_git_dir())
 248                return;
 249        if (*arg == '-')
 250                return; /* flag */
 251        if (!check_filename(prefix, arg))
 252                return;
 253        die(_("ambiguous argument '%s': both revision and filename\n"
 254              "Use '--' to separate paths from revisions, like this:\n"
 255              "'git <command> [<revision>...] -- [<file>...]'"), arg);
 256}
 257
 258int get_common_dir(struct strbuf *sb, const char *gitdir)
 259{
 260        const char *git_env_common_dir = getenv(GIT_COMMON_DIR_ENVIRONMENT);
 261        if (git_env_common_dir) {
 262                strbuf_addstr(sb, git_env_common_dir);
 263                return 1;
 264        } else {
 265                return get_common_dir_noenv(sb, gitdir);
 266        }
 267}
 268
 269int get_common_dir_noenv(struct strbuf *sb, const char *gitdir)
 270{
 271        struct strbuf data = STRBUF_INIT;
 272        struct strbuf path = STRBUF_INIT;
 273        int ret = 0;
 274
 275        strbuf_addf(&path, "%s/commondir", gitdir);
 276        if (file_exists(path.buf)) {
 277                if (strbuf_read_file(&data, path.buf, 0) <= 0)
 278                        die_errno(_("failed to read %s"), path.buf);
 279                while (data.len && (data.buf[data.len - 1] == '\n' ||
 280                                    data.buf[data.len - 1] == '\r'))
 281                        data.len--;
 282                data.buf[data.len] = '\0';
 283                strbuf_reset(&path);
 284                if (!is_absolute_path(data.buf))
 285                        strbuf_addf(&path, "%s/", gitdir);
 286                strbuf_addbuf(&path, &data);
 287                strbuf_add_real_path(sb, path.buf);
 288                ret = 1;
 289        } else {
 290                strbuf_addstr(sb, gitdir);
 291        }
 292
 293        strbuf_release(&data);
 294        strbuf_release(&path);
 295        return ret;
 296}
 297
 298/*
 299 * Test if it looks like we're at a git directory.
 300 * We want to see:
 301 *
 302 *  - either an objects/ directory _or_ the proper
 303 *    GIT_OBJECT_DIRECTORY environment variable
 304 *  - a refs/ directory
 305 *  - either a HEAD symlink or a HEAD file that is formatted as
 306 *    a proper "ref:", or a regular file HEAD that has a properly
 307 *    formatted sha1 object name.
 308 */
 309int is_git_directory(const char *suspect)
 310{
 311        struct strbuf path = STRBUF_INIT;
 312        int ret = 0;
 313        size_t len;
 314
 315        /* Check worktree-related signatures */
 316        strbuf_addstr(&path, suspect);
 317        strbuf_complete(&path, '/');
 318        strbuf_addstr(&path, "HEAD");
 319        if (validate_headref(path.buf))
 320                goto done;
 321
 322        strbuf_reset(&path);
 323        get_common_dir(&path, suspect);
 324        len = path.len;
 325
 326        /* Check non-worktree-related signatures */
 327        if (getenv(DB_ENVIRONMENT)) {
 328                if (access(getenv(DB_ENVIRONMENT), X_OK))
 329                        goto done;
 330        }
 331        else {
 332                strbuf_setlen(&path, len);
 333                strbuf_addstr(&path, "/objects");
 334                if (access(path.buf, X_OK))
 335                        goto done;
 336        }
 337
 338        strbuf_setlen(&path, len);
 339        strbuf_addstr(&path, "/refs");
 340        if (access(path.buf, X_OK))
 341                goto done;
 342
 343        ret = 1;
 344done:
 345        strbuf_release(&path);
 346        return ret;
 347}
 348
 349int is_nonbare_repository_dir(struct strbuf *path)
 350{
 351        int ret = 0;
 352        int gitfile_error;
 353        size_t orig_path_len = path->len;
 354        assert(orig_path_len != 0);
 355        strbuf_complete(path, '/');
 356        strbuf_addstr(path, ".git");
 357        if (read_gitfile_gently(path->buf, &gitfile_error) || is_git_directory(path->buf))
 358                ret = 1;
 359        if (gitfile_error == READ_GITFILE_ERR_OPEN_FAILED ||
 360            gitfile_error == READ_GITFILE_ERR_READ_FAILED)
 361                ret = 1;
 362        strbuf_setlen(path, orig_path_len);
 363        return ret;
 364}
 365
 366int is_inside_git_dir(void)
 367{
 368        if (inside_git_dir < 0)
 369                inside_git_dir = is_inside_dir(get_git_dir());
 370        return inside_git_dir;
 371}
 372
 373int is_inside_work_tree(void)
 374{
 375        if (inside_work_tree < 0)
 376                inside_work_tree = is_inside_dir(get_git_work_tree());
 377        return inside_work_tree;
 378}
 379
 380void setup_work_tree(void)
 381{
 382        const char *work_tree;
 383        static int initialized = 0;
 384
 385        if (initialized)
 386                return;
 387
 388        if (work_tree_config_is_bogus)
 389                die(_("unable to set up work tree using invalid config"));
 390
 391        work_tree = get_git_work_tree();
 392        if (!work_tree || chdir_notify(work_tree))
 393                die(_("this operation must be run in a work tree"));
 394
 395        /*
 396         * Make sure subsequent git processes find correct worktree
 397         * if $GIT_WORK_TREE is set relative
 398         */
 399        if (getenv(GIT_WORK_TREE_ENVIRONMENT))
 400                setenv(GIT_WORK_TREE_ENVIRONMENT, ".", 1);
 401
 402        initialized = 1;
 403}
 404
 405static int read_worktree_config(const char *var, const char *value, void *vdata)
 406{
 407        struct repository_format *data = vdata;
 408
 409        if (strcmp(var, "core.bare") == 0) {
 410                data->is_bare = git_config_bool(var, value);
 411        } else if (strcmp(var, "core.worktree") == 0) {
 412                if (!value)
 413                        return config_error_nonbool(var);
 414                data->work_tree = xstrdup(value);
 415        }
 416        return 0;
 417}
 418
 419static int check_repo_format(const char *var, const char *value, void *vdata)
 420{
 421        struct repository_format *data = vdata;
 422        const char *ext;
 423
 424        if (strcmp(var, "core.repositoryformatversion") == 0)
 425                data->version = git_config_int(var, value);
 426        else if (skip_prefix(var, "extensions.", &ext)) {
 427                /*
 428                 * record any known extensions here; otherwise,
 429                 * we fall through to recording it as unknown, and
 430                 * check_repository_format will complain
 431                 */
 432                if (!strcmp(ext, "noop"))
 433                        ;
 434                else if (!strcmp(ext, "preciousobjects"))
 435                        data->precious_objects = git_config_bool(var, value);
 436                else if (!strcmp(ext, "partialclone")) {
 437                        if (!value)
 438                                return config_error_nonbool(var);
 439                        data->partial_clone = xstrdup(value);
 440                } else if (!strcmp(ext, "worktreeconfig"))
 441                        data->worktree_config = git_config_bool(var, value);
 442                else
 443                        string_list_append(&data->unknown_extensions, ext);
 444        }
 445
 446        return read_worktree_config(var, value, vdata);
 447}
 448
 449static int check_repository_format_gently(const char *gitdir, struct repository_format *candidate, int *nongit_ok)
 450{
 451        struct strbuf sb = STRBUF_INIT;
 452        struct strbuf err = STRBUF_INIT;
 453        int has_common;
 454
 455        has_common = get_common_dir(&sb, gitdir);
 456        strbuf_addstr(&sb, "/config");
 457        read_repository_format(candidate, sb.buf);
 458        strbuf_release(&sb);
 459
 460        /*
 461         * For historical use of check_repository_format() in git-init,
 462         * we treat a missing config as a silent "ok", even when nongit_ok
 463         * is unset.
 464         */
 465        if (candidate->version < 0)
 466                return 0;
 467
 468        if (verify_repository_format(candidate, &err) < 0) {
 469                if (nongit_ok) {
 470                        warning("%s", err.buf);
 471                        strbuf_release(&err);
 472                        *nongit_ok = -1;
 473                        return -1;
 474                }
 475                die("%s", err.buf);
 476        }
 477
 478        repository_format_precious_objects = candidate->precious_objects;
 479        repository_format_partial_clone = candidate->partial_clone;
 480        repository_format_worktree_config = candidate->worktree_config;
 481        string_list_clear(&candidate->unknown_extensions, 0);
 482
 483        if (repository_format_worktree_config) {
 484                /*
 485                 * pick up core.bare and core.worktree from per-worktree
 486                 * config if present
 487                 */
 488                strbuf_addf(&sb, "%s/config.worktree", gitdir);
 489                git_config_from_file(read_worktree_config, sb.buf, candidate);
 490                strbuf_release(&sb);
 491                has_common = 0;
 492        }
 493
 494        if (!has_common) {
 495                if (candidate->is_bare != -1) {
 496                        is_bare_repository_cfg = candidate->is_bare;
 497                        if (is_bare_repository_cfg == 1)
 498                                inside_work_tree = -1;
 499                }
 500                if (candidate->work_tree) {
 501                        free(git_work_tree_cfg);
 502                        git_work_tree_cfg = candidate->work_tree;
 503                        inside_work_tree = -1;
 504                }
 505        } else {
 506                free(candidate->work_tree);
 507        }
 508
 509        return 0;
 510}
 511
 512int read_repository_format(struct repository_format *format, const char *path)
 513{
 514        memset(format, 0, sizeof(*format));
 515        format->version = -1;
 516        format->is_bare = -1;
 517        format->hash_algo = GIT_HASH_SHA1;
 518        string_list_init(&format->unknown_extensions, 1);
 519        git_config_from_file(check_repo_format, path, format);
 520        return format->version;
 521}
 522
 523int verify_repository_format(const struct repository_format *format,
 524                             struct strbuf *err)
 525{
 526        if (GIT_REPO_VERSION_READ < format->version) {
 527                strbuf_addf(err, _("Expected git repo version <= %d, found %d"),
 528                            GIT_REPO_VERSION_READ, format->version);
 529                return -1;
 530        }
 531
 532        if (format->version >= 1 && format->unknown_extensions.nr) {
 533                int i;
 534
 535                strbuf_addstr(err, _("unknown repository extensions found:"));
 536
 537                for (i = 0; i < format->unknown_extensions.nr; i++)
 538                        strbuf_addf(err, "\n\t%s",
 539                                    format->unknown_extensions.items[i].string);
 540                return -1;
 541        }
 542
 543        return 0;
 544}
 545
 546void read_gitfile_error_die(int error_code, const char *path, const char *dir)
 547{
 548        switch (error_code) {
 549        case READ_GITFILE_ERR_STAT_FAILED:
 550        case READ_GITFILE_ERR_NOT_A_FILE:
 551                /* non-fatal; follow return path */
 552                break;
 553        case READ_GITFILE_ERR_OPEN_FAILED:
 554                die_errno(_("error opening '%s'"), path);
 555        case READ_GITFILE_ERR_TOO_LARGE:
 556                die(_("too large to be a .git file: '%s'"), path);
 557        case READ_GITFILE_ERR_READ_FAILED:
 558                die(_("error reading %s"), path);
 559        case READ_GITFILE_ERR_INVALID_FORMAT:
 560                die(_("invalid gitfile format: %s"), path);
 561        case READ_GITFILE_ERR_NO_PATH:
 562                die(_("no path in gitfile: %s"), path);
 563        case READ_GITFILE_ERR_NOT_A_REPO:
 564                die(_("not a git repository: %s"), dir);
 565        default:
 566                BUG("unknown error code");
 567        }
 568}
 569
 570/*
 571 * Try to read the location of the git directory from the .git file,
 572 * return path to git directory if found. The return value comes from
 573 * a shared buffer.
 574 *
 575 * On failure, if return_error_code is not NULL, return_error_code
 576 * will be set to an error code and NULL will be returned. If
 577 * return_error_code is NULL the function will die instead (for most
 578 * cases).
 579 */
 580const char *read_gitfile_gently(const char *path, int *return_error_code)
 581{
 582        const int max_file_size = 1 << 20;  /* 1MB */
 583        int error_code = 0;
 584        char *buf = NULL;
 585        char *dir = NULL;
 586        const char *slash;
 587        struct stat st;
 588        int fd;
 589        ssize_t len;
 590
 591        if (stat(path, &st)) {
 592                /* NEEDSWORK: discern between ENOENT vs other errors */
 593                error_code = READ_GITFILE_ERR_STAT_FAILED;
 594                goto cleanup_return;
 595        }
 596        if (!S_ISREG(st.st_mode)) {
 597                error_code = READ_GITFILE_ERR_NOT_A_FILE;
 598                goto cleanup_return;
 599        }
 600        if (st.st_size > max_file_size) {
 601                error_code = READ_GITFILE_ERR_TOO_LARGE;
 602                goto cleanup_return;
 603        }
 604        fd = open(path, O_RDONLY);
 605        if (fd < 0) {
 606                error_code = READ_GITFILE_ERR_OPEN_FAILED;
 607                goto cleanup_return;
 608        }
 609        buf = xmallocz(st.st_size);
 610        len = read_in_full(fd, buf, st.st_size);
 611        close(fd);
 612        if (len != st.st_size) {
 613                error_code = READ_GITFILE_ERR_READ_FAILED;
 614                goto cleanup_return;
 615        }
 616        if (!starts_with(buf, "gitdir: ")) {
 617                error_code = READ_GITFILE_ERR_INVALID_FORMAT;
 618                goto cleanup_return;
 619        }
 620        while (buf[len - 1] == '\n' || buf[len - 1] == '\r')
 621                len--;
 622        if (len < 9) {
 623                error_code = READ_GITFILE_ERR_NO_PATH;
 624                goto cleanup_return;
 625        }
 626        buf[len] = '\0';
 627        dir = buf + 8;
 628
 629        if (!is_absolute_path(dir) && (slash = strrchr(path, '/'))) {
 630                size_t pathlen = slash+1 - path;
 631                dir = xstrfmt("%.*s%.*s", (int)pathlen, path,
 632                              (int)(len - 8), buf + 8);
 633                free(buf);
 634                buf = dir;
 635        }
 636        if (!is_git_directory(dir)) {
 637                error_code = READ_GITFILE_ERR_NOT_A_REPO;
 638                goto cleanup_return;
 639        }
 640        path = real_path(dir);
 641
 642cleanup_return:
 643        if (return_error_code)
 644                *return_error_code = error_code;
 645        else if (error_code)
 646                read_gitfile_error_die(error_code, path, dir);
 647
 648        free(buf);
 649        return error_code ? NULL : path;
 650}
 651
 652static const char *setup_explicit_git_dir(const char *gitdirenv,
 653                                          struct strbuf *cwd,
 654                                          struct repository_format *repo_fmt,
 655                                          int *nongit_ok)
 656{
 657        const char *work_tree_env = getenv(GIT_WORK_TREE_ENVIRONMENT);
 658        const char *worktree;
 659        char *gitfile;
 660        int offset;
 661
 662        if (PATH_MAX - 40 < strlen(gitdirenv))
 663                die(_("'$%s' too big"), GIT_DIR_ENVIRONMENT);
 664
 665        gitfile = (char*)read_gitfile(gitdirenv);
 666        if (gitfile) {
 667                gitfile = xstrdup(gitfile);
 668                gitdirenv = gitfile;
 669        }
 670
 671        if (!is_git_directory(gitdirenv)) {
 672                if (nongit_ok) {
 673                        *nongit_ok = 1;
 674                        free(gitfile);
 675                        return NULL;
 676                }
 677                die(_("not a git repository: '%s'"), gitdirenv);
 678        }
 679
 680        if (check_repository_format_gently(gitdirenv, repo_fmt, nongit_ok)) {
 681                free(gitfile);
 682                return NULL;
 683        }
 684
 685        /* #3, #7, #11, #15, #19, #23, #27, #31 (see t1510) */
 686        if (work_tree_env)
 687                set_git_work_tree(work_tree_env);
 688        else if (is_bare_repository_cfg > 0) {
 689                if (git_work_tree_cfg) {
 690                        /* #22.2, #30 */
 691                        warning("core.bare and core.worktree do not make sense");
 692                        work_tree_config_is_bogus = 1;
 693                }
 694
 695                /* #18, #26 */
 696                set_git_dir(gitdirenv);
 697                free(gitfile);
 698                return NULL;
 699        }
 700        else if (git_work_tree_cfg) { /* #6, #14 */
 701                if (is_absolute_path(git_work_tree_cfg))
 702                        set_git_work_tree(git_work_tree_cfg);
 703                else {
 704                        char *core_worktree;
 705                        if (chdir(gitdirenv))
 706                                die_errno(_("cannot chdir to '%s'"), gitdirenv);
 707                        if (chdir(git_work_tree_cfg))
 708                                die_errno(_("cannot chdir to '%s'"), git_work_tree_cfg);
 709                        core_worktree = xgetcwd();
 710                        if (chdir(cwd->buf))
 711                                die_errno(_("cannot come back to cwd"));
 712                        set_git_work_tree(core_worktree);
 713                        free(core_worktree);
 714                }
 715        }
 716        else if (!git_env_bool(GIT_IMPLICIT_WORK_TREE_ENVIRONMENT, 1)) {
 717                /* #16d */
 718                set_git_dir(gitdirenv);
 719                free(gitfile);
 720                return NULL;
 721        }
 722        else /* #2, #10 */
 723                set_git_work_tree(".");
 724
 725        /* set_git_work_tree() must have been called by now */
 726        worktree = get_git_work_tree();
 727
 728        /* both get_git_work_tree() and cwd are already normalized */
 729        if (!strcmp(cwd->buf, worktree)) { /* cwd == worktree */
 730                set_git_dir(gitdirenv);
 731                free(gitfile);
 732                return NULL;
 733        }
 734
 735        offset = dir_inside_of(cwd->buf, worktree);
 736        if (offset >= 0) {      /* cwd inside worktree? */
 737                set_git_dir(real_path(gitdirenv));
 738                if (chdir(worktree))
 739                        die_errno(_("cannot chdir to '%s'"), worktree);
 740                strbuf_addch(cwd, '/');
 741                free(gitfile);
 742                return cwd->buf + offset;
 743        }
 744
 745        /* cwd outside worktree */
 746        set_git_dir(gitdirenv);
 747        free(gitfile);
 748        return NULL;
 749}
 750
 751static const char *setup_discovered_git_dir(const char *gitdir,
 752                                            struct strbuf *cwd, int offset,
 753                                            struct repository_format *repo_fmt,
 754                                            int *nongit_ok)
 755{
 756        if (check_repository_format_gently(gitdir, repo_fmt, nongit_ok))
 757                return NULL;
 758
 759        /* --work-tree is set without --git-dir; use discovered one */
 760        if (getenv(GIT_WORK_TREE_ENVIRONMENT) || git_work_tree_cfg) {
 761                char *to_free = NULL;
 762                const char *ret;
 763
 764                if (offset != cwd->len && !is_absolute_path(gitdir))
 765                        gitdir = to_free = real_pathdup(gitdir, 1);
 766                if (chdir(cwd->buf))
 767                        die_errno(_("cannot come back to cwd"));
 768                ret = setup_explicit_git_dir(gitdir, cwd, repo_fmt, nongit_ok);
 769                free(to_free);
 770                return ret;
 771        }
 772
 773        /* #16.2, #17.2, #20.2, #21.2, #24, #25, #28, #29 (see t1510) */
 774        if (is_bare_repository_cfg > 0) {
 775                set_git_dir(offset == cwd->len ? gitdir : real_path(gitdir));
 776                if (chdir(cwd->buf))
 777                        die_errno(_("cannot come back to cwd"));
 778                return NULL;
 779        }
 780
 781        /* #0, #1, #5, #8, #9, #12, #13 */
 782        set_git_work_tree(".");
 783        if (strcmp(gitdir, DEFAULT_GIT_DIR_ENVIRONMENT))
 784                set_git_dir(gitdir);
 785        inside_git_dir = 0;
 786        inside_work_tree = 1;
 787        if (offset == cwd->len)
 788                return NULL;
 789
 790        /* Make "offset" point past the '/' (already the case for root dirs) */
 791        if (offset != offset_1st_component(cwd->buf))
 792                offset++;
 793        /* Add a '/' at the end */
 794        strbuf_addch(cwd, '/');
 795        return cwd->buf + offset;
 796}
 797
 798/* #16.1, #17.1, #20.1, #21.1, #22.1 (see t1510) */
 799static const char *setup_bare_git_dir(struct strbuf *cwd, int offset,
 800                                      struct repository_format *repo_fmt,
 801                                      int *nongit_ok)
 802{
 803        int root_len;
 804
 805        if (check_repository_format_gently(".", repo_fmt, nongit_ok))
 806                return NULL;
 807
 808        setenv(GIT_IMPLICIT_WORK_TREE_ENVIRONMENT, "0", 1);
 809
 810        /* --work-tree is set without --git-dir; use discovered one */
 811        if (getenv(GIT_WORK_TREE_ENVIRONMENT) || git_work_tree_cfg) {
 812                static const char *gitdir;
 813
 814                gitdir = offset == cwd->len ? "." : xmemdupz(cwd->buf, offset);
 815                if (chdir(cwd->buf))
 816                        die_errno(_("cannot come back to cwd"));
 817                return setup_explicit_git_dir(gitdir, cwd, repo_fmt, nongit_ok);
 818        }
 819
 820        inside_git_dir = 1;
 821        inside_work_tree = 0;
 822        if (offset != cwd->len) {
 823                if (chdir(cwd->buf))
 824                        die_errno(_("cannot come back to cwd"));
 825                root_len = offset_1st_component(cwd->buf);
 826                strbuf_setlen(cwd, offset > root_len ? offset : root_len);
 827                set_git_dir(cwd->buf);
 828        }
 829        else
 830                set_git_dir(".");
 831        return NULL;
 832}
 833
 834static dev_t get_device_or_die(const char *path, const char *prefix, int prefix_len)
 835{
 836        struct stat buf;
 837        if (stat(path, &buf)) {
 838                die_errno(_("failed to stat '%*s%s%s'"),
 839                                prefix_len,
 840                                prefix ? prefix : "",
 841                                prefix ? "/" : "", path);
 842        }
 843        return buf.st_dev;
 844}
 845
 846/*
 847 * A "string_list_each_func_t" function that canonicalizes an entry
 848 * from GIT_CEILING_DIRECTORIES using real_path_if_valid(), or
 849 * discards it if unusable.  The presence of an empty entry in
 850 * GIT_CEILING_DIRECTORIES turns off canonicalization for all
 851 * subsequent entries.
 852 */
 853static int canonicalize_ceiling_entry(struct string_list_item *item,
 854                                      void *cb_data)
 855{
 856        int *empty_entry_found = cb_data;
 857        char *ceil = item->string;
 858
 859        if (!*ceil) {
 860                *empty_entry_found = 1;
 861                return 0;
 862        } else if (!is_absolute_path(ceil)) {
 863                return 0;
 864        } else if (*empty_entry_found) {
 865                /* Keep entry but do not canonicalize it */
 866                return 1;
 867        } else {
 868                char *real_path = real_pathdup(ceil, 0);
 869                if (!real_path) {
 870                        return 0;
 871                }
 872                free(item->string);
 873                item->string = real_path;
 874                return 1;
 875        }
 876}
 877
 878enum discovery_result {
 879        GIT_DIR_NONE = 0,
 880        GIT_DIR_EXPLICIT,
 881        GIT_DIR_DISCOVERED,
 882        GIT_DIR_BARE,
 883        /* these are errors */
 884        GIT_DIR_HIT_CEILING = -1,
 885        GIT_DIR_HIT_MOUNT_POINT = -2,
 886        GIT_DIR_INVALID_GITFILE = -3
 887};
 888
 889/*
 890 * We cannot decide in this function whether we are in the work tree or
 891 * not, since the config can only be read _after_ this function was called.
 892 *
 893 * Also, we avoid changing any global state (such as the current working
 894 * directory) to allow early callers.
 895 *
 896 * The directory where the search should start needs to be passed in via the
 897 * `dir` parameter; upon return, the `dir` buffer will contain the path of
 898 * the directory where the search ended, and `gitdir` will contain the path of
 899 * the discovered .git/ directory, if any. If `gitdir` is not absolute, it
 900 * is relative to `dir` (i.e. *not* necessarily the cwd).
 901 */
 902static enum discovery_result setup_git_directory_gently_1(struct strbuf *dir,
 903                                                          struct strbuf *gitdir,
 904                                                          int die_on_error)
 905{
 906        const char *env_ceiling_dirs = getenv(CEILING_DIRECTORIES_ENVIRONMENT);
 907        struct string_list ceiling_dirs = STRING_LIST_INIT_DUP;
 908        const char *gitdirenv;
 909        int ceil_offset = -1, min_offset = has_dos_drive_prefix(dir->buf) ? 3 : 1;
 910        dev_t current_device = 0;
 911        int one_filesystem = 1;
 912
 913        /*
 914         * If GIT_DIR is set explicitly, we're not going
 915         * to do any discovery, but we still do repository
 916         * validation.
 917         */
 918        gitdirenv = getenv(GIT_DIR_ENVIRONMENT);
 919        if (gitdirenv) {
 920                strbuf_addstr(gitdir, gitdirenv);
 921                return GIT_DIR_EXPLICIT;
 922        }
 923
 924        if (env_ceiling_dirs) {
 925                int empty_entry_found = 0;
 926
 927                string_list_split(&ceiling_dirs, env_ceiling_dirs, PATH_SEP, -1);
 928                filter_string_list(&ceiling_dirs, 0,
 929                                   canonicalize_ceiling_entry, &empty_entry_found);
 930                ceil_offset = longest_ancestor_length(dir->buf, &ceiling_dirs);
 931                string_list_clear(&ceiling_dirs, 0);
 932        }
 933
 934        if (ceil_offset < 0)
 935                ceil_offset = min_offset - 2;
 936
 937        /*
 938         * Test in the following order (relative to the dir):
 939         * - .git (file containing "gitdir: <path>")
 940         * - .git/
 941         * - ./ (bare)
 942         * - ../.git
 943         * - ../.git/
 944         * - ../ (bare)
 945         * - ../../.git
 946         *   etc.
 947         */
 948        one_filesystem = !git_env_bool("GIT_DISCOVERY_ACROSS_FILESYSTEM", 0);
 949        if (one_filesystem)
 950                current_device = get_device_or_die(dir->buf, NULL, 0);
 951        for (;;) {
 952                int offset = dir->len, error_code = 0;
 953
 954                if (offset > min_offset)
 955                        strbuf_addch(dir, '/');
 956                strbuf_addstr(dir, DEFAULT_GIT_DIR_ENVIRONMENT);
 957                gitdirenv = read_gitfile_gently(dir->buf, die_on_error ?
 958                                                NULL : &error_code);
 959                if (!gitdirenv) {
 960                        if (die_on_error ||
 961                            error_code == READ_GITFILE_ERR_NOT_A_FILE) {
 962                                /* NEEDSWORK: fail if .git is not file nor dir */
 963                                if (is_git_directory(dir->buf))
 964                                        gitdirenv = DEFAULT_GIT_DIR_ENVIRONMENT;
 965                        } else if (error_code != READ_GITFILE_ERR_STAT_FAILED)
 966                                return GIT_DIR_INVALID_GITFILE;
 967                }
 968                strbuf_setlen(dir, offset);
 969                if (gitdirenv) {
 970                        strbuf_addstr(gitdir, gitdirenv);
 971                        return GIT_DIR_DISCOVERED;
 972                }
 973
 974                if (is_git_directory(dir->buf)) {
 975                        strbuf_addstr(gitdir, ".");
 976                        return GIT_DIR_BARE;
 977                }
 978
 979                if (offset <= min_offset)
 980                        return GIT_DIR_HIT_CEILING;
 981
 982                while (--offset > ceil_offset && !is_dir_sep(dir->buf[offset]))
 983                        ; /* continue */
 984                if (offset <= ceil_offset)
 985                        return GIT_DIR_HIT_CEILING;
 986
 987                strbuf_setlen(dir, offset > min_offset ?  offset : min_offset);
 988                if (one_filesystem &&
 989                    current_device != get_device_or_die(dir->buf, NULL, offset))
 990                        return GIT_DIR_HIT_MOUNT_POINT;
 991        }
 992}
 993
 994int discover_git_directory(struct strbuf *commondir,
 995                           struct strbuf *gitdir)
 996{
 997        struct strbuf dir = STRBUF_INIT, err = STRBUF_INIT;
 998        size_t gitdir_offset = gitdir->len, cwd_len;
 999        size_t commondir_offset = commondir->len;
1000        struct repository_format candidate;
1001
1002        if (strbuf_getcwd(&dir))
1003                return -1;
1004
1005        cwd_len = dir.len;
1006        if (setup_git_directory_gently_1(&dir, gitdir, 0) <= 0) {
1007                strbuf_release(&dir);
1008                return -1;
1009        }
1010
1011        /*
1012         * The returned gitdir is relative to dir, and if dir does not reflect
1013         * the current working directory, we simply make the gitdir absolute.
1014         */
1015        if (dir.len < cwd_len && !is_absolute_path(gitdir->buf + gitdir_offset)) {
1016                /* Avoid a trailing "/." */
1017                if (!strcmp(".", gitdir->buf + gitdir_offset))
1018                        strbuf_setlen(gitdir, gitdir_offset);
1019                else
1020                        strbuf_addch(&dir, '/');
1021                strbuf_insert(gitdir, gitdir_offset, dir.buf, dir.len);
1022        }
1023
1024        get_common_dir(commondir, gitdir->buf + gitdir_offset);
1025
1026        strbuf_reset(&dir);
1027        strbuf_addf(&dir, "%s/config", commondir->buf + commondir_offset);
1028        read_repository_format(&candidate, dir.buf);
1029        strbuf_release(&dir);
1030
1031        if (verify_repository_format(&candidate, &err) < 0) {
1032                warning("ignoring git dir '%s': %s",
1033                        gitdir->buf + gitdir_offset, err.buf);
1034                strbuf_release(&err);
1035                strbuf_setlen(commondir, commondir_offset);
1036                strbuf_setlen(gitdir, gitdir_offset);
1037                return -1;
1038        }
1039
1040        return 0;
1041}
1042
1043const char *setup_git_directory_gently(int *nongit_ok)
1044{
1045        static struct strbuf cwd = STRBUF_INIT;
1046        struct strbuf dir = STRBUF_INIT, gitdir = STRBUF_INIT;
1047        const char *prefix = NULL;
1048        struct repository_format repo_fmt;
1049
1050        /*
1051         * We may have read an incomplete configuration before
1052         * setting-up the git directory. If so, clear the cache so
1053         * that the next queries to the configuration reload complete
1054         * configuration (including the per-repo config file that we
1055         * ignored previously).
1056         */
1057        git_config_clear();
1058
1059        /*
1060         * Let's assume that we are in a git repository.
1061         * If it turns out later that we are somewhere else, the value will be
1062         * updated accordingly.
1063         */
1064        if (nongit_ok)
1065                *nongit_ok = 0;
1066
1067        if (strbuf_getcwd(&cwd))
1068                die_errno(_("Unable to read current working directory"));
1069        strbuf_addbuf(&dir, &cwd);
1070
1071        switch (setup_git_directory_gently_1(&dir, &gitdir, 1)) {
1072        case GIT_DIR_EXPLICIT:
1073                prefix = setup_explicit_git_dir(gitdir.buf, &cwd, &repo_fmt, nongit_ok);
1074                break;
1075        case GIT_DIR_DISCOVERED:
1076                if (dir.len < cwd.len && chdir(dir.buf))
1077                        die(_("cannot change to '%s'"), dir.buf);
1078                prefix = setup_discovered_git_dir(gitdir.buf, &cwd, dir.len,
1079                                                  &repo_fmt, nongit_ok);
1080                break;
1081        case GIT_DIR_BARE:
1082                if (dir.len < cwd.len && chdir(dir.buf))
1083                        die(_("cannot change to '%s'"), dir.buf);
1084                prefix = setup_bare_git_dir(&cwd, dir.len, &repo_fmt, nongit_ok);
1085                break;
1086        case GIT_DIR_HIT_CEILING:
1087                if (!nongit_ok)
1088                        die(_("not a git repository (or any of the parent directories): %s"),
1089                            DEFAULT_GIT_DIR_ENVIRONMENT);
1090                *nongit_ok = 1;
1091                break;
1092        case GIT_DIR_HIT_MOUNT_POINT:
1093                if (!nongit_ok)
1094                        die(_("not a git repository (or any parent up to mount point %s)\n"
1095                              "Stopping at filesystem boundary (GIT_DISCOVERY_ACROSS_FILESYSTEM not set)."),
1096                            dir.buf);
1097                *nongit_ok = 1;
1098                break;
1099        case GIT_DIR_NONE:
1100                /*
1101                 * As a safeguard against setup_git_directory_gently_1 returning
1102                 * this value, fallthrough to BUG. Otherwise it is possible to
1103                 * set startup_info->have_repository to 1 when we did nothing to
1104                 * find a repository.
1105                 */
1106        default:
1107                BUG("unhandled setup_git_directory_1() result");
1108        }
1109
1110        /*
1111         * At this point, nongit_ok is stable. If it is non-NULL and points
1112         * to a non-zero value, then this means that we haven't found a
1113         * repository and that the caller expects startup_info to reflect
1114         * this.
1115         *
1116         * Regardless of the state of nongit_ok, startup_info->prefix and
1117         * the GIT_PREFIX environment variable must always match. For details
1118         * see Documentation/config/alias.txt.
1119         */
1120        if (nongit_ok && *nongit_ok) {
1121                startup_info->have_repository = 0;
1122                startup_info->prefix = NULL;
1123                setenv(GIT_PREFIX_ENVIRONMENT, "", 1);
1124        } else {
1125                startup_info->have_repository = 1;
1126                startup_info->prefix = prefix;
1127                if (prefix)
1128                        setenv(GIT_PREFIX_ENVIRONMENT, prefix, 1);
1129                else
1130                        setenv(GIT_PREFIX_ENVIRONMENT, "", 1);
1131        }
1132
1133        /*
1134         * Not all paths through the setup code will call 'set_git_dir()' (which
1135         * directly sets up the environment) so in order to guarantee that the
1136         * environment is in a consistent state after setup, explicitly setup
1137         * the environment if we have a repository.
1138         *
1139         * NEEDSWORK: currently we allow bogus GIT_DIR values to be set in some
1140         * code paths so we also need to explicitly setup the environment if
1141         * the user has set GIT_DIR.  It may be beneficial to disallow bogus
1142         * GIT_DIR values at some point in the future.
1143         */
1144        if (/* GIT_DIR_EXPLICIT, GIT_DIR_DISCOVERED, GIT_DIR_BARE */
1145            startup_info->have_repository ||
1146            /* GIT_DIR_EXPLICIT */
1147            getenv(GIT_DIR_ENVIRONMENT)) {
1148                if (!the_repository->gitdir) {
1149                        const char *gitdir = getenv(GIT_DIR_ENVIRONMENT);
1150                        if (!gitdir)
1151                                gitdir = DEFAULT_GIT_DIR_ENVIRONMENT;
1152                        setup_git_env(gitdir);
1153                }
1154                if (startup_info->have_repository)
1155                        repo_set_hash_algo(the_repository, repo_fmt.hash_algo);
1156        }
1157
1158        strbuf_release(&dir);
1159        strbuf_release(&gitdir);
1160
1161        return prefix;
1162}
1163
1164int git_config_perm(const char *var, const char *value)
1165{
1166        int i;
1167        char *endptr;
1168
1169        if (value == NULL)
1170                return PERM_GROUP;
1171
1172        if (!strcmp(value, "umask"))
1173                return PERM_UMASK;
1174        if (!strcmp(value, "group"))
1175                return PERM_GROUP;
1176        if (!strcmp(value, "all") ||
1177            !strcmp(value, "world") ||
1178            !strcmp(value, "everybody"))
1179                return PERM_EVERYBODY;
1180
1181        /* Parse octal numbers */
1182        i = strtol(value, &endptr, 8);
1183
1184        /* If not an octal number, maybe true/false? */
1185        if (*endptr != 0)
1186                return git_config_bool(var, value) ? PERM_GROUP : PERM_UMASK;
1187
1188        /*
1189         * Treat values 0, 1 and 2 as compatibility cases, otherwise it is
1190         * a chmod value to restrict to.
1191         */
1192        switch (i) {
1193        case PERM_UMASK:               /* 0 */
1194                return PERM_UMASK;
1195        case OLD_PERM_GROUP:           /* 1 */
1196                return PERM_GROUP;
1197        case OLD_PERM_EVERYBODY:       /* 2 */
1198                return PERM_EVERYBODY;
1199        }
1200
1201        /* A filemode value was given: 0xxx */
1202
1203        if ((i & 0600) != 0600)
1204                die(_("problem with core.sharedRepository filemode value "
1205                    "(0%.3o).\nThe owner of files must always have "
1206                    "read and write permissions."), i);
1207
1208        /*
1209         * Mask filemode value. Others can not get write permission.
1210         * x flags for directories are handled separately.
1211         */
1212        return -(i & 0666);
1213}
1214
1215void check_repository_format(void)
1216{
1217        struct repository_format repo_fmt;
1218        check_repository_format_gently(get_git_dir(), &repo_fmt, NULL);
1219        startup_info->have_repository = 1;
1220}
1221
1222/*
1223 * Returns the "prefix", a path to the current working directory
1224 * relative to the work tree root, or NULL, if the current working
1225 * directory is not a strict subdirectory of the work tree root. The
1226 * prefix always ends with a '/' character.
1227 */
1228const char *setup_git_directory(void)
1229{
1230        return setup_git_directory_gently(NULL);
1231}
1232
1233const char *resolve_gitdir_gently(const char *suspect, int *return_error_code)
1234{
1235        if (is_git_directory(suspect))
1236                return suspect;
1237        return read_gitfile_gently(suspect, return_error_code);
1238}
1239
1240/* if any standard file descriptor is missing open it to /dev/null */
1241void sanitize_stdfds(void)
1242{
1243        int fd = open("/dev/null", O_RDWR, 0);
1244        while (fd != -1 && fd < 2)
1245                fd = dup(fd);
1246        if (fd == -1)
1247                die_errno(_("open /dev/null or dup failed"));
1248        if (fd > 2)
1249                close(fd);
1250}
1251
1252int daemonize(void)
1253{
1254#ifdef NO_POSIX_GOODIES
1255        errno = ENOSYS;
1256        return -1;
1257#else
1258        switch (fork()) {
1259                case 0:
1260                        break;
1261                case -1:
1262                        die_errno(_("fork failed"));
1263                default:
1264                        exit(0);
1265        }
1266        if (setsid() == -1)
1267                die_errno(_("setsid failed"));
1268        close(0);
1269        close(1);
1270        close(2);
1271        sanitize_stdfds();
1272        return 0;
1273#endif
1274}