fsck: complain when .gitmodules is a symlink

We've recently forbidden .gitmodules to be a symlink in
verify_path(). And it's an easy way to circumvent our fsck
checks for .gitmodules content. So let's complain when we
see it.

Signed-off-by: Jeff King <peff@peff.net>

diff --git a/fsck.c b/fsck.c
index 2eddfc3f7465db6ff05df4b20b80beed0807a8ba..9339f315131786c50c9fa10dd702fe20562e167e 100644 (file)
--- a/fsck.c
+++ b/fsck.c
@@ -63,6 +63,7 @@ static struct oidset gitmodules_done = OIDSET_INIT;
        FUNC(GITMODULES_BLOB, ERROR) \
        FUNC(GITMODULES_PARSE, ERROR) \
        FUNC(GITMODULES_NAME, ERROR) \
+       FUNC(GITMODULES_SYMLINK, ERROR) \
        /* warnings */ \
        FUNC(BAD_FILEMODE, WARN) \
        FUNC(EMPTY_NAME, WARN) \
@@ -576,8 +577,14 @@ static int fsck_tree(struct tree *item, struct fsck_options *options)
                has_dotgit |= is_hfs_dotgit(name) || is_ntfs_dotgit(name);
                has_zero_pad |= *(char *)desc.buffer == '0';
 
-               if (is_hfs_dotgitmodules(name) || is_ntfs_dotgitmodules(name))
-                       oidset_insert(&gitmodules_found, oid);
+               if (is_hfs_dotgitmodules(name) || is_ntfs_dotgitmodules(name)) {
+                       if (!S_ISLNK(mode))
+                               oidset_insert(&gitmodules_found, oid);
+                       else
+                               retval += report(options, &item->object,
+                                                FSCK_MSG_GITMODULES_SYMLINK,
+                                                ".gitmodules is a symbolic link");
+               }
 
                if (update_tree_entry_gently(&desc)) {
                        retval += report(options, &item->object, FSCK_MSG_BAD_TREE, "cannot be parsed as a tree");

diff --git a/t/t7415-submodule-names.sh b/t/t7415-submodule-names.sh
index 51361c9e2d36cd6b0bfbca61fc399ffa80be7c35..a770d92a5592e5aab1760d0ff509f5ce3cc8e5d0 100755 (executable)
--- a/t/t7415-submodule-names.sh
+++ b/t/t7415-submodule-names.sh
@@ -122,4 +122,33 @@ test_expect_success 'transfer.fsckObjects handles odd pack (index)' '
        test_must_fail git -C dst.git index-pack --strict --stdin <odd.pack
 '
 
+test_expect_success 'fsck detects symlinked .gitmodules file' '
+       git init symlink &&
+       (
+               cd symlink &&
+
+               # Make the tree directly to avoid index restrictions.
+               #
+               # Because symlinks store the target as a blob, choose
+               # a pathname that could be parsed as a .gitmodules file
+               # to trick naive non-symlink-aware checking.
+               tricky="[foo]bar=true" &&
+               content=$(git hash-object -w ../.gitmodules) &&
+               target=$(printf "$tricky" | git hash-object -w --stdin) &&
+               tree=$(
+                       {
+                               printf "100644 blob $content\t$tricky\n" &&
+                               printf "120000 blob $target\t.gitmodules\n"
+                       } | git mktree
+               ) &&
+               commit=$(git commit-tree $tree) &&
+
+               # Check not only that we fail, but that it is due to the
+               # symlink detector; this grep string comes from the config
+               # variable name and will not be translated.
+               test_must_fail git fsck 2>output &&
+               grep gitmodulesSymlink output
+       )
+'
+
 test_done