Update docs on behaviour of 'core.sharedRepository' and 'git init --shared'
This documentation update is needed to reflect the recent changes where
"core.sharedRepository = 0mode" was changed to set, not loosen, the
repository permissions.
Signed-off-by: Johan Herland <johan@herland.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
This test was added recently (5a688fe, "core.sharedrepository = 0mode"
should set, not loosen; 2009-03-28). It checked the result of a sed
invocation for emptyness, but in some cases it forgot to print anything
at all, so that those checks would never be false.
Due to this mistake, it went unnoticed that the files in objects/info are
not necessarily 0440, but can also be 0660. Because the 0mode setting
tries to guarantee that the files are accessible only to the people they
are meant to be used by, we should only make sure that they are readable
by the user and the group when the configuration is set to 0660. It is a
separate matter from the core.shredrepository settings that w-bit from
immutable object files under objects/[0-9a-f][0-9a-f] directories should
be dropped.
COMMIT_EDITMSG is still world-readable, but it (and any transient files
that are meant for repositories with a work tree) does not matter. If you
are working on a shared machine and on a sekrit stuff, the root of the
work tree would be with mode 0700 (or 0750 to allow peeking by other
people in the group), and that would mean that .git/COMMIT_EDITMSG in such
a repository would not be readable by the strangers anyway.
Also, in the real-world use case, .git/COMMIT_EDITMSG will be given to an
arbitrary editor the user happens to use, and we have no guarantee what it
does (e.g. it may create a new file with umask and replace, it may rewrite
in place, it may leave an editor backup file but use umask to create it,
etc.), and the protection of the file lies majorly on the protection of
the root of the work tree.
This test cannot be run on Windows; it requires POSIXPERM when merged to
'master'.
Signed-off-by: Johannes Sixt <j6t@kdbg.org> Signed-off-by: Junio C Hamano <gitster@pobox.com>
One of the aspects of the test checked explicitly for the
g+s bit to be set on created directories. However, this is
only the means to an end (the "end" being having the correct
group set). And in fact, on systems where
DIR_HAS_BSD_GROUP_SEMANTICS is set, we do not even need to
use this "means" at all, causing the test to fail.
This patch removes that part of the test. In an ideal world
it would be replaced by a test to check that the group was
properly assigned, but that is difficult to automate because
it requires the user running the test suite be a member of
multiple groups.
Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
set_shared_perm(): sometimes we know what the final mode bits should look like
adjust_shared_perm() first obtains the mode bits from lstat(2), expecting
to find what the result of applying user's umask is, and then tweaks it
as necessary. When the file to be adjusted is created with mkstemp(3),
however, the mode thusly obtained does not have anything to do with user's
umask, and we would need to start from 0444 in such a case and there is no
point running lstat(2) for such a path.
This introduces a new API set_shared_perm() to bypass the lstat(2) and
instead force setting the mode bits to the desired value directly.
adjust_shared_perm() becomes a thin wrapper to the function.
move_temp_to_file(): do not forget to chmod() in "Coda hack" codepath
Now move_temp_to_file() is responsible for doing everything that is
necessary to turn a tempfile in $GIT_DIR into its final form, it must make
sure "Coda hack" codepath correctly makes the file read-only.
When writing out a loose object or a pack (index), move_temp_to_file() is
called to finalize the resulting file. These files (loose files and packs)
should all have permission mode 0444 (modulo adjust_shared_perm()).
Therefore, instead of doing chmod(foo, 0444) explicitly from each callsite
(or even forgetting to chmod() at all), do the chmod() call from within
move_temp_to_file().
Signed-off-by: Johan Herland <johan@herland.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
"core.sharedrepository = 0mode" should set, not loosen
This fixes the behaviour of octal notation to how it is defined in the
documentation, while keeping the traditional "loosen only" semantics
intact for "group" and "everybody".
Three main points of this patch are:
- For an explicit octal notation, the internal shared_repository variable
is set to a negative value, so that we can tell "group" (which is to
"OR" in 0660) and 0660 (which is to "SET" to 0660);
- git-init did not set shared_repository variable early enough to affect
the initial creation of many files, notably copied templates and the
configuration. We set it very early when a command-line option
specifies a custom value.
- Many codepaths create files inside $GIT_DIR by various ways that all
involve mkstemp(), and then call move_temp_to_file() to rename it to
its final destination. We can add adjust_shared_perm() call here; for
the traditional "loosen-only", this would be a no-op for many codepaths
because the mode is already loose enough, but with the new behaviour it
makes a difference.
Increase the size of the die/warning buffer to avoid truncation
Long messages like those from lockfile.c when a lock can't be
obtained truncate with only 256 bytes in the message buffer.
Bump it to 1024 to give more space for these longer cases.
Signed-off-by: Shawn O. Pearce <spearce@spearce.org> Signed-off-by: Junio C Hamano <gitster@pobox.com>
avoid possible overflow in delta size filtering computation
On a 32-bit system, the maximum possible size for an object is less than
4GB, while 64-bit systems may cope with larger objects. Due to this
limitation, variables holding object sizes are using an unsigned long
type (32 bits on 32-bit systems, or 64 bits on 64-bit systems).
When large objects are encountered, and/or people play with large delta
depth values, it is possible for the maximum allowed delta size
computation to overflow, especially on a 32-bit system. When this
occurs, surviving result bits may represent a value much smaller than
what it is supposed to be, or even zero. This prevents some objects
from being deltified although they do get deltified when a smaller depth
limit is used. Fix this by always performing a 64-bit multiplication.
Signed-off-by: Nicolas Pitre <nico@cam.org> Signed-off-by: Junio C Hamano <gitster@pobox.com>
When --pickaxe-regex is used, forward past the end of matches instead of
advancing to the byte after their start. This way matches count only
once, even if the regular expression matches their tail -- like in the
fixed-string fork of the code.
E.g.: /.*/ used to count the number of bytes instead of the number of
lines. /aa/ resulted in a count of two in "aaa" instead of one.
Also document the fact that regexec() needs a NUL-terminated string as
its second argument by adding an assert().
Signed-off-by: Rene Scharfe <rene.scharfe@lsrfire.ath.cx> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Merge branch 'mg/maint-submodule-normalize-path' into maint
* mg/maint-submodule-normalize-path:
git submodule: Fix adding of submodules at paths with ./, .. and //
git submodule: Add test cases for git submodule add
Merge branch 'js/maint-1.6.0-path-normalize' into maint-1.6.1
* js/maint-1.6.0-path-normalize:
Remove unused normalize_absolute_path()
Test and fix normalize_path_copy()
Fix GIT_CEILING_DIRECTORIES on Windows
Move sanitary_path_copy() to path.c and rename it to normalize_path_copy()
Make test-path-utils more robust against incorrect use
will create two messages with files 1 and 2 attached respectively.
Without --attach/--inline but with --stdout, --numbered-files option
can be simply ignored, because we are not creating any file ourselves.
Signed-off-by: Stephen Boyd <bebarino@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
The existing text was very vague about what exactly it means
for difference to "contain" a change. This seems to cause
confusion on the mailing list every month or two.
To fix it we:
1. use "introduce or remove an instance of" instead of
"contain"
2. point the user to gitdiffcore(7), which contains a more
complete explanation
Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Remove total confusion from git-fetch and git-push
The config file is not the only place remotes are defined, and without
consulting .git/remotes and .git/branches, you won't know if "origin" is
configured by the user. Don't give up too early and insult the user with
a wisecrack "Where do you want to fetch from today?"
The only thing the previous patch seems to want to prevent from happening
is a lazy "git fetch/push" that does not say where-from/to to produce an
error message 'origin not found', and we can do that by not letting
add_url_alias() to turn a nickname "origin" literally into a pathname
"origin" without changing the rest of the logic.
* maint-1.6.0:
bisect: fix another instance of eval'ed string
bisect: fix quoting TRIED revs when "bad" commit is also "skip"ped
Support "\" in non-wildcard exclusion entries
Merge branch 'ks/maint-1.6.0-mailinfo-folded' into maint-1.6.0
* ks/maint-1.6.0-mailinfo-folded:
mailinfo: tests for RFC2047 examples
mailinfo: add explicit test for mails like '<a.u.thor@example.com> (A U Thor)'
mailinfo: 'From:' header should be unfold as well
mailinfo: correctly handle multiline 'Subject:' header
Merge branch 'js/maint-1.6.1-remote-remove-mirror' into maint-1.6.1
* js/maint-1.6.1-remote-remove-mirror:
builtin-remote: make rm operation safer in mirrored repository
builtin-remote: make rm() use properly named variable to hold return value
Merge branch 'ks/maint-1.6.0-mailinfo-folded' into maint-1.6.1
* ks/maint-1.6.0-mailinfo-folded:
mailinfo: tests for RFC2047 examples
mailinfo: add explicit test for mails like '<a.u.thor@example.com> (A U Thor)'
mailinfo: 'From:' header should be unfold as well
mailinfo: correctly handle multiline 'Subject:' header
read-tree A B C: do not create a bogus index and do not segfault
"git read-tree A B C..." without the "-m" (merge) option is a way to read
these trees on top of each other to get an overlay of them.
An ancient commit ee6566e (Rewrite read-tree, 2005-09-05) passed the
ADD_CACHE_SKIP_DFCHECK flag when calling add_index_entry() to add the
paths obtained from these trees to the index, but it is an incorrect use
of the flag. The flag is meant to be used by callers who know the
addition of the entry does not introduce a D/F conflict to the index in
order to avoid the overhead of checking.
This bug resulted in a bogus index that records both "x" and "x/z" as a
blob after reading three trees that have paths ("x"), ("x", "y"), and
("x/z", "y") respectively. 34110cd (Make 'unpack_trees()' have a separate
source and destination index, 2008-03-06) refactored the callsites of
add_index_entry() incorrectly and added more codepaths that use this flag
when it shouldn't be used.
Also, 0190457 (Move 'unpack_trees()' over to 'traverse_trees()' interface,
2008-03-05) introduced a bug to call add_index_entry() for the tree that
does not have the path in it, passing NULL as a cache entry. This caused
reading multiple trees, one of which has path "x" but another doesn't, to
segfault.
send-email: test --no-thread --in-reply-to combination
3e0c4ff (send-email: respect in-reply-to regardless of threading,
2009-03-01) fixed the handling of the In-Reply-To header when both
--no-thread and --in-reply-to are in effect. Add a test for it.
Signed-off-by: Thomas Rast <trast@student.ethz.ch> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* js/maint-send-email:
send-email: don't create temporary compose file until it is needed
send-email: --suppress-cc improvements
send-email: handle multiple Cc addresses when reading mbox message
send-email: allow send-email to run outside a repo
Earlier, the rsync tests were disabled by default, as they needed a
running rsyncd daemon. This was only due to the limitation that our
rsync transport only allowed full URLs of the form
rsync://<host>/<path>
Relaxing the URLs to allow
rsync:<path>
permitted the change in the tests to run whenever rsync is available,
without requiring a fully configured and running rsyncd.
While at it, the tests were fixed so that they run in directories with a
space in their name.
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> Signed-off-by: Junio C Hamano <gitster@pobox.com>
When there's no explicitly-named remote, we use the remote specified
for the current branch, which in turn defaults to "origin". But it
this case should require the remote to actually be configured, and not
fall back to the path "origin".
Possibly, the config file's "remote = something" should require the
something to be a configured remote instead of a bare repository URL,
but we actually test with a bare repository URL.
In fetch, we were giving the sensible error message when coming up
with a URL failed, but this wasn't actually reachable, so move that
error up and use it when appropriate.
In push, we need a new error message, because the old one (formerly
unreachable without a lot of help) used the repo name, which was NULL.
Signed-off-by: Daniel Barkalow <barkalow@iabervon.org> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Add a standard definition of isascii() and use it to replace an open
coded high-bit test in pretty.c. While we're there, write the ESC
char as the more commonly used '\033' instead of as 0x1b to enhance
its grepability.
Signed-off-by: Rene Scharfe <rene.scharfe@lsrfire.ath.cx> Signed-off-by: Junio C Hamano <gitster@pobox.com>
git submodule: Fix adding of submodules at paths with ./, .. and //
Make 'git submodule add' normalize the submodule path in the
same way as 'git ls-files' does, so that 'git submodule init' looks up
the information in .gitmodules with the same key under which 'git
submodule add' stores it.
This fixes 4 known breakages.
Signed-off-by: Michael J Gruber <git@drmicha.warpmail.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
git submodule: Add test cases for git submodule add
Add simple test cases for adding and initialising submodules. The
init step is necessary in order to verify the added information.
The second test exposes a known breakage due to './' in the path: git
ls-files simplifies the path but git add does not, which leads to git
init looking for different lines in .gitmodules than git add adds.
The other tests add test cases for '//' and '..' in the path which
currently fail for the same reason.
Signed-off-by: Michael J Gruber <git@drmicha.warpmail.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
send-email: respect in-reply-to regardless of threading
git-send-email supports the --in-reply-to option even with
--no-thread. However, the code that adds the relevant mail headers
was guarded by a test for --thread.
Remove the test, so that the user's choice is respected.
Signed-off-by: Thomas Rast <trast@student.ethz.ch> Signed-off-by: Junio C Hamano <gitster@pobox.com>
When memmem() was imported from glibc 2.2 into compat/, an optimization
was dropped in the process, in order to make the code smaller and simpler.
It was OK because memmem() wasn't used in performance-critical code. Now
the situation has changed and we can benefit from this optimization.
The trick is to avoid calling memcmp() if the first character of the needle
already doesn't match. Checking one character directly is much cheaper
than the function call overhead. We keep the first character of the needle
in the variable named point and the rest in the one named tail.
The following commands were run in a Linux kernel repository and timed, the
best of five results is shown:
$ STRING='Ensure that the real time constraints are schedulable.'
$ git log -S"$STRING" HEAD -- kernel/sched.c >/dev/null
On Windows Vista x64, before:
real 0m8.470s
user 0m0.000s
sys 0m0.000s
And after the patch:
real 0m1.887s
user 0m0.000s
sys 0m0.000s
Signed-off-by: Rene Scharfe <rene.scharfe@lsrfire.ath.cx> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Use memmem() instead of open-coding it. The system libraries usually have a
much faster version than the memcmp()-loop here. Even our own fall-back in
compat/, which is used on Windows, is slightly faster.
The following commands were run in a Linux kernel repository and timed, the
best of five results is shown:
$ STRING='Ensure that the real time constraints are schedulable.'
$ git log -S"$STRING" HEAD -- kernel/sched.c >/dev/null
Short story: There is a section in t3400 that tests fundamental rebase
properties. 3ec7371f (Add two extra tests for git rebase, 2009-02-09)
added a check that rebase works on a detached HEAD, but the test was put
near the end of the file. This moves it to a more suitable place.
Long story: The test that preceded the one in question tests that a
rebased commit degrades from a content change with mode change to a
mere mode change. But on Windows, where we have core.filemode=false,
the original commit did not record the mode change, and so the rebase
operation did not rebase anything. This caused the subsequent detached
HEAD test to fail.
Signed-off-by: Johannes Sixt <j6t@kdbg.org> Signed-off-by: Junio C Hamano <gitster@pobox.com>
gitk: Fix possible infinite loop and display corruption
This fixes an issue reported by Johannes Sixt on the git mailing list:
> This recipe sends gitk into an endless loop. In git.git do:
>
> cd t
> # remove chmod a+x A near the end of the file
> sed -i 's/chmod/: chmod/' t3400-rebase.sh
> sh t3400-rebase.sh --debug
> cd trash\ directory.t3400-rebase/
> gitk master modechange modechange@{1}
>
>
> I briefly see the history chart, but the dot that should be modechange@{1}
> is missing. One automatically selected commit is shown in the diff section
> below. But then the commit list is cleared and gitk goes into an infinite
> loop.
>
> Things work alright if either modechange@{1} is dropped, or the 'chmod'
> line is left unchanged, which is a bit strange.
>
> This is with git version 1.6.1.2.390.gba743
There were actually two problems. This recipe created a situation where
git log would output a child commit after its parent. This meant that
we called fix_reversal which called splitvarc, which should call modify_arc
to note the fact that it has modified the arc that it has just split. It
wasn't, which meant that displayorder and other variables got into an
inconsistent state (a commit appearing twice in displayorder).
This then meant that the targetrow/targetid logic in drawvisible thought
it need to redraw each time. That, together with the fact that drawvisible
called drawcommits which called drawvisible if a redraw was needed, led
to the infinite loop.
In fact drawvisible is now the only caller of drawcommits. Thus, the
start and end row arguments to drawcommits always encompass the whole
visible area, so drawcommits doesn't need to call drawvisible to redraw;
it just needs to clear the screen and draw what it's been asked to.
This fixes these two problems by adding a call to modify_arc in
splitvarc and by taking out the call to drawvisible in drawcommits.
It also removes an unrelated left-over debugging puts in external_blame.
The parameters accepted by the --whitespace option of "git apply" have
changed over time, and the documentation for "git rebase" was out of
sync. Remove the specific parameter list from the "git rebase"
documentation and simply point to the "git apply" documentation for
details, as is already done in the "git am" documentation.
Signed-off-by: Todd Zullinger <tmz@pobox.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
git-svn - return original format_svn_date semantics
When %z was removed from the strftime call and subsituted with a
local gmt offset calculation, time() was no longer the default for
all time functions as it was with the previous localtime(shift).
This is now corrected so that format_svn_time behaves as it used to.
Signed-off-by: Ben Walton <bwalton@artsci.utoronto.ca> Acked-by: Eric Wong <normalperson@yhbt.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
git-svn: disable broken symlink workaround by default
Even though this will break things for some extremely rare repositories
used by broken Windows clients, it's probably not worth enabling this by
default as it has negatively affected many more users than it has helped
from what we've seen so far.
The extremely rare repositories that have broken symlinks in them will be
silently corrupted in import; but users can still reenable this option and
restart the import.
Signed-off-by: Eric Wong <normalperson@yhbt.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
When there is nothing to be skipped, the output from
rev-list --bisect-vars was eval'ed without first being
strung together with &&; this is probably not a problem
as it is much less likely to be a bad input than the list
handcrafted by the filter_skip function, but it still is
a good discipline.
Signed-off-by: Christian Couder <chriscool@tuxfamily.org> Signed-off-by: Junio C Hamano <gitster@pobox.com>
bisect: fix quoting TRIED revs when "bad" commit is also "skip"ped
When the "bad" commit was also "skip"ped and when more than one
commit was skipped, the "filter_skipped" function would have
printed something like:
bisect_rev=<hash1>|<hash2>
(where <hash1> and <hash2> are hexadecimal sha1 hashes)
and this would have been evaled later as piping "bisect_rev=<hash1>"
into "<hash2>", which would have failed.
So this patch makes the "filter_skipped" function properly quote
what it outputs, so that it will print something like:
bisect_rev='<hash1>|<hash2>'
which will be properly evaled later. The caller was not stopping
properly because the scriptlet this function returned to be evaled
was not strung together with && and because of this, an error in
an earlier part of the output was simply ignored.
A test case is added to the test suite.
And while at it, we also initialize the VARS, FOUND and TRIED
variables, so that we protect ourselves from environment variables
the user may have with these names.
Signed-off-by: Christian Couder <chriscool@tuxfamily.org> Signed-off-by: Junio C Hamano <gitster@pobox.com>
When you are in the middle of "git rebase", "git am --abort" by mistake
would have referred to nonexistent ORIG_HEAD and barfed, or worse yet, used
a stale ORIG_HEAD and taken you to an unexpected commit.
Also the option parsing did not reject "git am --abort --skip".
git-am: Keep index in case of abort with dirty index
git am --abort resets the index unconditionally. But in case a previous
git am exited due to a dirty index it is preferable to keep that index.
Make it so.
Signed-off-by: Michael J Gruber <git@drmicha.warpmail.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
OS X's GNU grep does not support -P/--perl-regexp.
We use a basic RE instead, and simplify the pattern slightly by
replacing '+' with '*' so it can be more easily expressed using a basic
RE. The important part of pattern, checking for a SHA-1 has suffix in
the successful PUT/MOVE operations, remains the same. Also, a-z instead
of a-f was an obvious mistake in the original RE. Here are samples of
what we want to match:
The AIX mkstemp() modifies its template parameter to an empty string if
the call fails. The existing code had already recomputed the template,
but too late to be good.
See also 6ff6af62, which fixed this problem in a different spot.
Signed-off-by: Mike Ralphson <mike@abacus.co.uk> Signed-off-by: Johannes Sixt <j6t@kdbg.org> Signed-off-by: Junio C Hamano <gitster@pobox.com>