From patchwork Mon Apr 27 16:27:54 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Taylor Blau X-Patchwork-Id: 11512977 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 1DEE615E6 for ; Mon, 27 Apr 2020 16:28:00 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 05117206BF for ; Mon, 27 Apr 2020 16:28:00 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=ttaylorr-com.20150623.gappssmtp.com header.i=@ttaylorr-com.20150623.gappssmtp.com header.b="i5vWENl+" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728240AbgD0Q17 (ORCPT ); Mon, 27 Apr 2020 12:27:59 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52734 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org with ESMTP id S1727104AbgD0Q16 (ORCPT ); Mon, 27 Apr 2020 12:27:58 -0400 Received: from mail-pl1-x644.google.com (mail-pl1-x644.google.com [IPv6:2607:f8b0:4864:20::644]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 91563C0610D5 for ; Mon, 27 Apr 2020 09:27:57 -0700 (PDT) Received: by mail-pl1-x644.google.com with SMTP id k18so7174332pll.6 for ; Mon, 27 Apr 2020 09:27:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ttaylorr-com.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=d2eX3af3CZCo1adjL+hWq+uGifBkGN7Lpw1GojnJ2ak=; b=i5vWENl+CYO7BnSBT9NCrQy4KLjR72zcw+esjjxNlqKQ7Ji2lFWdvMKCxFWJpvQFjZ btfGfrwCBn9wOfP/aHlbpWe0iv8eS1hxLySmkoOjgpk1Q5XOuUkMSU6ACEiF9ts8e5C4 oBF55FhQWN2THpc0OZ//unM3qrD3ctQRaFsyGF2mkSBmoCjTv2Vc6s1DdJBPftOuhZhH Eli4d9VMqo3KRvbIKb2OOcQ2IGCtz7WKv1NEVryAU1xdS4PADMAV7Wx3Kk7TbxIKTjdn yTiueZdk3rM6HfDDByoQxMsJrbUNTXm21CZF8uLdRsHuyaui1bqzdS8y3Ga53LvUF4t3 oM1w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=d2eX3af3CZCo1adjL+hWq+uGifBkGN7Lpw1GojnJ2ak=; b=T6p5g3PLIrvVvo+tjZu/F440Owj9M2jtSP4b9YYEsSyvhdR/gOf7+AcNT/buEOuDJS zgrYp0x5Dncbk3sSyfdkb1j3WN5RitRxI++uNxFNkH/ODhjdjMMgE4ZXb4tlgaW1bs/A 1BG78kIzRskf9a4o+xoJ10lxYxAgryahVRvpll2J1Y8JWb2+oAmF96k48yC3gumud6/s CIINwVvlEGsDrwwCIojG5vAq4pXua1b3x1dGGuIhE2oFJ/6cB5JjvVpujOhKQ6xebIlp FTrGPqJE05hGZQtn6ROcqt0dGteauMvIGXpVXdO/FcoyKrcsBUQbqsk3OsfE/4loJuYa roxw== X-Gm-Message-State: AGi0PuYRcAP2SktCpObuGeIgpC1O/A682Ht7gYPd0M+pLUXDjeDMQyn2 WEZ9oc8Qj/vZyznBYC2YCanD7e+rlpXrTw== X-Google-Smtp-Source: APiQypIp1+l1Fi58hpA3mFeBCBNRkZdz1yVFd+L2WtCNgcLquzndcECKHW9ZsDNg9uou5MacmMTonw== X-Received: by 2002:a17:902:562:: with SMTP id 89mr23077621plf.249.1588004876681; Mon, 27 Apr 2020 09:27:56 -0700 (PDT) Received: from localhost ([8.44.146.30]) by smtp.gmail.com with ESMTPSA id c11sm11156528pgl.53.2020.04.27.09.27.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 27 Apr 2020 09:27:55 -0700 (PDT) Date: Mon, 27 Apr 2020 10:27:54 -0600 From: Taylor Blau To: git@vger.kernel.org Cc: peff@peff.net, dstolee@microsoft.com, gitster@pobox.com, mhagger@alum.mit.edu Subject: [PATCH v2 1/4] tempfile.c: introduce 'create_tempfile_mode' Message-ID: <03c975b0bd0cd3dd5d693187f12f45fd7565016c.1588004647.git.me@ttaylorr.com> References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: Sender: git-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org In the next patch, 'hold_lock_file_for_update' will gain an additional 'mode' parameter to specify permissions for the associated temporary file. Since the lockfile.c machinery uses 'create_tempfile' which always creates a temporary file with global read-write permissions, introduce a variant here that allows specifying the mode. Note that the mode given to 'create_tempfile_mode' is not guaranteed to be written to disk, since it is subject to both the umask and 'core.sharedRepository'. Arguably, all temporary files should have permission 0444, since they are likely to be renamed into place and then not written to again. This is a much larger change than we may want to take on in this otherwise small patch, so for the time being, make 'create_tempfile' behave as it has always done by inlining it to 'create_tempfile_mode' with mode set to '0666'. Signed-off-by: Taylor Blau --- tempfile.c | 6 +++--- tempfile.h | 10 +++++++++- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/tempfile.c b/tempfile.c index d43ad8c191..94aa18f3f7 100644 --- a/tempfile.c +++ b/tempfile.c @@ -130,17 +130,17 @@ static void deactivate_tempfile(struct tempfile *tempfile) } /* Make sure errno contains a meaningful value on error */ -struct tempfile *create_tempfile(const char *path) +struct tempfile *create_tempfile_mode(const char *path, int mode) { struct tempfile *tempfile = new_tempfile(); strbuf_add_absolute_path(&tempfile->filename, path); tempfile->fd = open(tempfile->filename.buf, - O_RDWR | O_CREAT | O_EXCL | O_CLOEXEC, 0666); + O_RDWR | O_CREAT | O_EXCL | O_CLOEXEC, mode); if (O_CLOEXEC && tempfile->fd < 0 && errno == EINVAL) /* Try again w/o O_CLOEXEC: the kernel might not support it */ tempfile->fd = open(tempfile->filename.buf, - O_RDWR | O_CREAT | O_EXCL, 0666); + O_RDWR | O_CREAT | O_EXCL, mode); if (tempfile->fd < 0) { deactivate_tempfile(tempfile); return NULL; diff --git a/tempfile.h b/tempfile.h index cddda0a33c..4de3bc77d2 100644 --- a/tempfile.h +++ b/tempfile.h @@ -88,8 +88,16 @@ struct tempfile { * Attempt to create a temporary file at the specified `path`. Return * a tempfile (whose "fd" member can be used for writing to it), or * NULL on error. It is an error if a file already exists at that path. + * Note that `mode` will be further modified by the umask, and possibly + * `core.sharedRepository`, so it is not guaranteed to have the given + * mode. */ -struct tempfile *create_tempfile(const char *path); +struct tempfile *create_tempfile_mode(const char *path, int mode); + +static inline struct tempfile *create_tempfile(const char *path) +{ + return create_tempfile_mode(path, 0666); +} /* * Register an existing file as a tempfile, meaning that it will be From patchwork Mon Apr 27 16:27:58 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Taylor Blau X-Patchwork-Id: 11512981 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 0C12515E6 for ; Mon, 27 Apr 2020 16:28:03 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id DFA4D206D9 for ; Mon, 27 Apr 2020 16:28:02 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=ttaylorr-com.20150623.gappssmtp.com header.i=@ttaylorr-com.20150623.gappssmtp.com header.b="CJqfwpFq" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728243AbgD0Q2B (ORCPT ); Mon, 27 Apr 2020 12:28:01 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52742 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org with ESMTP id S1727104AbgD0Q2B (ORCPT ); Mon, 27 Apr 2020 12:28:01 -0400 Received: from mail-pf1-x443.google.com (mail-pf1-x443.google.com [IPv6:2607:f8b0:4864:20::443]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 38C3EC0610D5 for ; Mon, 27 Apr 2020 09:28:01 -0700 (PDT) Received: by mail-pf1-x443.google.com with SMTP id f7so9230183pfa.9 for ; Mon, 27 Apr 2020 09:28:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ttaylorr-com.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=m8WPRTZAA4ifjAR9b5/RmtGZJzGpRFy5RWTfVKbAGNM=; b=CJqfwpFq3lRBuolgeA0oDAilQpD4Zoe9CXZUEF5FDCysReBjF/DZaSVVLx9bD6yZ4A KszWu74mjP4ldsZmmt02Kge5Zwj9FWvvrMbky90j7LiYhh0GUrqSx4kEFk8wFw416LUl GqbHpT8O6OS6y/3mnPpD/WwdEgICv9PYvOZ6LOXvlDkqjNLqmIxtGRjwveG3YIGSoC+2 7GC0fwycavB2wWAvIteqFzKuFp1/uL2e6oJINfDeZYz+O+Dy44wsZ02eUGF/eJzlgj8J v/EDuTR0XayTzCRisOB/2AL2mhdQFimhVkq0dv1+CdsnvezskM5BPJmZsEiy5m148ylT 0eTA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=m8WPRTZAA4ifjAR9b5/RmtGZJzGpRFy5RWTfVKbAGNM=; b=diPgbNAGMgHLQfLfTkQDFngZWbfBl1d8YqLmLCbb+H0bH2f7AkxTtlk3BElInKSG+w 8KVwp5PJvtfZW7ZVYoMdiaDilw1xDAi77M+2TbgUyLCH2nHZ48ohHrH6Be0Lc1R83eMt tczIEf4JBC8/o73kzm/w5sfuZjryhLXunL+4l42iYuGcM920rir+psqjH1AvY3OEnHT+ qNMOJvTJAEwcQYcHdXYJzURYTBprYTL9/rxJ4Wx0tw0bG2AgnFmu0nDNjxQFtsy8EsAl IhtxGECo0gl//011vOIMytYeBHT4oB3SqH4S4dPQf0k+iF6AkR/4R0VsMct8bOnL4y+f evSQ== X-Gm-Message-State: AGi0Puas1kXiVdZdnVb7lkr74EDt3LdYbYuuohCsgSxy/+qR9JQDMKcI 9eJKrn5A82OG7iMa3PwXQ1ErGMOZnCFN6A== X-Google-Smtp-Source: APiQypI9VD7YxWoL1BoErssfImBDbB8Tq4mpej9cEpi++A5aGBTZOa5EYTn6jMe4lIgjGYRfQL+uXQ== X-Received: by 2002:a63:8ac4:: with SMTP id y187mr23593296pgd.294.1588004880298; Mon, 27 Apr 2020 09:28:00 -0700 (PDT) Received: from localhost ([8.44.146.30]) by smtp.gmail.com with ESMTPSA id n19sm3097903pgd.19.2020.04.27.09.27.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 27 Apr 2020 09:27:59 -0700 (PDT) Date: Mon, 27 Apr 2020 10:27:58 -0600 From: Taylor Blau To: git@vger.kernel.org Cc: peff@peff.net, dstolee@microsoft.com, gitster@pobox.com, mhagger@alum.mit.edu Subject: [PATCH v2 2/4] lockfile.c: introduce 'hold_lock_file_for_update_mode' Message-ID: References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: Sender: git-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org We use 'hold_lock_file_for_update' (and the '_timeout') variant to acquire a lock when updating references, the commit-graph file, and so on. In particular, the commit-graph machinery uses this to acquire a temporary file that is used to write a non-split commit-graph. In a subsequent commit, an issue in the commit-graph machinery produces graph files that have a different permission based on whether or not they are part of a multi-layer graph will be addressed. To do so, the commit-graph machinery will need a version of 'hold_lock_file_for_update' that takes the permission bits from the caller. Introduce such a function in this patch for both the 'hold_lock_file_for_update' and 'hold_lock_file_for_update_timeout' functions, and leave the existing functions alone by inlining their definitions in terms of the new mode variants. Note that, like in the previous commit, 'hold_lock_file_for_update_mode' is not guarenteed to set the given mode, since it may be modified by both the umask and 'core.sharedRepository'. Note also that even though the commit-graph machinery only calls 'hold_lock_file_for_update', that this is defined in terms of 'hold_lock_file_for_update_timeout', and so both need an additional mode parameter here. Signed-off-by: Taylor Blau --- lockfile.c | 18 ++++++++++-------- lockfile.h | 32 ++++++++++++++++++++++++++++---- 2 files changed, 38 insertions(+), 12 deletions(-) diff --git a/lockfile.c b/lockfile.c index 8e8ab4f29f..cc9a4b8428 100644 --- a/lockfile.c +++ b/lockfile.c @@ -70,7 +70,8 @@ static void resolve_symlink(struct strbuf *path) } /* Make sure errno contains a meaningful value on error */ -static int lock_file(struct lock_file *lk, const char *path, int flags) +static int lock_file(struct lock_file *lk, const char *path, int flags, + int mode) { struct strbuf filename = STRBUF_INIT; @@ -79,7 +80,7 @@ static int lock_file(struct lock_file *lk, const char *path, int flags) resolve_symlink(&filename); strbuf_addstr(&filename, LOCK_SUFFIX); - lk->tempfile = create_tempfile(filename.buf); + lk->tempfile = create_tempfile_mode(filename.buf, mode); strbuf_release(&filename); return lk->tempfile ? lk->tempfile->fd : -1; } @@ -99,7 +100,7 @@ static int lock_file(struct lock_file *lk, const char *path, int flags) * exactly once. If timeout_ms is -1, try indefinitely. */ static int lock_file_timeout(struct lock_file *lk, const char *path, - int flags, long timeout_ms) + int flags, long timeout_ms, int mode) { int n = 1; int multiplier = 1; @@ -107,7 +108,7 @@ static int lock_file_timeout(struct lock_file *lk, const char *path, static int random_initialized = 0; if (timeout_ms == 0) - return lock_file(lk, path, flags); + return lock_file(lk, path, flags, mode); if (!random_initialized) { srand((unsigned int)getpid()); @@ -121,7 +122,7 @@ static int lock_file_timeout(struct lock_file *lk, const char *path, long backoff_ms, wait_ms; int fd; - fd = lock_file(lk, path, flags); + fd = lock_file(lk, path, flags, mode); if (fd >= 0) return fd; /* success */ @@ -169,10 +170,11 @@ NORETURN void unable_to_lock_die(const char *path, int err) } /* This should return a meaningful errno on failure */ -int hold_lock_file_for_update_timeout(struct lock_file *lk, const char *path, - int flags, long timeout_ms) +int hold_lock_file_for_update_timeout_mode(struct lock_file *lk, + const char *path, int flags, + long timeout_ms, int mode) { - int fd = lock_file_timeout(lk, path, flags, timeout_ms); + int fd = lock_file_timeout(lk, path, flags, timeout_ms, mode); if (fd < 0) { if (flags & LOCK_DIE_ON_ERROR) unable_to_lock_die(path, errno); diff --git a/lockfile.h b/lockfile.h index 9843053ce8..db93e6ba73 100644 --- a/lockfile.h +++ b/lockfile.h @@ -90,6 +90,15 @@ * functions. In particular, the state diagram and the cleanup * machinery are all implemented in the tempfile module. * + * Permission bits + * --------------- + * + * If you call either `hold_lock_file_for_update_mode` or + * `hold_lock_file_for_update_timeout_mode`, you can specify a suggested + * mode for the underlying temporary file. Note that the file isn't + * guaranteed to have this exact mode, since it may be limited by either + * the umask, 'core.sharedRepository', or both. See `adjust_shared_perm` + * for more. * * Error handling * -------------- @@ -156,12 +165,20 @@ struct lock_file { * file descriptor for writing to it, or -1 on error. If the file is * currently locked, retry with quadratic backoff for at least * timeout_ms milliseconds. If timeout_ms is 0, try exactly once; if - * timeout_ms is -1, retry indefinitely. The flags argument and error - * handling are described above. + * timeout_ms is -1, retry indefinitely. The flags argument, error + * handling, and mode are described above. */ -int hold_lock_file_for_update_timeout( +int hold_lock_file_for_update_timeout_mode( struct lock_file *lk, const char *path, - int flags, long timeout_ms); + int flags, long timeout_ms, int mode); + +static inline int hold_lock_file_for_update_timeout( + struct lock_file *lk, const char *path, + int flags, long timeout_ms) +{ + return hold_lock_file_for_update_timeout_mode(lk, path, flags, + timeout_ms, 0666); +} /* * Attempt to create a lockfile for the file at `path` and return a @@ -175,6 +192,13 @@ static inline int hold_lock_file_for_update( return hold_lock_file_for_update_timeout(lk, path, flags, 0); } +static inline int hold_lock_file_for_update_mode( + struct lock_file *lk, const char *path, + int flags, int mode) +{ + return hold_lock_file_for_update_timeout_mode(lk, path, flags, 0, mode); +} + /* * Return a nonzero value iff `lk` is currently locked. */ From patchwork Mon Apr 27 16:28:02 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Taylor Blau X-Patchwork-Id: 11512983 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 0073115E6 for ; Mon, 27 Apr 2020 16:28:09 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id D8C64206BF for ; Mon, 27 Apr 2020 16:28:08 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=ttaylorr-com.20150623.gappssmtp.com header.i=@ttaylorr-com.20150623.gappssmtp.com header.b="J6NyWK3e" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728291AbgD0Q2G (ORCPT ); Mon, 27 Apr 2020 12:28:06 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52754 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org with ESMTP id S1727073AbgD0Q2F (ORCPT ); Mon, 27 Apr 2020 12:28:05 -0400 Received: from mail-pj1-x1041.google.com (mail-pj1-x1041.google.com [IPv6:2607:f8b0:4864:20::1041]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B05CCC0610D5 for ; Mon, 27 Apr 2020 09:28:04 -0700 (PDT) Received: by mail-pj1-x1041.google.com with SMTP id mq3so7729399pjb.1 for ; Mon, 27 Apr 2020 09:28:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ttaylorr-com.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=sfmJjJOYpZpd7NyY6aMNq33Oxk35HnqhUt3ukJV1d5E=; b=J6NyWK3edw2LnUfdbhmd2GRNYVof9R7gEIT5Mif7vVLpLzTeOSmav6nbFnO65siodN 8F0U5WywwkLSqc0bBhKAI3gKrNN7pfGsG9b4c2bq6889Tl0q2RIJ4JA7H20Uotd9/m/V /BKgXeltUyfk4d+ZiUGoscb92hiRifje36roNPl3GdCfpFyaYwEOVphkAtZVZun7uacw j4lbxfubhVTaEGZaMrYS1Ca4gwhHnBUYk+hbyVD3u457wZtobzg0DTqqbtwaxO1WnLQ6 ZIGqYdnpEOqU2445LQqtpG6IOh2RucQ6Aie0qBU+TysA1L4md7VQV+2EAo35FezZUD5i XQLQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=sfmJjJOYpZpd7NyY6aMNq33Oxk35HnqhUt3ukJV1d5E=; b=MuTD0iFKvAWT3IUIydirvDA9VStpFTKrr+rxxKm3UbsezTqPS+6HcBCOhp/t46IBhB faYh/mJzMXKPB62iifzbN0yXsmb27/iHgvONd7D8OQ1XWCcnv5QYY7dlAbZerRYzuuMv PFaXStQkWHvycUxh0cbbtJCKv9N6z2wQWKkoDcJ7TsWI7tumzqAK9YMNIixR1lMb9uSV upWYH/QUMZFssip2MdEa4Q6zFkOls21sOtFP79RWJd5LEriQZrE6X38HU9ahR4yULlmq GrQCY8t8quToiWih3M3Tr0iJF3ATyd90GBQw+xktlouUJ0oewqAeX7q8T4/OYq/RKV4A 0Y1g== X-Gm-Message-State: AGi0PuZNIsvMdRdxLdrS7zhB0fEAbAMpMXwixPl4Hrm+w0oPHtZOlKqQ bNVbyYZkMyGZ6X4gF7jUMfam7wCD3jquhQ== X-Google-Smtp-Source: APiQypLAgi79d0XClDBLLavHe90Ig4O2LHNUMa6Gcb2XvwxALXQjNvCH10uu5kk9RR6VJYHO0R829Q== X-Received: by 2002:a17:90a:5aa7:: with SMTP id n36mr24928120pji.45.1588004883802; Mon, 27 Apr 2020 09:28:03 -0700 (PDT) Received: from localhost ([8.44.146.30]) by smtp.gmail.com with ESMTPSA id r23sm13202677pfr.64.2020.04.27.09.28.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 27 Apr 2020 09:28:03 -0700 (PDT) Date: Mon, 27 Apr 2020 10:28:02 -0600 From: Taylor Blau To: git@vger.kernel.org Cc: peff@peff.net, dstolee@microsoft.com, gitster@pobox.com, mhagger@alum.mit.edu Subject: [PATCH v2 3/4] commit-graph.c: write non-split graphs as read-only Message-ID: <86cf29ce9c1e6dc1fc881458c18850c2893b092a.1588004647.git.me@ttaylorr.com> References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: Sender: git-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org In the previous commit, Git learned 'hold_lock_file_for_update_mode' to allow the caller to specify the permission bits (prior to further adjustment by the umask and shared repository permissions) used when acquiring a temporary file. Use this in the commit-graph machinery for writing a non-split graph to acquire an opened temporary file with permissions read-only permissions to match the split behavior. (In the split case, Git uses git_mkstemp_mode' for each of the commit-graph layers with permission bits '0444'). One can notice this discrepancy when moving a non-split graph to be part of a new chain. This causes a commit-graph chain where all layers have read-only permission bits, except for the base layer, which is writable for the current user. Resolve this discrepancy by using the new 'hold_lock_file_for_update_mode' and passing the desired permission bits. Doing so causes some test fallout in t5318 and t6600. In t5318, this occurs in tests that corrupt a commit-graph file by writing into it. For these, 'chmod u+w'-ing the file beforehand resolves the issue. The additional spot in 'corrupt_graph_verify' is necessary because of the extra 'git commit-graph write' beforehand (which *does* rewrite the commit-graph file). In t6600, this is caused by copying a read-only commit-graph file into place and then trying to replace it. For these, make these files writable. Signed-off-by: Taylor Blau --- commit-graph.c | 3 ++- t/t5318-commit-graph.sh | 11 ++++++++++- t/t6600-test-reach.sh | 2 ++ 3 files changed, 14 insertions(+), 2 deletions(-) diff --git a/commit-graph.c b/commit-graph.c index f013a84e29..5b5047a7dd 100644 --- a/commit-graph.c +++ b/commit-graph.c @@ -1388,7 +1388,8 @@ static int write_commit_graph_file(struct write_commit_graph_context *ctx) f = hashfd(fd, ctx->graph_name); } else { - hold_lock_file_for_update(&lk, ctx->graph_name, LOCK_DIE_ON_ERROR); + hold_lock_file_for_update_mode(&lk, ctx->graph_name, + LOCK_DIE_ON_ERROR, 0444); fd = lk.tempfile->fd; f = hashfd(lk.tempfile->fd, lk.tempfile->filename.buf); } diff --git a/t/t5318-commit-graph.sh b/t/t5318-commit-graph.sh index 9bf920ae17..fb0aae61c3 100755 --- a/t/t5318-commit-graph.sh +++ b/t/t5318-commit-graph.sh @@ -96,6 +96,13 @@ test_expect_success 'write graph' ' graph_read_expect "3" ' +test_expect_success POSIXPERM 'write graph has correct permissions' ' + test_path_is_file $objdir/info/commit-graph && + echo "-r--r--r--" >expect && + test_modebits $objdir/info/commit-graph >actual && + test_cmp expect actual +' + graph_git_behavior 'graph exists' full commits/3 commits/1 test_expect_success 'Add more commits' ' @@ -421,7 +428,8 @@ GRAPH_BYTE_FOOTER=$(($GRAPH_OCTOPUS_DATA_OFFSET + 4 * $NUM_OCTOPUS_EDGES)) corrupt_graph_setup() { cd "$TRASH_DIRECTORY/full" && test_when_finished mv commit-graph-backup $objdir/info/commit-graph && - cp $objdir/info/commit-graph commit-graph-backup + cp $objdir/info/commit-graph commit-graph-backup && + chmod u+w $objdir/info/commit-graph } corrupt_graph_verify() { @@ -435,6 +443,7 @@ corrupt_graph_verify() { fi && git status --short && GIT_TEST_COMMIT_GRAPH_DIE_ON_LOAD=true git commit-graph write && + chmod u+w $objdir/info/commit-graph && git commit-graph verify } diff --git a/t/t6600-test-reach.sh b/t/t6600-test-reach.sh index b24d850036..475564bee7 100755 --- a/t/t6600-test-reach.sh +++ b/t/t6600-test-reach.sh @@ -51,8 +51,10 @@ test_expect_success 'setup' ' done && git commit-graph write --reachable && mv .git/objects/info/commit-graph commit-graph-full && + chmod u+w commit-graph-full && git show-ref -s commit-5-5 | git commit-graph write --stdin-commits && mv .git/objects/info/commit-graph commit-graph-half && + chmod u+w commit-graph-half && git config core.commitGraph true ' From patchwork Mon Apr 27 16:28:05 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Taylor Blau X-Patchwork-Id: 11512985 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 4B37B15E6 for ; Mon, 27 Apr 2020 16:28:13 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 35147206D9 for ; Mon, 27 Apr 2020 16:28:13 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=ttaylorr-com.20150623.gappssmtp.com header.i=@ttaylorr-com.20150623.gappssmtp.com header.b="gfxas3gB" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728303AbgD0Q2M (ORCPT ); Mon, 27 Apr 2020 12:28:12 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52772 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org with ESMTP id S1728287AbgD0Q2K (ORCPT ); Mon, 27 Apr 2020 12:28:10 -0400 Received: from mail-pf1-x443.google.com (mail-pf1-x443.google.com [IPv6:2607:f8b0:4864:20::443]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 85226C0610D5 for ; Mon, 27 Apr 2020 09:28:10 -0700 (PDT) Received: by mail-pf1-x443.google.com with SMTP id x2so5530777pfx.7 for ; Mon, 27 Apr 2020 09:28:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ttaylorr-com.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=8F6KzhXqp89RdN6V0M3p1ls0KC1woOV4+YC8Rtgpbso=; b=gfxas3gBGy/h19fWbt6vjUJkAITw44LDkQ3aanc2agknWG1ZuTELXD+PRkGqVm6c8T uoLOaTGBSpm5bEXHU7bSD6oPne/fDEKO4TB+CJ7QPb7+LaUqlvTwJ6hHGEh+Ru61dUNZ T950NjCptbM4fC5VYeaumg6SnxnNHrUwuzL6R4J66oTML34NiIUEmB1K8D0Ki6myW8Kh U/+13xzL2/3+Aq0/SiSus66as8aB2WnvJ2zYwW36dvtZRAgsc+Q87QUUQxn5SzoqdjKz 7ZhtBqxwF56jHkTnUOrOzkhkQvf5vM/983EdAgjX7XW3NL1nw2Bp4XfsYu++KNGcO2eZ +aCg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=8F6KzhXqp89RdN6V0M3p1ls0KC1woOV4+YC8Rtgpbso=; b=cyaPN23H0FWdX5Ltg7C2/MzBMQa9nJWyJt/lOBku3Ng9Ze4xvuPezDF2RaW2b4vYgx i3znw88x/MdHQ25Bx6Uw/47YWmq/A7VsU9pa1sfPLypOZcCxtGD1AyGGo7wWGzoQC2MM k/iKNYg1RoApA7J7wLhglbiBjkOeu/HbdooNryxR/wv1zLv49jHgGLXDUmwNcbmKeS70 67VL0ag/EoKpHyqg+mQ+R1UW8zw/oFz7IeLmIlY3i5KS7WjEAyThcQBAh6+qElt0Nhd8 xqZai4kLvgcT2+A+4xmcM2KW2dhOSmkijZCf7Rtw/pHFYjGsOa7S4za0VgKrU1Pte+jr UG0A== X-Gm-Message-State: AGi0PuYSvRE4Q9u3xxd+Vefz9NurmOi5+xzG4+K9O9av2tPKCJpJcZ8Q 9xjfufesPs00MKgdAoyTC7t59eNBnMblHw== X-Google-Smtp-Source: APiQypLCmAuE3VHrVhHY+K7/vd3XoHrCCTmG5xwEWTuw8aPyueMAYO0m9WmrlwDeJU2F3suq0CrlpA== X-Received: by 2002:aa7:9ab3:: with SMTP id x19mr24439155pfi.141.1588004887136; Mon, 27 Apr 2020 09:28:07 -0700 (PDT) Received: from localhost ([8.44.146.30]) by smtp.gmail.com with ESMTPSA id 128sm12498330pfy.5.2020.04.27.09.28.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 27 Apr 2020 09:28:06 -0700 (PDT) Date: Mon, 27 Apr 2020 10:28:05 -0600 From: Taylor Blau To: git@vger.kernel.org Cc: peff@peff.net, dstolee@microsoft.com, gitster@pobox.com, mhagger@alum.mit.edu Subject: [PATCH v2 4/4] commit-graph.c: ensure graph layers respect core.sharedRepository Message-ID: References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: Sender: git-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org Non-layered commit-graphs use 'adjust_shared_perm' to make the commit-graph file readable (or not) to a combination of the user, group, and others. Call 'adjust_shared_perm' for split-graph layers to make sure that these also respect 'core.sharedRepository'. The 'commit-graph-chain' file already respects this configuration since it uses 'hold_lock_file_for_update' (which calls 'adjust_shared_perm' eventually in 'create_tempfile_mode'). Suggested-by: Junio C Hamano Signed-off-by: Taylor Blau Signed-off-by: Taylor Blau --- commit-graph.c | 6 ++++++ t/t5324-split-commit-graph.sh | 18 ++++++++++++++++++ 2 files changed, 24 insertions(+) diff --git a/commit-graph.c b/commit-graph.c index 5b5047a7dd..d05a55901d 100644 --- a/commit-graph.c +++ b/commit-graph.c @@ -1386,6 +1386,12 @@ static int write_commit_graph_file(struct write_commit_graph_context *ctx) return -1; } + if (adjust_shared_perm(ctx->graph_name)) { + error(_("unable to adjust shared permissions for '%s'"), + ctx->graph_name); + return -1; + } + f = hashfd(fd, ctx->graph_name); } else { hold_lock_file_for_update_mode(&lk, ctx->graph_name, diff --git a/t/t5324-split-commit-graph.sh b/t/t5324-split-commit-graph.sh index 53b2e6b455..61136c737f 100755 --- a/t/t5324-split-commit-graph.sh +++ b/t/t5324-split-commit-graph.sh @@ -351,4 +351,22 @@ test_expect_success 'split across alternate where alternate is not split' ' test_cmp commit-graph .git/objects/info/commit-graph ' +while read mode modebits +do + test_expect_success POSIXPERM "split commit-graph respects core.sharedrepository $mode" ' + rm -rf $graphdir $infodir/commit-graph && + git reset --hard commits/1 && + test_config core.sharedrepository "$mode" && + git commit-graph write --split --reachable && + ls $graphdir/graph-*.graph >graph-files && + test_line_count = 1 graph-files && + echo "$modebits" >expect && + test_modebits $graphdir/graph-*.graph >actual && + test_cmp expect actual + ' +done <<\EOF +0666 -r--r--r-- +0600 -r-------- +EOF + test_done