From patchwork Fri Sep 20 00:00:21 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Derrick Stolee X-Patchwork-Id: 13808045 Received: from mail-ej1-f54.google.com (mail-ej1-f54.google.com [209.85.218.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7AF3413C3D3 for ; Fri, 20 Sep 2024 00:00:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.54 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726790431; cv=none; b=RjdrQPkWbkKeLdzXGgANTPINCCJ5hNbZIxiXTj1YjYdUXBHtw6kuGsoQacDVKHCVvU2dD8WiZZW/U5WYMDcphdKS5m73vmL75qLX7/5gQ7cLDhtndUIaukPKUhXM2EsMac9o/vcaxPQQTXlpUzDlkJeOiyYJLHIiCAjgB48Zgjw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726790431; c=relaxed/simple; bh=nJ5GcEt9feTFmwqaJP28slBE2482mb3Ne5AZvx5atvc=; h=Message-Id:In-Reply-To:References:From:Date:Subject:Content-Type: MIME-Version:To:Cc; b=slEv6ptRWBdRQyOiabTtla5zgbk/dulv9RTz+jcOdDsJFu66w8odYksaz6WLHqxJcXKDqPSBJOPJ84i5MiMCs+BLwGXBF1EBiHM5YHAEa8iDz2ynUNOYL+JtPZqJ5royZYQK4w+cnJyuFRWxdy6JZ5Q4U12jOMFLsnVVl0d7j4w= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=cpNZexxq; arc=none smtp.client-ip=209.85.218.54 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="cpNZexxq" Received: by mail-ej1-f54.google.com with SMTP id a640c23a62f3a-a8b155b5e9eso191003366b.1 for ; Thu, 19 Sep 2024 17:00:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1726790427; x=1727395227; darn=vger.kernel.org; h=cc:to:mime-version:content-transfer-encoding:fcc:subject:date:from :references:in-reply-to:message-id:from:to:cc:subject:date :message-id:reply-to; bh=ZaNY5ZrJNkAbTfnuqRBQuw+hE4fk+SzWL4Ia8fQykHU=; b=cpNZexxqcKSPPM53ksJyE6SYwxRa4gt+wK9UEyTCXGdko3xiHyfyLL8CxFYJGNDTNr V7NfSKeZAsgxhDPlnWS/h9YMHCRSd0zLb9YxOi3NH1qW3yDjvOMQyaE3eqer2RHT1aHy ple/T90RT+gy7oUmN+LRsj+UF5eJGSSHJV9As7Fzen4ivsgZbD0+4BU+NIcZi7SEx+8G NYdRVij22bdenRANeT4afeKGV3x1WoQ3MSriABIBBFt1sXz65+uoi5y40W9HTp3anyzi YMLcn9/on4h1ts/Mlh8DDaw1Oxe3rkY1c4RKboTe0Ltf4l6Hm+z/tUxH+APLotN5vQA/ tLvQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1726790427; x=1727395227; h=cc:to:mime-version:content-transfer-encoding:fcc:subject:date:from :references:in-reply-to:message-id:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ZaNY5ZrJNkAbTfnuqRBQuw+hE4fk+SzWL4Ia8fQykHU=; b=cOuR5xqgwgb7wKEv6jGZGky3MWovdXOL1+S2luep4jLRxDGl/+CAl3edE5dBJmH4MP duV/kbaq2iCk0Tz9S4VQ4A26fZSDppoSymk6B59tVju0bf2Zvf6l0PY0edrhZtok70iq U1ZgwRFxWaoCO7utfsgNcP7R1csVsY41lrqnisteY4jiGnAcSr0j0cwogwavmFZGKEWq 6HubXWPPAF01FEL+7MRXWJp3ntqCHC9KLs3q5DwOKZwi5QvFb4V+ztkbTlbhknvj2XEu YPJVjI0JlkAsMH4Y8DDP9tvQzlMXrrjAz+/o0KrYiaNguv6YoWiMVS0rBG9+Qc/jNLwQ lxYw== X-Gm-Message-State: AOJu0Yx6huBxFzWJqVuXGlkU7kmS8D0BFELSOu6aMOJ/bYrxjR1mKtHW h3WEAEqp5rLnY/afJgW5tkRdUWLDPFIGsDgUHwSXUhWiEnxUUMjy4S18Dg== X-Google-Smtp-Source: AGHT+IGNX87WpACRwvMD5MhgTt20Ij3wegqkJjAAd0u5ajkVciJQKD+R642rLwbsSivoRGBgMm4iLw== X-Received: by 2002:a17:906:d259:b0:a7a:9ca6:528 with SMTP id a640c23a62f3a-a90d4fc8f40mr58730466b.11.1726790427039; Thu, 19 Sep 2024 17:00:27 -0700 (PDT) Received: from [127.0.0.1] ([13.74.141.28]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a90613338f4sm773076966b.216.2024.09.19.17.00.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 19 Sep 2024 17:00:26 -0700 (PDT) Message-Id: <1e9bf2d09c17bc0cdcd0a8f8dbacab007e5c53e7.1726790424.git.gitgitgadget@gmail.com> In-Reply-To: References: Date: Fri, 20 Sep 2024 00:00:21 +0000 Subject: [PATCH 1/3] credential: add new interactive config option Fcc: Sent Precedence: bulk X-Mailing-List: git@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 To: git@vger.kernel.org Cc: gitster@pobox.com, liuzhongbo.gg@gmail.com, Johannes.Schindelin@gmx.de, Derrick Stolee , Derrick Stolee From: Derrick Stolee From: Derrick Stolee When scripts or background maintenance wish to perform HTTP(S) requests, there is a risk that our stored credentials might be invalid. At the moment, this causes the credential helper to ping the user and block the process. Even if the credential helper does not ping the user, Git falls back to the 'askpass' method, which includes a direct ping to the user via the terminal. Even setting the 'core.askPass' config as something like 'echo' will causes Git to fallback to a terminal prompt. It uses git_terminal_prompt(), which finds the terminal from the environment and ignores whether stdin has been redirected. This can also block the process awaiting input. Create a new config option to prevent user interaction, favoring a failure to a blocked process. The chosen name, 'credential.interactive', is taken from the config option used by Git Credential Manager to already avoid user interactivity, so there is already one credential helper that integrates with this option. However, older versions of Git Credential Manager also accepted other string values, including 'auto', 'never', and 'always'. The modern use is to use a boolean value, but we should still be careful that some users could have these non-booleans. Further, we should respect 'never' the same as 'false'. This is respected by the implementation and test, but not mentioned in the documentation. The implementation for the Git interactions takes place within credential_getpass(). The method prototype is modified to return an 'int' instead of 'void'. This allows us to detect that no attempt was made to fill the given credential, changing the single caller slightly. Also, a new trace2 region is added around the interactive portion of the credential request. This provides a way to measure the amount of time spent in that region for commands that _are_ interactive. It also makes a conventient way to test that the config option works with 'test_region'. Signed-off-by: Derrick Stolee --- Documentation/config/credential.txt | 8 ++++++++ credential.c | 30 ++++++++++++++++++++++++++--- t/t5551-http-fetch-smart.sh | 22 +++++++++++++++++++++ 3 files changed, 57 insertions(+), 3 deletions(-) diff --git a/Documentation/config/credential.txt b/Documentation/config/credential.txt index 0221c3e620d..470482ff4c2 100644 --- a/Documentation/config/credential.txt +++ b/Documentation/config/credential.txt @@ -9,6 +9,14 @@ credential.helper:: Note that multiple helpers may be defined. See linkgit:gitcredentials[7] for details and examples. +credential.interactive:: + By default, Git and any configured credential helpers will ask for + user input when new credentials are required. Many of these helpers + will succeed based on stored credentials if those credentials are + still valid. To avoid the possibility of user interactivity from + Git, set `credential.interactive=false`. Some credential helpers + respect this option as well. + credential.useHttpPath:: When acquiring credentials, consider the "path" component of an http or https URL to be important. Defaults to false. See diff --git a/credential.c b/credential.c index ee46351ce01..6dea3859ece 100644 --- a/credential.c +++ b/credential.c @@ -13,6 +13,8 @@ #include "strbuf.h" #include "urlmatch.h" #include "git-compat-util.h" +#include "trace2.h" +#include "repository.h" void credential_init(struct credential *c) { @@ -251,14 +253,36 @@ static char *credential_ask_one(const char *what, struct credential *c, return xstrdup(r); } -static void credential_getpass(struct credential *c) +static int credential_getpass(struct credential *c) { + int interactive; + char *value; + if (!git_config_get_maybe_bool("credential.interactive", &interactive) && + !interactive) { + trace2_data_intmax("credential", the_repository, + "interactive/skipped", 1); + return -1; + } + if (!git_config_get_string("credential.interactive", &value)) { + int same = !strcmp(value, "never"); + free(value); + if (same) { + trace2_data_intmax("credential", the_repository, + "interactive/skipped", 1); + return -1; + } + } + + trace2_region_enter("credential", "interactive", the_repository); if (!c->username) c->username = credential_ask_one("Username", c, PROMPT_ASKPASS|PROMPT_ECHO); if (!c->password) c->password = credential_ask_one("Password", c, PROMPT_ASKPASS); + trace2_region_leave("credential", "interactive", the_repository); + + return 0; } int credential_has_capability(const struct credential_capability *capa, @@ -501,8 +525,8 @@ void credential_fill(struct credential *c, int all_capabilities) c->helpers.items[i].string); } - credential_getpass(c); - if (!c->username && !c->password && !c->credential) + if (credential_getpass(c) || + (!c->username && !c->password && !c->credential)) die("unable to get password from user"); } diff --git a/t/t5551-http-fetch-smart.sh b/t/t5551-http-fetch-smart.sh index 7b5ab0eae16..ceb3336a5c4 100755 --- a/t/t5551-http-fetch-smart.sh +++ b/t/t5551-http-fetch-smart.sh @@ -186,6 +186,28 @@ test_expect_success 'clone from password-protected repository' ' test_cmp expect actual ' +test_expect_success 'credential.interactive=false skips askpass' ' + set_askpass bogus nonsense && + ( + GIT_TRACE2_EVENT="$(pwd)/interactive-true" && + export GIT_TRACE2_EVENT && + test_must_fail git clone --bare "$HTTPD_URL/auth/smart/repo.git" interactive-true-dir && + test_region credential interactive interactive-true && + + GIT_TRACE2_EVENT="$(pwd)/interactive-false" && + export GIT_TRACE2_EVENT && + test_must_fail git -c credential.interactive=false \ + clone --bare "$HTTPD_URL/auth/smart/repo.git" interactive-false-dir && + test_region ! credential interactive interactive-false && + + GIT_TRACE2_EVENT="$(pwd)/interactive-never" && + export GIT_TRACE2_EVENT && + test_must_fail git -c credential.interactive=never \ + clone --bare "$HTTPD_URL/auth/smart/repo.git" interactive-never-dir && + test_region ! credential interactive interactive-never + ) +' + test_expect_success 'clone from auth-only-for-push repository' ' echo two >expect && set_askpass wrong && From patchwork Fri Sep 20 00:00:22 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Derrick Stolee X-Patchwork-Id: 13808046 Received: from mail-ej1-f51.google.com (mail-ej1-f51.google.com [209.85.218.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2398241C92 for ; Fri, 20 Sep 2024 00:00:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.51 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726790432; cv=none; b=SF/15i5Oqq2+DNkB6lNOn/OBoHqgfNvEsE0pKm9ZxpheA5dBE1xA6dK//52Py331wqdNqyy1AhGyQMvagW7qhb0ARoewttjtOup4Yf0PiNU0P6QJ4m29hI8PzowkKalP1bZZ/fAxWnXIzdBRfCFKyeQkPiNtB40MxZVQ+JQD5YM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726790432; c=relaxed/simple; bh=bfOCKCTlFU6jon/tB4FzjZNEA3yxa8FbRy92NYJXXb4=; h=Message-Id:In-Reply-To:References:From:Date:Subject:Content-Type: MIME-Version:To:Cc; b=NEztGrrdJ1endXAxjR7SPCKoU8B+chyYtBxym8f2D14SkrFnyhkYqRxZ0QGx+ZImDrnjhvVQxVoNp1RxTaLPfO7vo4dY1iJrJME1kAASwaMp5D0ZGBBbcyjYqNEmMlMcoeNCh298rhLNX2m5eYfQsmJsOVSFxCsyha1V38VjU7c= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=gNI9JSFk; arc=none smtp.client-ip=209.85.218.51 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="gNI9JSFk" Received: by mail-ej1-f51.google.com with SMTP id a640c23a62f3a-a90188ae58eso163590766b.1 for ; Thu, 19 Sep 2024 17:00:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1726790428; x=1727395228; darn=vger.kernel.org; h=cc:to:mime-version:content-transfer-encoding:fcc:subject:date:from :references:in-reply-to:message-id:from:to:cc:subject:date :message-id:reply-to; bh=Zn2VvYMaX2jowQ9KvLyXF4ojiTu99UsbKunJ0nKqWrk=; b=gNI9JSFkaR91IfYrS1xPKboL/UFvRz+7LLoacX87QYzIEVwslNbry+mSpiunk2prBP jdIQR13KrJzdG489e1TJ6LcjPZyuGptHuhUYSR556wHKxDRh/bO7ybHxn7N6Qpb04g3V X3iZS+azjSQiz83eKcMytwqe2CS/ygmdGhw886aBw/JL9ctFe6M79LRUbK5+HYN5sz4C TUwmYUV1oJn2qeLWhZJ9ry52r2OM1ys8C+YuDd4BHskD+/sW89kxqN9eGFHL5oZ4Ujlf O6jIPFjszQ8/4Dqahv5mM/ogLp1hEpNmkQRkIw5HPloUd3aHsxCKUYKTMWGYq8E1nGuT oMmg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1726790428; x=1727395228; h=cc:to:mime-version:content-transfer-encoding:fcc:subject:date:from :references:in-reply-to:message-id:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Zn2VvYMaX2jowQ9KvLyXF4ojiTu99UsbKunJ0nKqWrk=; b=og8FdxDIiMwsjwVfZdvSgZv6cuxdiW4cYEykKozVHM5BnRTSiPxQ+ycZser8D0Gc8K AYqWHnmlZZi5aHyp5amFttuHZ+qRNwZmuA8dkjjfwWzF9up1xr7NNQRPU8j3F0w9orP2 jsMDy5BdrCdJiHFsBc9XjNcYUsZG4C9mQVbBBxCDJ3qW2MmdZYtZbOvgFn/hd3s/TVj4 CdZ21cv+ebglincwFQoVUCSMoR2Rewx3SOZPb0OHnm1aIaQYVcuBgwTIGkrzcJ4wWr9h nULSUuWqZH49ycG3036wFajwRrvReunZrd/4TCpuV9zXzZA41mBHbXrFYSRlIluZhyDB E6Fg== X-Gm-Message-State: AOJu0YzUjK/NuHXuoVzJg1Z4+pvtK948Q3AdrILByOHH9eK2DlB2twmd KQUDcPfnet2TGt1xfDwWH3mL9ouMVg8idTqSaLRDwYPG+I06UUYLliMMkg== X-Google-Smtp-Source: AGHT+IEGLy56e0LMTafKUx1bzSBvnOED+5B0P3YTq6c02bnJ+FyGSDotmYR9pVyQ/60a/V3xShD++g== X-Received: by 2002:a17:907:e248:b0:a86:a013:2161 with SMTP id a640c23a62f3a-a90d572c396mr54695266b.30.1726790427785; Thu, 19 Sep 2024 17:00:27 -0700 (PDT) Received: from [127.0.0.1] ([13.74.141.28]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a90612dfa6bsm778029066b.154.2024.09.19.17.00.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 19 Sep 2024 17:00:27 -0700 (PDT) Message-Id: <92ee323d31bf43decf0f230a7cc36b0f942bde6b.1726790424.git.gitgitgadget@gmail.com> In-Reply-To: References: Date: Fri, 20 Sep 2024 00:00:22 +0000 Subject: [PATCH 2/3] maintenance: add custom config to background jobs Fcc: Sent Precedence: bulk X-Mailing-List: git@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 To: git@vger.kernel.org Cc: gitster@pobox.com, liuzhongbo.gg@gmail.com, Johannes.Schindelin@gmx.de, Derrick Stolee , Derrick Stolee From: Derrick Stolee From: Derrick Stolee At the moment, some background jobs are getting blocked on credentials during the 'prefetch' task. This leads to other tasks, such as incremental repacks, getting blocked. Further, if a user manages to fix their credentials, then they still need to cancel the background process before their background maintenance can continue working. Update the background schedules for our four scheduler integrations to include these config options via '-c' options: * 'credential.interactive=false' will stop Git and some credential helpers from prompting in the UI (assuming the '-c' parameters are carried through and respected by GCM). * 'core.askPass=true' will replace the text fallback for a username and password into the 'true' command, which will return a success in its exit code, but Git will treat the empty string returned as an invalid password and move on. We can do some testing that the credentials are passed, at least in the systemd case due to writing the service files. Signed-off-by: Derrick Stolee --- builtin/gc.c | 53 ++++++++++++++++++++++++++++++++++++------ t/t7900-maintenance.sh | 3 +++ 2 files changed, 49 insertions(+), 7 deletions(-) diff --git a/builtin/gc.c b/builtin/gc.c index 7dac9714054..fb1be542e06 100644 --- a/builtin/gc.c +++ b/builtin/gc.c @@ -1766,6 +1766,42 @@ static const char *get_frequency(enum schedule_priority schedule) } } +static const char *extraconfig[] = { + "credential.interactive=false", + "core.askPass=true", /* 'true' returns success, but no output. */ + NULL +}; + +static const char *get_extra_config_parameters(void) { + static const char *result = NULL; + struct strbuf builder = STRBUF_INIT; + + if (result) + return result; + + for (const char **s = extraconfig; s && *s; s++) + strbuf_addf(&builder, "-c %s ", *s); + + result = strbuf_detach(&builder, NULL); + return result; +} + +static const char *get_extra_launchctl_strings(void) { + static const char *result = NULL; + struct strbuf builder = STRBUF_INIT; + + if (result) + return result; + + for (const char **s = extraconfig; s && *s; s++) { + strbuf_addstr(&builder, "-c\n"); + strbuf_addf(&builder, "%s\n", *s); + } + + result = strbuf_detach(&builder, NULL); + return result; +} + /* * get_schedule_cmd` reads the GIT_TEST_MAINT_SCHEDULER environment variable * to mock the schedulers that `git maintenance start` rely on. @@ -1972,6 +2008,7 @@ static int launchctl_schedule_plist(const char *exec_path, enum schedule_priorit "\n" "%s/git\n" "--exec-path=%s\n" + "%s" /* For extra config parameters. */ "for-each-repo\n" "--keep-going\n" "--config=maintenance.repo\n" @@ -1981,7 +2018,8 @@ static int launchctl_schedule_plist(const char *exec_path, enum schedule_priorit "\n" "StartCalendarInterval\n" "\n"; - strbuf_addf(&plist, preamble, name, exec_path, exec_path, frequency); + strbuf_addf(&plist, preamble, name, exec_path, exec_path, + get_extra_launchctl_strings(), frequency); switch (schedule) { case SCHEDULE_HOURLY: @@ -2216,11 +2254,12 @@ static int schtasks_schedule_task(const char *exec_path, enum schedule_priority "\n" "\n" "\"%s\\headless-git.exe\"\n" - "--exec-path=\"%s\" for-each-repo --keep-going --config=maintenance.repo maintenance run --schedule=%s\n" + "--exec-path=\"%s\" %s for-each-repo --keep-going --config=maintenance.repo maintenance run --schedule=%s\n" "\n" "\n" "\n"; - fprintf(tfile->fp, xml, exec_path, exec_path, frequency); + fprintf(tfile->fp, xml, exec_path, exec_path, + get_extra_config_parameters(), frequency); strvec_split(&child.args, cmd); strvec_pushl(&child.args, "/create", "/tn", name, "/f", "/xml", get_tempfile_path(tfile), NULL); @@ -2361,8 +2400,8 @@ static int crontab_update_schedule(int run_maintenance, int fd) "# replaced in the future by a Git command.\n\n"); strbuf_addf(&line_format, - "%%d %%s * * %%s \"%s/git\" --exec-path=\"%s\" for-each-repo --keep-going --config=maintenance.repo maintenance run --schedule=%%s\n", - exec_path, exec_path); + "%%d %%s * * %%s \"%s/git\" --exec-path=\"%s\" %s for-each-repo --keep-going --config=maintenance.repo maintenance run --schedule=%%s\n", + exec_path, exec_path, get_extra_config_parameters()); fprintf(cron_in, line_format.buf, minute, "1-23", "*", "hourly"); fprintf(cron_in, line_format.buf, minute, "0", "1-6", "daily"); fprintf(cron_in, line_format.buf, minute, "0", "0", "weekly"); @@ -2562,7 +2601,7 @@ static int systemd_timer_write_service_template(const char *exec_path) "\n" "[Service]\n" "Type=oneshot\n" - "ExecStart=\"%s/git\" --exec-path=\"%s\" for-each-repo --keep-going --config=maintenance.repo maintenance run --schedule=%%i\n" + "ExecStart=\"%s/git\" --exec-path=\"%s\" %s for-each-repo --keep-going --config=maintenance.repo maintenance run --schedule=%%i\n" "LockPersonality=yes\n" "MemoryDenyWriteExecute=yes\n" "NoNewPrivileges=yes\n" @@ -2572,7 +2611,7 @@ static int systemd_timer_write_service_template(const char *exec_path) "RestrictSUIDSGID=yes\n" "SystemCallArchitectures=native\n" "SystemCallFilter=@system-service\n"; - if (fprintf(file, unit, exec_path, exec_path) < 0) { + if (fprintf(file, unit, exec_path, exec_path, get_extra_config_parameters()) < 0) { error(_("failed to write to '%s'"), filename); fclose(file); goto error; diff --git a/t/t7900-maintenance.sh b/t/t7900-maintenance.sh index abae7a97546..3cd7e1fcacb 100755 --- a/t/t7900-maintenance.sh +++ b/t/t7900-maintenance.sh @@ -825,6 +825,9 @@ test_expect_success 'start and stop Linux/systemd maintenance' ' test_systemd_analyze_verify "systemd/user/git-maintenance@daily.service" && test_systemd_analyze_verify "systemd/user/git-maintenance@weekly.service" && + grep "core.askPass=true" "systemd/user/git-maintenance@.service" && + grep "credential.interactive=false" "systemd/user/git-maintenance@.service" && + printf -- "--user enable --now git-maintenance@%s.timer\n" hourly daily weekly >expect && test_cmp expect args && From patchwork Fri Sep 20 00:00:23 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Derrick Stolee X-Patchwork-Id: 13808047 Received: from mail-ej1-f49.google.com (mail-ej1-f49.google.com [209.85.218.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0D05D13C918 for ; Fri, 20 Sep 2024 00:00:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.49 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726790432; cv=none; b=chvQXE7i3myBA1f9Vu1Q651YHKdhJarxPjq7OFNxw2EVMMC2TFGNs5NSr0mk8HGVJv/aYXthhHPLGFeb2AKQbQNn3b5F886kIYd3GQCk2aPO04d5O7/fMRwJfM7nrhY173hiJkI56Yx4v28u/T2uSVUaOpqUo0vJofeHqZAhczk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726790432; c=relaxed/simple; bh=zmAeWEbtyBU1ObjsA18J2rnbBR18NI6+nSIPAJc9tco=; h=Message-Id:In-Reply-To:References:From:Date:Subject:Content-Type: MIME-Version:To:Cc; b=DVaJpbQhYHy+n6mo65f9ClFoiqm2Lc+XIYqElXnIosezUdCRDyEpXnhpPAVeK8EBoKrC6FtjoId0TWWwuVeF0mUYTMei3nLrWd3qCv1I/zPViilobiHjhp2/+Ply9ScFTL7hAzT4Htl0a9PEkmMb+KyHkvpm6hNtYhxAesoBTjw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=j6LSBDne; arc=none smtp.client-ip=209.85.218.49 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="j6LSBDne" Received: by mail-ej1-f49.google.com with SMTP id a640c23a62f3a-a8d0d0aea3cso172866666b.3 for ; Thu, 19 Sep 2024 17:00:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1726790429; x=1727395229; darn=vger.kernel.org; h=cc:to:mime-version:content-transfer-encoding:fcc:subject:date:from :references:in-reply-to:message-id:from:to:cc:subject:date :message-id:reply-to; bh=M7G7St/r/lyqHyt3Rm6IJTQC3KyQ+9iSx+ceZ37iBqg=; b=j6LSBDneyYFxNStirbvIScG2/Hp9q6f+NiGE+tKndC9Lih7zumV1xRPRIB5yAbgugo zTXim7CIPLcjPHBpCqLPjqDEO8bz2UCZ2kBRWFcUmaO0W3V8+woHOWGQaUHDPrrzFtsu +cXCW9X4NF4nIjKG0CIEyzpwdQQgVzbnUheBOssesC87Gj5J/9Fs9unotszZGP59UPdJ pz5Tb+FVbEX9ERV9UN19vEuGWzogJ69zsPG9FJrC1rlkG+amBGIOnDD38xyYJtBx5JGF XV/fIzOVJ0B2w9nQzcb9yC9n4IIYnUXosgPGlLLdnpWs392pAJ5e5NLXaEI9RDcps7nH RJKg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1726790429; x=1727395229; h=cc:to:mime-version:content-transfer-encoding:fcc:subject:date:from :references:in-reply-to:message-id:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=M7G7St/r/lyqHyt3Rm6IJTQC3KyQ+9iSx+ceZ37iBqg=; b=t0LbiEpSs2GyDZLk0XN0R7YQOdaOqpq+U70ZTvQSqGRqiAO0Ty8wf3HarVTQ2Dd09G QAJcALnDXMZXuOqEpRq4gBH4f/oa9OglqZ7/UJc3UUhypBNDlF+jLnx+kBNnjwVhWSaF E8aHPYeBFoY0pdo1AemuaM/k+zLiRG2zjXEwyNPoLeIlwFIy4uajtBQTznxOsb6fDljB k17R1KWoNVFW9BimL/7X83eOkttCZW+ImqhDA9fwCLDbZYzqqOrRWvHTHHzxhkb3vFdS 4rDFE23a2jyxluPTgfLCPdt0+bR6Pkom69ENlyaM/BvuKBgXzf4jOzzvL4TL7ppAxBdD jVSg== X-Gm-Message-State: AOJu0YwvA/hCcxjaEgQQ2xavbq5P34mBC629knAYQ6Af/QknS4hc5gM4 PG31pg2RK0cUIQ0rqxs31Ix4zJxDsdo+tw7aW+Xvqv0A8ebVc+59c9vf6Q== X-Google-Smtp-Source: AGHT+IFJAmMqxP6GLmznaiTL7qaT+e7RrMELrEIfyT59rvoDSLP4nYTEFqDLMJ+icw2NPz8noBZTQA== X-Received: by 2002:a17:907:c7d4:b0:a8d:75ab:17aa with SMTP id a640c23a62f3a-a90d5033ffcmr62764066b.37.1726790428491; Thu, 19 Sep 2024 17:00:28 -0700 (PDT) Received: from [127.0.0.1] ([13.74.141.28]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a90610f3a92sm767168566b.81.2024.09.19.17.00.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 19 Sep 2024 17:00:28 -0700 (PDT) Message-Id: <965a08a5d526ae75428727d0f9aa22ea22a25ed9.1726790424.git.gitgitgadget@gmail.com> In-Reply-To: References: Date: Fri, 20 Sep 2024 00:00:23 +0000 Subject: [PATCH 3/3] scalar: configure maintenance during 'reconfigure' Fcc: Sent Precedence: bulk X-Mailing-List: git@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 To: git@vger.kernel.org Cc: gitster@pobox.com, liuzhongbo.gg@gmail.com, Johannes.Schindelin@gmx.de, Derrick Stolee , Derrick Stolee From: Derrick Stolee From: Derrick Stolee The 'scalar reconfigure' command is intended to update registered repos with the latest settings available. However, up to now we were not reregistering the repos with background maintenance. In particular, this meant that the background maintenance schedule would not be updated if there are improvements between versions. Be sure to register repos for maintenance during the reconfigure step. Signed-off-by: Derrick Stolee --- scalar.c | 3 +++ t/t9210-scalar.sh | 7 +++++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/scalar.c b/scalar.c index 09560aeab54..73b79a5d4c9 100644 --- a/scalar.c +++ b/scalar.c @@ -733,6 +733,9 @@ static int cmd_reconfigure(int argc, const char **argv) the_repository = old_repo; + if (toggle_maintenance(1) >= 0) + succeeded = 1; + loop_end: if (!succeeded) { res = -1; diff --git a/t/t9210-scalar.sh b/t/t9210-scalar.sh index e8613990e13..027235d61aa 100755 --- a/t/t9210-scalar.sh +++ b/t/t9210-scalar.sh @@ -194,8 +194,11 @@ test_expect_success 'scalar reconfigure' ' scalar reconfigure one && test true = "$(git -C one/src config core.preloadIndex)" && git -C one/src config core.preloadIndex false && - scalar reconfigure -a && - test true = "$(git -C one/src config core.preloadIndex)" + rm one/src/cron.txt && + GIT_TRACE2_EVENT="$(pwd)/reconfigure" scalar reconfigure -a && + test_path_is_file one/src/cron.txt && + test true = "$(git -C one/src config core.preloadIndex)" && + test_subcommand git maintenance start