aboutsummaryrefslogtreecommitdiff
path: root/path.c
Commit message (Collapse)AuthorAge
* Merge branch 'jc/detached-head'Junio C Hamano2007-01-11
|\ | | | | | | | | | | | | | | | | | | | | | | | | * jc/detached-head: git-checkout: handle local changes sanely when detaching HEAD git-checkout: safety check for detached HEAD checks existing refs git-checkout: fix branch name output from the command git-checkout: safety when coming back from the detached HEAD state. git-checkout: rewording comments regarding detached HEAD. git-checkout: do not warn detaching HEAD when it is already detached. Detached HEAD (experimental) git-branch: show detached HEAD git-status: show detached HEAD
| * Detached HEAD (experimental)Junio C Hamano2007-01-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This allows "git checkout v1.4.3" to dissociate the HEAD of repository from any branch. After this point, "git branch" starts reporting that you are not on any branch. You can go back to an existing branch by saying "git checkout master", for example. This is still experimental. While I think it makes sense to allow commits on top of detached HEAD, it is rather dangerous unless you are careful in the current form. Next "git checkout master" will obviously lose what you have done, so we might want to require "git checkout -f" out of a detached HEAD if we find that the HEAD commit is not an ancestor of any other branches. There is no such safety valve implemented right now. On the other hand, the reason the user did not start the ad-hoc work on a new branch with "git checkout -b" was probably because the work was of a throw-away nature, so the convenience of not having that safety valve might be even better. The user, after accumulating some commits on top of a detached HEAD, can always create a new branch with "git checkout -b" not to lose useful work done while the HEAD was detached. We'll see. Signed-off-by: Junio C Hamano <junkio@cox.net>
* | short i/o: fix calls to read to use xread or read_in_fullAndy Whitcroft2007-01-08
|/ | | | | | | | | | | We have a number of badly checked read() calls. Often we are expecting read() to read exactly the size we requested or fail, this fails to handle interrupts or short reads. Add a read_in_full() providing those semantics. Otherwise we at a minimum need to check for EINTR and EAGAIN, where this is appropriate use xread(). Signed-off-by: Andy Whitcroft <apw@shadowen.org> Signed-off-by: Junio C Hamano <junkio@cox.net>
* simplify inclusion of system header files.Junio C Hamano2006-12-20
| | | | | | | | | | | | | | | | | | | | This is a mechanical clean-up of the way *.c files include system header files. (1) sources under compat/, platform sha-1 implementations, and xdelta code are exempt from the following rules; (2) the first #include must be "git-compat-util.h" or one of our own header file that includes it first (e.g. config.h, builtin.h, pkt-line.h); (3) system headers that are included in "git-compat-util.h" need not be included in individual C source files. (4) "git-compat-util.h" does not have to include subsystem specific header files (e.g. expat.h). Signed-off-by: Junio C Hamano <junkio@cox.net>
* adjust_shared_perm: chmod() only when needed.Junio C Hamano2006-11-05
| | | | | | | | | | | When widening permission for files and directories in a 'shared' repository for a user with inappropriate umask() setting for shared work, make sure we call chmod() only when we actually need to. The primary idea owes credit to Johannes. Signed-off-by: Junio C Hamano <junkio@cox.net>
* Allow multiple "git_path()" usesLinus Torvalds2006-09-16
| | | | | | | | | | | | | This allows you to maintain a few filesystem pathnames concurrently, by simply replacing the single static "pathname" buffer with a LRU of four buffers. We did exactly the same thing with sha1_to_hex(), for pretty much exactly the same reason. Sometimes you want to use two pathnames, and while it's easy enough to xstrdup() them, why not just do the LU buffer thing. Signed-off-by: Linus Torvalds <torvalds@osdl.org> Signed-off-by: Junio C Hamano <junkio@cox.net>
* Rename safe_strncpy() to strlcpy().Peter Eriksen2006-06-24
| | | | | | | | | | | This cleans up the use of safe_strncpy() even more. Since it has the same semantics as strlcpy() use this name instead. Also move the definition from inside path.c to its own file compat/strlcpy.c, and use it conditionally at compile time, since some platforms already has strlcpy(). It's included in the same way as compat/setenv.c. Signed-off-by: Peter Eriksen <s022018@student.dtu.dk> Signed-off-by: Junio C Hamano <junkio@cox.net>
* Merge branch 'js/diff'Junio C Hamano2006-06-17
|\
| * Implement safe_strncpy() as strlcpy() and use it more.Peter Eriksen2006-06-16
| | | | | | | | | | Signed-off-by: Peter Eriksen <s022018@student.dtu.dk> Signed-off-by: Junio C Hamano <junkio@cox.net>
* | shared repository: optionally allow reading to "others".Junio C Hamano2006-06-10
|/ | | | | | | | | | | | | | | | | | | | | | This enhances core.sharedrepository to have additionally specify that read and exec permissions to be given to others as well. It is useful when serving a repository via gitweb and git-daemon that runs as a user outside the project group. The configuration item can take the following values: [core] sharedrepository ; the same as "group" sharedrepository = true ; ditto sharedrepository = 1 ; ditto sharedrepository = group ; allow rwx to group sharedrepository = all ; allow rwx to group, allow rx to other sharedrepository = umask ; not shared - use umask It also extends "git init-db" to take "--shared=all" and friends from the command line. Signed-off-by: Junio C Hamano <junkio@cox.net>
* shared repository - add a few missing calls to adjust_shared_perm().Junio C Hamano2006-06-09
| | | | | | | | | | | | | | | | | | | | | | | | | | There were a few calls to adjust_shared_perm() that were missing: - init-db creates refs, refs/heads, and refs/tags before reading from templates that could specify sharedrepository in the config file; - updating config file created it under user's umask without adjusting; - updating refs created it under user's umask without adjusting; - switching branches created .git/HEAD under user's umask without adjusting. This moves adjust_shared_perm() from sha1_file.c to path.c, since a few SIMPLE_PROGRAM need to call repository configuration functions which in turn need to call adjust_shared_perm(). sha1_file.c needs to link with SHA1 computation library which is usually not linked to SIMPLE_PROGRAM. Signed-off-by: Junio C Hamano <junkio@cox.net>
* [PATCH] daemon.c and path.enter_repo(): revamp path validation.Junio C Hamano2005-12-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The whitelist of git-daemon is checked against return value from enter_repo(), and enter_repo() used to return the value obtained from getcwd() to avoid directory aliasing issues as discussed earier (mid October 2005). Unfortunately, it did not go well as we hoped. For example, /pub on a kernel.org public machine is a symlink to its real mountpoint, and it is understandable that the administrator does not want to adjust the whitelist every time /pub needs to point at a different partition for storage allcation or whatever reasons. Being able to keep using /pub/scm as the whitelist is a desirable property. So this version of enter_repo() reports what it used to chdir() and validate, but does not use getcwd() to canonicalize the directory name. When it sees a user relative path ~user/path, it internally resolves it to try chdir() there, but it still reports ~user/path (possibly after appending .git if allowed to do so, in which case it would report ~user/path.git). What this means is that if a whitelist wants to allow a user relative path, it needs to say "~" (for all users) or list user home directories like "~alice" "~bob". And no, you cannot say /home if the advertised way to access user home directories are ~alice,~bob, etc. The whole point of this is to avoid unnecessary aliasing issues. Anyway, because of this, daemon needs to do a bit more work to guard itself. Namely, it needs to make sure that the accessor does not try to exploit its leading path match rule by inserting /../ in the middle or hanging /.. at the end. I resurrected the belts and suspender paranoia code HPA did for this purpose. This check cannot be done in the enter_repo() unconditionally, because there are valid callers of enter_repo() that want to honor /../; authorized users coming over ssh to run send-pack and fetch-pack should be allowed to do so. Signed-off-by: Junio C Hamano <junkio@cox.net>
* Check repository format version in enter_repo().Junio C Hamano2005-11-27
| | | | | | | | | After daemon, upload-pack and receive-pack find out where the git directory is and chdir() there, make sure that repository is in a format we understand, after putenv("GIT_DIR=.") so that it knows to pick up the configuration file from there. Signed-off-by: Junio C Hamano <junkio@cox.net>
* Fix "do not DWIM" patch to enter_repo"Junio C Hamano2005-11-20
| | | | | | | | | We wanted --strict to mean "do not DWIM", but the code required to see absolute path. daemon does its own path verification and chdirs to the verified repository, so enter_repo() called from upload-pack will always enter ".". Requiring absolute path does not make any sense. Signed-off-by: Junio C Hamano <junkio@cox.net>
* Fix sparse warningsTimo Hirvonen2005-11-20
| | | | | | | | | Make some functions static and convert func() function prototypes to to func(void). Fix declaration after statement, missing declaration and redundant declaration warnings. Signed-off-by: Timo Hirvonen <tihirvon@gmail.com> Signed-off-by: Junio C Hamano <junkio@cox.net>
* Do not DWIM in userpath library under strict mode.Junio C Hamano2005-11-19
| | | | | | | | | | | | | This should force git-daemon administrator's job a bit harder because the exact paths need to be given in the whitelist, but at the same time makes the auditing easier. This moves validate_symref() from refs.c to path.c, because we need to link path.c with git-daemon for its "enter_repo()", but we do not want to link the daemon with the rest of git libraries and its requirements. Signed-off-by: Junio C Hamano <junkio@cox.net>
* Library code for user-relative paths, take three.Andreas Ericsson2005-11-19
| | | | | | | | | This patch provides the work-horse of the user-relative paths feature, using Linus' idea of a blind chdir() and getcwd() which makes it remarkably simple. Signed-off-by: Andreas Ericsson <ae@op5.se> Signed-off-by: Junio C Hamano <junkio@cox.net>
* [PATCH] Provide access to git_dir through get_git_dir().Sven Verdoolaege2005-09-27
| | | | | Signed-off-by: Sven Verdoolaege <skimo@kotnet.org> Signed-off-by: Junio C Hamano <junkio@cox.net>
* Retire support for old environment variables.Junio C Hamano2005-09-09
| | | | | | | | | | We have deprecated the old environment variable names for quite a while and now it's time to remove them. Gone are: SHA1_FILE_DIRECTORIES AUTHOR_DATE AUTHOR_EMAIL AUTHOR_NAME COMMIT_AUTHOR_EMAIL COMMIT_AUTHOR_NAME SHA1_FILE_DIRECTORY Signed-off-by: Junio C Hamano <junkio@cox.net>
* Fix ?: statements.Jason Riedy2005-08-23
| | | | | | | | | Omitting the first branch in ?: is a GNU extension. Cute, but not supported by other compilers. Replaced mostly by explicit tests. Calls to getenv() simply are repeated on non-GNU compilers. Signed-off-by: Jason Riedy <ejr@cs.berkeley.edu>
* [PATCH] git_mkstemp() fixHolger Eitzenberger2005-08-08
| | | | | | | | | | git_mkstemp() attempted to use TMPDIR environment variable, but it botched copying the templates. [jc: Holger, please add your own Signed-off-by line, and also if you can, send in future patches as non attachments.] Signed-off-by: Junio C Hamano <junkio@cox.net>
* [PATCH] git: add git_mkstemp()Holger Eitzenberger2005-08-05
| | | | Signed-off-by: Junio C Hamano <junkio@cox.net>
* Add "mkpath()" helper functionLinus Torvalds2005-07-08
I'm bored with doing it by hand all the time.