From patchwork Wed Apr 29 17:36:31 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Taylor Blau X-Patchwork-Id: 11518037 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 75CEA92C for ; Wed, 29 Apr 2020 17:36:35 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 5D0D5208FE for ; Wed, 29 Apr 2020 17:36:35 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=ttaylorr-com.20150623.gappssmtp.com header.i=@ttaylorr-com.20150623.gappssmtp.com header.b="zUPKp1OL" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726836AbgD2Rge (ORCPT ); Wed, 29 Apr 2020 13:36:34 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34392 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org with ESMTP id S1726423AbgD2Rge (ORCPT ); Wed, 29 Apr 2020 13:36:34 -0400 Received: from mail-pl1-x641.google.com (mail-pl1-x641.google.com [IPv6:2607:f8b0:4864:20::641]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 466C8C03C1AE for ; Wed, 29 Apr 2020 10:36:34 -0700 (PDT) Received: by mail-pl1-x641.google.com with SMTP id n24so1077608plp.13 for ; Wed, 29 Apr 2020 10:36:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ttaylorr-com.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=d2eX3af3CZCo1adjL+hWq+uGifBkGN7Lpw1GojnJ2ak=; b=zUPKp1OLp94jtQe1pK77tFzwWAh9l+XYowJFwRDd6oG8okDAuC6EFe58EvtDzfLEu6 F+H9FZfXsGRCz8nUUoLWZN7hjBEa7Tj4or6oB44Sxth8bffxABi5cdIHU34ptaHQ3krg X4vkdOm0iKEkkBnf33AebultHl0s0sccs86JB0/D+X0IHcATxjgU2XB6VRsCDEBXiwpJ zFh/X7/9du3KDL6Xr2Fvg0/QNYcFqpZw+9XCU4Uzvh/Vp0oEqprn29Ro74yqU0KC61or RLrzy6p05uIpvZnliZwReKM1ooF+HpGE55d+4z768l4KLiX1ZKD9qL6s3e0oXq2JtQA3 xzuw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=d2eX3af3CZCo1adjL+hWq+uGifBkGN7Lpw1GojnJ2ak=; b=MsHa8f2oJ4B8UhBqL/0Q91vVPdGzuoN3TeSiv0CEnly+vhw/WcOuqHzQZtJwP39v/m zlOcsdE1r9neBIY7EIIOJhoY/7QQR5lR0ibOriFJzv/TxVX+/iyNSb3PA0RoLVS4r5lm jH4pNR5LC8teSQdcmb5mB9mhNZn2hhjM9u6zvkJIHl16EinTDWZ5jdD27RYLdF80Ut57 mBr+Nu6zp3ASQsheI29wRhhU67uXYBJPzykJnDakvgADoxGicEtu3Y+N0myKSNpXdxz6 9ulu6w0jJgkDEb9uwSwqK6PMJ6UAjFmXhlBQb6GBKHSzlvSJsvO3VwYJVlGE5f2AHtZR /6Ew== X-Gm-Message-State: AGi0PubfmRhmmWu6s0TsVROFFyGTHi64M1Dff1ElGxo2aQkA98UPOkQy +VHpFoKXp3O6ggUUO2uCbOxIpcsvFh8bIA== X-Google-Smtp-Source: APiQypJGllwHbbWNPty2Bl5XJSbgEoukFil8npuqh2msIsovJOAZud6UxpbhnO5VX3UlDeCs4zMjzw== X-Received: by 2002:a17:90a:a402:: with SMTP id y2mr4703542pjp.24.1588181793346; Wed, 29 Apr 2020 10:36:33 -0700 (PDT) Received: from localhost ([8.44.146.30]) by smtp.gmail.com with ESMTPSA id j2sm1570763pfb.73.2020.04.29.10.36.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 29 Apr 2020 10:36:32 -0700 (PDT) Date: Wed, 29 Apr 2020 11:36:31 -0600 From: Taylor Blau To: git@vger.kernel.org Cc: peff@peff.net, dstolee@microsoft.com, gitster@pobox.com, mhagger@alum.mit.edu Subject: [PATCH v3 1/5] tempfile.c: introduce 'create_tempfile_mode' Message-ID: <03c975b0bd0cd3dd5d693187f12f45fd7565016c.1588181626.git.me@ttaylorr.com> References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: Sender: git-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org In the next patch, 'hold_lock_file_for_update' will gain an additional 'mode' parameter to specify permissions for the associated temporary file. Since the lockfile.c machinery uses 'create_tempfile' which always creates a temporary file with global read-write permissions, introduce a variant here that allows specifying the mode. Note that the mode given to 'create_tempfile_mode' is not guaranteed to be written to disk, since it is subject to both the umask and 'core.sharedRepository'. Arguably, all temporary files should have permission 0444, since they are likely to be renamed into place and then not written to again. This is a much larger change than we may want to take on in this otherwise small patch, so for the time being, make 'create_tempfile' behave as it has always done by inlining it to 'create_tempfile_mode' with mode set to '0666'. Signed-off-by: Taylor Blau --- tempfile.c | 6 +++--- tempfile.h | 10 +++++++++- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/tempfile.c b/tempfile.c index d43ad8c191..94aa18f3f7 100644 --- a/tempfile.c +++ b/tempfile.c @@ -130,17 +130,17 @@ static void deactivate_tempfile(struct tempfile *tempfile) } /* Make sure errno contains a meaningful value on error */ -struct tempfile *create_tempfile(const char *path) +struct tempfile *create_tempfile_mode(const char *path, int mode) { struct tempfile *tempfile = new_tempfile(); strbuf_add_absolute_path(&tempfile->filename, path); tempfile->fd = open(tempfile->filename.buf, - O_RDWR | O_CREAT | O_EXCL | O_CLOEXEC, 0666); + O_RDWR | O_CREAT | O_EXCL | O_CLOEXEC, mode); if (O_CLOEXEC && tempfile->fd < 0 && errno == EINVAL) /* Try again w/o O_CLOEXEC: the kernel might not support it */ tempfile->fd = open(tempfile->filename.buf, - O_RDWR | O_CREAT | O_EXCL, 0666); + O_RDWR | O_CREAT | O_EXCL, mode); if (tempfile->fd < 0) { deactivate_tempfile(tempfile); return NULL; diff --git a/tempfile.h b/tempfile.h index cddda0a33c..4de3bc77d2 100644 --- a/tempfile.h +++ b/tempfile.h @@ -88,8 +88,16 @@ struct tempfile { * Attempt to create a temporary file at the specified `path`. Return * a tempfile (whose "fd" member can be used for writing to it), or * NULL on error. It is an error if a file already exists at that path. + * Note that `mode` will be further modified by the umask, and possibly + * `core.sharedRepository`, so it is not guaranteed to have the given + * mode. */ -struct tempfile *create_tempfile(const char *path); +struct tempfile *create_tempfile_mode(const char *path, int mode); + +static inline struct tempfile *create_tempfile(const char *path) +{ + return create_tempfile_mode(path, 0666); +} /* * Register an existing file as a tempfile, meaning that it will be From patchwork Wed Apr 29 17:36:35 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Taylor Blau X-Patchwork-Id: 11518039 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 1004A92C for ; Wed, 29 Apr 2020 17:36:39 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id E7D2720B1F for ; Wed, 29 Apr 2020 17:36:38 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=ttaylorr-com.20150623.gappssmtp.com header.i=@ttaylorr-com.20150623.gappssmtp.com header.b="p7MDWin9" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726847AbgD2Rgi (ORCPT ); Wed, 29 Apr 2020 13:36:38 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34404 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org with ESMTP id S1726423AbgD2Rgh (ORCPT ); Wed, 29 Apr 2020 13:36:37 -0400 Received: from mail-pj1-x1044.google.com (mail-pj1-x1044.google.com [IPv6:2607:f8b0:4864:20::1044]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C661FC03C1AE for ; Wed, 29 Apr 2020 10:36:37 -0700 (PDT) Received: by mail-pj1-x1044.google.com with SMTP id fu13so1034121pjb.5 for ; Wed, 29 Apr 2020 10:36:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ttaylorr-com.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=m8WPRTZAA4ifjAR9b5/RmtGZJzGpRFy5RWTfVKbAGNM=; b=p7MDWin97u9/qwvuq817NQxJIQDjBLWEyMAy2uycqaoXZ6EVvt1ivwNOONDZJ3FeHJ xX+5Ee57JpsgvuZcDGIFyy6lXHmFKvbsrOkzvmAlzZVkktTuaVy79J9OnHzJjNRsZppB kTAHE1G5uv12Ew+nwvIr3dulq363l+sJ2HTvJQOKZXlnMAsnb56xJI5HTsK+Q47sBg1/ IyIFa8BX2ohwh6/DtdVefBv7pupeCG3cIc/CkPBnt3GU37wu39+2xKb0S2/ciXc8QIGF RA8Npq6ZcVFWl404euaMtzrIAAK1xr8pZlVxwLWa0p3vjFgD0gxf3d3JWVa9uQbfimmh m/+Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=m8WPRTZAA4ifjAR9b5/RmtGZJzGpRFy5RWTfVKbAGNM=; b=JbeN0xJgA0Fx6tsFQg57lJdG+tjtv+rZB/bVWE+liGyuPZ3xDao8dFAi3kgJwBa/21 zZYf1J0t245mP7Mi3MdeTQb9knk4AlGdLhGpEFsb66lSIRY9PyJlXvuAsGiEjY0yOsoK 9XVxJueBFKvlb/gCgcbzbfPGVDiXKmup4dz9Om2UcFokrxjUN/kVrKhjkXDNKgbc0Iy0 w07qEa0aPAjRlALq6ka4krv3qvl+tX0/5hPdiT/YYHydwDceE6axqrDX1CdCO37grhJx ZoC2tOC6UvDUCF5UgC8O1s2HewWm/5BG+Xf0LHvZ9CQEd1phlsZ8KBRXJ919Dg7z86ol 97Fg== X-Gm-Message-State: AGi0PuaO9zxKV8yrPBpGMiIarX+56ct+SeAV8SvCGQJGyMTk50vXggJm McXHn4W+0fHKt7QBNBq0bqCcUt1sCKa4aQ== X-Google-Smtp-Source: APiQypI/hHhUfvIfeMokZKBdG7vGt9THszpzHOIIFtbSqQrfB+aaLzZKN8ofe/tZQ8hxoPvY/4Vq9A== X-Received: by 2002:a17:90a:25ea:: with SMTP id k97mr4547408pje.122.1588181796784; Wed, 29 Apr 2020 10:36:36 -0700 (PDT) Received: from localhost ([8.44.146.30]) by smtp.gmail.com with ESMTPSA id y7sm1541901pfq.21.2020.04.29.10.36.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 29 Apr 2020 10:36:36 -0700 (PDT) Date: Wed, 29 Apr 2020 11:36:35 -0600 From: Taylor Blau To: git@vger.kernel.org Cc: peff@peff.net, dstolee@microsoft.com, gitster@pobox.com, mhagger@alum.mit.edu Subject: [PATCH v3 2/5] lockfile.c: introduce 'hold_lock_file_for_update_mode' Message-ID: References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: Sender: git-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org We use 'hold_lock_file_for_update' (and the '_timeout') variant to acquire a lock when updating references, the commit-graph file, and so on. In particular, the commit-graph machinery uses this to acquire a temporary file that is used to write a non-split commit-graph. In a subsequent commit, an issue in the commit-graph machinery produces graph files that have a different permission based on whether or not they are part of a multi-layer graph will be addressed. To do so, the commit-graph machinery will need a version of 'hold_lock_file_for_update' that takes the permission bits from the caller. Introduce such a function in this patch for both the 'hold_lock_file_for_update' and 'hold_lock_file_for_update_timeout' functions, and leave the existing functions alone by inlining their definitions in terms of the new mode variants. Note that, like in the previous commit, 'hold_lock_file_for_update_mode' is not guarenteed to set the given mode, since it may be modified by both the umask and 'core.sharedRepository'. Note also that even though the commit-graph machinery only calls 'hold_lock_file_for_update', that this is defined in terms of 'hold_lock_file_for_update_timeout', and so both need an additional mode parameter here. Signed-off-by: Taylor Blau --- lockfile.c | 18 ++++++++++-------- lockfile.h | 32 ++++++++++++++++++++++++++++---- 2 files changed, 38 insertions(+), 12 deletions(-) diff --git a/lockfile.c b/lockfile.c index 8e8ab4f29f..cc9a4b8428 100644 --- a/lockfile.c +++ b/lockfile.c @@ -70,7 +70,8 @@ static void resolve_symlink(struct strbuf *path) } /* Make sure errno contains a meaningful value on error */ -static int lock_file(struct lock_file *lk, const char *path, int flags) +static int lock_file(struct lock_file *lk, const char *path, int flags, + int mode) { struct strbuf filename = STRBUF_INIT; @@ -79,7 +80,7 @@ static int lock_file(struct lock_file *lk, const char *path, int flags) resolve_symlink(&filename); strbuf_addstr(&filename, LOCK_SUFFIX); - lk->tempfile = create_tempfile(filename.buf); + lk->tempfile = create_tempfile_mode(filename.buf, mode); strbuf_release(&filename); return lk->tempfile ? lk->tempfile->fd : -1; } @@ -99,7 +100,7 @@ static int lock_file(struct lock_file *lk, const char *path, int flags) * exactly once. If timeout_ms is -1, try indefinitely. */ static int lock_file_timeout(struct lock_file *lk, const char *path, - int flags, long timeout_ms) + int flags, long timeout_ms, int mode) { int n = 1; int multiplier = 1; @@ -107,7 +108,7 @@ static int lock_file_timeout(struct lock_file *lk, const char *path, static int random_initialized = 0; if (timeout_ms == 0) - return lock_file(lk, path, flags); + return lock_file(lk, path, flags, mode); if (!random_initialized) { srand((unsigned int)getpid()); @@ -121,7 +122,7 @@ static int lock_file_timeout(struct lock_file *lk, const char *path, long backoff_ms, wait_ms; int fd; - fd = lock_file(lk, path, flags); + fd = lock_file(lk, path, flags, mode); if (fd >= 0) return fd; /* success */ @@ -169,10 +170,11 @@ NORETURN void unable_to_lock_die(const char *path, int err) } /* This should return a meaningful errno on failure */ -int hold_lock_file_for_update_timeout(struct lock_file *lk, const char *path, - int flags, long timeout_ms) +int hold_lock_file_for_update_timeout_mode(struct lock_file *lk, + const char *path, int flags, + long timeout_ms, int mode) { - int fd = lock_file_timeout(lk, path, flags, timeout_ms); + int fd = lock_file_timeout(lk, path, flags, timeout_ms, mode); if (fd < 0) { if (flags & LOCK_DIE_ON_ERROR) unable_to_lock_die(path, errno); diff --git a/lockfile.h b/lockfile.h index 9843053ce8..db93e6ba73 100644 --- a/lockfile.h +++ b/lockfile.h @@ -90,6 +90,15 @@ * functions. In particular, the state diagram and the cleanup * machinery are all implemented in the tempfile module. * + * Permission bits + * --------------- + * + * If you call either `hold_lock_file_for_update_mode` or + * `hold_lock_file_for_update_timeout_mode`, you can specify a suggested + * mode for the underlying temporary file. Note that the file isn't + * guaranteed to have this exact mode, since it may be limited by either + * the umask, 'core.sharedRepository', or both. See `adjust_shared_perm` + * for more. * * Error handling * -------------- @@ -156,12 +165,20 @@ struct lock_file { * file descriptor for writing to it, or -1 on error. If the file is * currently locked, retry with quadratic backoff for at least * timeout_ms milliseconds. If timeout_ms is 0, try exactly once; if - * timeout_ms is -1, retry indefinitely. The flags argument and error - * handling are described above. + * timeout_ms is -1, retry indefinitely. The flags argument, error + * handling, and mode are described above. */ -int hold_lock_file_for_update_timeout( +int hold_lock_file_for_update_timeout_mode( struct lock_file *lk, const char *path, - int flags, long timeout_ms); + int flags, long timeout_ms, int mode); + +static inline int hold_lock_file_for_update_timeout( + struct lock_file *lk, const char *path, + int flags, long timeout_ms) +{ + return hold_lock_file_for_update_timeout_mode(lk, path, flags, + timeout_ms, 0666); +} /* * Attempt to create a lockfile for the file at `path` and return a @@ -175,6 +192,13 @@ static inline int hold_lock_file_for_update( return hold_lock_file_for_update_timeout(lk, path, flags, 0); } +static inline int hold_lock_file_for_update_mode( + struct lock_file *lk, const char *path, + int flags, int mode) +{ + return hold_lock_file_for_update_timeout_mode(lk, path, flags, 0, mode); +} + /* * Return a nonzero value iff `lk` is currently locked. */ From patchwork Wed Apr 29 17:36:38 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Taylor Blau X-Patchwork-Id: 11518041 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 1AD8113B2 for ; Wed, 29 Apr 2020 17:36:43 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 0137B208FE for ; Wed, 29 Apr 2020 17:36:43 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=ttaylorr-com.20150623.gappssmtp.com header.i=@ttaylorr-com.20150623.gappssmtp.com header.b="y18UTKWj" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726907AbgD2Rgm (ORCPT ); Wed, 29 Apr 2020 13:36:42 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34416 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org with ESMTP id S1726423AbgD2Rgl (ORCPT ); Wed, 29 Apr 2020 13:36:41 -0400 Received: from mail-pf1-x442.google.com (mail-pf1-x442.google.com [IPv6:2607:f8b0:4864:20::442]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CA37FC03C1AE for ; Wed, 29 Apr 2020 10:36:41 -0700 (PDT) Received: by mail-pf1-x442.google.com with SMTP id x2so1401497pfx.7 for ; Wed, 29 Apr 2020 10:36:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ttaylorr-com.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=/WYttUJ0umih4dO0BAnYosSFo7WinEBFWQGBp3/i4O4=; b=y18UTKWj9gIB14otSlqvv8KtP6F7YXuHf3kGwBvKwmuIKhaXdVKWz+lXOvLpSsnOtd Z24WCG1eX+Q5HxCEHJcxzs1Ri/BLIFvnf2hfuTWwKvbeNa5dqp/dhJV4nhbue30EKO2U /X6WnTvY+GMotWTh1gdf5bp8jeDL40cE/+fkfCt6sWCdxwI+T2YsfQql+Bnz2EP4gINZ xBkNfYlIeVMbzwynlgpBbju4pnrZrQBg7uV+lEbS6R7woQpHmsOZMRTiFW9FnXo1ByMu wRuZmX2XQxbaYSU2ve/PInk3iAQodfkfZnyssowjnzjvI+zOezsC0cHqh52QYLiDyfGG lyyw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=/WYttUJ0umih4dO0BAnYosSFo7WinEBFWQGBp3/i4O4=; b=e2AkEZarn1m3rUIwvvYAea2a6YIsQuWq2doBsGEk5v9mO3MPNKNyJfPv8VyzVi2+zs xyr+AwT9hkXTu/ODAUYNKDgLc/53EA27xTtS13ZRXhCG/uH25yOla1BM+Lrtzr9SMqxI 8BdzQqcmkL4ngAgw+n20zj/gvMV9NRogNgX3KsdNlGsTctezJP73Zk2/LBxhk2+L93Ry 9oX75OAShaxx958hF3qWERXXwTGA6FHrEX2QZLcvMBAq5dpBECZx/hObTNsHJKeWCfWw hienLTfhQEZ4PcFFajLbTh9Ye+dU0e/BEOeWoOvESecfoopXq8enmAJE8js95knUEp0/ tWtQ== X-Gm-Message-State: AGi0PuYrhV6anuN3VUAp+vSyxDoYlWMnJgfTJO78gS+CJ6bnQ8hmX2W/ sNpDmqwUb6yHL2vfveVq7OkpUrir7UDcng== X-Google-Smtp-Source: APiQypJeJFhRRzxYbxLI+RHQqA9cTluRTC5IZGVYp0O045ADo69KMzWsS4urT8K1xarTJRIHUhTNcw== X-Received: by 2002:aa7:9d90:: with SMTP id f16mr20771237pfq.48.1588181800863; Wed, 29 Apr 2020 10:36:40 -0700 (PDT) Received: from localhost ([8.44.146.30]) by smtp.gmail.com with ESMTPSA id i10sm1525782pfa.166.2020.04.29.10.36.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 29 Apr 2020 10:36:40 -0700 (PDT) Date: Wed, 29 Apr 2020 11:36:38 -0600 From: Taylor Blau To: git@vger.kernel.org Cc: peff@peff.net, dstolee@microsoft.com, gitster@pobox.com, mhagger@alum.mit.edu Subject: [PATCH v3 3/5] commit-graph.c: write non-split graphs as read-only Message-ID: <8d5503d2e6723ed5c31a047a28cdc43f7b718cca.1588181626.git.me@ttaylorr.com> References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: Sender: git-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org In the previous commit, Git learned 'hold_lock_file_for_update_mode' to allow the caller to specify the permission bits (prior to further adjustment by the umask and shared repository permissions) used when acquiring a temporary file. Use this in the commit-graph machinery for writing a non-split graph to acquire an opened temporary file with permissions read-only permissions to match the split behavior. (In the split case, Git uses git_mkstemp_mode' for each of the commit-graph layers with permission bits '0444'). One can notice this discrepancy when moving a non-split graph to be part of a new chain. This causes a commit-graph chain where all layers have read-only permission bits, except for the base layer, which is writable for the current user. Resolve this discrepancy by using the new 'hold_lock_file_for_update_mode' and passing the desired permission bits. Doing so causes some test fallout in t5318 and t6600. In t5318, this occurs in tests that corrupt a commit-graph file by writing into it. For these, 'chmod u+w'-ing the file beforehand resolves the issue. The additional spot in 'corrupt_graph_verify' is necessary because of the extra 'git commit-graph write' beforehand (which *does* rewrite the commit-graph file). In t6600, this is caused by copying a read-only commit-graph file into place and then trying to replace it. For these, make these files writable. Helped-by: Junio C Hamano Signed-off-by: Taylor Blau --- commit-graph.c | 3 ++- t/t5318-commit-graph.sh | 15 ++++++++++++++- t/t6600-test-reach.sh | 2 ++ 3 files changed, 18 insertions(+), 2 deletions(-) diff --git a/commit-graph.c b/commit-graph.c index f013a84e29..5b5047a7dd 100644 --- a/commit-graph.c +++ b/commit-graph.c @@ -1388,7 +1388,8 @@ static int write_commit_graph_file(struct write_commit_graph_context *ctx) f = hashfd(fd, ctx->graph_name); } else { - hold_lock_file_for_update(&lk, ctx->graph_name, LOCK_DIE_ON_ERROR); + hold_lock_file_for_update_mode(&lk, ctx->graph_name, + LOCK_DIE_ON_ERROR, 0444); fd = lk.tempfile->fd; f = hashfd(lk.tempfile->fd, lk.tempfile->filename.buf); } diff --git a/t/t5318-commit-graph.sh b/t/t5318-commit-graph.sh index 9bf920ae17..901eb3ecfb 100755 --- a/t/t5318-commit-graph.sh +++ b/t/t5318-commit-graph.sh @@ -12,6 +12,10 @@ test_expect_success 'setup full repo' ' test_oid_init ' +test_expect_success POSIXPERM 'tweak umask for modebit tests' ' + umask 022 +' + test_expect_success 'verify graph with no graph file' ' cd "$TRASH_DIRECTORY/full" && git commit-graph verify @@ -96,6 +100,13 @@ test_expect_success 'write graph' ' graph_read_expect "3" ' +test_expect_success POSIXPERM 'write graph has correct permissions' ' + test_path_is_file $objdir/info/commit-graph && + echo "-r--r--r--" >expect && + test_modebits $objdir/info/commit-graph >actual && + test_cmp expect actual +' + graph_git_behavior 'graph exists' full commits/3 commits/1 test_expect_success 'Add more commits' ' @@ -421,7 +432,8 @@ GRAPH_BYTE_FOOTER=$(($GRAPH_OCTOPUS_DATA_OFFSET + 4 * $NUM_OCTOPUS_EDGES)) corrupt_graph_setup() { cd "$TRASH_DIRECTORY/full" && test_when_finished mv commit-graph-backup $objdir/info/commit-graph && - cp $objdir/info/commit-graph commit-graph-backup + cp $objdir/info/commit-graph commit-graph-backup && + chmod u+w $objdir/info/commit-graph } corrupt_graph_verify() { @@ -435,6 +447,7 @@ corrupt_graph_verify() { fi && git status --short && GIT_TEST_COMMIT_GRAPH_DIE_ON_LOAD=true git commit-graph write && + chmod u+w $objdir/info/commit-graph && git commit-graph verify } diff --git a/t/t6600-test-reach.sh b/t/t6600-test-reach.sh index b24d850036..475564bee7 100755 --- a/t/t6600-test-reach.sh +++ b/t/t6600-test-reach.sh @@ -51,8 +51,10 @@ test_expect_success 'setup' ' done && git commit-graph write --reachable && mv .git/objects/info/commit-graph commit-graph-full && + chmod u+w commit-graph-full && git show-ref -s commit-5-5 | git commit-graph write --stdin-commits && mv .git/objects/info/commit-graph commit-graph-half && + chmod u+w commit-graph-half && git config core.commitGraph true ' From patchwork Wed Apr 29 17:36:42 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Taylor Blau X-Patchwork-Id: 11518043 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id CFC8F92A for ; Wed, 29 Apr 2020 17:36:47 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id B84E6208FE for ; Wed, 29 Apr 2020 17:36:47 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=ttaylorr-com.20150623.gappssmtp.com header.i=@ttaylorr-com.20150623.gappssmtp.com header.b="CP3NWIMH" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726830AbgD2Rgr (ORCPT ); Wed, 29 Apr 2020 13:36:47 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34424 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org with ESMTP id S1726423AbgD2Rgq (ORCPT ); Wed, 29 Apr 2020 13:36:46 -0400 Received: from mail-pg1-x543.google.com (mail-pg1-x543.google.com [IPv6:2607:f8b0:4864:20::543]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4ABBCC03C1AE for ; Wed, 29 Apr 2020 10:36:45 -0700 (PDT) Received: by mail-pg1-x543.google.com with SMTP id r4so1347308pgg.4 for ; Wed, 29 Apr 2020 10:36:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ttaylorr-com.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=IBNnROhPpGuZCkZjhUSkzDnwnuE98m7A7rwPIhTf4UI=; b=CP3NWIMHnoEG+utDm2+QRFrIGzLvuxaQjvxRoWKVDyDNGMpQ5MGdNOrGjZpsAPGk2K L8j7H6Y3kpcWk9Prt+6Y0JYBuQNYhhNEvHtYm8bwk3eM7p0F7F8cOMHwlsb4jHXdr31e Zew3Ot2qK06RTKm5CH1CykbjQe9EsQxbe4N2FAMMJ6+id1gqP71CzT+RhMNqAckxeTyh czWtCQYYJfGW/9iMKmLIMJFS0J8t/J7ruXeATvxvCKZOK+mxs2xTC0g3dSNgjuwxA2nK qNcpi5XH6omG0oFALxxsdqnLo1/ePQ6lzslnL5JMdL3ko8ZF+Qf/nfnBn8TIMLMSg/Ak 2RHQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=IBNnROhPpGuZCkZjhUSkzDnwnuE98m7A7rwPIhTf4UI=; b=ndKvTIjjWbnubCbpOxvQmHm/G9UYTEdwIgg7Fi0dMKX+bXv+VPgLv46NyQ1YGZiLii kaLhbfyF4ru2PE5RP3bzt3yUvNVx0YpLWHMbi3YBm/MRcoJvpj4WntQgkllBkrt6XAQO wyf7AT1eMvqwfOkZneUDSkaDbFcxWtfqQxI+YDlkpeuexyP98XVbVQ9mDuyjtvcNArpo eybfXEzsx16X+Nt4ALAs/U0dT9s1R7vUt1r0s2F/CCxAGKcjmmQIeZdYRXRMYFqusdxh gsVe+KR4i/x9XZKzvvy0JZKx5JXGlEz/y9m7cmuxBPzEGMsTW/W/yscuidez8eX+j1ML 1lnw== X-Gm-Message-State: AGi0Pubz7I1hjIw7foqoRibtebUiJNkKqNBjNNela8o2Itd3uwPuO4Mu B692IzgTu2G1nNxI/sji8aNeDv612tcoUQ== X-Google-Smtp-Source: APiQypI/7gBVswQ+CjkWrcckeZkaUC6ZMvdCwJj17xrIkm+/kl2GGiTuYQeHc/0ljcwp/A0GeuJivQ== X-Received: by 2002:a63:214a:: with SMTP id s10mr32300335pgm.98.1588181804391; Wed, 29 Apr 2020 10:36:44 -0700 (PDT) Received: from localhost ([8.44.146.30]) by smtp.gmail.com with ESMTPSA id x12sm1497505pfq.209.2020.04.29.10.36.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 29 Apr 2020 10:36:43 -0700 (PDT) Date: Wed, 29 Apr 2020 11:36:42 -0600 From: Taylor Blau To: git@vger.kernel.org Cc: peff@peff.net, dstolee@microsoft.com, gitster@pobox.com, mhagger@alum.mit.edu Subject: [PATCH v3 4/5] commit-graph.c: ensure graph layers respect core.sharedRepository Message-ID: <4b74e23af2ac9e65449e383161f7b7cdabf983ba.1588181626.git.me@ttaylorr.com> References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: Sender: git-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org Non-layered commit-graphs use 'adjust_shared_perm' to make the commit-graph file readable (or not) to a combination of the user, group, and others. Call 'adjust_shared_perm' for split-graph layers to make sure that these also respect 'core.sharedRepository'. The 'commit-graph-chain' file already respects this configuration since it uses 'hold_lock_file_for_update' (which calls 'adjust_shared_perm' eventually in 'create_tempfile_mode'). Suggested-by: Junio C Hamano Signed-off-by: Taylor Blau --- commit-graph.c | 6 ++++++ t/t5324-split-commit-graph.sh | 22 ++++++++++++++++++++++ 2 files changed, 28 insertions(+) diff --git a/commit-graph.c b/commit-graph.c index 5b5047a7dd..d05a55901d 100644 --- a/commit-graph.c +++ b/commit-graph.c @@ -1386,6 +1386,12 @@ static int write_commit_graph_file(struct write_commit_graph_context *ctx) return -1; } + if (adjust_shared_perm(ctx->graph_name)) { + error(_("unable to adjust shared permissions for '%s'"), + ctx->graph_name); + return -1; + } + f = hashfd(fd, ctx->graph_name); } else { hold_lock_file_for_update_mode(&lk, ctx->graph_name, diff --git a/t/t5324-split-commit-graph.sh b/t/t5324-split-commit-graph.sh index 53b2e6b455..699c23d077 100755 --- a/t/t5324-split-commit-graph.sh +++ b/t/t5324-split-commit-graph.sh @@ -36,6 +36,10 @@ graph_read_expect() { test_cmp expect output } +test_expect_success POSIXPERM 'tweak umask for modebit tests' ' + umask 022 +' + test_expect_success 'create commits and write commit-graph' ' for i in $(test_seq 3) do @@ -351,4 +355,22 @@ test_expect_success 'split across alternate where alternate is not split' ' test_cmp commit-graph .git/objects/info/commit-graph ' +while read mode modebits +do + test_expect_success POSIXPERM "split commit-graph respects core.sharedrepository $mode" ' + rm -rf $graphdir $infodir/commit-graph && + git reset --hard commits/1 && + test_config core.sharedrepository "$mode" && + git commit-graph write --split --reachable && + ls $graphdir/graph-*.graph >graph-files && + test_line_count = 1 graph-files && + echo "$modebits" >expect && + test_modebits $graphdir/graph-*.graph >actual && + test_cmp expect actual + ' +done <<\EOF +0666 -r--r--r-- +0600 -r-------- +EOF + test_done From patchwork Wed Apr 29 17:36:46 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Taylor Blau X-Patchwork-Id: 11518045 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 0FA2392A for ; Wed, 29 Apr 2020 17:36:50 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id EBA30208FE for ; Wed, 29 Apr 2020 17:36:49 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=ttaylorr-com.20150623.gappssmtp.com header.i=@ttaylorr-com.20150623.gappssmtp.com header.b="EoqiEGVT" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726949AbgD2Rgt (ORCPT ); Wed, 29 Apr 2020 13:36:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34436 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org with ESMTP id S1726423AbgD2Rgs (ORCPT ); Wed, 29 Apr 2020 13:36:48 -0400 Received: from mail-pj1-x1041.google.com (mail-pj1-x1041.google.com [IPv6:2607:f8b0:4864:20::1041]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BED38C03C1AE for ; Wed, 29 Apr 2020 10:36:48 -0700 (PDT) Received: by mail-pj1-x1041.google.com with SMTP id t40so1037099pjb.3 for ; Wed, 29 Apr 2020 10:36:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ttaylorr-com.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=KWfgPTLeMs4mFOa1WtWOY/XhAUY733qIixSrxgk4CVM=; b=EoqiEGVTVacYjd8ZjuEaHtGam81B35X6Gianv/4raPOyevbivIsBxoJ0Z1gMZx4xwU q2iQGl7x4poLtBxeFTG/PbgD3udQYBVaGvM4ru4lm1BBEhin8uto10dBaIzZksUuznHr lXwFVoJEolqqavC8gX/aGZ+s+OJFY98x5GnfpSSF813U+SXs9+zu10afgkW1nCtvT+G1 uDqWj6MoSZIkNjAXPIvMyOMTMrfOedBE+mRo+y0g0kCNhHKI7zQliYCDRGsfZwtfpSfp yw33Pbe4dMHhKs1/obLfo96KN2eq7MaWD4IkaL5lMKfyMlm5KhBurT3C/pXKZ49PmS6M u9vw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=KWfgPTLeMs4mFOa1WtWOY/XhAUY733qIixSrxgk4CVM=; b=UDhkQGrXVaOHvrdrgEtmpnk1oQSDk3iJPs5pj3zxAXIr4tSpsDQBHJ9eg8fILNqpGw kmE9AVYcXXWetPR1FfpIODX5ghsGG96GTuHGWM0IsGyTHW7i42UvtT6/ovAqv2qmMO8+ w2ywbc1LaTXsKZ7EbSYw5Nal6r0NKHzHpYVOvUh21jkFamRkga+x/Sal1Yn9GLaOrja2 K5DrmagqAF7cJQ5KmhVzM1EjaRi71LnXm6F+EG2bFv+R65wZcCQkEwi5Z98Y3pJWHbSx UIUVI+rbXYNXofSbTOgHIBJlJJSv+GV2VwTvguT7z8fGC42VEU6k6h0xPYBR5reMU62D ngkg== X-Gm-Message-State: AGi0PubjeU3uwwCXjOPWT8t2yfSOSh/J0t3wQ+a9S1k3WZXUcVV8VRH8 n7Ll5OUG8vk2BI6qcj3UJxjPaN65HpG+OQ== X-Google-Smtp-Source: APiQypLREN5rr0yFUetgF3CtO8w+eMI1HvVCNlGLe8/3cm0f1/XiDCtWR/OLUPvLXyv/hpEuTdlyiA== X-Received: by 2002:a17:90a:1fcd:: with SMTP id z13mr4344960pjz.151.1588181807827; Wed, 29 Apr 2020 10:36:47 -0700 (PDT) Received: from localhost ([8.44.146.30]) by smtp.gmail.com with ESMTPSA id k4sm1434662pgg.88.2020.04.29.10.36.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 29 Apr 2020 10:36:47 -0700 (PDT) Date: Wed, 29 Apr 2020 11:36:46 -0600 From: Taylor Blau To: git@vger.kernel.org Cc: peff@peff.net, dstolee@microsoft.com, gitster@pobox.com, mhagger@alum.mit.edu Subject: [PATCH v3 5/5] commit-graph.c: make 'commit-graph-chain's read-only Message-ID: <864c9160675ba199b140ba961258db8d0daad004.1588181626.git.me@ttaylorr.com> References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: Sender: git-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org In a previous commit, we made incremental graph layers read-only by using 'git_mkstemp_mode' with permissions '0444'. There is no reason that 'commit-graph-chain's should be modifiable by the user, since they are generated at a temporary location and then atomically renamed into place. To ensure that these files are read-only, too, use 'hold_lock_file_for_update_mode' with the same read-only permission bits, and let the umask and 'adjust_shared_perm' take care of the rest. Signed-off-by: Taylor Blau --- commit-graph.c | 3 ++- t/t5324-split-commit-graph.sh | 2 ++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/commit-graph.c b/commit-graph.c index d05a55901d..b2dfd7701f 100644 --- a/commit-graph.c +++ b/commit-graph.c @@ -1378,7 +1378,8 @@ static int write_commit_graph_file(struct write_commit_graph_context *ctx) if (ctx->split) { char *lock_name = get_chain_filename(ctx->odb); - hold_lock_file_for_update(&lk, lock_name, LOCK_DIE_ON_ERROR); + hold_lock_file_for_update_mode(&lk, lock_name, + LOCK_DIE_ON_ERROR, 0444); fd = git_mkstemp_mode(ctx->graph_name, 0444); if (fd < 0) { diff --git a/t/t5324-split-commit-graph.sh b/t/t5324-split-commit-graph.sh index 699c23d077..cff5a41f48 100755 --- a/t/t5324-split-commit-graph.sh +++ b/t/t5324-split-commit-graph.sh @@ -366,6 +366,8 @@ do test_line_count = 1 graph-files && echo "$modebits" >expect && test_modebits $graphdir/graph-*.graph >actual && + test_cmp expect actual && + test_modebits $graphdir/commit-graph-chain >actual && test_cmp expect actual ' done <<\EOF