From 79d7582e32ca84eacf032298c8ae3d26816f48d0 Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Wed, 6 Jan 2016 14:09:43 +0100 Subject: commit: allow editing the commit message even in shared repos It was pointed out by Yaroslav Halchenko that the file containing the commit message is writable only by the owner, which means that we have to rewrite it from scratch in a shared repository. Signed-off-by: Johannes Schindelin Signed-off-by: Junio C Hamano diff --git a/builtin/commit.c b/builtin/commit.c index f2a8b78..ce11a17 100644 --- a/builtin/commit.c +++ b/builtin/commit.c @@ -761,7 +761,7 @@ static int prepare_to_commit(const char *index_file, const char *prefix, hook_arg2 = ""; } - s->fp = fopen(git_path(commit_editmsg), "w"); + s->fp = fopen_for_writing(git_path(commit_editmsg)); if (s->fp == NULL) die_errno(_("could not open '%s'"), git_path(commit_editmsg)); diff --git a/git-compat-util.h b/git-compat-util.h index 0feeae2..d98f3af 100644 --- a/git-compat-util.h +++ b/git-compat-util.h @@ -733,6 +733,7 @@ extern int xmkstemp_mode(char *template, int mode); extern int odb_mkstemp(char *template, size_t limit, const char *pattern); extern int odb_pack_keep(char *name, size_t namesz, const unsigned char *sha1); extern char *xgetcwd(void); +extern FILE *fopen_for_writing(const char *path); #define REALLOC_ARRAY(x, alloc) (x) = xrealloc((x), (alloc) * sizeof(*(x))) diff --git a/wrapper.c b/wrapper.c index dae5675..371a7f0 100644 --- a/wrapper.c +++ b/wrapper.c @@ -375,6 +375,19 @@ FILE *xfdopen(int fd, const char *mode) return stream; } +FILE *fopen_for_writing(const char *path) +{ + FILE *ret = fopen(path, "w"); + + if (!ret && errno == EPERM) { + if (!unlink(path)) + ret = fopen(path, "w"); + else + errno = EPERM; + } + return ret; +} + int xmkstemp(char *template) { int fd; -- cgit v0.10.2-6-g49f6 From ea56518dfe4c7934a6895f25edf0f18d2930e4fd Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Mon, 11 Jan 2016 19:35:54 +0100 Subject: Handle more file writes correctly in shared repos In shared repositories, we have to be careful when writing files whose permissions do not allow users other than the owner to write them. In particular, we force the marks file of fast-export and the FETCH_HEAD when fetching to be rewritten from scratch. This commit does not touch other calls to fopen() that want to write files: - commands that write to working tree files (core.sharedRepository does not affect permission bits of working tree files), e.g. .rej file created by "apply --reject", result of applying a previous conflict resolution by "rerere", "git merge-file". - git am, when splitting mails (git-am correctly cleans up its directory after finishing, so there is no need to share those files between users) - git submodule clone, when writing the .git file, because the file will not be overwritten - git_terminal_prompt() in compat/terminal.c, because it is not writing to a file at all - git diff --output, because the output file is clearly not intended to be shared between the users of the current repository - git fast-import, when writing a crash report, because the reports' file names are unique due to an embedded process ID - mailinfo() in mailinfo.c, because the output is clearly not intended to be shared between the users of the current repository - check_or_regenerate_marks() in remote-testsvn.c, because this is only used for Git's internal testing - git fsck, when writing lost&found blobs (this should probably be changed, but left as a low-hanging fruit for future contributors). Note that this patch does not touch callers of write_file() and write_file_gently(), which would benefit from the same scrutiny as to usage in shared repositories. Most notable users are branch, daemon, submodule & worktree, and a worrisome call in transport.c when updating one ref (which ignores the shared flag). Signed-off-by: Johannes Schindelin Signed-off-by: Junio C Hamano diff --git a/builtin/fast-export.c b/builtin/fast-export.c index d23f3be..aacf3b4 100644 --- a/builtin/fast-export.c +++ b/builtin/fast-export.c @@ -880,7 +880,7 @@ static void export_marks(char *file) FILE *f; int e = 0; - f = fopen(file, "w"); + f = fopen_for_writing(file); if (!f) die_errno("Unable to open marks file %s for writing.", file); diff --git a/builtin/fetch.c b/builtin/fetch.c index 9a3869f..6475a0b 100644 --- a/builtin/fetch.c +++ b/builtin/fetch.c @@ -836,7 +836,7 @@ static void check_not_current_branch(struct ref *ref_map) static int truncate_fetch_head(void) { const char *filename = git_path_fetch_head(); - FILE *fp = fopen(filename, "w"); + FILE *fp = fopen_for_writing(filename); if (!fp) return error(_("cannot open %s: %s\n"), filename, strerror(errno)); -- cgit v0.10.2-6-g49f6