summaryrefslogtreecommitdiff
path: root/lockfile.c
Commit message (Collapse)AuthorAgeFilesLines
* Merge branch 'jc/reopen-lock-file'Junio C Hamano2014-09-021-0/+10
|\ | | | | | | | | | | | | | | | | | | There are cases where you lock and open to write a file, close it to show the updated contents to external processes, and then have to update the file again while still holding the lock, but the lockfile API lacked support for such an access pattern. * jc/reopen-lock-file: lockfile: allow reopening a closed but still locked file
| * lockfile: allow reopening a closed but still locked filejc/reopen-lock-fileJunio C Hamano2014-07-141-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In some code paths (e.g. giving "add -i" to prepare the contents to be committed interactively inside "commit -p") where a caller takes a lock, writes the new content, give chance for others to use it while still holding the lock, and then releases the lock when all is done. As an extension, allow the caller to re-update an already closed file while still holding the lock (i.e. not yet committed) by re-opening the file, to be followed by updating the contents and then by the usual close_lock_file() or commit_lock_file(). This is necessary if we want to add code to rebuild the cache-tree and write the resulting index out after "add -i" returns the control to "commit -p", for example. Signed-off-by: Junio C Hamano <gitster@pobox.com>
* | Merge branch 'rs/ref-transaction-0'Junio C Hamano2014-07-211-15/+24
|\ \ | |/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Early part of the "ref transaction" topic. * rs/ref-transaction-0: refs.c: change ref_transaction_update() to do error checking and return status refs.c: remove the onerr argument to ref_transaction_commit update-ref: use err argument to get error from ref_transaction_commit refs.c: make update_ref_write update a strbuf on failure refs.c: make ref_update_reject_duplicates take a strbuf argument for errors refs.c: log_ref_write should try to return meaningful errno refs.c: make resolve_ref_unsafe set errno to something meaningful on error refs.c: commit_packed_refs to return a meaningful errno on failure refs.c: make remove_empty_directories always set errno to something sane refs.c: verify_lock should set errno to something meaningful refs.c: make sure log_ref_setup returns a meaningful errno refs.c: add an err argument to repack_without_refs lockfile.c: make lock_file return a meaningful errno on failurei lockfile.c: add a new public function unable_to_lock_message refs.c: add a strbuf argument to ref_transaction_commit for error logging refs.c: allow passing NULL to ref_transaction_free refs.c: constify the sha arguments for ref_transaction_create|delete|update refs.c: ref_transaction_commit should not free the transaction refs.c: remove ref_transaction_rollback
| * lockfile.c: make lock_file return a meaningful errno on failureiRonnie Sahlberg2014-07-141-5/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Making errno when returning from lock_file() meaningful, which should fix * an existing almost-bug in lock_ref_sha1_basic where it assumes errno==ENOENT is meaningful and could waste some work on retries * an existing bug in repack_without_refs where it prints strerror(errno) and picks advice based on errno, despite errno potentially being zero and potentially having been clobbered by that point Signed-off-by: Ronnie Sahlberg <sahlberg@google.com> Signed-off-by: Junio C Hamano <gitster@pobox.com> Acked-by: Michael Haggerty <mhagger@alum.mit.edu>
| * lockfile.c: add a new public function unable_to_lock_messageRonnie Sahlberg2014-07-141-10/+12
| | | | | | | | | | | | | | | | | | Introducing a new unable_to_lock_message helper, which has nicer semantics than unable_to_lock_error and cleans up lockfile.c a little. Signed-off-by: Ronnie Sahlberg <sahlberg@google.com> Signed-off-by: Junio C Hamano <gitster@pobox.com> Acked-by: Michael Haggerty <mhagger@alum.mit.edu>
* | read-cache: relocate and unexport commit_locked_index()Nguyễn Thái Ngọc Duy2014-06-131-20/+0
|/ | | | | | | | | This function is now only used by write_locked_index(). Move it to read-cache.c (because read-cache.c will need to be aware of alternate_index_output later) and unexport it. Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* lockfile: fix buffer overflow in path handlingMichael Haggerty2013-07-071-4/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The path of the file to be locked is held in lock_file::filename, which is a fixed-length buffer of length PATH_MAX. This buffer is also (temporarily) used to hold the path of the lock file, which is the path of the file being locked plus ".lock". Because of this, the path of the file being locked must be less than (PATH_MAX - 5) characters long (5 chars are needed for ".lock" and one character for the NUL terminator). On entry into lock_file(), the path length was only verified to be less than PATH_MAX characters, not less than (PATH_MAX - 5) characters. When and if resolve_symlink() is called, then that function is correctly told to treat the buffer as (PATH_MAX - 5) characters long. This part is correct. However: * If LOCK_NODEREF was specified, then resolve_symlink() is never called. * If resolve_symlink() is called but the path is not a symlink, then the length check is never applied. So it is possible for a path with length (PATH_MAX - 5 <= len < PATH_MAX) to make it through the checks. When ".lock" is strcat()ted to such a path, the lock_file::filename buffer is overflowed. Fix the problem by adding a check when entering lock_file() that the original path is less than (PATH_MAX - 5) characters. [jc: with independent development by Peff] Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* Name make_*_path functions more accuratelyCarlos Martín Nieto2011-03-171-2/+2
| | | | | | | | | | | | | Rename the make_*_path functions so it's clearer what they do, in particlar make clear what the differnce between make_absolute_path and make_nonrelative_path is by renaming them real_path and absolute_path respectively. make_relative_path has an understandable name and is renamed to relative_path to maintain the name convention. The function calls have been replaced 1-to-1 in their usage. Signed-off-by: Carlos Martín Nieto <cmn@elego.de> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* lockfile: show absolute filename in unable_to_lock_messageMatthieu Moy2010-01-121-2/+3
| | | | | | | | | | When calling a git command from a subdirectory and a file locking fails, the user will get a path relative to the root of the worktree, which is invalid from the place where the command is ran. Make it easy for the user to know which file it is. Signed-off-by: Matthieu Moy <Matthieu.Moy@imag.fr> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* git branch -D: give a better error message when lockfile creation failsMiklos Vajna2009-09-291-6/+20
| | | | | | | | | | Previously the old error message just told the user that it was not possible to delete the ref from the packed-refs file. Give instructions on how to resolve the problem. Signed-off-by: Miklos Vajna <vmiklos@frugalware.org> Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
* Merge branch 'ar/unlink-err'Junio C Hamano2009-05-181-2/+2
|\ | | | | | | | | | | | | * ar/unlink-err: print unlink(2) errno in copy_or_link_directory replace direct calls to unlink(2) with unlink_or_warn Introduce an unlink(2) wrapper which gives warning if unlink failed
| * replace direct calls to unlink(2) with unlink_or_warnAlex Riesen2009-04-291-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This helps to notice when something's going wrong, especially on systems which lock open files. I used the following criteria when selecting the code for replacement: - it was already printing a warning for the unlink failures - it is in a function which already printing something or is called from such a function - it is in a static function, returning void and the function is only called from a builtin main function (cmd_) - it is in a function which handles emergency exit (signal handlers) - it is in a function which is obvously cleaning up the lockfiles Signed-off-by: Alex Riesen <raa.lkml@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* | Fix a bunch of pointer declarations (codestyle)Felipe Contreras2009-05-011-1/+1
|/ | | | | | | Essentially; s/type* /type */ as per the coding guidelines. Signed-off-by: Felipe Contreras <felipe.contreras@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* Make the 'lock file' exists error more informativeJohn Tapsell2009-03-041-2/+2
| | | | | | | | | It looks like someone did 90% of the work, then forgot to actually use the function in one place. Also the helper function did not use the correct variable. Signed-off-by: Junio C Hamano <gitster@pobox.com>
* Merge branch 'maint'Junio C Hamano2009-02-191-1/+15
|\ | | | | | | | | | | | | * maint: More friendly message when locking the index fails. Document git blame --reverse. Documentation: Note file formats send-email accepts
| * More friendly message when locking the index fails.Matthieu Moy2009-02-191-1/+15
| | | | | | | | | | | | | | | | | | Just saying that index.lock exists doesn't tell the user _what_ to do to fix the problem. We should give an indication that it's normally safe to delete index.lock after making sure git isn't running here. Signed-off-by: Matthieu Moy <Matthieu.Moy@imag.fr> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* | refactor signal handling for cleanup functionsJeff King2009-01-211-5/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The current code is very inconsistent about which signals are caught for doing cleanup of temporary files and lock files. Some callsites checked only SIGINT, while others checked a variety of death-dealing signals. This patch factors out those signals to a single function, and then calls it everywhere. For some sites, that means this is a simple clean up. For others, it is an improvement in that they will now properly clean themselves up after a larger variety of signals. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* | chain kill signals for cleanup functionsJeff King2009-01-211-6/+7
|/ | | | | | | | | | | | | | | | | | | | | | | | | If a piece of code wanted to do some cleanup before exiting (e.g., cleaning up a lockfile or a tempfile), our usual strategy was to install a signal handler that did something like this: do_cleanup(); /* actual work */ signal(signo, SIG_DFL); /* restore previous behavior */ raise(signo); /* deliver signal, killing ourselves */ For a single handler, this works fine. However, if we want to clean up two _different_ things, we run into a problem. The most recently installed handler will run, but when it removes itself as a handler, it doesn't put back the first handler. This patch introduces sigchain, a tiny library for handling a stack of signal handlers. You sigchain_push each handler, and use sigchain_pop to restore whoever was before you in the stack. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* Make sure lockfiles are unlocked when dying on SIGPIPEJunio C Hamano2008-12-211-0/+1
| | | | | | | | | We cleaned up lockfiles upon receiving the usual suspects HUP, TERM, QUIT but a wicked user could kill us of asphyxiation by piping our output to a pipe that does not read. Protect ourselves by catching SIGPIPE and clean up the lockfiles as well in such a case. Signed-off-by: Junio C Hamano <gitster@pobox.com>
* Enhance hold_lock_file_for_{update,append}() APIJunio C Hamano2008-10-191-12/+17
| | | | | | | | This changes the "die_on_error" boolean parameter to a mere "flags", and changes the existing callers of hold_lock_file_for_update/append() functions to pass LOCK_DIE_ON_ERROR. Signed-off-by: Junio C Hamano <gitster@pobox.com>
* rollback lock files on more signals than just SIGINTPaolo Bonzini2008-05-311-0/+3
| | | | | | | | | Other signals are also common, for example SIGTERM and SIGHUP. This patch modifies the lock file mechanism to catch more signals. It also modifies http-push.c which was missing SIGTERM. Signed-off-by: Paolo Bonzini <bonzini@gnu.org> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* Merge branch 'db/clone-in-c'Junio C Hamano2008-05-251-0/+28
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * db/clone-in-c: Add test for cloning with "--reference" repo being a subset of source repo Add a test for another combination of --reference Test that --reference actually suppresses fetching referenced objects clone: fall back to copying if hardlinking fails builtin-clone.c: Need to closedir() in copy_or_link_directory() builtin-clone: fix initial checkout Build in clone Provide API access to init_db() Add a function to set a non-default work tree Allow for having for_each_ref() list extra refs Have a constant extern refspec for "--tags" Add a library function to add an alternate to the alternates file Add a lockfile function to append to a file Mark the list of refs to fetch as const Conflicts: cache.h t/t5700-clone-reference.sh
| * Add a lockfile function to append to a fileDaniel Barkalow2008-05-041-0/+28
| | | | | | | | | | | | | | | | | | | | | | This takes care of copying the original contents into the replacement file after the lock is held, so that concurrent additions can't miss each other's changes. [jc: munged to drop mmap in favor of copy_file.] Signed-off-by: Daniel Barkalow <barkalow@iabervon.org> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* | Reset the signal being handledClemens Buchacher2008-05-251-1/+1
|/ | | | | | | | This did not cause any problems, because remove_lock_file_on_signal is only registered for SIGINT. Signed-off-by: Clemens Buchacher <drizzd@aon.at> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* close_lock_file(): new function in the lockfile APIBrandon Casey2008-01-161-8/+22
| | | | | | | | | | | | | | | | | | | | | | | | | The lockfile API is a handy way to obtain a file that is cleaned up if you die(). But sometimes you would need this sequence to work: 1. hold_lock_file_for_update() to get a file descriptor for writing; 2. write the contents out, without being able to decide if the results should be committed or rolled back; 3. do something else that makes the decision --- and this "something else" needs the lockfile not to have an open file descriptor for writing (e.g. Windows do not want a open file to be renamed); 4. call commit_lock_file() or rollback_lock_file() as appropriately. This adds close_lock_file() you can call between step 2 and 3 in the above sequence. Signed-off-by: Junio C Hamano <gitster@pobox.com>
* Use is_absolute_path() in diff-lib.c, lockfile.c, setup.c, trace.cSteffen Prohaska2007-11-261-1/+1
| | | | | | | Using the helper function to test for absolute paths makes porting easier. Signed-off-by: Steffen Prohaska <prohaska@zib.de> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* Close files opened by lock_file() before unlinking.Johannes Schindelin2007-11-141-7/+10
| | | | | | | This is needed on Windows since open files cannot be unlinked. Signed-off-by: Johannes Sixt <johannes.sixt@telecom.at> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* fully resolve symlinks when creating lockfilesBradford C. Smith2007-07-271-14/+102
| | | | | | | | | | | | | Make the code for resolving symlinks in lockfile.c more robust as follows: 1. Handle relative symlinks 2. recursively resolve symlink chains up to 5 [jc: removed lstat/stat calls to do things stupid way] Signed-off-by: Bradford C. Smith <bradford.carl.smith@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* When locking in a symlinked repository, try to lock the original.Junio C Hamano2007-07-251-0/+13
| | | | | | | | | | | | | In a working tree prepared in new-workdir (in contrib/), some files in .git/ directory are symbolic links to the original repository. The usual sequence of lock-write-rename would break the symbolic link. Ideally we should resolve relative symbolic link with maxdepth, but I do not want to risk too elaborate patch before 1.5.3 release, so this is a minimum and trivially obvious fix. new-workdir creates its symbolic links absolute, and does not link from a symlinked workdir, so this fix should suffice for now. Signed-off-by: Junio C Hamano <gitster@pobox.com>
* lockfile.c: schedule remove_lock_file only once.Sven Verdoolaege2007-07-131-4/+4
| | | | | | | Removing a lockfile once should be enough. Signed-off-by: Sven Verdoolaege <skimo@kotnet.org> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* War on whitespaceJunio C Hamano2007-06-071-1/+0
| | | | | | | | | This uses "git-apply --whitespace=strip" to fix whitespace errors that have crept in to our source files over time. There are a few files that need to have trailing whitespaces (most notably, test vectors). The results still passes the test, and build result in Documentation/ area is unchanged. Signed-off-by: Junio C Hamano <gitster@pobox.com>
* lockfile: record the primary process.Junio C Hamano2007-04-211-1/+5
| | | | | | | | | | | | | | | | | | The usual process flow is the main process opens and holds the lock to the index, does its thing, perhaps spawning children during the course, and then writes the resulting index out by releaseing the lock. However, the lockfile interface uses atexit(3) to clean it up, without regard to who actually created the lock. This typically leads to a confusing behaviour of lock being released too early when the child exits, and then the parent process when it calls commit_lockfile() finds that it cannot unlock it. This fixes the problem by recording who created and holds the lock, and upon atexit(3) handler, child simply ignores the lockfile the parent created. Signed-off-by: Junio C Hamano <junkio@cox.net>
* git-read-tree --index-output=<file>Junio C Hamano2007-04-031-3/+8
| | | | | | | | | | | This corrects the interface mistake of the previous one, and gives a command line parameter to the only plumbing command that currently needs it: "git-read-tree". We can add the calls to set_alternate_index_output() to other plumbing commands that update the index if/when needed. Signed-off-by: Junio C Hamano <junkio@cox.net>
* _GIT_INDEX_OUTPUT: allow plumbing to output to an alternative index file.Junio C Hamano2007-04-031-0/+17
| | | | | | | | | | | | | | | | | | | | | When defined, this allows plumbing commands that update the index (add, apply, checkout-index, merge-recursive, mv, read-tree, rm, update-index, and write-tree) to write their resulting index to an alternative index file while holding a lock to the original index file. With this, git-commit that jumps the index does not have to make an extra copy of the index file, and more importantly, it can do the update while holding the lock on the index. However, I think the interface to let an environment variable specify the output is a mistake, as shown in the documentation. If a curious user has the environment variable set to something other than the file GIT_INDEX_FILE points at, almost everything will break. This should instead be a command line parameter to tell these plumbing commands to write the result in the named file, to prevent stupid mistakes. Signed-off-by: Junio C Hamano <junkio@cox.net>
* Print a more accurate error message when we fail to create a lock file.Steven Grimm2007-01-061-1/+1
| | | | | Signed-off-by: Steven Grimm <koreth@midwinter.com> Signed-off-by: Junio C Hamano <junkio@cox.net>
* Merge branch 'maint'Junio C Hamano2007-01-041-1/+6
|\ | | | | | | | | | | * maint: pack-check.c::verify_packfile(): don't run SHA-1 update on huge data Fix infinite loop when deleting multiple packed refs.
| * Fix infinite loop when deleting multiple packed refs.Junio C Hamano2007-01-031-1/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It was stupid to link the same element twice to lock_file_list and end up in a loop, so we certainly need a fix. But it is not like we are taking a lock on multiple files in this case. It is just that we leave the linked element on the list even after commit_lock_file() successfully removes the cruft. We cannot remove the list element in commit_lock_file(); if we are interrupted in the middle of list manipulation, the call to remove_lock_file_on_signal() will happen with a broken list structure pointed by lock_file_list, which would cause the cruft to remain, so not removing the list element is the right thing to do. Instead we should be reusing the element already on the list. There is already a code for that in lock_file() function in lockfile.c. The code checks lk->next and the element is linked only when it is not already on the list -- which is incorrect for the last element on the list (which has NULL in its next field), but if you read the check as "is this element already on the list?" it actually makes sense. We do not want to link it on the list again, nor we would want to set up signal/atexit over and over. Signed-off-by: Junio C Hamano <junkio@cox.net>
* | simplify inclusion of system header files.Junio C Hamano2006-12-201-1/+0
|/ | | | | | | | | | | | | | | | | | | | This is a mechanical clean-up of the way *.c files include system header files. (1) sources under compat/, platform sha-1 implementations, and xdelta code are exempt from the following rules; (2) the first #include must be "git-compat-util.h" or one of our own header file that includes it first (e.g. config.h, builtin.h, pkt-line.h); (3) system headers that are included in "git-compat-util.h" need not be included in individual C source files. (4) "git-compat-util.h" does not have to include subsystem specific header files (e.g. expat.h). Signed-off-by: Junio C Hamano <junkio@cox.net>
* Better error message when we are unable to lock the index fileJunio C Hamano2006-08-121-1/+9
| | | | | | | | | | | | | | | | | Most of the callers except the one in refs.c use the function to update the index file. Among the index writers, everybody except write-tree dies if they cannot open it for writing. This gives the function an extra argument, to tell it to die when it cannot create a new file as the lockfile. The only caller that does not have to die is write-tree, because updating the index for the cache-tree part is optional and not being able to do so does not affect the correctness. I think we do not have to be so careful and make the failure into die() the same way as other callers, but that would be a different patch. Signed-off-by: Junio C Hamano <junkio@cox.net>
* shared repository - add a few missing calls to adjust_shared_perm().Junio C Hamano2006-06-091-5/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | There were a few calls to adjust_shared_perm() that were missing: - init-db creates refs, refs/heads, and refs/tags before reading from templates that could specify sharedrepository in the config file; - updating config file created it under user's umask without adjusting; - updating refs created it under user's umask without adjusting; - switching branches created .git/HEAD under user's umask without adjusting. This moves adjust_shared_perm() from sha1_file.c to path.c, since a few SIMPLE_PROGRAM need to call repository configuration functions which in turn need to call adjust_shared_perm(). sha1_file.c needs to link with SHA1 computation library which is usually not linked to SIMPLE_PROGRAM. Signed-off-by: Junio C Hamano <junkio@cox.net>
* Make index file locking code reusable to others.Junio C Hamano2006-06-061-0/+57
The framework to create lockfiles that are removed at exit is first used to reliably write the index file, but it is applicable to other things, so stop calling it "cache_file". This also rewords a few remaining error message that called the index file "cache file". Signed-off-by: Junio C Hamano <junkio@cox.net>