summaryrefslogtreecommitdiff
path: root/wrapper.c
Commit message (Collapse)AuthorAgeFilesLines
* Merge branch 'jn/warn-on-inaccessible-loosen' into maintJunio C Hamano2013-01-111-1/+9
|\ | | | | | | | | | | | | | | | | | | | | | | | | When attempting to read the XDG-style $HOME/.config/git/config and finding that $HOME/.config/git is a file, we gave a wrong error message, instead of treating the case as "a custom config file does not exist there" and moving on. * jn/warn-on-inaccessible-loosen: config: exit on error accessing any config file doc: advertise GIT_CONFIG_NOSYSTEM config: treat user and xdg config permission problems as errors config, gitignore: failure to access with ENOTDIR is ok
| * config: treat user and xdg config permission problems as errorsJonathan Nieder2012-10-131-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Git reads multiple configuration files: settings come first from the system config file (typically /etc/gitconfig), then the xdg config file (typically ~/.config/git/config), then the user's dotfile (~/.gitconfig), then the repository configuration (.git/config). Git has always used access(2) to decide whether to use each file; as an unfortunate side effect, that means that if one of these files is unreadable (e.g., EPERM or EIO), git skips it. So if I use ~/.gitconfig to override some settings but make a mistake and give it the wrong permissions then I am subject to the settings the sysadmin chose for /etc/gitconfig. Better to error out and ask the user to correct the problem. This only affects the user and xdg config files, since the user presumably has enough access to fix their permissions. If the system config file is unreadable, the best we can do is to warn about it so the user knows to notify someone and get on with work in the meantime. Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
| * config, gitignore: failure to access with ENOTDIR is okJonathan Nieder2012-10-131-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The access_or_warn() function is used to check for optional configuration files like .gitconfig and .gitignore and warn when they are not accessible due to a configuration issue (e.g., bad permissions). It is not supposed to complain when a file is simply missing. Noticed on a system where ~/.config/git was a file --- when the new XDG_CONFIG_HOME support looks for ~/.config/git/config it should ignore ~/.config/git instead of printing irritating warnings: $ git status -s warning: unable to access '/home/jrn/.config/git/config': Not a directory warning: unable to access '/home/jrn/.config/git/config': Not a directory warning: unable to access '/home/jrn/.config/git/config': Not a directory warning: unable to access '/home/jrn/.config/git/config': Not a directory Compare v1.7.12.1~2^2 (attr:failure to open a .gitattributes file is OK with ENOTDIR, 2012-09-13). Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* | xmkstemp(): avoid showing truncated template more carefullyJunio C Hamano2012-12-181-1/+1
|/ | | | | | | | | | | | | | | | Some implementations of xmkstemp() leaves the given in/out buffer truncated when they return with failure. 6cf6bb3 (Improve error messages when temporary file creation fails, 2010-12-18) attempted to show the real filename we tried to create (but failed), and if that is not available due to such truncation, to show the original template that was given by the caller. But it failed to take into account that the given template could have "directory/" in front, in which case the truncation point may not be template[0] but somewhere else. Signed-off-by: Junio C Hamano <gitster@pobox.com>
* warn_on_inaccessible(): a helper to warn on inaccessible pathsJunio C Hamano2012-08-211-1/+6
| | | | | | | | | | | | | | | The previous series introduced warnings to multiple places, but it could become tiring to see the warning on the same path over and over again during a single run of Git. Making just one function responsible for issuing this warning, we could later choose to keep track of which paths we issued a warning (it would involve a hash table of paths after running them through real_path() or something) in order to reduce noise. Right now we do not know if the noise reduction is necessary, but it still would be a good code reduction/sharing anyway. Signed-off-by: Junio C Hamano <gitster@pobox.com>
* config: warn on inaccessible filesJeff King2012-08-211-0/+8
| | | | | | | | | | | | | | | Before reading a config file, we check "!access(path, R_OK)" to make sure that the file exists and is readable. If it's not, then we silently ignore it. For the case of ENOENT, this is fine, as the presence of the file is optional. For other cases, though, it may indicate a configuration error (e.g., not having permissions to read the file). Let's print a warning in these cases to let the user know. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* ident: report passwd errors with a more friendly messageJeff King2012-05-221-0/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When getpwuid fails, we give a cute but cryptic message. While it makes sense if you know that getpwuid or identity functions are being called, this code is triggered behind the scenes by quite a few git commands these days (e.g., receive-pack on a remote server might use it for a reflog; the current message is hard to distinguish from an authentication error). Let's switch to something that gives a little more context. While we're at it, we can factor out all of the cut-and-pastes of the "you don't exist" message into a wrapper function. Rather than provide xgetpwuid, let's make it even more specific to just getting the passwd entry for the current uid. That's the only way we use getpwuid anyway, and it lets us make an even more specific error message. The current message also fails to mention errno. While the usual cause for getpwuid failing is that the user does not exist, mentioning errno makes it easier to diagnose these problems. Note that POSIX specifies that errno remain untouched if the passwd entry does not exist (but will be set on actual errors), whereas some systems will return ENOENT or similar for a missing entry. We handle both cases in our wrapper. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* Add more large blob test casesNguyễn Thái Ngọc Duy2012-03-071-3/+24
| | | | | | | | | | | | | New test cases list commands that should work when memory is limited. All memory allocation functions (*) learn to reject any allocation larger than $GIT_ALLOC_LIMIT if set. (*) Not exactly all. Some places do not use x* functions, but malloc/calloc directly, notably diff-delta. These code path should never be run on large blobs. Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* read_in_full: always report errorsJeff King2011-05-261-2/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The read_in_full function repeatedly calls read() to fill a buffer. If the first read() returns an error, we notify the caller by returning the error. However, if we read some data and then get an error on a subsequent read, we simply return the amount of data that we did read, and the caller is unaware of the error. This makes the tradeoff that seeing the partial data is more important than the fact that an error occurred. In practice, this is generally not the case; we care more if an error occurred, and should throw away any partial data. I audited the current callers. In most cases, this will make no difference at all, as they do: if (read_in_full(fd, buf, size) != size) error("short read"); However, it will help in a few cases: 1. In sha1_file.c:index_stream, we would fail to notice errors in the incoming stream. 2. When reading symbolic refs in resolve_ref, we would fail to notice errors and potentially use a truncated ref name. 3. In various places, we will get much better error messages. For example, callers of safe_read would erroneously print "the remote end hung up unexpectedly" instead of showing the read error. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* Name make_*_path functions more accuratelyCarlos Martín Nieto2011-03-171-2/+2
| | | | | | | | | | | | | Rename the make_*_path functions so it's clearer what they do, in particlar make clear what the differnce between make_absolute_path and make_nonrelative_path is by renaming them real_path and absolute_path respectively. make_relative_path has an understandable name and is renamed to relative_path to maintain the name convention. The function calls have been replaced 1-to-1 in their usage. Signed-off-by: Carlos Martín Nieto <cmn@elego.de> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* Merge branch 'maint'Junio C Hamano2011-02-101-1/+1
|\ | | | | | | | | * maint: compat: helper for detecting unsigned overflow
| * compat: helper for detecting unsigned overflowJonathan Nieder2011-02-101-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The idiom (a + b < a) works fine for detecting that an unsigned integer has overflowed, but a more explicit unsigned_add_overflows(a, b) might be easier to read. Define such a macro, expanding roughly to ((a) < UINT_MAX - (b)). Because the expansion uses each argument only once outside of sizeof() expressions, it is safe to use with arguments that have side effects. Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* | Improve error messages when temporary file creation failsArnout Engelen2010-12-211-4/+28
|/ | | | | | | | | | | | | | | Before, when creating a temporary file failed, a generic 'Unable to create temporary file' message was printed. In some cases this could lead to confusion as to which directory should be checked for correct permissions etc. This patch adds the template for the temporary filename to the error message, converting it to an absolute path if needed. A test verifies that the template is indeed printed when pointing to a nonexistent or unwritable directory. A copy of the original template is made in case mkstemp clears the template. Signed-off-by: Arnout Engelen <arnouten@bzzt.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* set_try_to_free_routine(NULL) means "do nothing special"Junio C Hamano2010-12-211-0/+2
| | | | | | | This way, the next caller that wants to disable our memory reclamation machinery does not have to define its own do_nothing() stub. Signed-off-by: Junio C Hamano <gitster@pobox.com>
* Remove pack file handling dependency from wrapper.oJonathan Nieder2010-11-101-3/+2
| | | | | | | | | | | | | | | | | | | As v1.7.0-rc0~43 (slim down "git show-index", 2010-01-21) explains, use of xmalloc() brings in a dependency on zlib, the sha1 lib, and the rest of git's object file access machinery via try_to_free_pack_memory. That is overkill when xmalloc is just being used as a convenience wrapper to exit when no memory is available. So defer setting try_to_free_pack_memory as try_to_free_routine until the first packfile is opened in add_packed_git(). After this change, a simple program using xmalloc() and no other functions will not pull in any code from libgit.a aside from wrapper.o and usage.o. Improved-by: René Scharfe <rene.scharfe@lsrfire.ath.cx> Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* wrapper: give zlib wrappers their own translation unitJonathan Nieder2010-11-101-60/+0
| | | | | | | | | Programs using xmalloc() but not git_inflate() require -lz on the linker command line because git_inflate() is in the same translation unit as xmalloc(). Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* path helpers: move git_mkstemp* to wrapper.cJonathan Nieder2010-11-101-0/+113
| | | | | | | | | | | | | | | git_mkstemp_mode and related functions do not require access to specialized git machinery, unlike some other functions from path.c (like set_shared_perm()). Move them to wrapper.c where the wrapper xmkstemp_mode is defined. This eliminates a dependency of wrapper.o on environment.o via path.o. With typical linkers (e.g., gcc), that dependency makes programs that use functions from wrapper.o and not environment.o or path.o larger than they need to be. Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* wrapper: move odb_* to environment.cJonathan Nieder2010-11-101-37/+0
| | | | | | | | | | | | | The odb_mkstemp and odb_pack_keep functions open files under the $GIT_OBJECT_DIRECTORY directory. This requires access to the git configuration which very simple programs do not need. Move these functions to environment.o, closer to their dependencies. This should make it easier for programs to link to wrapper.o without linking to environment.o. Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* wrapper: move xmmap() to sha1_file.cJonathan Nieder2010-11-101-15/+0
| | | | | | | | | | | | | wrapper.o depends on sha1_file.o for a number of reasons. One is release_pack_memory(). xmmap function calls mmap, discarding unused pack windows when necessary to relieve memory pressure. Simple git programs using wrapper.o as a friendly libc do not need this functionality. So move xmmap to sha1_file.o, where release_pack_memory() is. Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* xmalloc: include size in the failure messageMatthieu Moy2010-08-201-1/+2
| | | | | | | | | Out-of-memory errors can either be actual lack of memory, or bugs (like code trying to call xmalloc(-1) by mistake). A little more information may help tracking bugs reported by users. Signed-off-by: Matthieu Moy <Matthieu.Moy@imag.fr> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* Merge branch 'js/try-to-free-stackable'Junio C Hamano2010-06-131-2/+4
|\ | | | | | | | | | | * js/try-to-free-stackable: Do not call release_pack_memory in malloc wrappers when GIT_TRACE is used Have set_try_to_free_routine return the previous routine
| * Have set_try_to_free_routine return the previous routineJohannes Sixt2010-05-081-2/+4
| | | | | | | | | | | | | | | | | | | | | | This effectively requires from the callers of set_try_to_free_routine to treat the try-to-free-routines as a stack. We will need this for the next patch where the only current caller cannot depend on that the previously set routine was the default routine. Signed-off-by: Johannes Sixt <j6t@kdbg.org> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* | Merge branch 'np/malloc-threading'Junio C Hamano2010-05-211-4/+16
|\ \ | |/ | | | | | | | | * np/malloc-threading: Thread-safe xmalloc and xrealloc needs a recursive mutex Make xmalloc and xrealloc thread-safe
| * Make xmalloc and xrealloc thread-safeNicolas Pitre2010-03-241-4/+16
| | | | | | | | | | | | | | | | | | | | | | | | By providing a hook for the routine responsible for trying to free some memory on malloc failure, we can ensure that the called routine is protected by the appropriate locks when threads are in play. The obvious offender here was pack-objects which was calling xmalloc() within threads while release_pack_memory() is not thread safe. Signed-off-by: Nicolas Pitre <nico@fluxnic.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* | Introduce remove_or_warn functionPeter Collingbourne2010-03-281-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | This patch introduces the remove_or_warn function which is a generalised version of the {unlink,rmdir}_or_warn functions. It takes an additional parameter indicating the mode of the file to be removed. The patch also modifies certain functions to use remove_or_warn where appropriate, and adds a test case for a bug fixed by the use of remove_or_warn. Signed-off-by: Peter Collingbourne <peter@pcc.me.uk> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* | Implement the rmdir_or_warn functionPeter Collingbourne2010-03-281-0/+5
| | | | | | | | | | | | | | | | | | This patch implements an rmdir_or_warn function (like unlink_or_warn but for directories) that uses the generalised warning code in warn_if_unremovable. Signed-off-by: Peter Collingbourne <peter@pcc.me.uk> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* | Generalise the unlink_or_warn functionPeter Collingbourne2010-03-281-5/+7
|/ | | | | | | | This patch moves the warning code of the unlink_or_warn function into a separate function named warn_if_unremovable so that it may be reused. Signed-off-by: Peter Collingbourne <peter@pcc.me.uk> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* Use git_mkstemp_mode and xmkstemp_mode in odb_mkstemp, not chmod later.Matthieu Moy2010-02-221-3/+7
| | | | | | | | | | | | | | | | | | | | | We used to create 0600 files, and then use chmod to set the group and other permission bits to the umask. This usually has the same effect as a normal file creation with a umask. But in the presence of ACLs, the group permission plays the role of the ACL mask: the "g" bits of newly created files are chosen according to default ACL mask of the directory, not according to the umask, and doing a chmod() on these "g" bits affect the ACL's mask instead of actual group permission. In other words, creating files with 0600 and then doing a chmod to the umask creates files which are unreadable by users allowed in the default ACL. To create the files without breaking ACLs, we let the umask do it's job at the file's creation time, and get rid of the later chmod. Signed-off-by: Matthieu Moy <Matthieu.Moy@imag.fr> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* git_mkstemp_mode, xmkstemp_mode: variants of gitmkstemps with mode argument.Matthieu Moy2010-02-221-0/+10
| | | | | | | | | | | | | gitmkstemps emulates the behavior of mkstemps, which is usually used to create files in a shared directory like /tmp/, hence, it creates files with permission 0600. Add git_mkstemps_mode() that allows us to specify the desired mode, and make git_mkstemps() a wrapper that always uses 0600 to call it. Later we will use git_mkstemps_mode() when creating pack files. Signed-off-by: Matthieu Moy <Matthieu.Moy@imag.fr> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* Add xmallocz()Ilari Liusvaara2010-01-261-4/+11
| | | | | | | | | | Add routine for allocating NUL-terminated memory block without risking integer overflow in addition of +1 for NUL byte. [jc: with suggestion from Bill Lear] Signed-off-by: Ilari Liusvaara <ilari.liusvaara@elisanet.fi> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* Convert existing die(..., strerror(errno)) to die_errno()Thomas Rast2009-06-271-4/+4
| | | | | | | | | | | Change calls to die(..., strerror(errno)) to use the new die_errno(). In the process, also make slight style adjustments: at least state _something_ about the function that failed (instead of just printing the pathname), and put paths in single quotes. Signed-off-by: Thomas Rast <trast@student.ethz.ch> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* Introduce an unlink(2) wrapper which gives warning if unlink failedAlex Riesen2009-04-291-0/+16
| | | | | | | | | | | | | | This seem to be a very common pattern in the current code. The function prints a generic removal failure message, the file name which failed and readable errno presentation. The function preserves errno and always returns the value unlink(2) returned, but prints no message for ENOENT, as it was the most often filtered out in the code calling unlink. Besides, removing a file is anyway the purpose of calling unlink. Signed-off-by: Alex Riesen <raa.lkml@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* Merge branch 'jc/maint-1.6.0-pack-directory'Junio C Hamano2009-02-281-1/+2
|\ | | | | | | | | * jc/maint-1.6.0-pack-directory: Fix odb_mkstemp() on AIX
| * Fix odb_mkstemp() on AIXMike Ralphson2009-02-261-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | The AIX mkstemp() modifies its template parameter to an empty string if the call fails. The existing code had already recomputed the template, but too late to be good. See also 6ff6af62, which fixed this problem in a different spot. Signed-off-by: Mike Ralphson <mike@abacus.co.uk> Signed-off-by: Johannes Sixt <j6t@kdbg.org> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* | Merge branch 'jc/maint-1.6.0-pack-directory'Junio C Hamano2009-02-251-0/+32
|\ \ | |/ | | | | | | * jc/maint-1.6.0-pack-directory: Make sure objects/pack exists before creating a new pack
| * Make sure objects/pack exists before creating a new packJunio C Hamano2009-02-251-0/+32
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In a repository created with git older than f49fb35 (git-init-db: create "pack" subdirectory under objects, 2005-06-27), objects/pack/ directory is not created upon initialization. It was Ok because subdirectories are created as needed inside directories init-db creates, and back then, packfiles were recent invention. After the said commit, new codepaths started relying on the presense of objects/pack/ directory in the repository. This was exacerbated with 8b4eb6b (Do not perform cross-directory renames when creating packs, 2008-09-22) that moved the location temporary pack files are created from objects/ directory to objects/pack/ directory, because moving temporary to the final location was done carefully with lazy leading directory creation. Many packfile related operations in such an old repository can fail mysteriously because of this. This commit introduces two helper functions to make things work better. - odb_mkstemp() is a specialized version of mkstemp() to refactor the code and teach it to create leading directories as needed; - odb_pack_keep() refactors the code to create a ".keep" file while create leading directories as needed. Signed-off-by: Junio C Hamano <gitster@pobox.com>
* | Wrap inflate and other zlib routines for better error reportingLinus Torvalds2009-01-111-0/+60
|/ | | | | | | | | | | | | R. Tyler Ballance reported a mysterious transient repository corruption; after much digging, it turns out that we were not catching and reporting memory allocation errors from some calls we make to zlib. This one _just_ wraps things; it doesn't do the "retry on low memory error" part, at least not yet. It is an independent issue from the reporting. Some of the errors are expected and passed back to the caller, but we die when zlib reports it failed to allocate memory for now. Signed-off-by: Junio C Hamano <gitster@pobox.com>
* Move read_in_full() and write_in_full() to wrapper.cJunio C Hamano2008-07-201-0/+38
| | | | | | | A few compat/* layer functions call these functions, but we would really want to keep them thin, without depending too much on the libgit proper. Signed-off-by: Junio C Hamano <gitster@pobox.com>
* Shrink the git binary a bit by avoiding unnecessary inline functionsLinus Torvalds2008-06-221-0/+160
So I was looking at the disgusting size of the git binary, and even with the debugging removed, and using -Os instead of -O2, the size of the text section was pretty high. In this day and age I guess almost a megabyte of text isn't really all that surprising, but it still doesn't exactly make me think "lean and mean". With -Os, a surprising amount of text space is wasted on inline functions that end up just being replicated multiple times, and where performance really isn't a valid reason to inline them. In particular, the trivial wrapper functions like "xmalloc()" are used _everywhere_, and making them inline just duplicates the text (and the string we use to 'die()' on failure) unnecessarily. So this just moves them into a "wrapper.c" file, getting rid of a tiny bit of unnecessary bloat. The following numbers are both with "CFLAGS=-Os": Before: [torvalds@woody git]$ size git text data bss dec hex filename 700460 15160 292184 1007804 f60bc git After: [torvalds@woody git]$ size git text data bss dec hex filename 670540 15160 292184 977884 eebdc git so it saves almost 30k of text-space (it actually saves more than that with the default -O2, but I don't think that's necessarily a very relevant number from a "try to shrink git" standpoint). It might conceivably have a performance impact, but none of this should be _that_ performance critical. The real cost is not generally in the wrapper anyway, but in the code it wraps (ie the cost of "xread()" is all in the read itself, not in the trivial wrapping of it). Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Junio C Hamano <gitster@pobox.com>