<feed xmlns='http://www.w3.org/2005/Atom'>
<title>git/daemon.c, branch v2.12.2</title>
<subtitle>Mirror of https://git.kernel.org/pub/scm/git/git.git/
</subtitle>
<id>https://git.shady.money/git/atom?h=v2.12.2</id>
<link rel='self' href='https://git.shady.money/git/atom?h=v2.12.2'/>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/'/>
<updated>2016-10-31T20:15:21Z</updated>
<entry>
<title>Merge branch 'ls/filter-process'</title>
<updated>2016-10-31T20:15:21Z</updated>
<author>
<name>Junio C Hamano</name>
<email>gitster@pobox.com</email>
</author>
<published>2016-10-31T20:15:21Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=dbaa6bdce22914843e956e36d41d328547514342'/>
<id>urn:sha1:dbaa6bdce22914843e956e36d41d328547514342</id>
<content type='text'>
The smudge/clean filter API expect an external process is spawned
to filter the contents for each path that has a filter defined.  A
new type of "process" filter API has been added to allow the first
request to run the filter for a path to spawn a single process, and
all filtering need is served by this single process for multiple
paths, reducing the process creation overhead.

* ls/filter-process:
  contrib/long-running-filter: add long running filter example
  convert: add filter.&lt;driver&gt;.process option
  convert: prepare filter.&lt;driver&gt;.process option
  convert: make apply_filter() adhere to standard Git error handling
  pkt-line: add functions to read/write flush terminated packet streams
  pkt-line: add packet_write_gently()
  pkt-line: add packet_flush_gently()
  pkt-line: add packet_write_fmt_gently()
  pkt-line: extract set_packet_header()
  pkt-line: rename packet_write() to packet_write_fmt()
  run-command: add clean_on_exit_handler
  run-command: move check_pipe() from write_or_die to run_command
  convert: modernize tests
  convert: quote filter names in error messages
</content>
</entry>
<entry>
<title>Merge branch 'jk/daemon-path-ok-check-truncation'</title>
<updated>2016-10-27T21:58:50Z</updated>
<author>
<name>Junio C Hamano</name>
<email>gitster@pobox.com</email>
</author>
<published>2016-10-27T21:58:50Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=ee87d47b364cdaf78badefb3f7044b8074ed1550'/>
<id>urn:sha1:ee87d47b364cdaf78badefb3f7044b8074ed1550</id>
<content type='text'>
"git daemon" used fixed-length buffers to turn URL to the
repository the client asked for into the server side directory
path, using snprintf() to avoid overflowing these buffers, but
allowed possibly truncated paths to the directory.  This has been
tightened to reject such a request that causes overlong path to be
required to serve.

* jk/daemon-path-ok-check-truncation:
  daemon: detect and reject too-long paths
</content>
</entry>
<entry>
<title>daemon: detect and reject too-long paths</title>
<updated>2016-10-24T16:59:29Z</updated>
<author>
<name>Jeff King</name>
<email>peff@peff.net</email>
</author>
<published>2016-10-22T04:59:38Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=6bdb0083be3b42aab5dfa6bf18b447623704f7f5'/>
<id>urn:sha1:6bdb0083be3b42aab5dfa6bf18b447623704f7f5</id>
<content type='text'>
When we are checking the path via path_ok(), we use some
fixed PATH_MAX buffers. We write into them via snprintf(),
so there's no possibility of overflow, but it does mean we
may silently truncate the path, leading to potentially
confusing errors when the partial path does not exist.

We're better off to reject the path explicitly.

Signed-off-by: Jeff King &lt;peff@peff.net&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>pkt-line: rename packet_write() to packet_write_fmt()</title>
<updated>2016-10-17T18:36:50Z</updated>
<author>
<name>Lars Schneider</name>
<email>larsxschneider@gmail.com</email>
</author>
<published>2016-10-16T23:20:29Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=81c634e94f2fef0cec295f7554080c82bd6aeeb7'/>
<id>urn:sha1:81c634e94f2fef0cec295f7554080c82bd6aeeb7</id>
<content type='text'>
packet_write() should be called packet_write_fmt() because it is a
printf-like function that takes a format string as first parameter.

packet_write_fmt() should be used for text strings only. Arbitrary
binary data should use a new packet_write() function that is introduced
in a subsequent patch.

Suggested-by: Junio C Hamano &lt;gitster@pobox.com&gt;
Signed-off-by: Lars Schneider &lt;larsxschneider@gmail.com&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>Merge branch 'ew/daemon-socket-keepalive'</title>
<updated>2016-07-28T17:34:43Z</updated>
<author>
<name>Junio C Hamano</name>
<email>gitster@pobox.com</email>
</author>
<published>2016-07-28T17:34:43Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=b48dfd86c90cae3f98dca01101b7e298c0192d16'/>
<id>urn:sha1:b48dfd86c90cae3f98dca01101b7e298c0192d16</id>
<content type='text'>
Recent update to "git daemon" tries to enable the socket-level
KEEPALIVE, but when it is spawned via inetd, the standard input
file descriptor may not necessarily be connected to a socket.
Suppress an ENOTSOCK error from setsockopt().

* ew/daemon-socket-keepalive:
  Windows: add missing definition of ENOTSOCK
  daemon: ignore ENOTSOCK from setsockopt
</content>
</entry>
<entry>
<title>Merge branch 'jk/common-main'</title>
<updated>2016-07-19T20:22:19Z</updated>
<author>
<name>Junio C Hamano</name>
<email>gitster@pobox.com</email>
</author>
<published>2016-07-19T20:22:19Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=d4c6375fd8996d7d809fb34b9743339d7192c58b'/>
<id>urn:sha1:d4c6375fd8996d7d809fb34b9743339d7192c58b</id>
<content type='text'>
There are certain house-keeping tasks that need to be performed at
the very beginning of any Git program, and programs that are not
built-in commands had to do them exactly the same way as "git"
potty does.  It was easy to make mistakes in one-off standalone
programs (like test helpers).  A common "main()" function that
calls cmd_main() of individual program has been introduced to
make it harder to make mistakes.

* jk/common-main:
  mingw: declare main()'s argv as const
  common-main: call git_setup_gettext()
  common-main: call restore_sigpipe_to_default()
  common-main: call sanitize_stdfds()
  common-main: call git_extract_argv0_path()
  add an extra level of indirection to main()
</content>
</entry>
<entry>
<title>daemon: ignore ENOTSOCK from setsockopt</title>
<updated>2016-07-18T18:09:52Z</updated>
<author>
<name>Eric Wong</name>
<email>e@80x24.org</email>
</author>
<published>2016-07-18T04:59:11Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=49c58d86ceb7816c5f0ca36e38e26cd6b8506d74'/>
<id>urn:sha1:49c58d86ceb7816c5f0ca36e38e26cd6b8506d74</id>
<content type='text'>
In inetd mode, we are not guaranteed stdin or stdout is a
socket; callers could filter the data through a pipe
or be testing with regular files.

This prevents t5802 from polluting syslog.

Signed-off-by: Eric Wong &lt;e@80x24.org&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>common-main: call git_setup_gettext()</title>
<updated>2016-07-01T22:09:10Z</updated>
<author>
<name>Jeff King</name>
<email>peff@peff.net</email>
</author>
<published>2016-07-01T06:07:01Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=5ce5f5fa5ad3de3c36fdd00df2d5c045ad1d7f04'/>
<id>urn:sha1:5ce5f5fa5ad3de3c36fdd00df2d5c045ad1d7f04</id>
<content type='text'>
This should be part of every program, as otherwise users do
not get translated error messages. However, some external
commands forgot to do so (e.g., git-credential-store). This
fixes them, and eliminates the repeated code in programs
that did remember to use it.

Signed-off-by: Jeff King &lt;peff@peff.net&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>common-main: call sanitize_stdfds()</title>
<updated>2016-07-01T22:09:10Z</updated>
<author>
<name>Jeff King</name>
<email>peff@peff.net</email>
</author>
<published>2016-07-01T06:06:02Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=57f5d52a942e8bbfa82e2741faf050de0d6b3eb3'/>
<id>urn:sha1:57f5d52a942e8bbfa82e2741faf050de0d6b3eb3</id>
<content type='text'>
This is setup that should be done in every program for
safety, but we never got around to adding it everywhere (so
builtins benefited from the call in git.c, but any external
commands did not). Putting it in the common main() gives us
this safety everywhere.

Note that the case in daemon.c is a little funny. We wait
until we know whether we want to daemonize, and then either:

 - call daemonize(), which will close stdio and reopen it to
   /dev/null under the hood

 - sanitize_stdfds(), to fix up any odd cases

But that is way too late; the point of sanitizing is to give
us reliable descriptors on 0/1/2, and we will already have
executed code, possibly called die(), etc. The sanitizing
should be the very first thing that happens.

With this patch, git-daemon will sanitize first, and can
remove the call in the non-daemonize case. It does mean that
daemonize() may just end up closing the descriptors we
opened, but that's not a big deal (it's not wrong to do so,
nor is it really less optimal than the case where our parent
process redirected us from /dev/null ahead of time).

Signed-off-by: Jeff King &lt;peff@peff.net&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>common-main: call git_extract_argv0_path()</title>
<updated>2016-07-01T22:09:10Z</updated>
<author>
<name>Jeff King</name>
<email>peff@peff.net</email>
</author>
<published>2016-07-01T06:04:04Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=650c449250d7279dcbfe2f7cc23624955d53d339'/>
<id>urn:sha1:650c449250d7279dcbfe2f7cc23624955d53d339</id>
<content type='text'>
Every program which links against libgit.a must call this
function, or risk hitting an assert() in system_path() that
checks whether we have configured argv0_path (though only
when RUNTIME_PREFIX is defined, so essentially only on
Windows).

Looking at the diff, you can see that putting it into the
common main() saves us having to do it individually in each
of the external commands. But what you can't see are the
cases where we _should_ have been doing so, but weren't
(e.g., git-credential-store, and all of the t/helper test
programs).

This has been an accident-waiting-to-happen for a long time,
but wasn't triggered until recently because it involves one
of those programs actually calling system_path(). That
happened with git-credential-store in v2.8.0 with ae5f677
(lazily load core.sharedrepository, 2016-03-11). The
program:

  - takes a lock file, which...

  - opens a tempfile, which...

  - calls adjust_shared_perm to fix permissions, which...

  - lazy-loads the config (as of ae5f677), which...

  - calls system_path() to find the location of
    /etc/gitconfig

On systems with RUNTIME_PREFIX, this means credential-store
reliably hits that assert() and cannot be used.

We never noticed in the test suite, because we set
GIT_CONFIG_NOSYSTEM there, which skips the system_path()
lookup entirely.  But if we were to tweak git_config() to
find /etc/gitconfig even when we aren't going to open it,
then the test suite shows multiple failures (for
credential-store, and for some other test helpers). I didn't
include that tweak here because it's way too specific to
this particular call to be worth carrying around what is
essentially dead code.

The implementation is fairly straightforward, with one
exception: there is exactly one caller (git.c) that actually
cares about the result of the function, and not the
side-effect of setting up argv0_path. We can accommodate
that by simply replacing the value of argv[0] in the array
we hand down to cmd_main().

Signed-off-by: Jeff King &lt;peff@peff.net&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
</feed>
