Junio C Hamano <gitster@xxxxxxxxx> writes:
>> The only change relative to v2 is that the second commit message
>> clarifies why apply, fsck and fast-import are left unchanged.
>
> I do not think it clarifies to make "fsck" whose lost and found are
> written to GIT_DIR and "apply"'s ".rej" share the same "we dunno"
> reasoning, though.
I'd say we should go with this one. I think the reasoning for
"fsck" should be a lot clearer this way.
-- >8 --
Author: Johannes Schindelin <johannes.schindelin@xxxxxx>
Date: Mon Jan 11 19:35:54 2016 +0100
Handle more file writes correctly in shared repos
In shared repositories, we have to be careful when writing files whose
permissions do not allow users other than the owner to write them.
In particular, we force the marks file of fast-export and the FETCH_HEAD
when fetching to be rewritten from scratch.
This commit does not touch other calls to fopen() that want to
write files:
- commands that write to working tree files (core.sharedRepository
does not affect permission bits of working tree files),
e.g. .rej file created by "apply --reject", result of applying a
previous conflict resolution by "rerere", "git merge-file".
- git am, when splitting mails (git-am correctly cleans up its directory
after finishing, so there is no need to share those files between users)
- git fsck, when writing lost&found blobs (they are written in the
file under its object name, so an existing file with tighter
permission that you cannot write into is OK, because what you are
failing to write is the same contents that the file already has
anyway).
- git submodule clone, when writing the .git file, because the file
will not be overwritten
- git_terminal_prompt() in compat/terminal.c, because it is not writing to
a file at all
- git diff --output, because the output file is clearly not intended to be
shared between the users of the current repository
- git fast-import, when writing a crash report, because the reports' file
names are unique due to an embedded process ID
- mailinfo() in mailinfo.c, because the output is clearly not intended to
be shared between the users of the current repository
- check_or_regenerate_marks() in remote-testsvn.c, because this is only
used for Git's internal testing
Note that this patch does not touch callers of write_file() and
write_file_gently(), which would benefit from the same scrutiny as
to usage in shared repositories. Most notable users are branch,
daemon, submodule & worktree, and a worrisome call in transport.c
when updating one ref (which ignores the shared flag).
Signed-off-by: Johannes Schindelin <johannes.schindelin@xxxxxx>
Signed-off-by: Junio C Hamano <gitster@xxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html