On Sat, May 01, 2021 at 11:40:52AM -0400, Jeff King wrote:
> A while back, I had a topic[1] that treated symlinked .gitattributes
> (and .gitignore and .mailmap) the same as .gitmodules: forbidding them
> in the index, complaining about them via fsck, etc.
>
> In the end, we decided not to do that[2], and instead just open the
> files with O_NOFOLLOW instead. As I said in that thread, we could
> salvage some of the cleanups, fsck checks, and docs from the original
> topic. So here that is. (The new topic is in master but not yet
> released; so while this is not strictly a bug-fix for an existing topic,
> it would be good to get especially the doc improvements into the same
> release).
Here's a re-roll with two small fixes: dropping the test_i18ngrep that
Ævar noticed, and taking Eric's wording suggestion for the docs.
I didn't take Ævar's suggestion to expand the line-wrapping fixes
further. I don't mind that happening, but I'd prefer doing it as a
separate series.
Range-diff (a little hard to read because the one-line change in the
tests percolates through several commits, and the two-word changes in
the docs caused rewrapping):
1: c91ce2ed34 = 1: c91ce2ed34 t7415: remove out-dated comment about translation
2: 99fe934110 = 2: 99fe934110 fsck_tree(): fix shadowed variable
3: 9695e4370c = 3: 9695e4370c fsck_tree(): wrap some long lines
4: 2cf9839145 = 4: 2cf9839145 t7415: rename to expand scope
5: ad18686096 ! 5: 1664953e71 t7450: test verify_path() handling of gitmodules
@@ t/t7450-bad-git-dotfiles.sh: test_expect_success 'fsck detects symlinked .gitmod
+test_expect_success 'refuse to load symlinked .gitmodules into index' '
+ test_must_fail git -C symlink read-tree $tree 2>err &&
-+ test_i18ngrep "invalid path.*gitmodules" err &&
++ grep "invalid path.*gitmodules" err &&
+ git -C symlink ls-files >out &&
+ test_must_be_empty out
+'
6: 9691fb8d5c ! 6: 41000ce022 t7450: test .gitmodules symlink matching against obscured names
@@ t/t7450-bad-git-dotfiles.sh: test_expect_success 'index-pack --strict works for
-
-test_expect_success 'refuse to load symlinked .gitmodules into index' '
- test_must_fail git -C symlink read-tree $tree 2>err &&
-- test_i18ngrep "invalid path.*gitmodules" err &&
+- grep "invalid path.*gitmodules" err &&
- git -C symlink ls-files >out &&
- test_must_be_empty out
-'
@@ t/t7450-bad-git-dotfiles.sh: test_expect_success 'index-pack --strict works for
+ -c core.protectntfs \
+ -c core.protecthfs \
+ read-tree $tree 2>err &&
-+ test_i18ngrep "invalid path.*$name" err &&
++ grep "invalid path.*$name" err &&
+ git -C $dir ls-files -s >out &&
+ test_must_be_empty out
+ '
7: 670705dca2 = 7: 58efbbbbb6 t0060: test ntfs/hfs-obscured dotfiles
8: 422162a7ae = 8: aeff66bf1e fsck: warn about symlinked dotfiles we'll open with O_NOFOLLOW
9: f1b226ca4f ! 9: a8f9255d9b docs: document symlink restrictions for dot-files
@@ Documentation/gitattributes.txt: to:
+NOTES
+-----
+
-+Note that Git does not follow symbolic links when accessing a
-+`.gitattributes` file in the working tree. This keeps behavior
-+consistent when the file is accessed from the index or a tree versus
-+from the filesystem.
++Git does not follow symbolic links when accessing a `.gitattributes`
++file in the working tree. This keeps behavior consistent when the file
++is accessed from the index or a tree versus from the filesystem.
EXAMPLES
--------
@@ Documentation/gitignore.txt: not tracked by Git remain untracked.
To stop tracking a file that is currently tracked, use
'git rm --cached'.
-+Note that Git does not follow symbolic links when accessing a
-+`.gitignore` file in the working tree. This keeps behavior consistent
-+when the file is accessed from the index or a tree versus from the
-+filesystem.
++Git does not follow symbolic links when accessing a `.gitignore` file in
++the working tree. This keeps behavior consistent when the file is
++accessed from the index or a tree versus from the filesystem.
+
EXAMPLES
--------
@@ Documentation/gitmailmap.txt: this would also match the 'Commit Name <commit@
+NOTES
+-----
+
-+Note that Git does not follow symbolic links when accessing a `.mailmap`
-+file in the working tree. This keeps behavior consistent when the file
-+is accessed from the index or a tree versus from the filesystem.
++Git does not follow symbolic links when accessing a `.mailmap` file in
++the working tree. This keeps behavior consistent when the file is
++accessed from the index or a tree versus from the filesystem.
+
EXAMPLES
--------
@@ Documentation/gitmodules.txt: submodule.<name>.shallow::
+NOTES
+-----
+
-+Note that Git does not allow the `.gitmodules` file within a working
-+tree to be a symbolic link, and will refuse to check out such a tree
-+entry. This keeps behavior consistent when the file is accessed from the
-+index or a tree versus from the filesystem, and helps Git reliably
-+enforce security checks of the file contents.
++Git does not allow the `.gitmodules` file within a working tree to be a
++symbolic link, and will refuse to check out such a tree entry. This
++keeps behavior consistent when the file is accessed from the index or a
++tree versus from the filesystem, and helps Git reliably enforce security
++checks of the file contents.
EXAMPLES
--------
[1/9]: t7415: remove out-dated comment about translation
[2/9]: fsck_tree(): fix shadowed variable
[3/9]: fsck_tree(): wrap some long lines
[4/9]: t7415: rename to expand scope
[5/9]: t7450: test verify_path() handling of gitmodules
[6/9]: t7450: test .gitmodules symlink matching against obscured names
[7/9]: t0060: test ntfs/hfs-obscured dotfiles
[8/9]: fsck: warn about symlinked dotfiles we'll open with O_NOFOLLOW
[9/9]: docs: document symlink restrictions for dot-files
Documentation/gitattributes.txt | 6 +
Documentation/gitignore.txt | 4 +
Documentation/gitmailmap.txt | 7 ++
Documentation/gitmodules.txt | 8 ++
cache.h | 1 +
fsck.c | 84 ++++++++++---
fsck.h | 3 +
path.c | 5 +
t/helper/test-path-utils.c | 46 +++++--
t/t0060-path-utils.sh | 30 +++++
...ule-names.sh => t7450-bad-git-dotfiles.sh} | 116 +++++++++++++-----
utf8.c | 5 +
utf8.h | 1 +
13 files changed, 255 insertions(+), 61 deletions(-)
rename t/{t7415-submodule-names.sh => t7450-bad-git-dotfiles.sh} (70%)
-Peff
