Merge branch 'rs/fix-arghelp'
[git.git] / setup.c
blob2e607632dbde807ae76566e282d8f122b1642cda
1 #include "git-compat-util.h"
2 #include "abspath.h"
3 #include "copy.h"
4 #include "environment.h"
5 #include "exec-cmd.h"
6 #include "gettext.h"
7 #include "object-name.h"
8 #include "refs.h"
9 #include "repository.h"
10 #include "config.h"
11 #include "dir.h"
12 #include "setup.h"
13 #include "string-list.h"
14 #include "chdir-notify.h"
15 #include "path.h"
16 #include "promisor-remote.h"
17 #include "quote.h"
18 #include "trace2.h"
19 #include "worktree.h"
21 static int inside_git_dir = -1;
22 static int inside_work_tree = -1;
23 static int work_tree_config_is_bogus;
24 enum allowed_bare_repo {
25 ALLOWED_BARE_REPO_EXPLICIT = 0,
26 ALLOWED_BARE_REPO_ALL,
29 static struct startup_info the_startup_info;
30 struct startup_info *startup_info = &the_startup_info;
31 const char *tmp_original_cwd;
34 * The input parameter must contain an absolute path, and it must already be
35 * normalized.
37 * Find the part of an absolute path that lies inside the work tree by
38 * dereferencing symlinks outside the work tree, for example:
39 * /dir1/repo/dir2/file (work tree is /dir1/repo) -> dir2/file
40 * /dir/file (work tree is /) -> dir/file
41 * /dir/symlink1/symlink2 (symlink1 points to work tree) -> symlink2
42 * /dir/repolink/file (repolink points to /dir/repo) -> file
43 * /dir/repo (exactly equal to work tree) -> (empty string)
45 static int abspath_part_inside_repo(char *path)
47 size_t len;
48 size_t wtlen;
49 char *path0;
50 int off;
51 const char *work_tree = get_git_work_tree();
52 struct strbuf realpath = STRBUF_INIT;
54 if (!work_tree)
55 return -1;
56 wtlen = strlen(work_tree);
57 len = strlen(path);
58 off = offset_1st_component(path);
60 /* check if work tree is already the prefix */
61 if (wtlen <= len && !fspathncmp(path, work_tree, wtlen)) {
62 if (path[wtlen] == '/') {
63 memmove(path, path + wtlen + 1, len - wtlen);
64 return 0;
65 } else if (path[wtlen - 1] == '/' || path[wtlen] == '\0') {
66 /* work tree is the root, or the whole path */
67 memmove(path, path + wtlen, len - wtlen + 1);
68 return 0;
70 /* work tree might match beginning of a symlink to work tree */
71 off = wtlen;
73 path0 = path;
74 path += off;
76 /* check each '/'-terminated level */
77 while (*path) {
78 path++;
79 if (*path == '/') {
80 *path = '\0';
81 strbuf_realpath(&realpath, path0, 1);
82 if (fspathcmp(realpath.buf, work_tree) == 0) {
83 memmove(path0, path + 1, len - (path - path0));
84 strbuf_release(&realpath);
85 return 0;
87 *path = '/';
91 /* check whole path */
92 strbuf_realpath(&realpath, path0, 1);
93 if (fspathcmp(realpath.buf, work_tree) == 0) {
94 *path0 = '\0';
95 strbuf_release(&realpath);
96 return 0;
99 strbuf_release(&realpath);
100 return -1;
104 * Normalize "path", prepending the "prefix" for relative paths. If
105 * remaining_prefix is not NULL, return the actual prefix still
106 * remains in the path. For example, prefix = sub1/sub2/ and path is
108 * foo -> sub1/sub2/foo (full prefix)
109 * ../foo -> sub1/foo (remaining prefix is sub1/)
110 * ../../bar -> bar (no remaining prefix)
111 * ../../sub1/sub2/foo -> sub1/sub2/foo (but no remaining prefix)
112 * `pwd`/../bar -> sub1/bar (no remaining prefix)
114 char *prefix_path_gently(const char *prefix, int len,
115 int *remaining_prefix, const char *path)
117 const char *orig = path;
118 char *sanitized;
119 if (is_absolute_path(orig)) {
120 sanitized = xmallocz(strlen(path));
121 if (remaining_prefix)
122 *remaining_prefix = 0;
123 if (normalize_path_copy_len(sanitized, path, remaining_prefix)) {
124 free(sanitized);
125 return NULL;
127 if (abspath_part_inside_repo(sanitized)) {
128 free(sanitized);
129 return NULL;
131 } else {
132 sanitized = xstrfmt("%.*s%s", len, len ? prefix : "", path);
133 if (remaining_prefix)
134 *remaining_prefix = len;
135 if (normalize_path_copy_len(sanitized, sanitized, remaining_prefix)) {
136 free(sanitized);
137 return NULL;
140 return sanitized;
143 char *prefix_path(const char *prefix, int len, const char *path)
145 char *r = prefix_path_gently(prefix, len, NULL, path);
146 if (!r) {
147 const char *hint_path = get_git_work_tree();
148 if (!hint_path)
149 hint_path = get_git_dir();
150 die(_("'%s' is outside repository at '%s'"), path,
151 absolute_path(hint_path));
153 return r;
156 int path_inside_repo(const char *prefix, const char *path)
158 int len = prefix ? strlen(prefix) : 0;
159 char *r = prefix_path_gently(prefix, len, NULL, path);
160 if (r) {
161 free(r);
162 return 1;
164 return 0;
167 int check_filename(const char *prefix, const char *arg)
169 char *to_free = NULL;
170 struct stat st;
172 if (skip_prefix(arg, ":/", &arg)) {
173 if (!*arg) /* ":/" is root dir, always exists */
174 return 1;
175 prefix = NULL;
176 } else if (skip_prefix(arg, ":!", &arg) ||
177 skip_prefix(arg, ":^", &arg)) {
178 if (!*arg) /* excluding everything is silly, but allowed */
179 return 1;
182 if (prefix)
183 arg = to_free = prefix_filename(prefix, arg);
185 if (!lstat(arg, &st)) {
186 free(to_free);
187 return 1; /* file exists */
189 if (is_missing_file_error(errno)) {
190 free(to_free);
191 return 0; /* file does not exist */
193 die_errno(_("failed to stat '%s'"), arg);
196 static void NORETURN die_verify_filename(struct repository *r,
197 const char *prefix,
198 const char *arg,
199 int diagnose_misspelt_rev)
201 if (!diagnose_misspelt_rev)
202 die(_("%s: no such path in the working tree.\n"
203 "Use 'git <command> -- <path>...' to specify paths that do not exist locally."),
204 arg);
206 * Saying "'(icase)foo' does not exist in the index" when the
207 * user gave us ":(icase)foo" is just stupid. A magic pathspec
208 * begins with a colon and is followed by a non-alnum; do not
209 * let maybe_die_on_misspelt_object_name() even trigger.
211 if (!(arg[0] == ':' && !isalnum(arg[1])))
212 maybe_die_on_misspelt_object_name(r, arg, prefix);
214 /* ... or fall back the most general message. */
215 die(_("ambiguous argument '%s': unknown revision or path not in the working tree.\n"
216 "Use '--' to separate paths from revisions, like this:\n"
217 "'git <command> [<revision>...] -- [<file>...]'"), arg);
222 * Check for arguments that don't resolve as actual files,
223 * but which look sufficiently like pathspecs that we'll consider
224 * them such for the purposes of rev/pathspec DWIM parsing.
226 static int looks_like_pathspec(const char *arg)
228 const char *p;
229 int escaped = 0;
232 * Wildcard characters imply the user is looking to match pathspecs
233 * that aren't in the filesystem. Note that this doesn't include
234 * backslash even though it's a glob special; by itself it doesn't
235 * cause any increase in the match. Likewise ignore backslash-escaped
236 * wildcard characters.
238 for (p = arg; *p; p++) {
239 if (escaped) {
240 escaped = 0;
241 } else if (is_glob_special(*p)) {
242 if (*p == '\\')
243 escaped = 1;
244 else
245 return 1;
249 /* long-form pathspec magic */
250 if (starts_with(arg, ":("))
251 return 1;
253 return 0;
257 * Verify a filename that we got as an argument for a pathspec
258 * entry. Note that a filename that begins with "-" never verifies
259 * as true, because even if such a filename were to exist, we want
260 * it to be preceded by the "--" marker (or we want the user to
261 * use a format like "./-filename")
263 * The "diagnose_misspelt_rev" is used to provide a user-friendly
264 * diagnosis when dying upon finding that "name" is not a pathname.
265 * If set to 1, the diagnosis will try to diagnose "name" as an
266 * invalid object name (e.g. HEAD:foo). If set to 0, the diagnosis
267 * will only complain about an inexisting file.
269 * This function is typically called to check that a "file or rev"
270 * argument is unambiguous. In this case, the caller will want
271 * diagnose_misspelt_rev == 1 when verifying the first non-rev
272 * argument (which could have been a revision), and
273 * diagnose_misspelt_rev == 0 for the next ones (because we already
274 * saw a filename, there's not ambiguity anymore).
276 void verify_filename(const char *prefix,
277 const char *arg,
278 int diagnose_misspelt_rev)
280 if (*arg == '-')
281 die(_("option '%s' must come before non-option arguments"), arg);
282 if (looks_like_pathspec(arg) || check_filename(prefix, arg))
283 return;
284 die_verify_filename(the_repository, prefix, arg, diagnose_misspelt_rev);
288 * Opposite of the above: the command line did not have -- marker
289 * and we parsed the arg as a refname. It should not be interpretable
290 * as a filename.
292 void verify_non_filename(const char *prefix, const char *arg)
294 if (!is_inside_work_tree() || is_inside_git_dir())
295 return;
296 if (*arg == '-')
297 return; /* flag */
298 if (!check_filename(prefix, arg))
299 return;
300 die(_("ambiguous argument '%s': both revision and filename\n"
301 "Use '--' to separate paths from revisions, like this:\n"
302 "'git <command> [<revision>...] -- [<file>...]'"), arg);
305 int get_common_dir(struct strbuf *sb, const char *gitdir)
307 const char *git_env_common_dir = getenv(GIT_COMMON_DIR_ENVIRONMENT);
308 if (git_env_common_dir) {
309 strbuf_addstr(sb, git_env_common_dir);
310 return 1;
311 } else {
312 return get_common_dir_noenv(sb, gitdir);
316 int get_common_dir_noenv(struct strbuf *sb, const char *gitdir)
318 struct strbuf data = STRBUF_INIT;
319 struct strbuf path = STRBUF_INIT;
320 int ret = 0;
322 strbuf_addf(&path, "%s/commondir", gitdir);
323 if (file_exists(path.buf)) {
324 if (strbuf_read_file(&data, path.buf, 0) <= 0)
325 die_errno(_("failed to read %s"), path.buf);
326 while (data.len && (data.buf[data.len - 1] == '\n' ||
327 data.buf[data.len - 1] == '\r'))
328 data.len--;
329 data.buf[data.len] = '\0';
330 strbuf_reset(&path);
331 if (!is_absolute_path(data.buf))
332 strbuf_addf(&path, "%s/", gitdir);
333 strbuf_addbuf(&path, &data);
334 strbuf_add_real_path(sb, path.buf);
335 ret = 1;
336 } else {
337 strbuf_addstr(sb, gitdir);
340 strbuf_release(&data);
341 strbuf_release(&path);
342 return ret;
346 * Test if it looks like we're at a git directory.
347 * We want to see:
349 * - either an objects/ directory _or_ the proper
350 * GIT_OBJECT_DIRECTORY environment variable
351 * - a refs/ directory
352 * - either a HEAD symlink or a HEAD file that is formatted as
353 * a proper "ref:", or a regular file HEAD that has a properly
354 * formatted sha1 object name.
356 int is_git_directory(const char *suspect)
358 struct strbuf path = STRBUF_INIT;
359 int ret = 0;
360 size_t len;
362 /* Check worktree-related signatures */
363 strbuf_addstr(&path, suspect);
364 strbuf_complete(&path, '/');
365 strbuf_addstr(&path, "HEAD");
366 if (validate_headref(path.buf))
367 goto done;
369 strbuf_reset(&path);
370 get_common_dir(&path, suspect);
371 len = path.len;
373 /* Check non-worktree-related signatures */
374 if (getenv(DB_ENVIRONMENT)) {
375 if (access(getenv(DB_ENVIRONMENT), X_OK))
376 goto done;
378 else {
379 strbuf_setlen(&path, len);
380 strbuf_addstr(&path, "/objects");
381 if (access(path.buf, X_OK))
382 goto done;
385 strbuf_setlen(&path, len);
386 strbuf_addstr(&path, "/refs");
387 if (access(path.buf, X_OK))
388 goto done;
390 ret = 1;
391 done:
392 strbuf_release(&path);
393 return ret;
396 int is_nonbare_repository_dir(struct strbuf *path)
398 int ret = 0;
399 int gitfile_error;
400 size_t orig_path_len = path->len;
401 assert(orig_path_len != 0);
402 strbuf_complete(path, '/');
403 strbuf_addstr(path, ".git");
404 if (read_gitfile_gently(path->buf, &gitfile_error) || is_git_directory(path->buf))
405 ret = 1;
406 if (gitfile_error == READ_GITFILE_ERR_OPEN_FAILED ||
407 gitfile_error == READ_GITFILE_ERR_READ_FAILED)
408 ret = 1;
409 strbuf_setlen(path, orig_path_len);
410 return ret;
413 int is_inside_git_dir(void)
415 if (inside_git_dir < 0)
416 inside_git_dir = is_inside_dir(get_git_dir());
417 return inside_git_dir;
420 int is_inside_work_tree(void)
422 if (inside_work_tree < 0)
423 inside_work_tree = is_inside_dir(get_git_work_tree());
424 return inside_work_tree;
427 void setup_work_tree(void)
429 const char *work_tree;
430 static int initialized = 0;
432 if (initialized)
433 return;
435 if (work_tree_config_is_bogus)
436 die(_("unable to set up work tree using invalid config"));
438 work_tree = get_git_work_tree();
439 if (!work_tree || chdir_notify(work_tree))
440 die(_("this operation must be run in a work tree"));
443 * Make sure subsequent git processes find correct worktree
444 * if $GIT_WORK_TREE is set relative
446 if (getenv(GIT_WORK_TREE_ENVIRONMENT))
447 setenv(GIT_WORK_TREE_ENVIRONMENT, ".", 1);
449 initialized = 1;
452 static void setup_original_cwd(void)
454 struct strbuf tmp = STRBUF_INIT;
455 const char *worktree = NULL;
456 int offset = -1;
458 if (!tmp_original_cwd)
459 return;
462 * startup_info->original_cwd points to the current working
463 * directory we inherited from our parent process, which is a
464 * directory we want to avoid removing.
466 * For convience, we would like to have the path relative to the
467 * worktree instead of an absolute path.
469 * Yes, startup_info->original_cwd is usually the same as 'prefix',
470 * but differs in two ways:
471 * - prefix has a trailing '/'
472 * - if the user passes '-C' to git, that modifies the prefix but
473 * not startup_info->original_cwd.
476 /* Normalize the directory */
477 if (!strbuf_realpath(&tmp, tmp_original_cwd, 0)) {
478 trace2_data_string("setup", the_repository,
479 "realpath-path", tmp_original_cwd);
480 trace2_data_string("setup", the_repository,
481 "realpath-failure", strerror(errno));
482 free((char*)tmp_original_cwd);
483 tmp_original_cwd = NULL;
484 return;
487 free((char*)tmp_original_cwd);
488 tmp_original_cwd = NULL;
489 startup_info->original_cwd = strbuf_detach(&tmp, NULL);
492 * Get our worktree; we only protect the current working directory
493 * if it's in the worktree.
495 worktree = get_git_work_tree();
496 if (!worktree)
497 goto no_prevention_needed;
499 offset = dir_inside_of(startup_info->original_cwd, worktree);
500 if (offset >= 0) {
502 * If startup_info->original_cwd == worktree, that is already
503 * protected and we don't need original_cwd as a secondary
504 * protection measure.
506 if (!*(startup_info->original_cwd + offset))
507 goto no_prevention_needed;
510 * original_cwd was inside worktree; precompose it just as
511 * we do prefix so that built up paths will match
513 startup_info->original_cwd = \
514 precompose_string_if_needed(startup_info->original_cwd
515 + offset);
516 return;
519 no_prevention_needed:
520 free((char*)startup_info->original_cwd);
521 startup_info->original_cwd = NULL;
524 static int read_worktree_config(const char *var, const char *value,
525 const struct config_context *ctx UNUSED,
526 void *vdata)
528 struct repository_format *data = vdata;
530 if (strcmp(var, "core.bare") == 0) {
531 data->is_bare = git_config_bool(var, value);
532 } else if (strcmp(var, "core.worktree") == 0) {
533 if (!value)
534 return config_error_nonbool(var);
535 free(data->work_tree);
536 data->work_tree = xstrdup(value);
538 return 0;
541 enum extension_result {
542 EXTENSION_ERROR = -1, /* compatible with error(), etc */
543 EXTENSION_UNKNOWN = 0,
544 EXTENSION_OK = 1
548 * Do not add new extensions to this function. It handles extensions which are
549 * respected even in v0-format repositories for historical compatibility.
551 static enum extension_result handle_extension_v0(const char *var,
552 const char *value,
553 const char *ext,
554 struct repository_format *data)
556 if (!strcmp(ext, "noop")) {
557 return EXTENSION_OK;
558 } else if (!strcmp(ext, "preciousobjects")) {
559 data->precious_objects = git_config_bool(var, value);
560 return EXTENSION_OK;
561 } else if (!strcmp(ext, "partialclone")) {
562 data->partial_clone = xstrdup(value);
563 return EXTENSION_OK;
564 } else if (!strcmp(ext, "worktreeconfig")) {
565 data->worktree_config = git_config_bool(var, value);
566 return EXTENSION_OK;
569 return EXTENSION_UNKNOWN;
573 * Record any new extensions in this function.
575 static enum extension_result handle_extension(const char *var,
576 const char *value,
577 const char *ext,
578 struct repository_format *data)
580 if (!strcmp(ext, "noop-v1")) {
581 return EXTENSION_OK;
582 } else if (!strcmp(ext, "objectformat")) {
583 int format;
585 if (!value)
586 return config_error_nonbool(var);
587 format = hash_algo_by_name(value);
588 if (format == GIT_HASH_UNKNOWN)
589 return error(_("invalid value for '%s': '%s'"),
590 "extensions.objectformat", value);
591 data->hash_algo = format;
592 return EXTENSION_OK;
594 return EXTENSION_UNKNOWN;
597 static int check_repo_format(const char *var, const char *value,
598 const struct config_context *ctx, void *vdata)
600 struct repository_format *data = vdata;
601 const char *ext;
603 if (strcmp(var, "core.repositoryformatversion") == 0)
604 data->version = git_config_int(var, value, ctx->kvi);
605 else if (skip_prefix(var, "extensions.", &ext)) {
606 switch (handle_extension_v0(var, value, ext, data)) {
607 case EXTENSION_ERROR:
608 return -1;
609 case EXTENSION_OK:
610 return 0;
611 case EXTENSION_UNKNOWN:
612 break;
615 switch (handle_extension(var, value, ext, data)) {
616 case EXTENSION_ERROR:
617 return -1;
618 case EXTENSION_OK:
619 string_list_append(&data->v1_only_extensions, ext);
620 return 0;
621 case EXTENSION_UNKNOWN:
622 string_list_append(&data->unknown_extensions, ext);
623 return 0;
627 return read_worktree_config(var, value, ctx, vdata);
630 static int check_repository_format_gently(const char *gitdir, struct repository_format *candidate, int *nongit_ok)
632 struct strbuf sb = STRBUF_INIT;
633 struct strbuf err = STRBUF_INIT;
634 int has_common;
636 has_common = get_common_dir(&sb, gitdir);
637 strbuf_addstr(&sb, "/config");
638 read_repository_format(candidate, sb.buf);
639 strbuf_release(&sb);
642 * For historical use of check_repository_format() in git-init,
643 * we treat a missing config as a silent "ok", even when nongit_ok
644 * is unset.
646 if (candidate->version < 0)
647 return 0;
649 if (verify_repository_format(candidate, &err) < 0) {
650 if (nongit_ok) {
651 warning("%s", err.buf);
652 strbuf_release(&err);
653 *nongit_ok = -1;
654 return -1;
656 die("%s", err.buf);
659 repository_format_precious_objects = candidate->precious_objects;
660 string_list_clear(&candidate->unknown_extensions, 0);
661 string_list_clear(&candidate->v1_only_extensions, 0);
663 if (candidate->worktree_config) {
665 * pick up core.bare and core.worktree from per-worktree
666 * config if present
668 strbuf_addf(&sb, "%s/config.worktree", gitdir);
669 git_config_from_file(read_worktree_config, sb.buf, candidate);
670 strbuf_release(&sb);
671 has_common = 0;
674 if (!has_common) {
675 if (candidate->is_bare != -1) {
676 is_bare_repository_cfg = candidate->is_bare;
677 if (is_bare_repository_cfg == 1)
678 inside_work_tree = -1;
680 if (candidate->work_tree) {
681 free(git_work_tree_cfg);
682 git_work_tree_cfg = xstrdup(candidate->work_tree);
683 inside_work_tree = -1;
687 return 0;
690 int upgrade_repository_format(int target_version)
692 struct strbuf sb = STRBUF_INIT;
693 struct strbuf err = STRBUF_INIT;
694 struct strbuf repo_version = STRBUF_INIT;
695 struct repository_format repo_fmt = REPOSITORY_FORMAT_INIT;
697 strbuf_git_common_path(&sb, the_repository, "config");
698 read_repository_format(&repo_fmt, sb.buf);
699 strbuf_release(&sb);
701 if (repo_fmt.version >= target_version)
702 return 0;
704 if (verify_repository_format(&repo_fmt, &err) < 0) {
705 error("cannot upgrade repository format from %d to %d: %s",
706 repo_fmt.version, target_version, err.buf);
707 strbuf_release(&err);
708 return -1;
710 if (!repo_fmt.version && repo_fmt.unknown_extensions.nr)
711 return error("cannot upgrade repository format: "
712 "unknown extension %s",
713 repo_fmt.unknown_extensions.items[0].string);
715 strbuf_addf(&repo_version, "%d", target_version);
716 git_config_set("core.repositoryformatversion", repo_version.buf);
717 strbuf_release(&repo_version);
718 return 1;
721 static void init_repository_format(struct repository_format *format)
723 const struct repository_format fresh = REPOSITORY_FORMAT_INIT;
725 memcpy(format, &fresh, sizeof(fresh));
728 int read_repository_format(struct repository_format *format, const char *path)
730 clear_repository_format(format);
731 git_config_from_file(check_repo_format, path, format);
732 if (format->version == -1)
733 clear_repository_format(format);
734 return format->version;
737 void clear_repository_format(struct repository_format *format)
739 string_list_clear(&format->unknown_extensions, 0);
740 string_list_clear(&format->v1_only_extensions, 0);
741 free(format->work_tree);
742 free(format->partial_clone);
743 init_repository_format(format);
746 int verify_repository_format(const struct repository_format *format,
747 struct strbuf *err)
749 if (GIT_REPO_VERSION_READ < format->version) {
750 strbuf_addf(err, _("Expected git repo version <= %d, found %d"),
751 GIT_REPO_VERSION_READ, format->version);
752 return -1;
755 if (format->version >= 1 && format->unknown_extensions.nr) {
756 int i;
758 strbuf_addstr(err, Q_("unknown repository extension found:",
759 "unknown repository extensions found:",
760 format->unknown_extensions.nr));
762 for (i = 0; i < format->unknown_extensions.nr; i++)
763 strbuf_addf(err, "\n\t%s",
764 format->unknown_extensions.items[i].string);
765 return -1;
768 if (format->version == 0 && format->v1_only_extensions.nr) {
769 int i;
771 strbuf_addstr(err,
772 Q_("repo version is 0, but v1-only extension found:",
773 "repo version is 0, but v1-only extensions found:",
774 format->v1_only_extensions.nr));
776 for (i = 0; i < format->v1_only_extensions.nr; i++)
777 strbuf_addf(err, "\n\t%s",
778 format->v1_only_extensions.items[i].string);
779 return -1;
782 return 0;
785 void read_gitfile_error_die(int error_code, const char *path, const char *dir)
787 switch (error_code) {
788 case READ_GITFILE_ERR_STAT_FAILED:
789 case READ_GITFILE_ERR_NOT_A_FILE:
790 /* non-fatal; follow return path */
791 break;
792 case READ_GITFILE_ERR_OPEN_FAILED:
793 die_errno(_("error opening '%s'"), path);
794 case READ_GITFILE_ERR_TOO_LARGE:
795 die(_("too large to be a .git file: '%s'"), path);
796 case READ_GITFILE_ERR_READ_FAILED:
797 die(_("error reading %s"), path);
798 case READ_GITFILE_ERR_INVALID_FORMAT:
799 die(_("invalid gitfile format: %s"), path);
800 case READ_GITFILE_ERR_NO_PATH:
801 die(_("no path in gitfile: %s"), path);
802 case READ_GITFILE_ERR_NOT_A_REPO:
803 die(_("not a git repository: %s"), dir);
804 default:
805 BUG("unknown error code");
810 * Try to read the location of the git directory from the .git file,
811 * return path to git directory if found. The return value comes from
812 * a shared buffer.
814 * On failure, if return_error_code is not NULL, return_error_code
815 * will be set to an error code and NULL will be returned. If
816 * return_error_code is NULL the function will die instead (for most
817 * cases).
819 const char *read_gitfile_gently(const char *path, int *return_error_code)
821 const int max_file_size = 1 << 20; /* 1MB */
822 int error_code = 0;
823 char *buf = NULL;
824 char *dir = NULL;
825 const char *slash;
826 struct stat st;
827 int fd;
828 ssize_t len;
829 static struct strbuf realpath = STRBUF_INIT;
831 if (stat(path, &st)) {
832 /* NEEDSWORK: discern between ENOENT vs other errors */
833 error_code = READ_GITFILE_ERR_STAT_FAILED;
834 goto cleanup_return;
836 if (!S_ISREG(st.st_mode)) {
837 error_code = READ_GITFILE_ERR_NOT_A_FILE;
838 goto cleanup_return;
840 if (st.st_size > max_file_size) {
841 error_code = READ_GITFILE_ERR_TOO_LARGE;
842 goto cleanup_return;
844 fd = open(path, O_RDONLY);
845 if (fd < 0) {
846 error_code = READ_GITFILE_ERR_OPEN_FAILED;
847 goto cleanup_return;
849 buf = xmallocz(st.st_size);
850 len = read_in_full(fd, buf, st.st_size);
851 close(fd);
852 if (len != st.st_size) {
853 error_code = READ_GITFILE_ERR_READ_FAILED;
854 goto cleanup_return;
856 if (!starts_with(buf, "gitdir: ")) {
857 error_code = READ_GITFILE_ERR_INVALID_FORMAT;
858 goto cleanup_return;
860 while (buf[len - 1] == '\n' || buf[len - 1] == '\r')
861 len--;
862 if (len < 9) {
863 error_code = READ_GITFILE_ERR_NO_PATH;
864 goto cleanup_return;
866 buf[len] = '\0';
867 dir = buf + 8;
869 if (!is_absolute_path(dir) && (slash = strrchr(path, '/'))) {
870 size_t pathlen = slash+1 - path;
871 dir = xstrfmt("%.*s%.*s", (int)pathlen, path,
872 (int)(len - 8), buf + 8);
873 free(buf);
874 buf = dir;
876 if (!is_git_directory(dir)) {
877 error_code = READ_GITFILE_ERR_NOT_A_REPO;
878 goto cleanup_return;
881 strbuf_realpath(&realpath, dir, 1);
882 path = realpath.buf;
884 cleanup_return:
885 if (return_error_code)
886 *return_error_code = error_code;
887 else if (error_code)
888 read_gitfile_error_die(error_code, path, dir);
890 free(buf);
891 return error_code ? NULL : path;
894 static const char *setup_explicit_git_dir(const char *gitdirenv,
895 struct strbuf *cwd,
896 struct repository_format *repo_fmt,
897 int *nongit_ok)
899 const char *work_tree_env = getenv(GIT_WORK_TREE_ENVIRONMENT);
900 const char *worktree;
901 char *gitfile;
902 int offset;
904 if (PATH_MAX - 40 < strlen(gitdirenv))
905 die(_("'$%s' too big"), GIT_DIR_ENVIRONMENT);
907 gitfile = (char*)read_gitfile(gitdirenv);
908 if (gitfile) {
909 gitfile = xstrdup(gitfile);
910 gitdirenv = gitfile;
913 if (!is_git_directory(gitdirenv)) {
914 if (nongit_ok) {
915 *nongit_ok = 1;
916 free(gitfile);
917 return NULL;
919 die(_("not a git repository: '%s'"), gitdirenv);
922 if (check_repository_format_gently(gitdirenv, repo_fmt, nongit_ok)) {
923 free(gitfile);
924 return NULL;
927 /* #3, #7, #11, #15, #19, #23, #27, #31 (see t1510) */
928 if (work_tree_env)
929 set_git_work_tree(work_tree_env);
930 else if (is_bare_repository_cfg > 0) {
931 if (git_work_tree_cfg) {
932 /* #22.2, #30 */
933 warning("core.bare and core.worktree do not make sense");
934 work_tree_config_is_bogus = 1;
937 /* #18, #26 */
938 set_git_dir(gitdirenv, 0);
939 free(gitfile);
940 return NULL;
942 else if (git_work_tree_cfg) { /* #6, #14 */
943 if (is_absolute_path(git_work_tree_cfg))
944 set_git_work_tree(git_work_tree_cfg);
945 else {
946 char *core_worktree;
947 if (chdir(gitdirenv))
948 die_errno(_("cannot chdir to '%s'"), gitdirenv);
949 if (chdir(git_work_tree_cfg))
950 die_errno(_("cannot chdir to '%s'"), git_work_tree_cfg);
951 core_worktree = xgetcwd();
952 if (chdir(cwd->buf))
953 die_errno(_("cannot come back to cwd"));
954 set_git_work_tree(core_worktree);
955 free(core_worktree);
958 else if (!git_env_bool(GIT_IMPLICIT_WORK_TREE_ENVIRONMENT, 1)) {
959 /* #16d */
960 set_git_dir(gitdirenv, 0);
961 free(gitfile);
962 return NULL;
964 else /* #2, #10 */
965 set_git_work_tree(".");
967 /* set_git_work_tree() must have been called by now */
968 worktree = get_git_work_tree();
970 /* both get_git_work_tree() and cwd are already normalized */
971 if (!strcmp(cwd->buf, worktree)) { /* cwd == worktree */
972 set_git_dir(gitdirenv, 0);
973 free(gitfile);
974 return NULL;
977 offset = dir_inside_of(cwd->buf, worktree);
978 if (offset >= 0) { /* cwd inside worktree? */
979 set_git_dir(gitdirenv, 1);
980 if (chdir(worktree))
981 die_errno(_("cannot chdir to '%s'"), worktree);
982 strbuf_addch(cwd, '/');
983 free(gitfile);
984 return cwd->buf + offset;
987 /* cwd outside worktree */
988 set_git_dir(gitdirenv, 0);
989 free(gitfile);
990 return NULL;
993 static const char *setup_discovered_git_dir(const char *gitdir,
994 struct strbuf *cwd, int offset,
995 struct repository_format *repo_fmt,
996 int *nongit_ok)
998 if (check_repository_format_gently(gitdir, repo_fmt, nongit_ok))
999 return NULL;
1001 /* --work-tree is set without --git-dir; use discovered one */
1002 if (getenv(GIT_WORK_TREE_ENVIRONMENT) || git_work_tree_cfg) {
1003 char *to_free = NULL;
1004 const char *ret;
1006 if (offset != cwd->len && !is_absolute_path(gitdir))
1007 gitdir = to_free = real_pathdup(gitdir, 1);
1008 if (chdir(cwd->buf))
1009 die_errno(_("cannot come back to cwd"));
1010 ret = setup_explicit_git_dir(gitdir, cwd, repo_fmt, nongit_ok);
1011 free(to_free);
1012 return ret;
1015 /* #16.2, #17.2, #20.2, #21.2, #24, #25, #28, #29 (see t1510) */
1016 if (is_bare_repository_cfg > 0) {
1017 set_git_dir(gitdir, (offset != cwd->len));
1018 if (chdir(cwd->buf))
1019 die_errno(_("cannot come back to cwd"));
1020 return NULL;
1023 /* #0, #1, #5, #8, #9, #12, #13 */
1024 set_git_work_tree(".");
1025 if (strcmp(gitdir, DEFAULT_GIT_DIR_ENVIRONMENT))
1026 set_git_dir(gitdir, 0);
1027 inside_git_dir = 0;
1028 inside_work_tree = 1;
1029 if (offset >= cwd->len)
1030 return NULL;
1032 /* Make "offset" point past the '/' (already the case for root dirs) */
1033 if (offset != offset_1st_component(cwd->buf))
1034 offset++;
1035 /* Add a '/' at the end */
1036 strbuf_addch(cwd, '/');
1037 return cwd->buf + offset;
1040 /* #16.1, #17.1, #20.1, #21.1, #22.1 (see t1510) */
1041 static const char *setup_bare_git_dir(struct strbuf *cwd, int offset,
1042 struct repository_format *repo_fmt,
1043 int *nongit_ok)
1045 int root_len;
1047 if (check_repository_format_gently(".", repo_fmt, nongit_ok))
1048 return NULL;
1050 setenv(GIT_IMPLICIT_WORK_TREE_ENVIRONMENT, "0", 1);
1052 /* --work-tree is set without --git-dir; use discovered one */
1053 if (getenv(GIT_WORK_TREE_ENVIRONMENT) || git_work_tree_cfg) {
1054 static const char *gitdir;
1056 gitdir = offset == cwd->len ? "." : xmemdupz(cwd->buf, offset);
1057 if (chdir(cwd->buf))
1058 die_errno(_("cannot come back to cwd"));
1059 return setup_explicit_git_dir(gitdir, cwd, repo_fmt, nongit_ok);
1062 inside_git_dir = 1;
1063 inside_work_tree = 0;
1064 if (offset != cwd->len) {
1065 if (chdir(cwd->buf))
1066 die_errno(_("cannot come back to cwd"));
1067 root_len = offset_1st_component(cwd->buf);
1068 strbuf_setlen(cwd, offset > root_len ? offset : root_len);
1069 set_git_dir(cwd->buf, 0);
1071 else
1072 set_git_dir(".", 0);
1073 return NULL;
1076 static dev_t get_device_or_die(const char *path, const char *prefix, int prefix_len)
1078 struct stat buf;
1079 if (stat(path, &buf)) {
1080 die_errno(_("failed to stat '%*s%s%s'"),
1081 prefix_len,
1082 prefix ? prefix : "",
1083 prefix ? "/" : "", path);
1085 return buf.st_dev;
1089 * A "string_list_each_func_t" function that canonicalizes an entry
1090 * from GIT_CEILING_DIRECTORIES using real_pathdup(), or
1091 * discards it if unusable. The presence of an empty entry in
1092 * GIT_CEILING_DIRECTORIES turns off canonicalization for all
1093 * subsequent entries.
1095 static int canonicalize_ceiling_entry(struct string_list_item *item,
1096 void *cb_data)
1098 int *empty_entry_found = cb_data;
1099 char *ceil = item->string;
1101 if (!*ceil) {
1102 *empty_entry_found = 1;
1103 return 0;
1104 } else if (!is_absolute_path(ceil)) {
1105 return 0;
1106 } else if (*empty_entry_found) {
1107 /* Keep entry but do not canonicalize it */
1108 return 1;
1109 } else {
1110 char *real_path = real_pathdup(ceil, 0);
1111 if (!real_path) {
1112 return 0;
1114 free(item->string);
1115 item->string = real_path;
1116 return 1;
1120 struct safe_directory_data {
1121 const char *path;
1122 int is_safe;
1125 static int safe_directory_cb(const char *key, const char *value,
1126 const struct config_context *ctx UNUSED, void *d)
1128 struct safe_directory_data *data = d;
1130 if (strcmp(key, "safe.directory"))
1131 return 0;
1133 if (!value || !*value) {
1134 data->is_safe = 0;
1135 } else if (!strcmp(value, "*")) {
1136 data->is_safe = 1;
1137 } else {
1138 const char *interpolated = NULL;
1140 if (!git_config_pathname(&interpolated, key, value) &&
1141 !fspathcmp(data->path, interpolated ? interpolated : value))
1142 data->is_safe = 1;
1144 free((char *)interpolated);
1147 return 0;
1151 * Check if a repository is safe, by verifying the ownership of the
1152 * worktree (if any), the git directory, and the gitfile (if any).
1154 * Exemptions for known-safe repositories can be added via `safe.directory`
1155 * config settings; for non-bare repositories, their worktree needs to be
1156 * added, for bare ones their git directory.
1158 static int ensure_valid_ownership(const char *gitfile,
1159 const char *worktree, const char *gitdir,
1160 struct strbuf *report)
1162 struct safe_directory_data data = {
1163 .path = worktree ? worktree : gitdir
1166 if (!git_env_bool("GIT_TEST_ASSUME_DIFFERENT_OWNER", 0) &&
1167 (!gitfile || is_path_owned_by_current_user(gitfile, report)) &&
1168 (!worktree || is_path_owned_by_current_user(worktree, report)) &&
1169 (!gitdir || is_path_owned_by_current_user(gitdir, report)))
1170 return 1;
1173 * data.path is the "path" that identifies the repository and it is
1174 * constant regardless of what failed above. data.is_safe should be
1175 * initialized to false, and might be changed by the callback.
1177 git_protected_config(safe_directory_cb, &data);
1179 return data.is_safe;
1182 static int allowed_bare_repo_cb(const char *key, const char *value,
1183 const struct config_context *ctx UNUSED,
1184 void *d)
1186 enum allowed_bare_repo *allowed_bare_repo = d;
1188 if (strcasecmp(key, "safe.bareRepository"))
1189 return 0;
1191 if (!strcmp(value, "explicit")) {
1192 *allowed_bare_repo = ALLOWED_BARE_REPO_EXPLICIT;
1193 return 0;
1195 if (!strcmp(value, "all")) {
1196 *allowed_bare_repo = ALLOWED_BARE_REPO_ALL;
1197 return 0;
1199 return -1;
1202 static enum allowed_bare_repo get_allowed_bare_repo(void)
1204 enum allowed_bare_repo result = ALLOWED_BARE_REPO_ALL;
1205 git_protected_config(allowed_bare_repo_cb, &result);
1206 return result;
1209 static const char *allowed_bare_repo_to_string(
1210 enum allowed_bare_repo allowed_bare_repo)
1212 switch (allowed_bare_repo) {
1213 case ALLOWED_BARE_REPO_EXPLICIT:
1214 return "explicit";
1215 case ALLOWED_BARE_REPO_ALL:
1216 return "all";
1217 default:
1218 BUG("invalid allowed_bare_repo %d",
1219 allowed_bare_repo);
1221 return NULL;
1225 * We cannot decide in this function whether we are in the work tree or
1226 * not, since the config can only be read _after_ this function was called.
1228 * Also, we avoid changing any global state (such as the current working
1229 * directory) to allow early callers.
1231 * The directory where the search should start needs to be passed in via the
1232 * `dir` parameter; upon return, the `dir` buffer will contain the path of
1233 * the directory where the search ended, and `gitdir` will contain the path of
1234 * the discovered .git/ directory, if any. If `gitdir` is not absolute, it
1235 * is relative to `dir` (i.e. *not* necessarily the cwd).
1237 static enum discovery_result setup_git_directory_gently_1(struct strbuf *dir,
1238 struct strbuf *gitdir,
1239 struct strbuf *report,
1240 int die_on_error)
1242 const char *env_ceiling_dirs = getenv(CEILING_DIRECTORIES_ENVIRONMENT);
1243 struct string_list ceiling_dirs = STRING_LIST_INIT_DUP;
1244 const char *gitdirenv;
1245 int ceil_offset = -1, min_offset = offset_1st_component(dir->buf);
1246 dev_t current_device = 0;
1247 int one_filesystem = 1;
1250 * If GIT_DIR is set explicitly, we're not going
1251 * to do any discovery, but we still do repository
1252 * validation.
1254 gitdirenv = getenv(GIT_DIR_ENVIRONMENT);
1255 if (gitdirenv) {
1256 strbuf_addstr(gitdir, gitdirenv);
1257 return GIT_DIR_EXPLICIT;
1260 if (env_ceiling_dirs) {
1261 int empty_entry_found = 0;
1263 string_list_split(&ceiling_dirs, env_ceiling_dirs, PATH_SEP, -1);
1264 filter_string_list(&ceiling_dirs, 0,
1265 canonicalize_ceiling_entry, &empty_entry_found);
1266 ceil_offset = longest_ancestor_length(dir->buf, &ceiling_dirs);
1267 string_list_clear(&ceiling_dirs, 0);
1270 if (ceil_offset < 0)
1271 ceil_offset = min_offset - 2;
1273 if (min_offset && min_offset == dir->len &&
1274 !is_dir_sep(dir->buf[min_offset - 1])) {
1275 strbuf_addch(dir, '/');
1276 min_offset++;
1280 * Test in the following order (relative to the dir):
1281 * - .git (file containing "gitdir: <path>")
1282 * - .git/
1283 * - ./ (bare)
1284 * - ../.git
1285 * - ../.git/
1286 * - ../ (bare)
1287 * - ../../.git
1288 * etc.
1290 one_filesystem = !git_env_bool("GIT_DISCOVERY_ACROSS_FILESYSTEM", 0);
1291 if (one_filesystem)
1292 current_device = get_device_or_die(dir->buf, NULL, 0);
1293 for (;;) {
1294 int offset = dir->len, error_code = 0;
1295 char *gitdir_path = NULL;
1296 char *gitfile = NULL;
1298 if (offset > min_offset)
1299 strbuf_addch(dir, '/');
1300 strbuf_addstr(dir, DEFAULT_GIT_DIR_ENVIRONMENT);
1301 gitdirenv = read_gitfile_gently(dir->buf, die_on_error ?
1302 NULL : &error_code);
1303 if (!gitdirenv) {
1304 if (die_on_error ||
1305 error_code == READ_GITFILE_ERR_NOT_A_FILE) {
1306 /* NEEDSWORK: fail if .git is not file nor dir */
1307 if (is_git_directory(dir->buf)) {
1308 gitdirenv = DEFAULT_GIT_DIR_ENVIRONMENT;
1309 gitdir_path = xstrdup(dir->buf);
1311 } else if (error_code != READ_GITFILE_ERR_STAT_FAILED)
1312 return GIT_DIR_INVALID_GITFILE;
1313 } else
1314 gitfile = xstrdup(dir->buf);
1316 * Earlier, we tentatively added DEFAULT_GIT_DIR_ENVIRONMENT
1317 * to check that directory for a repository.
1318 * Now trim that tentative addition away, because we want to
1319 * focus on the real directory we are in.
1321 strbuf_setlen(dir, offset);
1322 if (gitdirenv) {
1323 enum discovery_result ret;
1324 const char *gitdir_candidate =
1325 gitdir_path ? gitdir_path : gitdirenv;
1327 if (ensure_valid_ownership(gitfile, dir->buf,
1328 gitdir_candidate, report)) {
1329 strbuf_addstr(gitdir, gitdirenv);
1330 ret = GIT_DIR_DISCOVERED;
1331 } else
1332 ret = GIT_DIR_INVALID_OWNERSHIP;
1335 * Earlier, during discovery, we might have allocated
1336 * string copies for gitdir_path or gitfile so make
1337 * sure we don't leak by freeing them now, before
1338 * leaving the loop and function.
1340 * Note: gitdirenv will be non-NULL whenever these are
1341 * allocated, therefore we need not take care of releasing
1342 * them outside of this conditional block.
1344 free(gitdir_path);
1345 free(gitfile);
1347 return ret;
1350 if (is_git_directory(dir->buf)) {
1351 trace2_data_string("setup", NULL, "implicit-bare-repository", dir->buf);
1352 if (get_allowed_bare_repo() == ALLOWED_BARE_REPO_EXPLICIT)
1353 return GIT_DIR_DISALLOWED_BARE;
1354 if (!ensure_valid_ownership(NULL, NULL, dir->buf, report))
1355 return GIT_DIR_INVALID_OWNERSHIP;
1356 strbuf_addstr(gitdir, ".");
1357 return GIT_DIR_BARE;
1360 if (offset <= min_offset)
1361 return GIT_DIR_HIT_CEILING;
1363 while (--offset > ceil_offset && !is_dir_sep(dir->buf[offset]))
1364 ; /* continue */
1365 if (offset <= ceil_offset)
1366 return GIT_DIR_HIT_CEILING;
1368 strbuf_setlen(dir, offset > min_offset ? offset : min_offset);
1369 if (one_filesystem &&
1370 current_device != get_device_or_die(dir->buf, NULL, offset))
1371 return GIT_DIR_HIT_MOUNT_POINT;
1375 enum discovery_result discover_git_directory_reason(struct strbuf *commondir,
1376 struct strbuf *gitdir)
1378 struct strbuf dir = STRBUF_INIT, err = STRBUF_INIT;
1379 size_t gitdir_offset = gitdir->len, cwd_len;
1380 size_t commondir_offset = commondir->len;
1381 struct repository_format candidate = REPOSITORY_FORMAT_INIT;
1382 enum discovery_result result;
1384 if (strbuf_getcwd(&dir))
1385 return GIT_DIR_CWD_FAILURE;
1387 cwd_len = dir.len;
1388 result = setup_git_directory_gently_1(&dir, gitdir, NULL, 0);
1389 if (result <= 0) {
1390 strbuf_release(&dir);
1391 return result;
1395 * The returned gitdir is relative to dir, and if dir does not reflect
1396 * the current working directory, we simply make the gitdir absolute.
1398 if (dir.len < cwd_len && !is_absolute_path(gitdir->buf + gitdir_offset)) {
1399 /* Avoid a trailing "/." */
1400 if (!strcmp(".", gitdir->buf + gitdir_offset))
1401 strbuf_setlen(gitdir, gitdir_offset);
1402 else
1403 strbuf_addch(&dir, '/');
1404 strbuf_insert(gitdir, gitdir_offset, dir.buf, dir.len);
1407 get_common_dir(commondir, gitdir->buf + gitdir_offset);
1409 strbuf_reset(&dir);
1410 strbuf_addf(&dir, "%s/config", commondir->buf + commondir_offset);
1411 read_repository_format(&candidate, dir.buf);
1412 strbuf_release(&dir);
1414 if (verify_repository_format(&candidate, &err) < 0) {
1415 warning("ignoring git dir '%s': %s",
1416 gitdir->buf + gitdir_offset, err.buf);
1417 strbuf_release(&err);
1418 strbuf_setlen(commondir, commondir_offset);
1419 strbuf_setlen(gitdir, gitdir_offset);
1420 clear_repository_format(&candidate);
1421 return GIT_DIR_INVALID_FORMAT;
1424 clear_repository_format(&candidate);
1425 return result;
1428 const char *setup_git_directory_gently(int *nongit_ok)
1430 static struct strbuf cwd = STRBUF_INIT;
1431 struct strbuf dir = STRBUF_INIT, gitdir = STRBUF_INIT, report = STRBUF_INIT;
1432 const char *prefix = NULL;
1433 struct repository_format repo_fmt = REPOSITORY_FORMAT_INIT;
1436 * We may have read an incomplete configuration before
1437 * setting-up the git directory. If so, clear the cache so
1438 * that the next queries to the configuration reload complete
1439 * configuration (including the per-repo config file that we
1440 * ignored previously).
1442 git_config_clear();
1445 * Let's assume that we are in a git repository.
1446 * If it turns out later that we are somewhere else, the value will be
1447 * updated accordingly.
1449 if (nongit_ok)
1450 *nongit_ok = 0;
1452 if (strbuf_getcwd(&cwd))
1453 die_errno(_("Unable to read current working directory"));
1454 strbuf_addbuf(&dir, &cwd);
1456 switch (setup_git_directory_gently_1(&dir, &gitdir, &report, 1)) {
1457 case GIT_DIR_EXPLICIT:
1458 prefix = setup_explicit_git_dir(gitdir.buf, &cwd, &repo_fmt, nongit_ok);
1459 break;
1460 case GIT_DIR_DISCOVERED:
1461 if (dir.len < cwd.len && chdir(dir.buf))
1462 die(_("cannot change to '%s'"), dir.buf);
1463 prefix = setup_discovered_git_dir(gitdir.buf, &cwd, dir.len,
1464 &repo_fmt, nongit_ok);
1465 break;
1466 case GIT_DIR_BARE:
1467 if (dir.len < cwd.len && chdir(dir.buf))
1468 die(_("cannot change to '%s'"), dir.buf);
1469 prefix = setup_bare_git_dir(&cwd, dir.len, &repo_fmt, nongit_ok);
1470 break;
1471 case GIT_DIR_HIT_CEILING:
1472 if (!nongit_ok)
1473 die(_("not a git repository (or any of the parent directories): %s"),
1474 DEFAULT_GIT_DIR_ENVIRONMENT);
1475 *nongit_ok = 1;
1476 break;
1477 case GIT_DIR_HIT_MOUNT_POINT:
1478 if (!nongit_ok)
1479 die(_("not a git repository (or any parent up to mount point %s)\n"
1480 "Stopping at filesystem boundary (GIT_DISCOVERY_ACROSS_FILESYSTEM not set)."),
1481 dir.buf);
1482 *nongit_ok = 1;
1483 break;
1484 case GIT_DIR_INVALID_OWNERSHIP:
1485 if (!nongit_ok) {
1486 struct strbuf quoted = STRBUF_INIT;
1488 strbuf_complete(&report, '\n');
1489 sq_quote_buf_pretty(&quoted, dir.buf);
1490 die(_("detected dubious ownership in repository at '%s'\n"
1491 "%s"
1492 "To add an exception for this directory, call:\n"
1493 "\n"
1494 "\tgit config --global --add safe.directory %s"),
1495 dir.buf, report.buf, quoted.buf);
1497 *nongit_ok = 1;
1498 break;
1499 case GIT_DIR_DISALLOWED_BARE:
1500 if (!nongit_ok) {
1501 die(_("cannot use bare repository '%s' (safe.bareRepository is '%s')"),
1502 dir.buf,
1503 allowed_bare_repo_to_string(get_allowed_bare_repo()));
1505 *nongit_ok = 1;
1506 break;
1507 case GIT_DIR_CWD_FAILURE:
1508 case GIT_DIR_INVALID_FORMAT:
1510 * As a safeguard against setup_git_directory_gently_1 returning
1511 * these values, fallthrough to BUG. Otherwise it is possible to
1512 * set startup_info->have_repository to 1 when we did nothing to
1513 * find a repository.
1515 default:
1516 BUG("unhandled setup_git_directory_gently_1() result");
1520 * At this point, nongit_ok is stable. If it is non-NULL and points
1521 * to a non-zero value, then this means that we haven't found a
1522 * repository and that the caller expects startup_info to reflect
1523 * this.
1525 * Regardless of the state of nongit_ok, startup_info->prefix and
1526 * the GIT_PREFIX environment variable must always match. For details
1527 * see Documentation/config/alias.txt.
1529 if (nongit_ok && *nongit_ok)
1530 startup_info->have_repository = 0;
1531 else
1532 startup_info->have_repository = 1;
1535 * Not all paths through the setup code will call 'set_git_dir()' (which
1536 * directly sets up the environment) so in order to guarantee that the
1537 * environment is in a consistent state after setup, explicitly setup
1538 * the environment if we have a repository.
1540 * NEEDSWORK: currently we allow bogus GIT_DIR values to be set in some
1541 * code paths so we also need to explicitly setup the environment if
1542 * the user has set GIT_DIR. It may be beneficial to disallow bogus
1543 * GIT_DIR values at some point in the future.
1545 if (/* GIT_DIR_EXPLICIT, GIT_DIR_DISCOVERED, GIT_DIR_BARE */
1546 startup_info->have_repository ||
1547 /* GIT_DIR_EXPLICIT */
1548 getenv(GIT_DIR_ENVIRONMENT)) {
1549 if (!the_repository->gitdir) {
1550 const char *gitdir = getenv(GIT_DIR_ENVIRONMENT);
1551 if (!gitdir)
1552 gitdir = DEFAULT_GIT_DIR_ENVIRONMENT;
1553 setup_git_env(gitdir);
1555 if (startup_info->have_repository) {
1556 repo_set_hash_algo(the_repository, repo_fmt.hash_algo);
1557 the_repository->repository_format_worktree_config =
1558 repo_fmt.worktree_config;
1559 /* take ownership of repo_fmt.partial_clone */
1560 the_repository->repository_format_partial_clone =
1561 repo_fmt.partial_clone;
1562 repo_fmt.partial_clone = NULL;
1566 * Since precompose_string_if_needed() needs to look at
1567 * the core.precomposeunicode configuration, this
1568 * has to happen after the above block that finds
1569 * out where the repository is, i.e. a preparation
1570 * for calling git_config_get_bool().
1572 if (prefix) {
1573 prefix = precompose_string_if_needed(prefix);
1574 startup_info->prefix = prefix;
1575 setenv(GIT_PREFIX_ENVIRONMENT, prefix, 1);
1576 } else {
1577 startup_info->prefix = NULL;
1578 setenv(GIT_PREFIX_ENVIRONMENT, "", 1);
1581 setup_original_cwd();
1583 strbuf_release(&dir);
1584 strbuf_release(&gitdir);
1585 strbuf_release(&report);
1586 clear_repository_format(&repo_fmt);
1588 return prefix;
1591 int git_config_perm(const char *var, const char *value)
1593 int i;
1594 char *endptr;
1596 if (!value)
1597 return PERM_GROUP;
1599 if (!strcmp(value, "umask"))
1600 return PERM_UMASK;
1601 if (!strcmp(value, "group"))
1602 return PERM_GROUP;
1603 if (!strcmp(value, "all") ||
1604 !strcmp(value, "world") ||
1605 !strcmp(value, "everybody"))
1606 return PERM_EVERYBODY;
1608 /* Parse octal numbers */
1609 i = strtol(value, &endptr, 8);
1611 /* If not an octal number, maybe true/false? */
1612 if (*endptr != 0)
1613 return git_config_bool(var, value) ? PERM_GROUP : PERM_UMASK;
1616 * Treat values 0, 1 and 2 as compatibility cases, otherwise it is
1617 * a chmod value to restrict to.
1619 switch (i) {
1620 case PERM_UMASK: /* 0 */
1621 return PERM_UMASK;
1622 case OLD_PERM_GROUP: /* 1 */
1623 return PERM_GROUP;
1624 case OLD_PERM_EVERYBODY: /* 2 */
1625 return PERM_EVERYBODY;
1628 /* A filemode value was given: 0xxx */
1630 if ((i & 0600) != 0600)
1631 die(_("problem with core.sharedRepository filemode value "
1632 "(0%.3o).\nThe owner of files must always have "
1633 "read and write permissions."), i);
1636 * Mask filemode value. Others can not get write permission.
1637 * x flags for directories are handled separately.
1639 return -(i & 0666);
1642 void check_repository_format(struct repository_format *fmt)
1644 struct repository_format repo_fmt = REPOSITORY_FORMAT_INIT;
1645 if (!fmt)
1646 fmt = &repo_fmt;
1647 check_repository_format_gently(get_git_dir(), fmt, NULL);
1648 startup_info->have_repository = 1;
1649 repo_set_hash_algo(the_repository, fmt->hash_algo);
1650 the_repository->repository_format_worktree_config =
1651 fmt->worktree_config;
1652 the_repository->repository_format_partial_clone =
1653 xstrdup_or_null(fmt->partial_clone);
1654 clear_repository_format(&repo_fmt);
1658 * Returns the "prefix", a path to the current working directory
1659 * relative to the work tree root, or NULL, if the current working
1660 * directory is not a strict subdirectory of the work tree root. The
1661 * prefix always ends with a '/' character.
1663 const char *setup_git_directory(void)
1665 return setup_git_directory_gently(NULL);
1668 const char *resolve_gitdir_gently(const char *suspect, int *return_error_code)
1670 if (is_git_directory(suspect))
1671 return suspect;
1672 return read_gitfile_gently(suspect, return_error_code);
1675 /* if any standard file descriptor is missing open it to /dev/null */
1676 void sanitize_stdfds(void)
1678 int fd = xopen("/dev/null", O_RDWR);
1679 while (fd < 2)
1680 fd = xdup(fd);
1681 if (fd > 2)
1682 close(fd);
1685 int daemonize(void)
1687 #ifdef NO_POSIX_GOODIES
1688 errno = ENOSYS;
1689 return -1;
1690 #else
1691 switch (fork()) {
1692 case 0:
1693 break;
1694 case -1:
1695 die_errno(_("fork failed"));
1696 default:
1697 exit(0);
1699 if (setsid() == -1)
1700 die_errno(_("setsid failed"));
1701 close(0);
1702 close(1);
1703 close(2);
1704 sanitize_stdfds();
1705 return 0;
1706 #endif
1709 #ifdef NO_TRUSTABLE_FILEMODE
1710 #define TEST_FILEMODE 0
1711 #else
1712 #define TEST_FILEMODE 1
1713 #endif
1715 #define GIT_DEFAULT_HASH_ENVIRONMENT "GIT_DEFAULT_HASH"
1717 static void copy_templates_1(struct strbuf *path, struct strbuf *template_path,
1718 DIR *dir)
1720 size_t path_baselen = path->len;
1721 size_t template_baselen = template_path->len;
1722 struct dirent *de;
1724 /* Note: if ".git/hooks" file exists in the repository being
1725 * re-initialized, /etc/core-git/templates/hooks/update would
1726 * cause "git init" to fail here. I think this is sane but
1727 * it means that the set of templates we ship by default, along
1728 * with the way the namespace under .git/ is organized, should
1729 * be really carefully chosen.
1731 safe_create_dir(path->buf, 1);
1732 while ((de = readdir(dir)) != NULL) {
1733 struct stat st_git, st_template;
1734 int exists = 0;
1736 strbuf_setlen(path, path_baselen);
1737 strbuf_setlen(template_path, template_baselen);
1739 if (de->d_name[0] == '.')
1740 continue;
1741 strbuf_addstr(path, de->d_name);
1742 strbuf_addstr(template_path, de->d_name);
1743 if (lstat(path->buf, &st_git)) {
1744 if (errno != ENOENT)
1745 die_errno(_("cannot stat '%s'"), path->buf);
1747 else
1748 exists = 1;
1750 if (lstat(template_path->buf, &st_template))
1751 die_errno(_("cannot stat template '%s'"), template_path->buf);
1753 if (S_ISDIR(st_template.st_mode)) {
1754 DIR *subdir = opendir(template_path->buf);
1755 if (!subdir)
1756 die_errno(_("cannot opendir '%s'"), template_path->buf);
1757 strbuf_addch(path, '/');
1758 strbuf_addch(template_path, '/');
1759 copy_templates_1(path, template_path, subdir);
1760 closedir(subdir);
1762 else if (exists)
1763 continue;
1764 else if (S_ISLNK(st_template.st_mode)) {
1765 struct strbuf lnk = STRBUF_INIT;
1766 if (strbuf_readlink(&lnk, template_path->buf,
1767 st_template.st_size) < 0)
1768 die_errno(_("cannot readlink '%s'"), template_path->buf);
1769 if (symlink(lnk.buf, path->buf))
1770 die_errno(_("cannot symlink '%s' '%s'"),
1771 lnk.buf, path->buf);
1772 strbuf_release(&lnk);
1774 else if (S_ISREG(st_template.st_mode)) {
1775 if (copy_file(path->buf, template_path->buf, st_template.st_mode))
1776 die_errno(_("cannot copy '%s' to '%s'"),
1777 template_path->buf, path->buf);
1779 else
1780 error(_("ignoring template %s"), template_path->buf);
1784 static void copy_templates(const char *template_dir, const char *init_template_dir)
1786 struct strbuf path = STRBUF_INIT;
1787 struct strbuf template_path = STRBUF_INIT;
1788 size_t template_len;
1789 struct repository_format template_format = REPOSITORY_FORMAT_INIT;
1790 struct strbuf err = STRBUF_INIT;
1791 DIR *dir;
1792 char *to_free = NULL;
1794 if (!template_dir)
1795 template_dir = getenv(TEMPLATE_DIR_ENVIRONMENT);
1796 if (!template_dir)
1797 template_dir = init_template_dir;
1798 if (!template_dir)
1799 template_dir = to_free = system_path(DEFAULT_GIT_TEMPLATE_DIR);
1800 if (!template_dir[0]) {
1801 free(to_free);
1802 return;
1805 strbuf_addstr(&template_path, template_dir);
1806 strbuf_complete(&template_path, '/');
1807 template_len = template_path.len;
1809 dir = opendir(template_path.buf);
1810 if (!dir) {
1811 warning(_("templates not found in %s"), template_dir);
1812 goto free_return;
1815 /* Make sure that template is from the correct vintage */
1816 strbuf_addstr(&template_path, "config");
1817 read_repository_format(&template_format, template_path.buf);
1818 strbuf_setlen(&template_path, template_len);
1821 * No mention of version at all is OK, but anything else should be
1822 * verified.
1824 if (template_format.version >= 0 &&
1825 verify_repository_format(&template_format, &err) < 0) {
1826 warning(_("not copying templates from '%s': %s"),
1827 template_dir, err.buf);
1828 strbuf_release(&err);
1829 goto close_free_return;
1832 strbuf_addstr(&path, get_git_common_dir());
1833 strbuf_complete(&path, '/');
1834 copy_templates_1(&path, &template_path, dir);
1835 close_free_return:
1836 closedir(dir);
1837 free_return:
1838 free(to_free);
1839 strbuf_release(&path);
1840 strbuf_release(&template_path);
1841 clear_repository_format(&template_format);
1845 * If the git_dir is not directly inside the working tree, then git will not
1846 * find it by default, and we need to set the worktree explicitly.
1848 static int needs_work_tree_config(const char *git_dir, const char *work_tree)
1850 if (!strcmp(work_tree, "/") && !strcmp(git_dir, "/.git"))
1851 return 0;
1852 if (skip_prefix(git_dir, work_tree, &git_dir) &&
1853 !strcmp(git_dir, "/.git"))
1854 return 0;
1855 return 1;
1858 void initialize_repository_version(int hash_algo, int reinit)
1860 char repo_version_string[10];
1861 int repo_version = GIT_REPO_VERSION;
1863 if (hash_algo != GIT_HASH_SHA1)
1864 repo_version = GIT_REPO_VERSION_READ;
1866 /* This forces creation of new config file */
1867 xsnprintf(repo_version_string, sizeof(repo_version_string),
1868 "%d", repo_version);
1869 git_config_set("core.repositoryformatversion", repo_version_string);
1871 if (hash_algo != GIT_HASH_SHA1)
1872 git_config_set("extensions.objectformat",
1873 hash_algos[hash_algo].name);
1874 else if (reinit)
1875 git_config_set_gently("extensions.objectformat", NULL);
1878 static int create_default_files(const char *template_path,
1879 const char *original_git_dir,
1880 const char *initial_branch,
1881 const struct repository_format *fmt,
1882 int prev_bare_repository,
1883 int init_shared_repository,
1884 int quiet)
1886 struct stat st1;
1887 struct strbuf buf = STRBUF_INIT;
1888 char *path;
1889 char junk[2];
1890 int reinit;
1891 int filemode;
1892 struct strbuf err = STRBUF_INIT;
1893 const char *init_template_dir = NULL;
1894 const char *work_tree = get_git_work_tree();
1897 * First copy the templates -- we might have the default
1898 * config file there, in which case we would want to read
1899 * from it after installing.
1901 * Before reading that config, we also need to clear out any cached
1902 * values (since we've just potentially changed what's available on
1903 * disk).
1905 git_config_get_pathname("init.templatedir", &init_template_dir);
1906 copy_templates(template_path, init_template_dir);
1907 free((char *)init_template_dir);
1908 git_config_clear();
1909 reset_shared_repository();
1910 git_config(git_default_config, NULL);
1913 * We must make sure command-line options continue to override any
1914 * values we might have just re-read from the config.
1916 if (init_shared_repository != -1)
1917 set_shared_repository(init_shared_repository);
1919 * TODO: heed core.bare from config file in templates if no
1920 * command-line override given
1922 is_bare_repository_cfg = prev_bare_repository || !work_tree;
1923 /* TODO (continued):
1925 * Unfortunately, the line above is equivalent to
1926 * is_bare_repository_cfg = !work_tree;
1927 * which ignores the config entirely even if no `--[no-]bare`
1928 * command line option was present.
1930 * To see why, note that before this function, there was this call:
1931 * prev_bare_repository = is_bare_repository()
1932 * expanding the right hand side:
1933 * = is_bare_repository_cfg && !get_git_work_tree()
1934 * = is_bare_repository_cfg && !work_tree
1935 * note that the last simplification above is valid because nothing
1936 * calls repo_init() or set_git_work_tree() between any of the
1937 * relevant calls in the code, and thus the !get_git_work_tree()
1938 * calls will return the same result each time. So, what we are
1939 * interested in computing is the right hand side of the line of
1940 * code just above this comment:
1941 * prev_bare_repository || !work_tree
1942 * = is_bare_repository_cfg && !work_tree || !work_tree
1943 * = !work_tree
1944 * because "A && !B || !B == !B" for all boolean values of A & B.
1948 * We would have created the above under user's umask -- under
1949 * shared-repository settings, we would need to fix them up.
1951 if (get_shared_repository()) {
1952 adjust_shared_perm(get_git_dir());
1956 * We need to create a "refs" dir in any case so that older
1957 * versions of git can tell that this is a repository.
1959 safe_create_dir(git_path("refs"), 1);
1960 adjust_shared_perm(git_path("refs"));
1962 if (refs_init_db(&err))
1963 die("failed to set up refs db: %s", err.buf);
1966 * Point the HEAD symref to the initial branch with if HEAD does
1967 * not yet exist.
1969 path = git_path_buf(&buf, "HEAD");
1970 reinit = (!access(path, R_OK)
1971 || readlink(path, junk, sizeof(junk)-1) != -1);
1972 if (!reinit) {
1973 char *ref;
1975 if (!initial_branch)
1976 initial_branch = git_default_branch_name(quiet);
1978 ref = xstrfmt("refs/heads/%s", initial_branch);
1979 if (check_refname_format(ref, 0) < 0)
1980 die(_("invalid initial branch name: '%s'"),
1981 initial_branch);
1983 if (create_symref("HEAD", ref, NULL) < 0)
1984 exit(1);
1985 free(ref);
1988 initialize_repository_version(fmt->hash_algo, 0);
1990 /* Check filemode trustability */
1991 path = git_path_buf(&buf, "config");
1992 filemode = TEST_FILEMODE;
1993 if (TEST_FILEMODE && !lstat(path, &st1)) {
1994 struct stat st2;
1995 filemode = (!chmod(path, st1.st_mode ^ S_IXUSR) &&
1996 !lstat(path, &st2) &&
1997 st1.st_mode != st2.st_mode &&
1998 !chmod(path, st1.st_mode));
1999 if (filemode && !reinit && (st1.st_mode & S_IXUSR))
2000 filemode = 0;
2002 git_config_set("core.filemode", filemode ? "true" : "false");
2004 if (is_bare_repository())
2005 git_config_set("core.bare", "true");
2006 else {
2007 git_config_set("core.bare", "false");
2008 /* allow template config file to override the default */
2009 if (log_all_ref_updates == LOG_REFS_UNSET)
2010 git_config_set("core.logallrefupdates", "true");
2011 if (needs_work_tree_config(original_git_dir, work_tree))
2012 git_config_set("core.worktree", work_tree);
2015 if (!reinit) {
2016 /* Check if symlink is supported in the work tree */
2017 path = git_path_buf(&buf, "tXXXXXX");
2018 if (!close(xmkstemp(path)) &&
2019 !unlink(path) &&
2020 !symlink("testing", path) &&
2021 !lstat(path, &st1) &&
2022 S_ISLNK(st1.st_mode))
2023 unlink(path); /* good */
2024 else
2025 git_config_set("core.symlinks", "false");
2027 /* Check if the filesystem is case-insensitive */
2028 path = git_path_buf(&buf, "CoNfIg");
2029 if (!access(path, F_OK))
2030 git_config_set("core.ignorecase", "true");
2031 probe_utf8_pathname_composition();
2034 strbuf_release(&buf);
2035 return reinit;
2038 static void create_object_directory(void)
2040 struct strbuf path = STRBUF_INIT;
2041 size_t baselen;
2043 strbuf_addstr(&path, get_object_directory());
2044 baselen = path.len;
2046 safe_create_dir(path.buf, 1);
2048 strbuf_setlen(&path, baselen);
2049 strbuf_addstr(&path, "/pack");
2050 safe_create_dir(path.buf, 1);
2052 strbuf_setlen(&path, baselen);
2053 strbuf_addstr(&path, "/info");
2054 safe_create_dir(path.buf, 1);
2056 strbuf_release(&path);
2059 static void separate_git_dir(const char *git_dir, const char *git_link)
2061 struct stat st;
2063 if (!stat(git_link, &st)) {
2064 const char *src;
2066 if (S_ISREG(st.st_mode))
2067 src = read_gitfile(git_link);
2068 else if (S_ISDIR(st.st_mode))
2069 src = git_link;
2070 else
2071 die(_("unable to handle file type %d"), (int)st.st_mode);
2073 if (rename(src, git_dir))
2074 die_errno(_("unable to move %s to %s"), src, git_dir);
2075 repair_worktrees(NULL, NULL);
2078 write_file(git_link, "gitdir: %s", git_dir);
2081 static void validate_hash_algorithm(struct repository_format *repo_fmt, int hash)
2083 const char *env = getenv(GIT_DEFAULT_HASH_ENVIRONMENT);
2085 * If we already have an initialized repo, don't allow the user to
2086 * specify a different algorithm, as that could cause corruption.
2087 * Otherwise, if the user has specified one on the command line, use it.
2089 if (repo_fmt->version >= 0 && hash != GIT_HASH_UNKNOWN && hash != repo_fmt->hash_algo)
2090 die(_("attempt to reinitialize repository with different hash"));
2091 else if (hash != GIT_HASH_UNKNOWN)
2092 repo_fmt->hash_algo = hash;
2093 else if (env) {
2094 int env_algo = hash_algo_by_name(env);
2095 if (env_algo == GIT_HASH_UNKNOWN)
2096 die(_("unknown hash algorithm '%s'"), env);
2097 repo_fmt->hash_algo = env_algo;
2101 int init_db(const char *git_dir, const char *real_git_dir,
2102 const char *template_dir, int hash, const char *initial_branch,
2103 int init_shared_repository, unsigned int flags)
2105 int reinit;
2106 int exist_ok = flags & INIT_DB_EXIST_OK;
2107 char *original_git_dir = real_pathdup(git_dir, 1);
2108 struct repository_format repo_fmt = REPOSITORY_FORMAT_INIT;
2109 int prev_bare_repository;
2111 if (real_git_dir) {
2112 struct stat st;
2114 if (!exist_ok && !stat(git_dir, &st))
2115 die(_("%s already exists"), git_dir);
2117 if (!exist_ok && !stat(real_git_dir, &st))
2118 die(_("%s already exists"), real_git_dir);
2120 set_git_dir(real_git_dir, 1);
2121 git_dir = get_git_dir();
2122 separate_git_dir(git_dir, original_git_dir);
2124 else {
2125 set_git_dir(git_dir, 1);
2126 git_dir = get_git_dir();
2128 startup_info->have_repository = 1;
2130 /* Ensure `core.hidedotfiles` is processed */
2131 git_config(platform_core_config, NULL);
2133 safe_create_dir(git_dir, 0);
2135 prev_bare_repository = is_bare_repository();
2137 /* Check to see if the repository version is right.
2138 * Note that a newly created repository does not have
2139 * config file, so this will not fail. What we are catching
2140 * is an attempt to reinitialize new repository with an old tool.
2142 check_repository_format(&repo_fmt);
2144 validate_hash_algorithm(&repo_fmt, hash);
2146 reinit = create_default_files(template_dir, original_git_dir,
2147 initial_branch, &repo_fmt,
2148 prev_bare_repository,
2149 init_shared_repository,
2150 flags & INIT_DB_QUIET);
2151 if (reinit && initial_branch)
2152 warning(_("re-init: ignored --initial-branch=%s"),
2153 initial_branch);
2155 create_object_directory();
2157 if (get_shared_repository()) {
2158 char buf[10];
2159 /* We do not spell "group" and such, so that
2160 * the configuration can be read by older version
2161 * of git. Note, we use octal numbers for new share modes,
2162 * and compatibility values for PERM_GROUP and
2163 * PERM_EVERYBODY.
2165 if (get_shared_repository() < 0)
2166 /* force to the mode value */
2167 xsnprintf(buf, sizeof(buf), "0%o", -get_shared_repository());
2168 else if (get_shared_repository() == PERM_GROUP)
2169 xsnprintf(buf, sizeof(buf), "%d", OLD_PERM_GROUP);
2170 else if (get_shared_repository() == PERM_EVERYBODY)
2171 xsnprintf(buf, sizeof(buf), "%d", OLD_PERM_EVERYBODY);
2172 else
2173 BUG("invalid value for shared_repository");
2174 git_config_set("core.sharedrepository", buf);
2175 git_config_set("receive.denyNonFastforwards", "true");
2178 if (!(flags & INIT_DB_QUIET)) {
2179 int len = strlen(git_dir);
2181 if (reinit)
2182 printf(get_shared_repository()
2183 ? _("Reinitialized existing shared Git repository in %s%s\n")
2184 : _("Reinitialized existing Git repository in %s%s\n"),
2185 git_dir, len && git_dir[len-1] != '/' ? "/" : "");
2186 else
2187 printf(get_shared_repository()
2188 ? _("Initialized empty shared Git repository in %s%s\n")
2189 : _("Initialized empty Git repository in %s%s\n"),
2190 git_dir, len && git_dir[len-1] != '/' ? "/" : "");
2193 free(original_git_dir);
2194 return 0;