git@vger.kernel.org mailing list mirror (one of many)
 help / color / mirror / code / Atom feed
From: Jeff King <peff@peff.net>
To: git@vger.kernel.org
Cc: "Junio C Hamano" <gitster@pobox.com>,
	"Ævar Arnfjörð Bjarmason" <avarab@gmail.com>,
	"Eric Sunshine" <sunshine@sunshineco.com>
Subject: [PATCH v2 0/9] leftover bits from symlinked gitattributes, etc topics
Date: Mon, 3 May 2021 16:42:24 -0400	[thread overview]
Message-ID: <YJBgMP9eXq31INyN@coredump.intra.peff.net> (raw)
In-Reply-To: <YI12hK4X/gfl3u29@coredump.intra.peff.net>

On Sat, May 01, 2021 at 11:40:52AM -0400, Jeff King wrote:

> A while back, I had a topic[1] that treated symlinked .gitattributes
> (and .gitignore and .mailmap) the same as .gitmodules: forbidding them
> in the index, complaining about them via fsck, etc.
> 
> In the end, we decided not to do that[2], and instead just open the
> files with O_NOFOLLOW instead. As I said in that thread, we could
> salvage some of the cleanups, fsck checks, and docs from the original
> topic. So here that is. (The new topic is in master but not yet
> released; so while this is not strictly a bug-fix for an existing topic,
> it would be good to get especially the doc improvements into the same
> release).

Here's a re-roll with two small fixes: dropping the test_i18ngrep that
Ævar noticed, and taking Eric's wording suggestion for the docs.

I didn't take Ævar's suggestion to expand the line-wrapping fixes
further. I don't mind that happening, but I'd prefer doing it as a
separate series.

Range-diff (a little hard to read because the one-line change in the
tests percolates through several commits, and the two-word changes in
the docs caused rewrapping):

 1:  c91ce2ed34 =  1:  c91ce2ed34 t7415: remove out-dated comment about translation
 2:  99fe934110 =  2:  99fe934110 fsck_tree(): fix shadowed variable
 3:  9695e4370c =  3:  9695e4370c fsck_tree(): wrap some long lines
 4:  2cf9839145 =  4:  2cf9839145 t7415: rename to expand scope
 5:  ad18686096 !  5:  1664953e71 t7450: test verify_path() handling of gitmodules
    @@ t/t7450-bad-git-dotfiles.sh: test_expect_success 'fsck detects symlinked .gitmod
      
     +test_expect_success 'refuse to load symlinked .gitmodules into index' '
     +	test_must_fail git -C symlink read-tree $tree 2>err &&
    -+	test_i18ngrep "invalid path.*gitmodules" err &&
    ++	grep "invalid path.*gitmodules" err &&
     +	git -C symlink ls-files >out &&
     +	test_must_be_empty out
     +'
 6:  9691fb8d5c !  6:  41000ce022 t7450: test .gitmodules symlink matching against obscured names
    @@ t/t7450-bad-git-dotfiles.sh: test_expect_success 'index-pack --strict works for
     -
     -test_expect_success 'refuse to load symlinked .gitmodules into index' '
     -	test_must_fail git -C symlink read-tree $tree 2>err &&
    --	test_i18ngrep "invalid path.*gitmodules" err &&
    +-	grep "invalid path.*gitmodules" err &&
     -	git -C symlink ls-files >out &&
     -	test_must_be_empty out
     -'
    @@ t/t7450-bad-git-dotfiles.sh: test_expect_success 'index-pack --strict works for
     +			    -c core.protectntfs \
     +			    -c core.protecthfs \
     +			    read-tree $tree 2>err &&
    -+		test_i18ngrep "invalid path.*$name" err &&
    ++		grep "invalid path.*$name" err &&
     +		git -C $dir ls-files -s >out &&
     +		test_must_be_empty out
     +	'
 7:  670705dca2 =  7:  58efbbbbb6 t0060: test ntfs/hfs-obscured dotfiles
 8:  422162a7ae =  8:  aeff66bf1e fsck: warn about symlinked dotfiles we'll open with O_NOFOLLOW
 9:  f1b226ca4f !  9:  a8f9255d9b docs: document symlink restrictions for dot-files
    @@ Documentation/gitattributes.txt: to:
     +NOTES
     +-----
     +
    -+Note that Git does not follow symbolic links when accessing a
    -+`.gitattributes` file in the working tree. This keeps behavior
    -+consistent when the file is accessed from the index or a tree versus
    -+from the filesystem.
    ++Git does not follow symbolic links when accessing a `.gitattributes`
    ++file in the working tree. This keeps behavior consistent when the file
    ++is accessed from the index or a tree versus from the filesystem.
      
      EXAMPLES
      --------
    @@ Documentation/gitignore.txt: not tracked by Git remain untracked.
      To stop tracking a file that is currently tracked, use
      'git rm --cached'.
      
    -+Note that Git does not follow symbolic links when accessing a
    -+`.gitignore` file in the working tree. This keeps behavior consistent
    -+when the file is accessed from the index or a tree versus from the
    -+filesystem.
    ++Git does not follow symbolic links when accessing a `.gitignore` file in
    ++the working tree. This keeps behavior consistent when the file is
    ++accessed from the index or a tree versus from the filesystem.
     +
      EXAMPLES
      --------
    @@ Documentation/gitmailmap.txt: this would also match the 'Commit Name <commit&#64
     +NOTES
     +-----
     +
    -+Note that Git does not follow symbolic links when accessing a `.mailmap`
    -+file in the working tree. This keeps behavior consistent when the file
    -+is accessed from the index or a tree versus from the filesystem.
    ++Git does not follow symbolic links when accessing a `.mailmap` file in
    ++the working tree. This keeps behavior consistent when the file is
    ++accessed from the index or a tree versus from the filesystem.
     +
      EXAMPLES
      --------
    @@ Documentation/gitmodules.txt: submodule.<name>.shallow::
     +NOTES
     +-----
     +
    -+Note that Git does not allow the `.gitmodules` file within a working
    -+tree to be a symbolic link, and will refuse to check out such a tree
    -+entry. This keeps behavior consistent when the file is accessed from the
    -+index or a tree versus from the filesystem, and helps Git reliably
    -+enforce security checks of the file contents.
    ++Git does not allow the `.gitmodules` file within a working tree to be a
    ++symbolic link, and will refuse to check out such a tree entry. This
    ++keeps behavior consistent when the file is accessed from the index or a
    ++tree versus from the filesystem, and helps Git reliably enforce security
    ++checks of the file contents.
      
      EXAMPLES
      --------

  [1/9]: t7415: remove out-dated comment about translation
  [2/9]: fsck_tree(): fix shadowed variable
  [3/9]: fsck_tree(): wrap some long lines
  [4/9]: t7415: rename to expand scope
  [5/9]: t7450: test verify_path() handling of gitmodules
  [6/9]: t7450: test .gitmodules symlink matching against obscured names
  [7/9]: t0060: test ntfs/hfs-obscured dotfiles
  [8/9]: fsck: warn about symlinked dotfiles we'll open with O_NOFOLLOW
  [9/9]: docs: document symlink restrictions for dot-files

 Documentation/gitattributes.txt               |   6 +
 Documentation/gitignore.txt                   |   4 +
 Documentation/gitmailmap.txt                  |   7 ++
 Documentation/gitmodules.txt                  |   8 ++
 cache.h                                       |   1 +
 fsck.c                                        |  84 ++++++++++---
 fsck.h                                        |   3 +
 path.c                                        |   5 +
 t/helper/test-path-utils.c                    |  46 +++++--
 t/t0060-path-utils.sh                         |  30 +++++
 ...ule-names.sh => t7450-bad-git-dotfiles.sh} | 116 +++++++++++++-----
 utf8.c                                        |   5 +
 utf8.h                                        |   1 +
 13 files changed, 255 insertions(+), 61 deletions(-)
 rename t/{t7415-submodule-names.sh => t7450-bad-git-dotfiles.sh} (70%)

-Peff

  parent reply	other threads:[~2021-05-03 20:42 UTC|newest]

Thread overview: 35+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-05-01 15:40 [PATCH 0/9] leftover bits from symlinked gitattributes, etc topics Jeff King
2021-05-01 15:41 ` [PATCH 1/9] t7415: remove out-dated comment about translation Jeff King
2021-05-03  9:46   ` Ævar Arnfjörð Bjarmason
2021-05-03 20:29     ` Jeff King
2021-05-01 15:41 ` [PATCH 2/9] fsck_tree(): fix shadowed variable Jeff King
2021-05-03 11:15   ` Ævar Arnfjörð Bjarmason
2021-05-03 20:13     ` Jeff King
2021-05-04 10:10       ` Ævar Arnfjörð Bjarmason
2021-05-01 15:41 ` [PATCH 3/9] fsck_tree(): wrap some long lines Jeff King
2021-05-03 11:22   ` Ævar Arnfjörð Bjarmason
2021-05-03 20:23     ` Jeff King
2021-05-01 15:42 ` [PATCH 4/9] t7415: rename to expand scope Jeff King
2021-05-01 15:42 ` [PATCH 5/9] t7450: test verify_path() handling of gitmodules Jeff King
2021-05-01 18:55   ` Eric Sunshine
2021-05-01 19:03     ` Eric Sunshine
2021-05-03 19:39       ` Jeff King
2021-05-03 10:12   ` Ævar Arnfjörð Bjarmason
2021-05-03 20:32     ` Jeff King
2021-05-01 15:42 ` [PATCH 6/9] t7450: test .gitmodules symlink matching against obscured names Jeff King
2021-05-01 15:42 ` [PATCH 7/9] t0060: test ntfs/hfs-obscured dotfiles Jeff King
2021-05-01 15:43 ` [PATCH 8/9] fsck: warn about symlinked dotfiles we'll open with O_NOFOLLOW Jeff King
2021-05-01 15:43 ` [PATCH 9/9] docs: document symlink restrictions for dot-files Jeff King
2021-05-01 19:16   ` Eric Sunshine
2021-05-03 20:33     ` Jeff King
2021-05-03  5:36 ` [PATCH 0/9] leftover bits from symlinked gitattributes, etc topics Junio C Hamano
2021-05-03 20:42 ` Jeff King [this message]
2021-05-03 20:43   ` [PATCH v2 1/9] t7415: remove out-dated comment about translation Jeff King
2021-05-03 20:43   ` [PATCH v2 2/9] fsck_tree(): fix shadowed variable Jeff King
2021-05-03 20:43   ` [PATCH v2 3/9] fsck_tree(): wrap some long lines Jeff King
2021-05-03 20:43   ` [PATCH v2 4/9] t7415: rename to expand scope Jeff King
2021-05-03 20:43   ` [PATCH v2 5/9] t7450: test verify_path() handling of gitmodules Jeff King
2021-05-03 20:43   ` [PATCH v2 6/9] t7450: test .gitmodules symlink matching against obscured names Jeff King
2021-05-03 20:43   ` [PATCH v2 7/9] t0060: test ntfs/hfs-obscured dotfiles Jeff King
2021-05-03 20:43   ` [PATCH v2 8/9] fsck: warn about symlinked dotfiles we'll open with O_NOFOLLOW Jeff King
2021-05-03 20:43   ` [PATCH v2 9/9] docs: document symlink restrictions for dot-files Jeff King

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: http://vger.kernel.org/majordomo-info.html

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=YJBgMP9eXq31INyN@coredump.intra.peff.net \
    --to=peff@peff.net \
    --cc=avarab@gmail.com \
    --cc=git@vger.kernel.org \
    --cc=gitster@pobox.com \
    --cc=sunshine@sunshineco.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this public inbox

	https://80x24.org/mirrors/git.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).