Merge branch 'jk/xrealloc-avoid-use-after-free'
[git] / builtin / init-db.c
1 /*
2  * GIT - The information manager from hell
3  *
4  * Copyright (C) Linus Torvalds, 2005
5  */
6 #include "cache.h"
7 #include "config.h"
8 #include "refs.h"
9 #include "builtin.h"
10 #include "exec-cmd.h"
11 #include "parse-options.h"
12
13 #ifndef DEFAULT_GIT_TEMPLATE_DIR
14 #define DEFAULT_GIT_TEMPLATE_DIR "/usr/share/git-core/templates"
15 #endif
16
17 #ifdef NO_TRUSTABLE_FILEMODE
18 #define TEST_FILEMODE 0
19 #else
20 #define TEST_FILEMODE 1
21 #endif
22
23 #define GIT_DEFAULT_HASH_ENVIRONMENT "GIT_DEFAULT_HASH"
24
25 static int init_is_bare_repository = 0;
26 static int init_shared_repository = -1;
27 static const char *init_db_template_dir;
28
29 static void copy_templates_1(struct strbuf *path, struct strbuf *template_path,
30                              DIR *dir)
31 {
32         size_t path_baselen = path->len;
33         size_t template_baselen = template_path->len;
34         struct dirent *de;
35
36         /* Note: if ".git/hooks" file exists in the repository being
37          * re-initialized, /etc/core-git/templates/hooks/update would
38          * cause "git init" to fail here.  I think this is sane but
39          * it means that the set of templates we ship by default, along
40          * with the way the namespace under .git/ is organized, should
41          * be really carefully chosen.
42          */
43         safe_create_dir(path->buf, 1);
44         while ((de = readdir(dir)) != NULL) {
45                 struct stat st_git, st_template;
46                 int exists = 0;
47
48                 strbuf_setlen(path, path_baselen);
49                 strbuf_setlen(template_path, template_baselen);
50
51                 if (de->d_name[0] == '.')
52                         continue;
53                 strbuf_addstr(path, de->d_name);
54                 strbuf_addstr(template_path, de->d_name);
55                 if (lstat(path->buf, &st_git)) {
56                         if (errno != ENOENT)
57                                 die_errno(_("cannot stat '%s'"), path->buf);
58                 }
59                 else
60                         exists = 1;
61
62                 if (lstat(template_path->buf, &st_template))
63                         die_errno(_("cannot stat template '%s'"), template_path->buf);
64
65                 if (S_ISDIR(st_template.st_mode)) {
66                         DIR *subdir = opendir(template_path->buf);
67                         if (!subdir)
68                                 die_errno(_("cannot opendir '%s'"), template_path->buf);
69                         strbuf_addch(path, '/');
70                         strbuf_addch(template_path, '/');
71                         copy_templates_1(path, template_path, subdir);
72                         closedir(subdir);
73                 }
74                 else if (exists)
75                         continue;
76                 else if (S_ISLNK(st_template.st_mode)) {
77                         struct strbuf lnk = STRBUF_INIT;
78                         if (strbuf_readlink(&lnk, template_path->buf,
79                                             st_template.st_size) < 0)
80                                 die_errno(_("cannot readlink '%s'"), template_path->buf);
81                         if (symlink(lnk.buf, path->buf))
82                                 die_errno(_("cannot symlink '%s' '%s'"),
83                                           lnk.buf, path->buf);
84                         strbuf_release(&lnk);
85                 }
86                 else if (S_ISREG(st_template.st_mode)) {
87                         if (copy_file(path->buf, template_path->buf, st_template.st_mode))
88                                 die_errno(_("cannot copy '%s' to '%s'"),
89                                           template_path->buf, path->buf);
90                 }
91                 else
92                         error(_("ignoring template %s"), template_path->buf);
93         }
94 }
95
96 static void copy_templates(const char *template_dir)
97 {
98         struct strbuf path = STRBUF_INIT;
99         struct strbuf template_path = STRBUF_INIT;
100         size_t template_len;
101         struct repository_format template_format = REPOSITORY_FORMAT_INIT;
102         struct strbuf err = STRBUF_INIT;
103         DIR *dir;
104         char *to_free = NULL;
105
106         if (!template_dir)
107                 template_dir = getenv(TEMPLATE_DIR_ENVIRONMENT);
108         if (!template_dir)
109                 template_dir = init_db_template_dir;
110         if (!template_dir)
111                 template_dir = to_free = system_path(DEFAULT_GIT_TEMPLATE_DIR);
112         if (!template_dir[0]) {
113                 free(to_free);
114                 return;
115         }
116
117         strbuf_addstr(&template_path, template_dir);
118         strbuf_complete(&template_path, '/');
119         template_len = template_path.len;
120
121         dir = opendir(template_path.buf);
122         if (!dir) {
123                 warning(_("templates not found in %s"), template_dir);
124                 goto free_return;
125         }
126
127         /* Make sure that template is from the correct vintage */
128         strbuf_addstr(&template_path, "config");
129         read_repository_format(&template_format, template_path.buf);
130         strbuf_setlen(&template_path, template_len);
131
132         /*
133          * No mention of version at all is OK, but anything else should be
134          * verified.
135          */
136         if (template_format.version >= 0 &&
137             verify_repository_format(&template_format, &err) < 0) {
138                 warning(_("not copying templates from '%s': %s"),
139                           template_dir, err.buf);
140                 strbuf_release(&err);
141                 goto close_free_return;
142         }
143
144         strbuf_addstr(&path, get_git_common_dir());
145         strbuf_complete(&path, '/');
146         copy_templates_1(&path, &template_path, dir);
147 close_free_return:
148         closedir(dir);
149 free_return:
150         free(to_free);
151         strbuf_release(&path);
152         strbuf_release(&template_path);
153         clear_repository_format(&template_format);
154 }
155
156 static int git_init_db_config(const char *k, const char *v, void *cb)
157 {
158         if (!strcmp(k, "init.templatedir"))
159                 return git_config_pathname(&init_db_template_dir, k, v);
160
161         if (starts_with(k, "core."))
162                 return platform_core_config(k, v, cb);
163
164         return 0;
165 }
166
167 /*
168  * If the git_dir is not directly inside the working tree, then git will not
169  * find it by default, and we need to set the worktree explicitly.
170  */
171 static int needs_work_tree_config(const char *git_dir, const char *work_tree)
172 {
173         if (!strcmp(work_tree, "/") && !strcmp(git_dir, "/.git"))
174                 return 0;
175         if (skip_prefix(git_dir, work_tree, &git_dir) &&
176             !strcmp(git_dir, "/.git"))
177                 return 0;
178         return 1;
179 }
180
181 void initialize_repository_version(int hash_algo)
182 {
183         char repo_version_string[10];
184         int repo_version = GIT_REPO_VERSION;
185
186         if (hash_algo != GIT_HASH_SHA1)
187                 repo_version = GIT_REPO_VERSION_READ;
188
189         /* This forces creation of new config file */
190         xsnprintf(repo_version_string, sizeof(repo_version_string),
191                   "%d", repo_version);
192         git_config_set("core.repositoryformatversion", repo_version_string);
193
194         if (hash_algo != GIT_HASH_SHA1)
195                 git_config_set("extensions.objectformat",
196                                hash_algos[hash_algo].name);
197 }
198
199 static int create_default_files(const char *template_path,
200                                 const char *original_git_dir,
201                                 const char *initial_branch,
202                                 const struct repository_format *fmt)
203 {
204         struct stat st1;
205         struct strbuf buf = STRBUF_INIT;
206         char *path;
207         char junk[2];
208         int reinit;
209         int filemode;
210         struct strbuf err = STRBUF_INIT;
211
212         /* Just look for `init.templatedir` */
213         init_db_template_dir = NULL; /* re-set in case it was set before */
214         git_config(git_init_db_config, NULL);
215
216         /*
217          * First copy the templates -- we might have the default
218          * config file there, in which case we would want to read
219          * from it after installing.
220          *
221          * Before reading that config, we also need to clear out any cached
222          * values (since we've just potentially changed what's available on
223          * disk).
224          */
225         copy_templates(template_path);
226         git_config_clear();
227         reset_shared_repository();
228         git_config(git_default_config, NULL);
229
230         /*
231          * We must make sure command-line options continue to override any
232          * values we might have just re-read from the config.
233          */
234         is_bare_repository_cfg = init_is_bare_repository;
235         if (init_shared_repository != -1)
236                 set_shared_repository(init_shared_repository);
237
238         /*
239          * We would have created the above under user's umask -- under
240          * shared-repository settings, we would need to fix them up.
241          */
242         if (get_shared_repository()) {
243                 adjust_shared_perm(get_git_dir());
244         }
245
246         /*
247          * We need to create a "refs" dir in any case so that older
248          * versions of git can tell that this is a repository.
249          */
250         safe_create_dir(git_path("refs"), 1);
251         adjust_shared_perm(git_path("refs"));
252
253         if (refs_init_db(&err))
254                 die("failed to set up refs db: %s", err.buf);
255
256         /*
257          * Point the HEAD symref to the initial branch with if HEAD does
258          * not yet exist.
259          */
260         path = git_path_buf(&buf, "HEAD");
261         reinit = (!access(path, R_OK)
262                   || readlink(path, junk, sizeof(junk)-1) != -1);
263         if (!reinit) {
264                 char *ref;
265
266                 if (!initial_branch)
267                         initial_branch = git_default_branch_name();
268
269                 ref = xstrfmt("refs/heads/%s", initial_branch);
270                 if (check_refname_format(ref, 0) < 0)
271                         die(_("invalid initial branch name: '%s'"),
272                             initial_branch);
273
274                 if (create_symref("HEAD", ref, NULL) < 0)
275                         exit(1);
276                 free(ref);
277         }
278
279         initialize_repository_version(fmt->hash_algo);
280
281         /* Check filemode trustability */
282         path = git_path_buf(&buf, "config");
283         filemode = TEST_FILEMODE;
284         if (TEST_FILEMODE && !lstat(path, &st1)) {
285                 struct stat st2;
286                 filemode = (!chmod(path, st1.st_mode ^ S_IXUSR) &&
287                                 !lstat(path, &st2) &&
288                                 st1.st_mode != st2.st_mode &&
289                                 !chmod(path, st1.st_mode));
290                 if (filemode && !reinit && (st1.st_mode & S_IXUSR))
291                         filemode = 0;
292         }
293         git_config_set("core.filemode", filemode ? "true" : "false");
294
295         if (is_bare_repository())
296                 git_config_set("core.bare", "true");
297         else {
298                 const char *work_tree = get_git_work_tree();
299                 git_config_set("core.bare", "false");
300                 /* allow template config file to override the default */
301                 if (log_all_ref_updates == LOG_REFS_UNSET)
302                         git_config_set("core.logallrefupdates", "true");
303                 if (needs_work_tree_config(original_git_dir, work_tree))
304                         git_config_set("core.worktree", work_tree);
305         }
306
307         if (!reinit) {
308                 /* Check if symlink is supported in the work tree */
309                 path = git_path_buf(&buf, "tXXXXXX");
310                 if (!close(xmkstemp(path)) &&
311                     !unlink(path) &&
312                     !symlink("testing", path) &&
313                     !lstat(path, &st1) &&
314                     S_ISLNK(st1.st_mode))
315                         unlink(path); /* good */
316                 else
317                         git_config_set("core.symlinks", "false");
318
319                 /* Check if the filesystem is case-insensitive */
320                 path = git_path_buf(&buf, "CoNfIg");
321                 if (!access(path, F_OK))
322                         git_config_set("core.ignorecase", "true");
323                 probe_utf8_pathname_composition();
324         }
325
326         strbuf_release(&buf);
327         return reinit;
328 }
329
330 static void create_object_directory(void)
331 {
332         struct strbuf path = STRBUF_INIT;
333         size_t baselen;
334
335         strbuf_addstr(&path, get_object_directory());
336         baselen = path.len;
337
338         safe_create_dir(path.buf, 1);
339
340         strbuf_setlen(&path, baselen);
341         strbuf_addstr(&path, "/pack");
342         safe_create_dir(path.buf, 1);
343
344         strbuf_setlen(&path, baselen);
345         strbuf_addstr(&path, "/info");
346         safe_create_dir(path.buf, 1);
347
348         strbuf_release(&path);
349 }
350
351 static void separate_git_dir(const char *git_dir, const char *git_link)
352 {
353         struct stat st;
354
355         if (!stat(git_link, &st)) {
356                 const char *src;
357
358                 if (S_ISREG(st.st_mode))
359                         src = read_gitfile(git_link);
360                 else if (S_ISDIR(st.st_mode))
361                         src = git_link;
362                 else
363                         die(_("unable to handle file type %d"), (int)st.st_mode);
364
365                 if (rename(src, git_dir))
366                         die_errno(_("unable to move %s to %s"), src, git_dir);
367         }
368
369         write_file(git_link, "gitdir: %s", git_dir);
370 }
371
372 static void validate_hash_algorithm(struct repository_format *repo_fmt, int hash)
373 {
374         const char *env = getenv(GIT_DEFAULT_HASH_ENVIRONMENT);
375         /*
376          * If we already have an initialized repo, don't allow the user to
377          * specify a different algorithm, as that could cause corruption.
378          * Otherwise, if the user has specified one on the command line, use it.
379          */
380         if (repo_fmt->version >= 0 && hash != GIT_HASH_UNKNOWN && hash != repo_fmt->hash_algo)
381                 die(_("attempt to reinitialize repository with different hash"));
382         else if (hash != GIT_HASH_UNKNOWN)
383                 repo_fmt->hash_algo = hash;
384         else if (env) {
385                 int env_algo = hash_algo_by_name(env);
386                 if (env_algo == GIT_HASH_UNKNOWN)
387                         die(_("unknown hash algorithm '%s'"), env);
388                 repo_fmt->hash_algo = env_algo;
389         }
390 }
391
392 int init_db(const char *git_dir, const char *real_git_dir,
393             const char *template_dir, int hash, const char *initial_branch,
394             unsigned int flags)
395 {
396         int reinit;
397         int exist_ok = flags & INIT_DB_EXIST_OK;
398         char *original_git_dir = real_pathdup(git_dir, 1);
399         struct repository_format repo_fmt = REPOSITORY_FORMAT_INIT;
400
401         if (real_git_dir) {
402                 struct stat st;
403
404                 if (!exist_ok && !stat(git_dir, &st))
405                         die(_("%s already exists"), git_dir);
406
407                 if (!exist_ok && !stat(real_git_dir, &st))
408                         die(_("%s already exists"), real_git_dir);
409
410                 set_git_dir(real_git_dir, 1);
411                 git_dir = get_git_dir();
412                 separate_git_dir(git_dir, original_git_dir);
413         }
414         else {
415                 set_git_dir(git_dir, 1);
416                 git_dir = get_git_dir();
417         }
418         startup_info->have_repository = 1;
419
420         /* Just look for `core.hidedotfiles` */
421         git_config(git_init_db_config, NULL);
422
423         safe_create_dir(git_dir, 0);
424
425         init_is_bare_repository = is_bare_repository();
426
427         /* Check to see if the repository version is right.
428          * Note that a newly created repository does not have
429          * config file, so this will not fail.  What we are catching
430          * is an attempt to reinitialize new repository with an old tool.
431          */
432         check_repository_format(&repo_fmt);
433
434         validate_hash_algorithm(&repo_fmt, hash);
435
436         reinit = create_default_files(template_dir, original_git_dir,
437                                       initial_branch, &repo_fmt);
438         if (reinit && initial_branch)
439                 warning(_("re-init: ignored --initial-branch=%s"),
440                         initial_branch);
441
442         create_object_directory();
443
444         if (get_shared_repository()) {
445                 char buf[10];
446                 /* We do not spell "group" and such, so that
447                  * the configuration can be read by older version
448                  * of git. Note, we use octal numbers for new share modes,
449                  * and compatibility values for PERM_GROUP and
450                  * PERM_EVERYBODY.
451                  */
452                 if (get_shared_repository() < 0)
453                         /* force to the mode value */
454                         xsnprintf(buf, sizeof(buf), "0%o", -get_shared_repository());
455                 else if (get_shared_repository() == PERM_GROUP)
456                         xsnprintf(buf, sizeof(buf), "%d", OLD_PERM_GROUP);
457                 else if (get_shared_repository() == PERM_EVERYBODY)
458                         xsnprintf(buf, sizeof(buf), "%d", OLD_PERM_EVERYBODY);
459                 else
460                         BUG("invalid value for shared_repository");
461                 git_config_set("core.sharedrepository", buf);
462                 git_config_set("receive.denyNonFastforwards", "true");
463         }
464
465         if (!(flags & INIT_DB_QUIET)) {
466                 int len = strlen(git_dir);
467
468                 if (reinit)
469                         printf(get_shared_repository()
470                                ? _("Reinitialized existing shared Git repository in %s%s\n")
471                                : _("Reinitialized existing Git repository in %s%s\n"),
472                                git_dir, len && git_dir[len-1] != '/' ? "/" : "");
473                 else
474                         printf(get_shared_repository()
475                                ? _("Initialized empty shared Git repository in %s%s\n")
476                                : _("Initialized empty Git repository in %s%s\n"),
477                                git_dir, len && git_dir[len-1] != '/' ? "/" : "");
478         }
479
480         free(original_git_dir);
481         return 0;
482 }
483
484 static int guess_repository_type(const char *git_dir)
485 {
486         const char *slash;
487         char *cwd;
488         int cwd_is_git_dir;
489
490         /*
491          * "GIT_DIR=. git init" is always bare.
492          * "GIT_DIR=`pwd` git init" too.
493          */
494         if (!strcmp(".", git_dir))
495                 return 1;
496         cwd = xgetcwd();
497         cwd_is_git_dir = !strcmp(git_dir, cwd);
498         free(cwd);
499         if (cwd_is_git_dir)
500                 return 1;
501         /*
502          * "GIT_DIR=.git or GIT_DIR=something/.git is usually not.
503          */
504         if (!strcmp(git_dir, ".git"))
505                 return 0;
506         slash = strrchr(git_dir, '/');
507         if (slash && !strcmp(slash, "/.git"))
508                 return 0;
509
510         /*
511          * Otherwise it is often bare.  At this point
512          * we are just guessing.
513          */
514         return 1;
515 }
516
517 static int shared_callback(const struct option *opt, const char *arg, int unset)
518 {
519         BUG_ON_OPT_NEG(unset);
520         *((int *) opt->value) = (arg) ? git_config_perm("arg", arg) : PERM_GROUP;
521         return 0;
522 }
523
524 static const char *const init_db_usage[] = {
525         N_("git init [-q | --quiet] [--bare] [--template=<template-directory>] [--shared[=<permissions>]] [<directory>]"),
526         NULL
527 };
528
529 /*
530  * If you want to, you can share the DB area with any number of branches.
531  * That has advantages: you can save space by sharing all the SHA1 objects.
532  * On the other hand, it might just make lookup slower and messier. You
533  * be the judge.  The default case is to have one DB per managed directory.
534  */
535 int cmd_init_db(int argc, const char **argv, const char *prefix)
536 {
537         const char *git_dir;
538         const char *real_git_dir = NULL;
539         const char *work_tree;
540         const char *template_dir = NULL;
541         unsigned int flags = 0;
542         const char *object_format = NULL;
543         const char *initial_branch = NULL;
544         int hash_algo = GIT_HASH_UNKNOWN;
545         const struct option init_db_options[] = {
546                 OPT_STRING(0, "template", &template_dir, N_("template-directory"),
547                                 N_("directory from which templates will be used")),
548                 OPT_SET_INT(0, "bare", &is_bare_repository_cfg,
549                                 N_("create a bare repository"), 1),
550                 { OPTION_CALLBACK, 0, "shared", &init_shared_repository,
551                         N_("permissions"),
552                         N_("specify that the git repository is to be shared amongst several users"),
553                         PARSE_OPT_OPTARG | PARSE_OPT_NONEG, shared_callback, 0},
554                 OPT_BIT('q', "quiet", &flags, N_("be quiet"), INIT_DB_QUIET),
555                 OPT_STRING(0, "separate-git-dir", &real_git_dir, N_("gitdir"),
556                            N_("separate git dir from working tree")),
557                 OPT_STRING('b', "initial-branch", &initial_branch, N_("name"),
558                            N_("override the name of the initial branch")),
559                 OPT_STRING(0, "object-format", &object_format, N_("hash"),
560                            N_("specify the hash algorithm to use")),
561                 OPT_END()
562         };
563
564         argc = parse_options(argc, argv, prefix, init_db_options, init_db_usage, 0);
565
566         if (real_git_dir && is_bare_repository_cfg == 1)
567                 die(_("--separate-git-dir and --bare are mutually exclusive"));
568
569         if (real_git_dir && !is_absolute_path(real_git_dir))
570                 real_git_dir = real_pathdup(real_git_dir, 1);
571
572         if (template_dir && *template_dir && !is_absolute_path(template_dir))
573                 template_dir = absolute_pathdup(template_dir);
574
575         if (argc == 1) {
576                 int mkdir_tried = 0;
577         retry:
578                 if (chdir(argv[0]) < 0) {
579                         if (!mkdir_tried) {
580                                 int saved;
581                                 /*
582                                  * At this point we haven't read any configuration,
583                                  * and we know shared_repository should always be 0;
584                                  * but just in case we play safe.
585                                  */
586                                 saved = get_shared_repository();
587                                 set_shared_repository(0);
588                                 switch (safe_create_leading_directories_const(argv[0])) {
589                                 case SCLD_OK:
590                                 case SCLD_PERMS:
591                                         break;
592                                 case SCLD_EXISTS:
593                                         errno = EEXIST;
594                                         /* fallthru */
595                                 default:
596                                         die_errno(_("cannot mkdir %s"), argv[0]);
597                                         break;
598                                 }
599                                 set_shared_repository(saved);
600                                 if (mkdir(argv[0], 0777) < 0)
601                                         die_errno(_("cannot mkdir %s"), argv[0]);
602                                 mkdir_tried = 1;
603                                 goto retry;
604                         }
605                         die_errno(_("cannot chdir to %s"), argv[0]);
606                 }
607         } else if (0 < argc) {
608                 usage(init_db_usage[0]);
609         }
610         if (is_bare_repository_cfg == 1) {
611                 char *cwd = xgetcwd();
612                 setenv(GIT_DIR_ENVIRONMENT, cwd, argc > 0);
613                 free(cwd);
614         }
615
616         if (object_format) {
617                 hash_algo = hash_algo_by_name(object_format);
618                 if (hash_algo == GIT_HASH_UNKNOWN)
619                         die(_("unknown hash algorithm '%s'"), object_format);
620         }
621
622         if (init_shared_repository != -1)
623                 set_shared_repository(init_shared_repository);
624
625         /*
626          * GIT_WORK_TREE makes sense only in conjunction with GIT_DIR
627          * without --bare.  Catch the error early.
628          */
629         git_dir = xstrdup_or_null(getenv(GIT_DIR_ENVIRONMENT));
630         work_tree = xstrdup_or_null(getenv(GIT_WORK_TREE_ENVIRONMENT));
631         if ((!git_dir || is_bare_repository_cfg == 1) && work_tree)
632                 die(_("%s (or --work-tree=<directory>) not allowed without "
633                           "specifying %s (or --git-dir=<directory>)"),
634                     GIT_WORK_TREE_ENVIRONMENT,
635                     GIT_DIR_ENVIRONMENT);
636
637         /*
638          * Set up the default .git directory contents
639          */
640         if (!git_dir)
641                 git_dir = DEFAULT_GIT_DIR_ENVIRONMENT;
642
643         if (is_bare_repository_cfg < 0)
644                 is_bare_repository_cfg = guess_repository_type(git_dir);
645
646         if (!is_bare_repository_cfg) {
647                 const char *git_dir_parent = strrchr(git_dir, '/');
648                 if (git_dir_parent) {
649                         char *rel = xstrndup(git_dir, git_dir_parent - git_dir);
650                         git_work_tree_cfg = real_pathdup(rel, 1);
651                         free(rel);
652                 }
653                 if (!git_work_tree_cfg)
654                         git_work_tree_cfg = xgetcwd();
655                 if (work_tree)
656                         set_git_work_tree(work_tree);
657                 else
658                         set_git_work_tree(git_work_tree_cfg);
659                 if (access(get_git_work_tree(), X_OK))
660                         die_errno (_("Cannot access work tree '%s'"),
661                                    get_git_work_tree());
662         }
663         else {
664                 if (real_git_dir)
665                         die(_("--separate-git-dir incompatible with bare repository"));
666                 if (work_tree)
667                         set_git_work_tree(work_tree);
668         }
669
670         UNLEAK(real_git_dir);
671         UNLEAK(git_dir);
672         UNLEAK(work_tree);
673
674         flags |= INIT_DB_EXIST_OK;
675         return init_db(git_dir, real_git_dir, template_dir, hash_algo,
676                        initial_branch, flags);
677 }