Skip to content

Do not normalize safe.directory paths #6668

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jan 14, 2024
Merged

Do not normalize safe.directory paths #6668

merged 2 commits into from
Jan 14, 2024

Conversation

csware
Copy link
Contributor

@csware csware commented Dec 11, 2023
edited
Loading

Vanilla Git does not do it either (cf. https://github.com/gitster/git/blob/master/setup.c#L1150) and calling git_fs_path_prettify_dir can cause performance issues (cf. issue #6649).

Still needed: expansion of "~/"... (but not this PR)

ethomson
ethomson reviewed Dec 13, 2023
View reviewed changes
src/libgit2/repository.c Outdated

if (git_fs_path_prettify_dir(&data->tmp, test_path, NULL) == 0 &&
strcmp(data->tmp.ptr, data->repo_path) == 0)
git_str_sets(&tmp, data->repo_path);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We were passing the git_str here to avoid re-allocing a git_str on every call. We can just re-use the one we have. No need to undo that, I don't think.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, you're looking at data->repo_path, not test_path, which we've mutated to handle WSL paths. We should keep that.

ethomson
ethomson reviewed Dec 13, 2023
View reviewed changes
src/libgit2/repository.c
@@ -582,10 +582,14 @@ static int validate_ownership_cb(const git_config_entry *entry, void *payload)
strncmp(test_path, "//wsl.localhost/", strlen("//wsl.localhost/")) != 0)
test_path++;
#endif

if (git_fs_path_prettify_dir(&data->tmp, test_path, NULL) == 0 &&
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that instead of prettify, we need only call path_to_dir.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think that using path_to_dir is the right way. This would accept safe.directory entries ending with a slash which vanilla Git does not accept.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is that actually a problem, though? We also accept //wsl.localhost/... prefixed paths which Git for Windows doesn't accept.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

From my point of view, I would keep it as consistent as possible.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's do one fix at the time. It's ok for me if we take your suggested patch.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

From my point of view, I would keep it as consistent as possible.

OK. Let's do that. This feels like a (minor) bug in git that it doesn't allow trailing slashes, but I've often said that libgit2's goal is to be "bug for bug compatible".

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ethomson
I updated the branch and hope that I did not forget anything.

@ethomson
Copy link
Member

Agree that we don't need to hit the filesystem on every excluded path. I think that the simplest fix is:

diff --git a/src/libgit2/repository.c b/src/libgit2/repository.c
index 05ece6efc..9fa616fb0 100644
--- a/src/libgit2/repository.c
+++ b/src/libgit2/repository.c
@@ -583,8 +583,11 @@ static int validate_ownership_cb(const git_config_entry *entry, void *payload)
                        test_path++;
 #endif

-               if (git_fs_path_prettify_dir(&data->tmp, test_path, NULL) == 0 &&
-                   strcmp(data->tmp.ptr, data->repo_path) == 0)
+               if (git_str_sets(&data->tmp, test_path) < 0 ||
+                   git_fs_path_to_dir(&data->tmp) < 0)
+                       return -1;
+
+               if (strcmp(data->tmp.ptr, data->repo_path) == 0)
                        *data->is_safe = true;
        }

This keeps the git_str that is used between invocations of the callback to avoid re-allocs, but switches from prettify_path to path_to_dir, which should avoid touching the filesystem and merely append a / since that's our (sort of dubious) pattern for directories.

This does not add the trailing / check on inputs. I don't know how valuable that is - I think that specifying a folder with a trailing slash is perfectly legitimate and that git should allow it. But if you're bullish on exact compatibility here, I think that's a reasonable opinion as well.

@ethomson
Copy link
Member

Thanks @csware for digging in here to understand the perf problem - it's slow for me to develop / test on Windows - and apologies for causing it in the first place.

@csware
Copy link
Contributor Author

csware commented Dec 13, 2023

@ethomson I'd like to talk to you about libgit2, some open PRs and TortoiseGit. Would be nice if we could meet next year.

@csware
Do not normalize safe.directory paths
779263b 
Vanilla Git does not do it either (cf. https://github.com/gitster/git/blob/master/setup.c#L1150)
and calling git_fs_path_prettify_dir can cause performance issues (cf. issue libgit2#6649).

Signed-off-by: Sven Strickroth <email@cs-ware.de>
@csware
Improve error message
73f034c 
Signed-off-by: Sven Strickroth <email@cs-ware.de>
@csware
Copy link
Contributor Author

csware commented Dec 18, 2023

@ethomson
Is there an open point here?

@ethomson ethomson merged commit 73f034c into libgit2:main Jan 14, 2024
@ethomson
Copy link
Member

Manually merged with a tweak - thanks again!

@csware
Copy link
Contributor Author

csware commented Jan 14, 2024

This is also relevant for 1.7, right?!

@csware
Copy link
Contributor Author

csware commented Jan 14, 2024
edited
Loading

@ethomson
Is there a reason why you ,merged both commits and then reverted the second one which improves the error message? Particularly, the hint regarding %(prefix)/"is missing now.

I don't quite understand your tweak either. Now more copies are needed, right? Particularly, I don't understand the comment regarding the backslash.

@csware csware deleted the safe.directory branch January 14, 2024 22:15
@csware csware mentioned this pull request Feb 14, 2024
Closed
csware
csware commented Feb 14, 2024
View reviewed changes
src/libgit2/repository.c
@@ -582,9 +581,7 @@ static int validate_ownership_cb(const git_config_entry *entry, void *payload)
strncmp(test_path, "//wsl.localhost/", strlen("//wsl.localhost/")) != 0)
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remove this else if part if %(prefix)/ is not required.

@branchvincent branchvincent mentioned this pull request Mar 21, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ethomson ethomson ethomson left review comments

Assignees
No one assigned
Labels
bug git compatibility
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@csware @ethomson