fix potential race in updating inode cache

Some uses of linkFromAnnex are inside replaceWorkTreeFile, which was
already safe, but others use it directly on the work tree file, which
was race-prone. Eg, if the work tree file was first removed, then
linkFromAnnex called to populate it, the user could have re-written it in
the interim.

This came to light during an audit of all calls of addInodeCaches,
looking for such races. All the other uses of it seem ok.

Sponsored-by: Brett Eisenberg on Patreon

Command/Fix.hs

@@ -85,7 +85,7 @@ makeHardLink :: RawFilePath -> Key -> CommandPerform
 makeHardLink file key = do
 	replaceWorkTreeFile (fromRawFilePath file) $ \tmp -> do
 		mode <- liftIO $ catchMaybeIO $ fileMode <$> R.getFileStatus file
-		linkFromAnnex key (toRawFilePath tmp) mode >>= \case
+		linkFromAnnex' key (toRawFilePath tmp) mode >>= \case
 			LinkAnnexFailed -> error "unable to make hard link"
 			_ -> noop
 	next $ return True

Command/Fsck.hs

@@ -357,7 +357,7 @@ verifyWorkTree key file = do
 				let tmp' = toRawFilePath tmp
 				mode <- liftIO $ catchMaybeIO $ fileMode <$> R.getFileStatus file
 				ifM (annexThin <$> Annex.getGitConfig)
-					( void $ linkFromAnnex key tmp' mode
+					( void $ linkFromAnnex' key tmp' mode
 					, do
 						obj <- calcRepo (gitAnnexLocation key)
 						void $ checkedCopyFile key obj tmp' mode

Command/Unlock.hs

@@ -50,7 +50,7 @@ perform dest key = do
 	replaceWorkTreeFile (fromRawFilePath dest) $ \tmp ->
 		ifM (inAnnex key)
 			( do
-				r <- linkFromAnnex key (toRawFilePath tmp) destmode
+				r <- linkFromAnnex' key (toRawFilePath tmp) destmode
 				case r of
 					LinkAnnexOk -> return ()
 					LinkAnnexNoop -> return ()