Direct mode .git/annex/objects directories are no longer left writable
Because that allowed writing to symlinks of files that are not present, which followed the link and put bad content in an object location. fsck: Fix up .git/annex/object directory permissions. This commit was sponsored by an anonymous bitcoin donor.
This commit is contained in:
Joey Hess
parent
b0f85b3e22
commit
d48b00ebed
8 changed files with 56 additions and 41 deletions
|
|
@ -218,9 +218,10 @@ verifyLocationLog key desc = do
|
|||
|
||||
{- Since we're checking that a key's file is present, throw
|
||||
- in a permission fixup here too. -}
|
||||
when (present && not direct) $ do
|
||||
file <- calcRepo $ gitAnnexLocation key
|
||||
file <- calcRepo $ gitAnnexLocation key
|
||||
when (present && not direct) $
|
||||
freezeContent file
|
||||
whenM (liftIO $ doesDirectoryExist $ parentDir file) $
|
||||
freezeContentDir file
|
||||
|
||||
{- In direct mode, modified files will show up as not present,
|
||||
|
|
|
|||
|
|
@ -20,9 +20,9 @@ import Config
|
|||
import qualified Annex
|
||||
import Annex.Direct
|
||||
import Annex.Content
|
||||
import Annex.Content.Direct
|
||||
import Annex.CatFile
|
||||
import Annex.Version
|
||||
import Annex.Perms
|
||||
import Annex.Exception
|
||||
import Init
|
||||
import qualified Command.Add
|
||||
|
|
@ -77,7 +77,8 @@ perform = do
|
|||
Just s
|
||||
| isSymbolicLink s -> void $ flip whenAnnexed f $
|
||||
\_ (k, _) -> do
|
||||
cleandirect k
|
||||
removeInodeCache k
|
||||
removeAssociatedFiles k
|
||||
return Nothing
|
||||
| otherwise ->
|
||||
maybe noop (fromdirect f)
|
||||
|
|
@ -87,8 +88,8 @@ perform = do
|
|||
|
||||
fromdirect f k = do
|
||||
showStart "indirect" f
|
||||
thawContentDir =<< calcRepo (gitAnnexLocation k)
|
||||
cleandirect k -- clean before content directory gets frozen
|
||||
removeInodeCache k
|
||||
removeAssociatedFiles k
|
||||
whenM (liftIO $ not . isSymbolicLink <$> getSymbolicLinkStatus f) $ do
|
||||
v <-tryAnnexIO (moveAnnex k f)
|
||||
case v of
|
||||
|
|
@ -103,10 +104,6 @@ perform = do
|
|||
warnlocked e = do
|
||||
warning $ show e
|
||||
warning "leaving this file as-is; correct this problem and run git annex add on it"
|
||||
|
||||
cleandirect k = do
|
||||
liftIO . nukeFile =<< calcRepo (gitAnnexInodeCache k)
|
||||
liftIO . nukeFile =<< calcRepo (gitAnnexMapping k)
|
||||
|
||||
cleanup :: CommandCleanup
|
||||
cleanup = do
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue