Commit graph

1013 commits

Author SHA1 Message Date
Joey Hess
6623b557ed
build without disk-free-space on android 2016-03-08 02:45:10 -04:00
Joey Hess
9a8cdc3652
merge from propellor 2016-03-06 20:09:05 -04:00
Joey Hess
35aad6ee7f
fix build with old ghc 2016-03-05 15:18:52 -04:00
Joey Hess
112caada86
another windows build fix 2016-03-05 15:08:37 -04:00
Joey Hess
e859ebe2b3
more windows build fixes 2016-03-05 13:57:43 -04:00
Joey Hess
ca18baecdb
fix windows build more 2016-03-05 12:32:06 -04:00
Joey Hess
be80c29dbc
Merge branch 'no-cbits' 2016-03-05 11:22:32 -04:00
Joey Hess
6237bffae5
fix windows build 2016-03-03 13:08:47 -04:00
Joey Hess
c1e439f8cc
fix windows build 2016-03-03 12:11:12 -04:00
Joey Hess
3334130368
Fix shared lock file FD leak.
This fixes behavior in this situation:

	l1 <- lockShared Nothing "lck"
	l2 <- lockShared Nothing "lck"
	dropLock l1
	dropLock l2

Before, the lock was dropped upon the second dropLock call, but the fd
remained open, and would never be closed while the program was running.

Fixed by a rather round-about method, but it should work well enough.

It would have been simpler to open open the shared lock once, and not open
it again in the second call to lockShared. But, that's difficult to do
atomically.

This also affects Windows and PID locks, not just posix locks.

In the case of pid locks, multiple calls to waitLock within the same
process are allowed because the side lock is locked using a posix lock,
and so multiple exclusive locks can be taken in the same process. So,
this change fixes a similar problem with pid locks.

	l1 <- waitLock (Seconds 1) "lck"
	l2 <- waitLock (Seconds 1) "lck"
	dropLock l1
	dropLock l2

Here the l2 side lock fd remained open but not locked,
although the pid lock file was removed. After this change, the second
dropLock will close both fds to the side lock, and delete the pidlock.
2016-03-01 15:31:39 -04:00
Joey Hess
26c499492f
comment 2016-03-01 13:47:49 -04:00
Joey Hess
ad888a6b76
Fix bug preventing moving files to/from a repository with annex.pidlock set. 2016-03-01 12:51:54 -04:00
Joey Hess
f219ffc33b
comment typo fix 2016-03-01 12:24:22 -04:00
Joey Hess
9519af25f3
remove support for network older than 2.4
debian stable has 2.4
2016-02-23 20:35:32 -04:00
Joey Hess
8a20f4ed24
avoid warning on windows build 2016-02-15 15:11:06 -04:00
Joey Hess
40207b26ea
move old ghc compat code into separate module; eliminate WITH_CLIBS
This avoids hsc2hs being run except when building for the old version of ghc.
Should speed up builds.
2016-02-15 11:47:33 -04:00
Joey Hess
a665f92b91
switch from homegrown code to disk-free-space
According to https://github.com/redneb/disk-free-space/issues/3 ,
disk-free-space should be at least as portable as my homegrown code was.

One change I noticed is, getDiskSize was not implemented for windows
in the old code, and should work now.
2016-02-15 11:29:27 -04:00
Joey Hess
46fe686ba0
remove Utility.Mounts et al; moved to mountpoints package 2016-02-15 11:14:37 -04:00
Joey Hess
4ee302d1b0
deprecated 2016-02-14 20:49:03 -04:00
Joey Hess
591d0e2af1
remove unused Read instance 2016-02-14 20:48:19 -04:00
Joey Hess
613d6056f5
better types 2016-02-14 16:26:39 -04:00
Joey Hess
9df13e73ae
if keys database cannot be opened due to permissions, ignore
This lets readonly repos be used. If a repo is readonly, we can ignore the
keys database, because nothing that we can do will change the state of the
repo anyway.
2016-02-12 14:16:35 -04:00
Gabor Greif
90d2c7fa90
Zap redundant constraints
these are shown by GHC 7.11/8.0
2016-01-28 12:34:07 -04:00
Joey Hess
ecec42bbb4
remove TDFA build flag 2016-01-26 08:52:34 -04:00
Joey Hess
dcfb038cd2
Roll the dns build flag into the assistant build flag. 2016-01-26 08:48:23 -04:00
Joey Hess
f051b51645
remove 3 build flags
* Removed the webapp-secure build flag, rolling it into the webapp build
  flag.
* Removed the quvi and tahoe build flags, which only adds aeson to
  the core dependencies.
* Removed the feed build flag, which only adds feed to the core
  dependencies.

Build flags have cost in both code complexity and also make Setup configure
have to work harder to find a usable set of build flags when some
dependencies are missing.
2016-01-26 08:14:57 -04:00
Joey Hess
36e05945b8
remove unused support for ADNS library 2016-01-26 07:51:18 -04:00
Joey Hess
d3ba9fe5c8
matchexpression: New plumbing command to check if a preferred content expression matches some data. 2016-01-25 16:16:18 -04:00
Joey Hess
bf7e928ee9
Fix build with QuickCheck 2.8.2
It added some instances I had also implemented.
2016-01-24 14:15:00 -04:00
Joey Hess
9737c9a362
Revert "convert fail to error"
This reverts commit d14770ca9c.

That changed the type of error from an IOError to something else, so broke
stuff that was catching IOErrors.

So back to a UserError, but be explicit this time that's what it's
throwing.
2016-01-24 14:10:11 -04:00
Joey Hess
d14770ca9c
convert fail to error
Using fail here causes a "user error" exception to be thrown, which implies
the user is at fault in its wording, which is incorrect.

Also audited for other uses of fail in git-annex; the others are in monadic
contexts where fail may not throw an exception, and involve user input, so
kept them as-is.
2016-01-21 12:56:52 -04:00
Joey Hess
2aa3e73de1
remove now unused toCygPath 2016-01-13 12:36:53 -04:00
Joey Hess
d90895ac94
Merge remote-tracking branch 'pkitslaar/master' 2016-01-13 12:36:30 -04:00
Joey Hess
1f6f9a8d34
When annex.http-headers is used to set the User-Agent header, avoid sending User-Agent: git-annex 2016-01-11 12:10:38 -04:00
Pieter Kitslaar
6cd134ade1 Added new toMSYS2Path function for use with rsync on Windows. 2016-01-11 11:18:58 +01:00
Joey Hess
aa4f353e5d
clarify absPathFrom
The repo path is typically relative, not absolute, so
providing it to absPathFrom doesn't yield an absolute path.
This is not a bug, just unclear documentation.

Indeed, there seem to be no reason to simplifyPath here, which absPathFrom
does, so instead just combine the repo path and the TopFilePath.

Also, removed an export of the TopFilePath constructor; asTopFilePath
is provided to construct one as-is.
2016-01-05 17:33:48 -04:00
Joey Hess
b6b34f4916
automatic conflict resolution for v6 unlocked files
Several tricky parts:

* When the conflict is just between the same key being locked and unlocked,
  the unlocked version wins, and the file is not renamed in this case.

* Need to update associated file map when conflict resolution renames
  an unlocked file.

* git merge runs the smudge filter on the conflicting file, and actually
  overwrites the file with the same content it had before, and so
  invalidates its inode cache. This makes it difficult to know when it's
  safe to remove such files as conflict cruft, without going so far as to
  compare their entire contents.

  Dealt with this by preventing the smudge filter from populating the file
  when a merge is run. However, that also prevents the smudge filter being
  run for non-conflicting files, so eg moving a file won't put its new
  content into place.

* Ideally, if a merge or a merge conflict resolution renames an unlocked
  file, the file in the work tree can just be moved, rather than copying
  the content to a new worktree file.

  This is attempted to be done in merge conflict resolution, but
  due to git merge's behavior of running smudge filters, what actually
  seems to happen is the old worktree file with the content is deleted and
  rewritten as a pointer file, so doesn't get reused.

So, this is probably not as efficient as it optimally could be.
If that becomes a problem, could look into running the merge in a separate
worktree and updating the real worktree more efficiently, similarly to the
direct mode merge. However, the direct mode merge had a lot of bugs, and
I'd rather not use that more error-prone method unless really needed.
2015-12-29 15:41:09 -04:00
Joey Hess
da5d25a844
clean build warning on windows 2015-12-28 13:06:36 -04:00
Joey Hess
4224fae71f
optimise read and write for Keys database (untested)
Writes are optimised by queueing up multiple writes when possible.
The queue is flushed after the Annex monad action finishes. That makes it
happen on program termination, and also whenever a nested Annex monad action
finishes.

Reads are optimised by checking once (per AnnexState) if the database
exists. If the database doesn't exist yet, all reads return mempty.

Reads also cause queued writes to be flushed, so reads will always be
consistent with writes (as long as they're made inside the same Annex monad).
A future optimisation path would be to determine when that's not necessary,
which is probably most of the time, and avoid flushing unncessarily.

Design notes for this commit:

- separate reads from writes
- reuse a handle which is left open until program
  exit or until the MVar goes out of scope (and autoclosed then)
- writes are queued
  - queue is flushed periodically
  - immediate queue flush before any read
  - auto-flush queue when database handle is garbage collected
  - flush queue on exit from Annex monad
    (Note that this may happen repeatedly for a single database connection;
    or a connection may be reused for multiple Annex monad actions,
    possibly even concurrent ones.)
- if database does not exist (or is empty) the handle
  is not opened by reads; reads instead return empty results
- writes open the handle if it was not open previously
2015-12-23 19:18:52 -04:00
Joey Hess
d82b110da8
Merge branch 'master' into smudge 2015-12-21 17:12:46 -04:00
Joey Hess
b6ac443b60
fix build warnings under ghc 7.10
Caused by AMP.. Since I've finally upgraded my dev laptop to 7.10,
I may start missing imports that are not needed with it but are with older
versions..
2015-12-19 17:42:45 -04:00
Joey Hess
029111b89a
Merge branch 'master' into smudge 2015-12-16 13:07:46 -04:00
Joey Hess
25bc6ea6d8
bring back some deleted functions that git-repair uses 2015-12-15 20:42:35 -04:00
Joey Hess
96dd0f4ebe
improve temp dir security
http://bugs.debian.org/807341

* Fix insecure temporary permissions when git-annex repair is used in
  in a corrupted git repository.

  Other calls to withTmpDir didn't leak any potentially private data,
  but repair clones the git repository to a temp directory which is made
  using the user's umask. Thus, it might expose a git repo that is
  otherwise locked down.

* Fix potential denial of service attack when creating temp dirs.

  Since withTmpDir used easily predictable temporary directory names,
  an attacker could create foo.0, foo.1, etc and as long as it managed to
  keep ahead of it, could prevent it from ever returning.

  I'd rate this as a low utility DOS attack. Most attackers in a position
  to do this could just fill up the disk /tmp is on to prevent anything
  from writing temp files. And few parts of git-annex use withTmpDir
  anyway, so DOS potential is quite low.

Examined all callers of withTmpDir and satisfied myself that
switching to mkdtmp and so getting a mode 700 temp dir wouldn't break any
of them.

Note that withTmpDirIn continues to not force temp dir to 700.
But it's only used for temp directories inside .git/annex/wherever/
so that is not a problem.

Also re-audited all other uses of temp files and dirs in git-annex.
2015-12-15 20:21:48 -04:00
Joey Hess
ce73a96e4e
use InodeCache when dropping a key to see if a pointer file can be safely reset
The Keys database can hold multiple inode caches for a given key. One for
the annex object, and one for each pointer file, which may not be hard
linked to it.

Inode caches for a key are recorded when its content is added to the annex,
but only if it has known pointer files. This is to avoid the overhead of
maintaining the database when not needed.

When the smudge filter outputs a file's content, the inode cache is not
updated, because git's smudge interface doesn't let us write the file. So,
dropping will fall back to doing an expensive verification then. Ideally,
git's interface would be improved, and then the inode cache could be
updated then too.
2015-12-09 17:54:54 -04:00
Joey Hess
969d54f914
cleanup 2015-12-06 16:36:35 -04:00
Joey Hess
4591569607
avoid looping trying to make temp dir when the name is too long
Only loop when directory creation fails due to the directory existing
already.
2015-12-06 16:29:36 -04:00
Joey Hess
a0fcb8ec93
generalize catchHardwareFault to catchIOErrorType 2015-12-06 16:26:38 -04:00
Joey Hess
394b66be13
import Data.Time.Format to ensure its Read instance for LocalTime is available
Seems that Utility.SafeCommand loaded something that indirectly got that
instance loaded on unix, but not on Windows recently.
2015-11-21 13:36:30 -04:00
Joey Hess
04e150abb3
use intercalate instead of MissingH's join
The two functions are identical.
2015-11-17 17:27:24 -04:00